Filename: 2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.6927540302 seconds
Hash: 1eab11abf7d306b7007e879964b64378
Uploaded: 1548684889

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-01-28-T-14-15-12-01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap.txt - (88790 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/28/2019 -- 14:15:12. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2819664      1        2        14997026     4.36   59       0        6512415     254186.88   0.00        254186.88  
  2        2804927      1        2        19323578     5.61   103      0        1500509     187607.55   0.00        187607.55  
  3        2021266      1        2        1610331      0.47   10       0        1464408     161033.10   0.00        161033.10  
  4        2021789      1        2        1616851      0.47   3        0        584298      538950.33   0.00        538950.33  
  5        2803027      1        6        7908050      2.30   99       0        436118      79879.29    0.00        79879.29   
  6        2018784      1        9        598504       0.17   2        0        407324      299252.00   0.00        299252.00  
  7        2025185      1        3        1007226      0.29   5        0        347918      201445.20   0.00        201445.20  
  8        2820158      1        2        7924935      2.30   51       0        324359      155390.88   0.00        155390.88  
  9        2820157      1        2        7797837      2.27   51       0        307074      152898.76   0.00        152898.76  
  10       2819930      1        2        8836975      2.57   59       0        266750      149779.24   0.00        149779.24  
  11       2020865      1        3        5077023      1.47   40       0        263468      126925.57   0.00        126925.57  
  12       2020825      1        6        268137       0.08   2        0        253432      134068.50   0.00        134068.50  
  13       2815263      1        3        1121141      0.33   6        0        235437      186856.83   0.00        186856.83  
  14       2804141      1        6        235410       0.07   1        0        235410      235410.00   0.00        235410.00  
  15       2804911      1        3        4530747      1.32   63       0        233157      71916.62    0.00        71916.62   
  16       2016855      1        2        1288275      0.37   6        0        229448      214712.50   0.00        214712.50  
  17       2804907      1        3        3209751      0.93   47       0        209065      68292.57    0.00        68292.57   
  18       2016854      1        3        1096083      0.32   6        0        203322      182680.50   0.00        182680.50  
  19       2024554      1        7        273817       0.08   2        0        195209      136908.50   0.00        136908.50  
  20       2801929      1        7        9202365      2.67   147      0        166838      62601.12    0.00        62601.12   
  21       2802991      1        5        2688599      0.78   44       0        160390      61104.52    0.00        61104.52   
  22       2801930      1        7        8734632      2.54   147      0        159416      59419.27    0.00        59419.27   
  23       2803657      1        5        1668272      0.48   25       0        159384      66730.88    0.00        66730.88   
  24       2815778      1        6        232576       0.07   2        0        155758      116288.00   0.00        116288.00  
  25       2024565      1        3        263893       0.08   2        0        151011      131946.50   0.00        131946.50  
  26       2823263      1        3        246741       0.07   2        0        150606      123370.50   0.00        123370.50  
  27       2802987      1        5        15483374     4.50   285      0        145979      54327.63    0.00        54327.63   
  28       2827094      1        2        987551       0.29   11       0        143525      89777.36    0.00        89777.36   
  29       2809747      1        2        1113874      0.32   12       0        139228      92822.83    0.00        92822.83   
  30       2020470      1        6        153248       0.04   2        0        138281      76624.00    0.00        76624.00   
  31       2018789      1        3        1262813      0.37   25       0        132002      50512.52    0.00        50512.52   
  32       2017552      1        6        16219995     4.71   1142     0        126879      14203.15    0.00        14203.15   
  33       2020318      1        8        553260       0.16   5        0        125657      110652.00   0.00        110652.00  
  34       2804906      1        3        846368       0.25   15       0        122498      56424.53    0.00        56424.53   
  35       2825671      1        2        119279       0.03   1        0        119279      119279.00   0.00        119279.00  
  36       2024049      1        2        281148       0.08   3        3        115031      93716.00    93716.00    0.00       
  37       2017133      1        3        531482       0.15   5        0        114205      106296.40   0.00        106296.40  
  38       2826092      1        2        114133       0.03   1        0        114133      114133.00   0.00        114133.00  
  39       2018342      1        2        1149816      0.33   11       0        111793      104528.73   0.00        104528.73  
  40       2024031      1        2        593223       0.17   6        0        111475      98870.50    0.00        98870.50   
  41       2813059      1        4        204218       0.06   2        0        109027      102109.00   0.00        102109.00  
  42       2805985      1        2        965964       0.28   20       0        108885      48298.20    0.00        48298.20   
  43       2808234      1        1        943622       0.27   20       0        103146      47181.10    0.00        47181.10   
  44       2820811      1        2        1661258      0.48   111      0        102137      14966.29    0.00        14966.29   
  45       2811745      1        4        529080       0.15   6        0        98753       88180.00    0.00        88180.00   
  46       2016143      1        3        979637       0.28   62       0        98379       15800.60    0.00        15800.60   
  47       2016549      1        4        248561       0.07   4        0        96212       62140.25    0.00        62140.25   
  48       2013352      1        4        506897       0.15   49       0        93420       10344.84    0.00        10344.84   
  49       2815133      1        2        92361        0.03   1        0        92361       92361.00    0.00        92361.00   
  50       2816842      1        3        559528       0.16   36       0        91780       15542.44    0.00        15542.44   
  51       2815183      1        2        91393        0.03   1        0        91393       91393.00    0.00        91393.00   
  52       2020569      1        1        901608       0.26   20       0        90479       45080.40    0.00        45080.40   
  53       2018375      1        3        2731574      0.79   209      0        89796       13069.73    0.00        13069.73   
  54       2019758      1        2        174444       0.05   3        0        89786       58148.00    0.00        58148.00   
  55       2829792      1        2        540890       0.16   7        0        89753       77270.00    0.00        77270.00   
  56       2022050      1        3        922146       0.27   20       0        89498       46107.30    0.00        46107.30   
  57       2807400      1        3        920303       0.27   20       0        89486       46015.15    0.00        46015.15   
  58       2018982      1        2        927804       0.27   20       0        89201       46390.20    0.00        46390.20   
  59       2819931      1        2        210799       0.06   5        0        88984       42159.80    0.00        42159.80   
  60       2018241      1        2        517927       0.15   49       0        88777       10569.94    0.00        10569.94   
  61       2020726      1        2        315104       0.09   4        0        88040       78776.00    0.00        78776.00   
