--------------------------------------------------------------------------
  Date: 1/28/2019 -- 14:15:12. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2819664      1        2        14997026     4.36   59       0        6512415     254186.88   0.00        254186.88  
  2        2804927      1        2        19323578     5.61   103      0        1500509     187607.55   0.00        187607.55  
  3        2021266      1        2        1610331      0.47   10       0        1464408     161033.10   0.00        161033.10  
  4        2021789      1        2        1616851      0.47   3        0        584298      538950.33   0.00        538950.33  
  5        2803027      1        6        7908050      2.30   99       0        436118      79879.29    0.00        79879.29   
  6        2018784      1        9        598504       0.17   2        0        407324      299252.00   0.00        299252.00  
  7        2025185      1        3        1007226      0.29   5        0        347918      201445.20   0.00        201445.20  
  8        2820158      1        2        7924935      2.30   51       0        324359      155390.88   0.00        155390.88  
  9        2820157      1        2        7797837      2.27   51       0        307074      152898.76   0.00        152898.76  
  10       2819930      1        2        8836975      2.57   59       0        266750      149779.24   0.00        149779.24  
  11       2020865      1        3        5077023      1.47   40       0        263468      126925.57   0.00        126925.57  
  12       2020825      1        6        268137       0.08   2        0        253432      134068.50   0.00        134068.50  
  13       2815263      1        3        1121141      0.33   6        0        235437      186856.83   0.00        186856.83  
  14       2804141      1        6        235410       0.07   1        0        235410      235410.00   0.00        235410.00  
  15       2804911      1        3        4530747      1.32   63       0        233157      71916.62    0.00        71916.62   
  16       2016855      1        2        1288275      0.37   6        0        229448      214712.50   0.00        214712.50  
  17       2804907      1        3        3209751      0.93   47       0        209065      68292.57    0.00        68292.57   
  18       2016854      1        3        1096083      0.32   6        0        203322      182680.50   0.00        182680.50  
  19       2024554      1        7        273817       0.08   2        0        195209      136908.50   0.00        136908.50  
  20       2801929      1        7        9202365      2.67   147      0        166838      62601.12    0.00        62601.12   
  21       2802991      1        5        2688599      0.78   44       0        160390      61104.52    0.00        61104.52   
  22       2801930      1        7        8734632      2.54   147      0        159416      59419.27    0.00        59419.27   
  23       2803657      1        5        1668272      0.48   25       0        159384      66730.88    0.00        66730.88   
  24       2815778      1        6        232576       0.07   2        0        155758      116288.00   0.00        116288.00  
  25       2024565      1        3        263893       0.08   2        0        151011      131946.50   0.00        131946.50  
  26       2823263      1        3        246741       0.07   2        0        150606      123370.50   0.00        123370.50  
  27       2802987      1        5        15483374     4.50   285      0        145979      54327.63    0.00        54327.63   
  28       2827094      1        2        987551       0.29   11       0        143525      89777.36    0.00        89777.36   
  29       2809747      1        2        1113874      0.32   12       0        139228      92822.83    0.00        92822.83   
  30       2020470      1        6        153248       0.04   2        0        138281      76624.00    0.00        76624.00   
  31       2018789      1        3        1262813      0.37   25       0        132002      50512.52    0.00        50512.52   
  32       2017552      1        6        16219995     4.71   1142     0        126879      14203.15    0.00        14203.15   
  33       2020318      1        8        553260       0.16   5        0        125657      110652.00   0.00        110652.00  
  34       2804906      1        3        846368       0.25   15       0        122498      56424.53    0.00        56424.53   
  35       2825671      1        2        119279       0.03   1        0        119279      119279.00   0.00        119279.00  
  36       2024049      1        2        281148       0.08   3        3        115031      93716.00    93716.00    0.00       
  37       2017133      1        3        531482       0.15   5        0        114205      106296.40   0.00        106296.40  
  38       2826092      1        2        114133       0.03   1        0        114133      114133.00   0.00        114133.00  
  39       2018342      1        2        1149816      0.33   11       0        111793      104528.73   0.00        104528.73  
  40       2024031      1        2        593223       0.17   6        0        111475      98870.50    0.00        98870.50   
  41       2813059      1        4        204218       0.06   2        0        109027      102109.00   0.00        102109.00  
  42       2805985      1        2        965964       0.28   20       0        108885      48298.20    0.00        48298.20   