  62       2019345      1        2        7860510      2.28   537      0        86604       14637.82    0.00        14637.82   
  63       2826034      1        1        149193       0.04   13       1        85807       11476.38    85807.00    5282.17    
  64       2022939      1        3        197256       0.06   6        0        84690       32876.00    0.00        32876.00   
  65       2826332      1        2        148359       0.04   2        0        82609       74179.50    0.00        74179.50   
  66       2015744      1        4        393816       0.11   27       5        81710       14585.78    66093.60    2879.45    
  67       2014819      1        3        429948       0.12   6        0        80782       71658.00    0.00        71658.00   
  68       2809513      1        5        78573        0.02   1        0        78573       78573.00    0.00        78573.00   
  69       2021749      1        6        110443       0.03   12       0        78486       9203.58     0.00        9203.58    
  70       2017166      1        4        311111       0.09   6        0        77074       51851.83    0.00        51851.83   
  71       2816438      1        4        76759        0.02   1        0        76759       76759.00    0.00        76759.00   
  72       2024771      1        1        11862806     3.45   2372     0        76221       5001.18     0.00        5001.18    
  73       2803653      1        6        75398        0.02   1        0        75398       75398.00    0.00        75398.00   
  74       2821156      1        2        75267        0.02   1        0        75267       75267.00    0.00        75267.00   
  75       2816389      1        2        74693        0.02   1        0        74693       74693.00    0.00        74693.00   
  76       2815818      1        8        74228        0.02   1        0        74228       74228.00    0.00        74228.00   
  77       2016948      1        2        1785162      0.52   126      0        72000       14167.95    0.00        14167.95   
  78       2811389      1        3        71839        0.02   1        0        71839       71839.00    0.00        71839.00   
  79       2828863      1        2        271860       0.08   4        0        71653       67965.00    0.00        67965.00   
  80       2816909      1        2        150383       0.04   3        0        70821       50127.67    0.00        50127.67   
  81       2809306      1        4        5260980      1.53   357      0        70690       14736.64    0.00        14736.64   
  82       2021076      1        2        750667       0.22   49       0        70380       15319.73    0.00        15319.73   
  83       2820812      1        2        307943       0.09   16       0        69961       19246.44    0.00        19246.44   
  84       2009054      1        8        126145       0.04   3        0        69887       42048.33    0.00        42048.33   
  85       2811390      1        2        180691       0.05   3        0        69575       60230.33    0.00        60230.33   
  86       2829214      1        2        111557       0.03   2        0        69125       55778.50    0.00        55778.50   
  87       2017824      1        3        134149       0.04   2        0        68393       67074.50    0.00        67074.50   
  88       2016333      1        4        393159       0.11   6        0        67343       65526.50    0.00        65526.50   
  89       2024555      1        7        68518        0.02   2        1        65741       34259.00    65741.00    2777.00    
  90       2806294      1        4        65684        0.02   1        0        65684       65684.00    0.00        65684.00   
  91       2816941      1        3        65408        0.02   1        0        65408       65408.00    0.00        65408.00   
  92       2815826      1        3        64833        0.02   1        0        64833       64833.00    0.00        64833.00   
  93       2025330      1        1        112245       0.03   2        0        64499       56122.50    0.00        56122.50   
  94       2814979      1        2        179224       0.05   26       0        64466       6893.23     0.00        6893.23    
  95       2814978      1        2        178244       0.05   26       0        64269       6855.54     0.00        6855.54    
  96       2819880      1        2        64237        0.02   1        0        64237       64237.00    0.00        64237.00   
  97       2016503      1        2        804880       0.23   52       0        63823       15478.46    0.00        15478.46   
  98       2025064      1        5        146990       0.04   3        0        63474       48996.67    0.00        48996.67   
  99       2022197      1        3        106702       0.03   3        0        63409       35567.33    0.00        35567.33   
  100      2018959      1        3        706773       0.21   49       1        62595       14423.94    62595.00    13420.38   
  101      2016537      1        2        16406574     4.77   1138     0        62589       14417.02    0.00        14417.02   
  102      2810991      1        4        62541        0.02   1        0        62541       62541.00    0.00        62541.00   
  103      2014380      1        4        188653       0.05   8        0        62451       23581.62    0.00        23581.62   
  104      2823534      1        2        60749        0.02   1        0        60749       60749.00    0.00        60749.00   
  105      2821615      1        2        482257       0.14   13       0        59429       37096.69    0.00        37096.69   
  106      2014353      1        6        427938       0.12   49       0        58898       8733.43     0.00        8733.43    
  107      2816940      1        2        171349       0.05   3        0        58454       57116.33    0.00        57116.33   
  108      2810481      1        4        1623144      0.47   75       0        58285       21641.92    0.00        21641.92   
  109      2816927      1        3        135637       0.04   3        0        58191       45212.33    0.00        45212.33   
  110      2821839      1        2        415776       0.12   11       0        56292       37797.82    0.00        37797.82   
  111      2009909      1        10       314591       0.09   20       0        56242       15729.55    0.00        15729.55   
  112      2816910      1        2        132989       0.04   3        0        56106       44329.67    0.00        44329.67   
  113      2822213      1        2        170269       0.05   27       0        55901       6306.26     0.00        6306.26    
  114      2830124      1        1        262877       0.08   6        0        55824       43812.83    0.00        43812.83   
  115      2018377      1        3        681424       0.20   209      0        55759       3260.40     0.00        3260.40    
  116      2008438      1        20       899753       0.26   20       0        55531       44987.65    0.00        44987.65   
  117      2009028      1        11       389744       0.11   49       0        55325       7953.96     0.00        7953.96    
  118      2022502      1        4        544681       0.16   13       0        55087       41898.54    0.00        41898.54   
  119      2820928      1        2        1611436      0.47   111      0        55062       14517.44    0.00        14517.44   
  120      2810686      1        6        301653       0.09   6        0        54234       50275.50    0.00        50275.50   
  121      2806802      1        2        4102625      1.19   202      0        54155       20310.02    0.00        20310.02   
  122      2013441      1        9        302813       0.09   20       0        54105       15140.65    0.00        15140.65   
  123      2024650      1        1        1779516      0.52   123      0        53999       14467.61    0.00        14467.61   
  124      2815254      1        7        53817        0.02   1        0        53817       53817.00    0.00        53817.00   
  125      2821561      1        2        1

This file has been truncated. Go here to download in full.


packet_stats.log - (12917 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3672          2792542     1101010325     631114969       2317.5b   99.87
 IPv4      17             8         19050048     1082822021     378682479          3.0b    0.13
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3672            67278       16384254        332952          1.2b   95.54
TMM_FLOWWORKER              IPv4      17             8           335228        9898856       1626941         13.0m    1.02
TMM_RECEIVEPCAPFILE         IPv4       6          3659             2535        4631296          4203         15.4m    1.20
TMM_RECEIVEPCAPFILE         IPv4      17             8             2582          10244          3711         29.7k    0.00
TMM_DECODEPCAPFILE          IPv4       6          3659             2645        4519424          7808         28.6m    2.23
TMM_DECODEPCAPFILE          IPv4      17             8             2860          31297          7132         57.1k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3659             2813          51913          3310         12.1m  1.04  
flow                    IPv4      17             8             3486          22668          7744         62.0k  0.01  
stream                  IPv4       6          3672             2765       10294947         11128         40.9m  3.51  
app-layer               IPv4      17             8            10532          63744         27210        217.7k  0.02  
detect                  IPv4       6          3672            45218       16345247        298611          1.1b  94.20 
detect                  IPv4      17             8           268510         640556        386959          3.1m  0.27  
tcp-prune               IPv4       6          3672             2543          62704          3031         11.1m  0.96  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            12             2838          26389          7484         89.8k  47.96 
tls                     IPv4       6             2             2700           3732          3216          6.4k  3.43  
dns                     IPv4      17             8             4946          32447         11378         91.0k  48.61 
Proto detect            IPv4      17             8             6115          38177         16229        129.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            13            20318          97377         63965        831.5k  5.43  
LOGGER_UNIFIED2             IPv4       6            13            41610         154916         90390          1.2m  7.68  
LOGGER_JSON_ALERT           IPv4       6            13            37114         163101         96561          1.3m  8.20  
LOGGER_JSON_DNS             IPv4      17             8            34157        9135576       1186386          9.5m  62.02 
LOGGER_JSON_HTTP            IPv4       6            13            34097         160961        108352          1.4m  9.20  
LOGGER_JSON_TLS             IPv4       6             1            67620          67620         67620         67.6k  0.44  
LOGGER_JSON_FILE            IPv4       6            14            43425         111877         76731          1.1m  7.02  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2511             2579       16203286         27610        69.3m  19.38 
payload                           IPv4      17             8            21830          32452         27045       216.4k  0.06  
stream                            IPv4       6          2511             2533        1867177         35631        89.5m  25.01 
http_uri                          IPv4       6            13             3505          82150         25845       336.0k  0.09  
http_request_line                 IPv4       6            13             3652          11440          7714       100.3k  0.03  
http_client_body                  IPv4       6            39             2599         697113         27304         1.1m  0.30  
http_header (request)             IPv4       6            13            22994         136351         87416         1.1m  0.32  
http_header (request trailer)     IPv4       6            13             2601           3098          2721        35.4k  0.01  
http_header_names (request)       IPv4       6            13             9585          31653         21354       277.6k  0.08  
http_accept (request)             IPv4       6            13             4101           8410          6393        83.1k  0.02  
http_referer (request)            IPv4       6            13             2940           8416          3757        48.8k  0.01  
http_content_len (request)        IPv4       6            13             2936           5960          3941        51.2k  0.01  
http_content_type (request)       IPv4       6            13             2941          11652          5489        71.4k  0.02  
http_protocol (request)           IPv4       6            13             3081           6979          5493        71.4k  0.02  
http_start (request)              IPv4       6            13             8758          24096         17699       230.1k  0.06  
http_raw_header (request)         IPv4       6            39             5325          38377          9828       383.3k  0.11  
http_method                       IPv4       6            13             3895          19003          7290        94.8k  0.03  
http_cookie (request)             IPv4       6            13             3021          23295          5258        68.4k  0.02  
http_raw_uri                      IPv4       6            13             2672          14514          6720        87.4k  0.02  
http_user_agent                   IPv4       6            13             2958          29760          8941       116.2k  0.03  
http_host                         IPv4       6            13             3774          10152          7472        97.1k  0.03  
dns_query                         IPv4      17             4             8318          13549         10447        41.8k  0.01  
tls_sni                           IPv4       6             3             3172          10086          7083        21.2k  0.01  
http_response_line                IPv4       6            13             3404          11483          8920       116.0k  0.03  
http_header (response)            IPv4       6            13            15092         109240         45667       593.7k  0.17  
http_header (response trailer)    IPv4       6            13             2612          42277          7964       103.5k  0.03  
http_content_type (response)      IPv4       6            13             3633          10234          8223       106.9k  0.03  
http_raw_header (response)        IPv4       6          2414             3540          31675          4847        11.7m  3.27  
http_cookie (response)            IPv4       6            13             3139           4997          3513        45.7k  0.01  
http_stat_code                    IPv4       6            13             2782          19437          5315        69.1k  0.02  
tls_cert_issuer                   IPv4       6             1            15153          15153         15153        15.2k  0.00  
tls_cert_subject                  IPv4       6             1             5032           5032          5032         5.0k  0.00  
tls_cert_serial                   IPv4       6             1             6099           6099          6099         6.1k  0.00  
file_data (http response)         IPv4       6          2401             2553        6535451         75604       181.5m  50.75 
Total                             IPv4                 10219                                         35005       357.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            14             3395         108965         43622        610.7k  0.04  
PROF_DETECT_IPONLY          IPv4      17             8            37582          82658         52751        422.0k  0.03  
PROF_DETECT_RULES           IPv4       6          3672             2531        7843189        111445        409.2m  27.13 
PROF_DETECT_RULES           IPv4      17             8            84294         310705        194749          1.6m  0.10  
PROF_DETECT_STATEFUL_START    IPv4       6          1567             5098        7510562         51945         81.4m  5.40  
PROF_DETECT_STATEFUL_CONT    IPv4       6          3672             2531       14467636         18055         66.3m  4.39  
PROF_DETECT_STATEFUL_CONT    IPv4      17             8             5791          88887         20441        163.5k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          3644             2546          37461          2845         10.4m  0.69  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             8             2628           3822          2980         23.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          3672             7771       16259605        127072        466.6m  30.93 
PROF_DETECT_PREFILTER       IPv4      17             8            46742          86911         61048        488.4k  0.03  
PROF_DETECT_PF_PAYLOAD      IPv4       6          2511            13806       16216067         71511        179.6m  11.90 
PROF_DETECT_PF_PAYLOAD      IPv4      17             8            26910          37766         32213        257.7k  0.02  
PROF_DETECT_PF_TX           IPv4       6          3644             2549        6551599         61384        223.7m  14.83 
PROF_DETECT_PF_TX           IPv4      17             4            14011          20027         16353         65.4k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6          2049             2527          58198          3768          7.7m  0.51  
PROF_DETECT_PF_SORT1        IPv4      17             8             3165           4085          3597         28.8k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          3672             2510          46508          2919         10.7m  0.71  
PROF_DETECT_PF_SORT2        IPv4      17             8             2866          12028          4451         35.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          3672             2533        6300979          4722         17.3m  1.15  
PROF_DETECT_NONMPMLIST      IPv4      17             8             2925           3834          3342         26.7k  0.00  
PROF_DETECT_ALERT           IPv4       6          3672             2512          63534          2807         10.3m  0.68  
PROF_DETECT_ALERT           IPv4      17             8             2524          18008          4733         37.9k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          3672             2556          37981          2890         10.6m  0.70  
PROF_DETECT_CLEANUP         IPv4      17             8             3388          31623          7645         61.2k  0.00  
PROF_DETECT_GETSGH          IPv4       6          3672             2518          50888          2981         10.9m  0.73  
PROF_DETECT_GETSGH          IPv4      17             8             6260           7731          6661         53.3k  0.00  