  43       2808234      1        1        943622       0.27   20       0        103146      47181.10    0.00        47181.10   
  44       2820811      1        2        1661258      0.48   111      0        102137      14966.29    0.00        14966.29   
  45       2811745      1        4        529080       0.15   6        0        98753       88180.00    0.00        88180.00   
  46       2016143      1        3        979637       0.28   62       0        98379       15800.60    0.00        15800.60   
  47       2016549      1        4        248561       0.07   4        0        96212       62140.25    0.00        62140.25   
  48       2013352      1        4        506897       0.15   49       0        93420       10344.84    0.00        10344.84   
  49       2815133      1        2        92361        0.03   1        0        92361       92361.00    0.00        92361.00   
  50       2816842      1        3        559528       0.16   36       0        91780       15542.44    0.00        15542.44   
  51       2815183      1        2        91393        0.03   1        0        91393       91393.00    0.00        91393.00   
  52       2020569      1        1        901608       0.26   20       0        90479       45080.40    0.00        45080.40   
  53       2018375      1        3        2731574      0.79   209      0        89796       13069.73    0.00        13069.73   
  54       2019758      1        2        174444       0.05   3        0        89786       58148.00    0.00        58148.00   
  55       2829792      1        2        540890       0.16   7        0        89753       77270.00    0.00        77270.00   
  56       2022050      1        3        922146       0.27   20       0        89498       46107.30    0.00        46107.30   
  57       2807400      1        3        920303       0.27   20       0        89486       46015.15    0.00        46015.15   
  58       2018982      1        2        927804       0.27   20       0        89201       46390.20    0.00        46390.20   
  59       2819931      1        2        210799       0.06   5        0        88984       42159.80    0.00        42159.80   
  60       2018241      1        2        517927       0.15   49       0        88777       10569.94    0.00        10569.94   
  61       2020726      1        2        315104       0.09   4        0        88040       78776.00    0.00        78776.00   
  62       2019345      1        2        7860510      2.28   537      0        86604       14637.82    0.00        14637.82   
  63       2826034      1        1        149193       0.04   13       1        85807       11476.38    85807.00    5282.17    
  64       2022939      1        3        197256       0.06   6        0        84690       32876.00    0.00        32876.00   
  65       2826332      1        2        148359       0.04   2        0        82609       74179.50    0.00        74179.50   
  66       2015744      1        4        393816       0.11   27       5        81710       14585.78    66093.60    2879.45    
  67       2014819      1        3        429948       0.12   6        0        80782       71658.00    0.00        71658.00   
  68       2809513      1        5        78573        0.02   1        0        78573       78573.00    0.00        78573.00   
  69       2021749      1        6        110443       0.03   12       0        78486       9203.58     0.00        9203.58    
  70       2017166      1        4        311111       0.09   6        0        77074       51851.83    0.00        51851.83   
  71       2816438      1        4        76759        0.02   1        0        76759       76759.00    0.00        76759.00   
  72       2024771      1        1        11862806     3.45   2372     0        76221       5001.18     0.00        5001.18    
  73       2803653      1        6        75398        0.02   1        0        75398       75398.00    0.00        75398.00   
  74       2821156      1        2        75267        0.02   1        0        75267       75267.00    0.00        75267.00   
  75       2816389      1        2        74693        0.02   1        0        74693       74693.00    0.00        74693.00   
  76       2815818      1        8        74228        0.02   1        0        74228       74228.00    0.00        74228.00   
  77       2016948      1        2        1785162      0.52   126      0        72000       14167.95    0.00        14167.95   
  78       2811389      1        3        71839        0.02   1        0        71839       71839.00    0.00        71839.00   
  79       2828863      1        2        271860       0.08   4        0        71653       67965.00    0.00        67965.00   
  80       2816909      1        2        150383       0.04   3        0        70821       50127.67    0.00        50127.67   
  81       2809306      1        4        5260980      1.53   357      0        70690       14736.64    0.00        14736.64   
  82       2021076      1        2        750667       0.22   49       0        70380       15319.73    0.00        15319.73   
  83       2820812      1        2        307943       0.09   16       0        69961       19246.44    0.00        19246.44   
  84       2009054      1        8        126145       0.04   3        0        69887       42048.33    0.00        42048.33   