stats.log - (2915 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
------------------------------------------------------------------------------------
Date: 1/28/2019 -- 14:15:12 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3667
decoder.bytes                              | Total                     | 3341433
decoder.ipv4                               | Total                     | 3667
decoder.ethernet                           | Total                     | 3667
decoder.tcp                                | Total                     | 3659
decoder.udp                                | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 911
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 4
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 19
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 6
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 13
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 4
app_layer.tx.dns_udp                       | Total                     | 4
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65533
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076896


eve.json - (25248 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{"timestamp":"2019-01-10T22:38:44.686851+0000","flow_id":1792572405349123,"pcap_cnt":1,"event_type":"dns","src_ip":"10.1.10.101","src_port":60657,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43479,"rrname":"datitngforllives.info","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:44.805583+0000","flow_id":1792572405349123,"pcap_cnt":2,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":60657,"proto":"UDP","dns":{"type":"answer","id":43479,"rcode":"NOERROR","rrname":"datitngforllives.info","rrtype":"A","ttl":5,"rdata":"88.208.7.193"}}
{"timestamp":"2019-01-10T22:38:45.311464+0000","flow_id":378072171143675,"pcap_cnt":10,"event_type":"http","src_ip":"10.1.10.101","src_port":49159,"dest_ip":"88.208.7.193","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"datitngforllives.info","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:45.360076+0000","flow_id":574807443078796,"pcap_cnt":11,"event_type":"dns","src_ip":"10.1.10.101","src_port":55958,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10387,"rrname":"www.needgrow.info","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:45.479147+0000","flow_id":574807443078796,"pcap_cnt":12,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":55958,"proto":"UDP","dns":{"type":"answer","id":10387,"rcode":"NOERROR","rrname":"www.needgrow.info","rrtype":"A","ttl":5,"rdata":"185.56.233.186"}}
{"timestamp":"2019-01-10T22:38:45.762891+0000","flow_id":1827434654946253,"pcap_cnt":23,"event_type":"tls","src_ip":"10.1.10.101","src_port":49165,"dest_ip":"185.56.233.186","dest_port":443,"proto":"TCP","tls":{"subject":"CN=needgrow.info","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-01-10T22:38:46.898303+0000","flow_id":722133411328677,"pcap_cnt":45,"event_type":"alert","src_ip":"10.1.10.101","src_port":49167,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":722133411328677,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2826034,"rev":1,"signature":"ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M5","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":722133411328677,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024354,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":722133411328677,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024355,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816231,"rev":3,"signature":"ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2820087,"rev":3,"signature":"ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in Sundown\/Xer EK","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024362,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016827,"rev":3,"signature":"ET INFO Suspicious Possible CollectGarbage in base64 3","category":"Misc activity","severity":3}}
{"timestamp":"2019-01-10T22:38:47.215838+0000","flow_id":722133411328677,"pcap_cnt":103,"event_type":"http","src_ip":"10.1.10.101","src_port":49167,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjHyQR=known&RLezWS=criticized&efkEXDELP=known&tcfgg4=m3S9Pp5f-NYbAroi0aHfFE0nNtaVQkVpK7630mHzBfJhZeE9BbfUTp1u9CTUbI&fgdd3s=wXnQMvXcJwDQDYbGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&lcywHOQM=detonator&MhYU=strategy&OLUJgoARt=difference&KbHYfz=perpetual&kFqtfvAM=difference&moYcb=detonator&jkCWqBcYNDk3NDQ0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:47.670313+0000","flow_id":1100880807359240,"pcap_cnt":108,"event_type":"alert","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.670313+0000","flow_id":1100880807359240,"pcap_cnt":108,"event_type":"alert","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014726,"rev":110,"signature":"ET POLICY Outdated Flash Version M1","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2019-01-10T22:38:47.831691+0000","flow_id":1100880807359240,"pcap_cnt":149,"event_type":"http","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?NTY0Nzg2&fxdHtUMO&fgdd3s=wXfQMvXcJwDQDYbGMvrESLtDNknQA0KK2Ij2_dqyEoH9fWnihNzUSkr76B2aCm3S&JCAADqEwDpBRic=strategy&wgNPPdER=perpetual&PaoiDRBWQfuvQao=strategy&eFoeQKlDAaH=criticized&MvTDtSlkplYeG=community&QTxsXsucUtoHal=strategy&DDtsYDxFL=known&HiinXW=golfer&dGGXjZPv=referred&XYIQwaOPuQJNfq=community&OpwtDAkoL=professional&tcfgg4=9PV5f-NYbArohUaHfFE0nNtaVQkVpK7630mHzBfJhZeE-hbfUQlD_JWcE4F4nwvF&MGXQAShN=difference&ZCEBeUbfC=everyone&aPdSnKfnTBCNMG=blackmail&uUeilSxHmaiwo=already&CODcssdzxNDI4ODMy","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/x-shockwave-flash"}}
{"timestamp":"2019-01-10T22:38:51.942171+0000","flow_id":1387745968298333,"pcap_cnt":158,"event_type":"alert","src_ip":"10.1.10.101","src_port":49170,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:53.165096+0000","flow_id":1387745968298333,"pcap_cnt":809,"event_type":"http","src_ip":"10.1.10.101","src_port":49170,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?NTgxNTM4&xPPmZDFrSehlGee&ByHCbhyhLcL=blackmail&wchiumQhaCAV=detonator&puPFBsD=difference&DEBAiFkrVEg=heartfelt&fgdd3s=wHfQMvXcJwDJFYbGMvrERqNbNknQA06PxpH2_drYdZqxKGni1-b5UUSk6FuCEh3h9vI&jmxzfYbewVI=vest&yddhzfp=known&CYxTETSmutZ=heartfelt&VTofgMElKGpgC=everyone&ANheaHFkbsz=already&qSfyMreHMO=known&veVdeVp=community&UJhUlFUvJfGgP=known&ajdklwKeGf=referred&UCdIyXWEd=golfer&tcfgg4=keeABNVLohUyDfAI1yYldB11A8fqoiRWEmxOdicKH_ROOMw11-ZuWF7Iz2VTFkvEXd_s&TTOkOtrpyQt=heartfelt&sGwhHmzJMTQ2MTc1","http_content_type":"application\/x-msdownload"}}
{"timestamp":"2019-01-10T22:38:54.647052+0000","flow_id":4629060312972,"pcap_cnt":811,"event_type":"dns","src_ip":"10.1.10.101","src_port":54819,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5330,"rrname":"tepingost.ug","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:55.058667+0000","flow_id":4629060312972,"pcap_cnt":812,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":54819,"proto":"UDP","dns":{"type":"answer","id":5330,"rcode":"NOERROR","rrname":"tepingost.ug","rrtype":"A","ttl":5,"rdata":"190.115.22.22"}}
{"timestamp":"2019-01-10T22:38:55.490426+0000","flow_id":1894161267491812,"pcap_cnt":819,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"tepingost.ug","url":"\/251","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:55.495951+0000","flow_id":1894161267491812,"pcap_cnt":821,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/251","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":162},"app_proto":"http","fileinfo":{"filename":"\/251","gaps":false,"state":"CLOSED","stored":false,"size":186,"tx_id":0}}
{"timestamp":"2019-01-10T22:38:55.821440+0000","flow_id":1894161267491812,"pcap_cnt":862,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.462718+0000","flow_id":1894161267491812,"pcap_cnt":1191,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.563920+0000","flow_id":1894161267491812,"pcap_cnt":1203,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"tepingost.ug","url":"\/freebl3.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:56.566213+0000","flow_id":1894161267491812,"pcap_cnt":1205,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/freebl3.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":334288},"app_proto":"http","fileinfo":{"filename":"\/freebl3.dll","gaps":false,"state":"CLOSED","stored":false,"size":334288,"tx_id":1}}
{"timestamp":"2019-01-10T22:38:56.734529+0000","flow_id":1894161267491812,"pcap_cnt":1345,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.736863+0000","flow_id":1894161267491812,"pcap_cnt":1366,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"tepingost.ug","url":"\/mozglue.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:56.738292+0000","flow_id":1894161267491812,"pcap_cnt":1368,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/mozglue.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":137168},"app_proto":"http","fileinfo":{"filename":"\/mozglue.dll","gaps":false,"state":"CLOSED","stored":false,"size":137168,"tx_id":2}}
{"timestamp":"2019-01-10T22:38:57.082465+0000","flow_id":1894161267491812,"pcap_cnt":1849,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57.243581+0000","flow_id":1894161267491812,"pcap_cnt":1893,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"tepingost.ug","url":"\/msvcp140.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:57.246341+0000","flow_id":1894161267491812,"pcap_cnt":1895,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/msvcp140.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":440120},"app_proto":"http","fileinfo":{"filename":"\/msvcp140.dll","gaps":false,"state":"CLOSED","stored":false,"size":440120,"tx_id":3}}
{"timestamp":"2019-01-10T22:38:57.786119+0000","flow_id":1894161267491812,"pcap_cnt":3270,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57.792212+0000","flow_id":1894161267491812,"pcap_cnt":3334,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"tepingost.ug","url":"\/nss3.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:57.794514+0000","flow_id":1894161267491812,"pcap_cnt":3336,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/nss3.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1246160},"app_proto":"http","fileinfo":{"filename":"\/nss3.dll","gaps":false,"state":"CLOSED","stored":false,"size":1246160,"tx_id":4}}
{"timestamp":"2019-01-10T22:38:57.963737+0000","flow_id":1894161267491812,"pcap_cnt":3488,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57

This file has been truncated. Go here to download in full.


suricata-report-2019-01-28-T-14-15-12-01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap.txt - (17821 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1eab11abf7d306b7007e879964b6437856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap -vvv -k none
elapsedtime:21.769546
stderr:
stdout:
28/1/2019 -- 14:14:50 - <Info> - Configuration node 'rule-files' redefined.
28/1/2019 -- 14:14:50 - <Notice> - This is Suricata version 4.0.0 RELEASE
28/1/2019 -- 14:14:50 - <Info> - CPUs/cores online: 1
28/1/2019 -- 14:14:50 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31418 and 'request-body-inspect-window' set to 15743 after randomization.
28/1/2019 -- 14:14:50 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32898 and 'response-body-inspect-window' set to 15899 after randomization.
28/1/2019 -- 14:14:50 - <Config> - DNS request flood protection level: 500
28/1/2019 -- 14:14:50 - <Config> - DNS per flow memcap (state-memcap): 524288
28/1/2019 -- 14:14:50 - <Config> - DNS global memcap: 16777216
28/1/2019 -- 14:14:50 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
28/1/2019 -- 14:14:50 - <Config> - preallocated 1000 hosts of size 136
28/1/2019 -- 14:14:50 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
28/1/2019 -- 14:14:50 - <Config> - using magic-file /usr/share/file/magic
28/1/2019 -- 14:14:50 - <Config> - Core dump size is unlimited.
28/1/2019 -- 14:14:50 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
28/1/2019 -- 14:14:50 - <Config> - preallocated 1000 defrag trackers of size 168
28/1/2019 -- 14:14:50 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
28/1/2019 -- 14:14:50 - <Config> - stream "prealloc-sessions": 2048 (per thread)
28/1/2019 -- 14:14:50 - <Config> - stream "memcap": 33554432
28/1/2019 -- 14:14:50 - <Config> - stream "midstream" session pickups: disabled
28/1/2019 -- 14:14:50 - <Config> - stream "async-oneside": disabled
28/1/2019 -- 14:14:50 - <Config> - stream "checksum-validation": disabled
28/1/2019 -- 14:14:50 - <Config> - stream."inline": disabled
28/1/2019 -- 14:14:50 - <Config> - stream "bypass": disabled
28/1/2019 -- 14:14:50 - <Config> - stream "max-synack-queued": 5
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "memcap": 134217728
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "depth": 0
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "toserver-chunk-size": 2579
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "toclient-chunk-size": 2509
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly.raw: enabled
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "segment-prealloc": 2048
28/1/2019 -- 14:14:50 - <Config> - Delayed detect disabled
28/1/2019 -- 14:14:50 - <Config> - pattern matchers: MPM: ac, SPM: bm
28/1/2019 -- 14:14:50 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
28/1/2019 -- 14:14:50 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
28/1/2019 -- 14:14:50 - <Config> - prefilter engines: MPM
28/1/2019 -- 14:14:50 - <Config> - IP reputation disabled
28/1/2019 -- 14:14:50 - <Perf> - Registered 148 keyword profiling counters.
28/1/2019 -- 14:14:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
28/1/2019 -- 14:14:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
28/1/2019 -- 14:14:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
28/1/2019 -- 14:14:55 - <Config> - No rules loaded from ET-icmp.rules.
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
28/1/2019 -- 14:14:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
28/1/2019 -- 14:14:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
28/1/2019 -- 14:14:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
28/1/2019 -- 14:14:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
28/1/2019 -- 14:14:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
28/1/2019 -- 14:14:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
28/1/2019 -- 14:15:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
28/1/2019 -- 14:15:03 - <Config> - No rules loaded from local.rules.
28/1/2019 -- 14:15:03 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
28/1/2019 -- 14:15:03 - <Info> - Threshold config parsed: 0 rule(s) found
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tcp-packet
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tcp-stream
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for udp-packet
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for other-ip
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_uri
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_request_line
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_client_body
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_response_line
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header_names
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header_names
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_accept
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_accept_enc
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_accept_lang
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_referer
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_connection
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_len
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_len
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_type
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_type
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_start
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_start
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_method
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_cookie
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_cookie
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_uri
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_user_agent
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_host
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_host
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_stat_msg
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_stat_code
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for dns_query
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_sni
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_cert_issuer
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_cert_subject
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_cert_serial
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for dce_stub_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for dce_stub_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_software
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_software
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for file_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for file_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_request_line
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_response_line
28/1/2019 -- 14:15:03 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
28/1/2019 -- 14:15:03 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
28/1/2019 -- 14:15:04 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
28/1/2019 -- 14:15:04 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
28/1/2019 -- 14:15:04 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
28/1/2019 -- 14:15:04 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
28/1/2019 -- 14:15:04 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
28/1/2019 -- 14:15:04 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
28/1/2019 -- 14:15:08 - <Perf> - Unique rule groups: 104
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toserver TCP packet": 35
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toclient TCP packet": 17
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toserver TCP stream": 33
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toclient TCP stream": 19
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toserver UDP packet": 27
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toclient UDP packet": 17
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "other IP packet": 3
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_uri": 14
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_request_line": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_client_body": 6
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_response_line": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_header": 10
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_header": 6
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_header_names": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_accept": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_referer": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_content_len": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_content_type": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_content_type": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_protocol": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_start": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_method": 5
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_cookie": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_cookie": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_host": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver dns_query": 4
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver tls_sni": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver file_data": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient file_data": 7
28/1/2019 -- 14:15:10 - <Perf> - Registered 39590 rule profiling counters.
28/1/2019 -- 14:15:10 - <Info> - fast output device (regular) initialized: alert
28/1/2019 -- 14:15:10 - <Info> - eve-log output device (regular) initialized: eve.json
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'alert'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'http'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'dns'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'tls'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'files'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'ssh'
28/1/2019 -- 14:15:10 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
28/1/2019 -- 14:15:10 - <Info> - stats output device (regular) initialized: stats.log
28/1/2019 -- 14:15:10 - <Config> - AutoFP mode using "Hash" flow load balancer
28/1/2019 -- 14:15:10 - <Info> - reading pcap file /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap
28/1/2019 -- 14:15:10 - <Config> - 

This file has been truncated. Go here to download in full.


unified2.alert.1548684910 - (49291 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
4\7Év
´ÿâq

e°5¡GÀPR\7Év\7Év
´ÿ6E(Qî

e°5¡GÀPPšŸPOST /?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjHyQR=known&RLezWS=criticized&efkEXDELP=known&tcfgg4=m3S9Pp5f-NYbAroi0aHfFE0nNtaVQkVpK7630mHzBfJhZeE9BbfUTp1u9CTUbI&fgdd3s=wXnQMvXcJwDQDYbGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&lcywHOQM=detonator&MhYU=strategy&OLUJgoARt=difference&KbHYfz=perpetual&kFqtfvAM=difference&moYcb=detonator&jkCWqBcYNDk3NDQ0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 176.53.161.71
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

4\7ÉwÜ+2°5¡G

ePÀ\7Éw\7ÉwÜêEÜO:°5¡G

ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜzElPª°5¡G

ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7ÉwÜ㢰5¡G

ePÀ\7Éw\7ÉwÜêEÜO:°5¡G

ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜzElPª°5¡G

ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7ÉwÜ㣰5¡G

ePÀ\7Éw\7ÉwÜêEÜO:°5¡G

ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜzElPª°5¡G

ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7Éwá‡*øç°5¡G

ePÀN\7Éw\7Éwá‡2E$Oò°5¡G

ePÀPѝG«•ó…´ÝûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-ÂbÝïf&Øp`œ9íSÍ'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rnÝal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡2E$Oò°5¡G

ePÀP ùõó%;‹	q×ÀS2	y<qx–yš	þ¬z¿Uxjö;K«º®F]Õº1ôƒƒ×Îë6xx½‘\µÑÀydD<®¸62žžWrÂэ\ö}Òìû0ªÆInЈÀÑp£ïSÓÈÜái$¨ñØ«vµÁω§C¾
‡£ó¤OW6¸¾šs)ˆ¸1áñåUó†|“py3xjŒãs™G‡Ž#OÛ;.oBZǍ¤?:\ös9Òo³
øó«\’³§¦—êï	®”üT’ëqiÎwƒ£½Ic̶“àq`drcœ9,*ȗô¤5qÍÕr½AÏ|2Ï¿šó5ƛÃݪIÓ<|ý>:xZôӘ#Ç[›óê£Ëñš?K´çsüü5¥&ày~ÅWœ‹ñHĈ›CúVõxLš´ß™»iÐdRÉ'òœÇŸåè5þãÛN8ü5ye6lðuž­k¾p9/ã.äGÂ÷·Áàñ7áëkÈ©m/nÈ<®¿®d5ƗÃ_ÚäC<ýUrŒòs¹!7"^–5ä({sîŒ*>e]Ê!;iÈ:‡—õX]ð0…Ÿ;ͱšðõ5hÉÍ8\Œ.æbÎá¶!Ó½¸1·¹ú֙ÂÕÇé+’ÊÑ'?•~ŒÔºŸÜs»–Ý“¦L·4Çõ£×Ðq<%HrŠƒk5iŽ«oÈͱ¦<N¼&Íñï¶vԘ/¼åqÖäÓþŵՉü‹Ã…QãîRWzâdÖ%?lèo<ÎÍ?vÍwsGåeM“·qm]àðÀë'ãuäæÅ%{åu‘z}»üŽƒeÆéoü7VÅÏ/ô§JNÊM:Ö%•—…¤.eÁð><–:r@rڎ¯Ÿã^¿çšoÄ͜_
‰å*sýpùe.Ý¿{­d¸7]èÖüÆåþû0u“zïTÇát$o@9¹bº$s¶ë†ÅñUv}t'VüÊÞ£ù7ù½ZWö¤¿ß¯÷\»y|D°’ÎÏÑCæn6ÜzóÍþžý¿È7͘-Úö’à‹í½w.â“õL®rP;wÎ
Ö¥Fìÿ>®sã©
›ƒÍ3„1ÿïE‹€¹×.Þaã®éoÁNuIžsrQzˆü–}[?Z0š¿ÈÇv#~49Ý=ۉâèÛ¯TÅZ¸Q'v#<oRyŜ[¿?-sUçœôÊ÷ìl#랟QÆËzՙ1Êk 
ƒ*¿>—çё†˜‡+[ØBynJ|'®WnÄÀ6öÔûÔ$&„Úɉ«¬Ïc)ãß\[fçÚͤ
Í
韖ìF¹/«gÏö
@9²§öu28îªYºß)%ùĆä¢²ßmy[ÀoSvŸ-ÈY»Öƽ¬Šá"ߜÊoɾÄŸU
–zŸ/¥£
66¡í˜Ç—>–«aÇrWá~ìs‰ÜWþÂúýoÁFp[ž}AûÙÆ~»é1FŸÎbŽçûa¬±š2üÒXX›íq|…Kúؒ{’×Pi9
µÀx9cçeû؍7Ù@m݉%þ^šaó}oì¼Z‹Ñ‰E÷‡Kƹ‘ýp$ÿÍeÊú¸9M/x¢w'žËh䣹¹W“ÍI«Ê³Àí­ÿ2år,ÔùõèyrìÃO4.pˆgJ -ÔñÜXÖùˆ›ç;¦GàA^@÷sûr¤“ͯjÓ2å™>Ϥߚ¸cÙIî94\7Éwá‡+÷°5¡G

ePÀN\7Éw\7Éwá‡2E$Oò°5¡G

ePÀPѝG«•ó…´ÝûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-ÂbÝïf&Øp`œ9íSÍ'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rnÝal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡2E$Oò°5¡G

ePÀP ùõó%;‹	q×ÀS2	y<qx–yš	þ¬z¿Uxjö;K«º®F]Õº1ôƒƒ×Îë6xx½‘\µÑÀydD<®¸62žžWrÂэ\ö}Òìû0ªÆInЈÀÑp£ïSÓÈÜái$¨ñØ«vµÁω§C¾
‡£ó¤OW6¸¾šs)ˆ¸1áñåUó†|“py3xjŒãs™G‡Ž#OÛ;.oBZǍ¤?:\ös9Òo³
øó«\’³§¦—êï	®”üT’ëqiÎwƒ£½Ic̶“àq`drcœ9,*ȗô¤5qÍÕr½AÏ|2Ï¿šó5ƛÃݪIÓ<|ý>:xZôӘ#Ç[›óê£Ëñš?K´çsüü5¥&ày~ÅWœ‹ñHĈ›CúVõxLš´ß™»iÐdRÉ'òœÇŸåè5þãÛN8ü5ye6lðuž­k¾p9/ã.äGÂ÷·Áàñ7áëkÈ©m/nÈ<®¿®d5ƗÃ_ÚäC<ýUrŒòs¹!7"^–5ä({sîŒ*>e]Ê!;iÈ:‡—õX]ð0…Ÿ;ͱšðõ5hÉÍ8\Œ.æbÎá¶!Ó½¸1·¹ú֙ÂÕÇé+’ÊÑ'?•~ŒÔºŸÜs»–Ý“¦L·4Çõ£×Ðq<%HrŠƒk5iŽ«oÈͱ¦<N¼&Íñï¶vԘ/¼åqÖäÓþŵՉü‹Ã…QãîRWzâdÖ%?lèo<ÎÍ?vÍwsGåeM“·qm]àðÀë'ãuäæÅ%{åu‘z}»üŽƒeÆéoü7VÅÏ/ô§JNÊM:Ö%•—…¤.eÁð><–:r@rڎ¯Ÿã^¿çšoÄ͜_
‰å*sýpùe.Ý¿{­d¸7]èÖüÆåþû0u“zïTÇát$o@9¹bº$s¶ë†ÅñUv}t'VüÊÞ£ù7ù½ZWö¤¿ß¯÷\»y|D°’ÎÏÑCæn6ÜzóÍþžý¿È7͘-Úö’à‹í½w.â“õL®rP;wÎ
Ö¥Fìÿ>®sã©
›ƒÍ3„1ÿïE‹€¹×.Þaã®éoÁNuIžsrQzˆü–}[?Z0š¿ÈÇv#~49Ý=ۉâèÛ¯TÅZ¸Q'v#<oRyŜ[¿?-sUçœôÊ÷ìl#랟QÆËzՙ1Êk 
ƒ*¿>—çё†˜‡+[ØBynJ|'®WnÄÀ6öÔûÔ$&„Úɉ«¬Ïc)ãß\[fçÚͤ
Í
韖ìF¹/«gÏö
@9²§öu28îªYºß)%ùĆä¢²ßmy[ÀoSvŸ-ÈY»Öƽ¬Šá"ߜÊoɾÄŸU
–zŸ/¥£
66¡í˜Ç—>–«aÇrWá~ìs‰ÜWþÂúýoÁFp[ž}AûÙÆ~»é1FŸÎbŽçûa¬±š2üÒXX›íq|…Kúؒ{’×Pi9
µÀx9cçeû؍7Ù@m݉%þ^šaó}oì¼Z‹Ñ‰E÷‡Kƹ‘ýp$ÿÍeÊú¸9M/x¢w'žËh䣹¹W“ÍI«Ê³Àí­ÿ2år,ÔùõèyrìÃO4.pˆgJ -ÔñÜXÖùˆ›ç;¦GàA^@÷sûr¤“ͯjÓ2å™>Ϥߚ¸cÙIî94\7Éwá‡ãª°5¡G

ePÀN\7Éw\7Éwá‡2E$Oò°5¡G

ePÀPѝG«•ó…´ÝûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-ÂbÝïf&Øp`œ9íSÍ'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rnÝal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡2E$Oò°5¡G

ePÀ

This file has been truncated. Go here to download in full.


keyword_perf.log - (18040 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/28/2019 -- 14:15:12
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            9038            3               3               3133            3012.00         3012.00         0.00           
  flow             26328811        8741            8741            90816           3012.00         3012.00         0.00           
  threshold        13829           1               1               13829           13829.00        13829.00        0.00           
  content          95806646        8324            2130            6447059         11509.00        20052.00        8571.00        
  pcre             3187525         722             43              51640           4414.00         8600.00         4149.00        
  byte_test        4284356         1431            449             39746           2993.00         3118.00         2936.00        
  byte_jump        667490          212             112             41235           3148.00         3352.00         2919.00        
  isdataat         36425           13              9               3341            2801.00         2802.00         2801.00        
  flowbits         14480586        5067            121             58977           2857.00         3140.00         2850.00        
  urilen           258364          81              21              4426            3189.00         3186.00         3190.00        
  byte_extract     48780           18              18              3360            2710.00         2710.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            9038            3               3               3133            3012.00         3012.00         0.00           
  flow             26328811        8741            8741            90816           3012.00         3012.00         0.00           
  flowbits         14410189        5052            106             58977           2852.00         2920.00         2850.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          46158376        5399            1233            139251          8549.00         15645.00        6449.00        
  pcre             609057          143             5               23059           4259.00         13500.00        3924.00        
  byte_test        4243930         1417            441             39746           2995.00         3121.00         2938.00        
  byte_jump        543307          184             84              5133            2952.00         2991.00         2919.00        
  isdataat         27774           10              6               3312            2777.00         2761.00         2801.00        
  byte_extract     48780           18              18              3360            2710.00         2710.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         70397           15              15              6621            4693.00         4693.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        13829           1               1               13829           13829.00        13829.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          914892          207             80              19018           4419.00         4903.00         4114.00        
  pcre             341938          47              9               21759           7275.00         8709.00         6935.00        
  isdataat         8651            3               3               3341            2883.00         2883.00         0.00           
  urilen           258364          81              21              4426            3189.00         3186.00         3190.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1706416         43              15              177733          39684.00        40427.00        39285.00       
  pcre             57869           2               1               51640           28934.00        6229.00         51640.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          39864           13              0               3617            3066.00         0.00            3066.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43936018        1909            363             6447059         23015.00        56628.00        15122.00       
  pcre             1552155         462             0               24265           3359.00         0.00            3359.00        
  byte_test        40426           14              8               3564            2887.00         3006.00         2729.00        
  byte_jump        124183          28              28              41235           4435.00         4435.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2122160         496             302             19091           4278.00         4465.00         3987.00        
  pcre             520055          56              22              25212           9286.00         8125.00         10038.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          378627          99              65              5457            3824.00         3904.00         3672.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2970            1               0               2970            2970.00         0.00            2970.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31732           9               9               4257            3525.00         3525.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26181           6               0               4675            4363.00         0.00            4363.00        
  pcre             67500           6               0               25652           11250.00        0.00            11250.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          96487           27              24              4745            3573.00         3607.00         3299.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          77116           21              15              4706            3672.00         3777.00         3409.00        
  pcre             38951           6               6               10718           6491.00         6491.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3828            1               1               3828            3828.00         3828.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19722           6               0               3605            3287.00         0.00            3287.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match  

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-01-28-T-14-15-12-01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap.txt - (3968 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
01/10/2019-22:38:46.898303  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49167 -> 176.53.161.71:80
01/10/2019-22:38:47.056346  [**] [1:2826034:1] ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M5 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.056346  [**] [1:2024354:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.056346  [**] [1:2024355:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2816231:3] ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2820087:3] ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in Sundown/Xer EK [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2024362:2] ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2016827:3] ET INFO Suspicious Possible CollectGarbage in base64 3 [**] [Classification: Misc activity] [Priority: 3] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.670313  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49166 -> 176.53.161.71:80
01/10/2019-22:38:47.670313  [**] [1:2014726:110] ET POLICY Outdated Flash Version M1 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.10.101:49166 -> 176.53.161.71:80
01/10/2019-22:38:51.942171  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49170 -> 176.53.161.71:80
01/10/2019-22:38:55.821440  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:56.462718  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:56.734529  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.082465  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.786119  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.963737  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:39:05.122324  [**] [1:2022082:3] ET POLICY External IP Lookup ip-api.com [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.10.101:49174 -> 54.38.92.92:80
01/10/2019-22:39:13.123168  [**] [1:2816808:2] ETPRO CURRENT_EVENTS RIG EK Flash Exploit Mar 29 2016 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49166


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-01-28 14:14:49,769 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-28 14:14:50,496 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-28 14:14:50,496 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-28 14:14:50,496 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-28 14:14:50,496 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-28 14:14:50,497 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1eab11abf7d306b7007e879964b6437856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap -vvv -k none
2019-01-28 14:15:12,268 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-28 14:15:12,269 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.513890028