  85       2811390      1        2        180691       0.05   3        0        69575       60230.33    0.00        60230.33   
  86       2829214      1        2        111557       0.03   2        0        69125       55778.50    0.00        55778.50   
  87       2017824      1        3        134149       0.04   2        0        68393       67074.50    0.00        67074.50   
  88       2016333      1        4        393159       0.11   6        0        67343       65526.50    0.00        65526.50   
  89       2024555      1        7        68518        0.02   2        1        65741       34259.00    65741.00    2777.00    
  90       2806294      1        4        65684        0.02   1        0        65684       65684.00    0.00        65684.00   
  91       2816941      1        3        65408        0.02   1        0        65408       65408.00    0.00        65408.00   
  92       2815826      1        3        64833        0.02   1        0        64833       64833.00    0.00        64833.00   
  93       2025330      1        1        112245       0.03   2        0        64499       56122.50    0.00        56122.50   
  94       2814979      1        2        179224       0.05   26       0        64466       6893.23     0.00        6893.23    
  95       2814978      1        2        178244       0.05   26       0        64269       6855.54     0.00        6855.54    
  96       2819880      1        2        64237        0.02   1        0        64237       64237.00    0.00        64237.00   
  97       2016503      1        2        804880       0.23   52       0        63823       15478.46    0.00        15478.46   
  98       2025064      1        5        146990       0.04   3        0        63474       48996.67    0.00        48996.67   
  99       2022197      1        3        106702       0.03   3        0        63409       35567.33    0.00        35567.33   
  100      2018959      1        3        706773       0.21   49       1        62595       14423.94    62595.00    13420.38   
  101      2016537      1        2        16406574     4.77   1138     0        62589       14417.02    0.00        14417.02   
  102      2810991      1        4        62541        0.02   1        0        62541       62541.00    0.00        62541.00   
  103      2014380      1        4        188653       0.05   8        0        62451       23581.62    0.00        23581.62   
  104      2823534      1        2        60749        0.02   1        0        60749       60749.00    0.00        60749.00   
  105      2821615      1        2        482257       0.14   13       0        59429       37096.69    0.00        37096.69   
  106      2014353      1        6        427938       0.12   49       0        58898       8733.43     0.00        8733.43    
  107      2816940      1        2        171349       0.05   3        0        58454       57116.33    0.00        57116.33   
  108      2810481      1        4        1623144      0.47   75       0        58285       21641.92    0.00        21641.92   
  109      2816927      1        3        135637       0.04   3        0        58191       45212.33    0.00        45212.33   
  110      2821839      1        2        415776       0.12   11       0        56292       37797.82    0.00        37797.82   
  111      2009909      1        10       314591       0.09   20       0        56242       15729.55    0.00        15729.55   
  112      2816910      1        2        132989       0.04   3        0        56106       44329.67    0.00        44329.67   
  113      2822213      1        2        170269       0.05   27       0        55901       6306.26     0.00        6306.26    
  114      2830124      1        1        262877       0.08   6        0        55824       43812.83    0.00        43812.83   
  115      2018377      1        3        681424       0.20   209      0        55759       3260.40     0.00        3260.40    
  116      2008438      1        20       899753       0.26   20       0        55531       44987.65    0.00        44987.65   
  117      2009028      1        11       389744       0.11   49       0        55325       7953.96     0.00        7953.96    
  118      2022502      1        4        544681       0.16   13       0        55087       41898.54    0.00        41898.54   
  119      2820928      1        2        1611436      0.47   111      0        55062       14517.44    0.00        14517.44   
  120      2810686      1        6        301653       0.09   6        0        54234       50275.50    0.00        50275.50   
  121      2806802      1        2        4102625      1.19   202      0        54155       20310.02    0.00        20310.02   
  122      2013441      1        9        302813       0.09   20       0        54105       15140.65    0.00        15140.65   
  123      2024650      1        1        1779516      0.52   123      0        53999       14467.61    0.00        14467.61   
  124      2815254      1        7        53817        0.02   1        0        53817       53817.00    0.00        53817.00   
  125      2821561      1        2        1

Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3672          2792542     1101010325     631114969       2317.5b   99.87
 IPv4      17             8         19050048     1082822021     378682479          3.0b    0.13
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3672            67278       16384254        332952          1.2b   95.54
TMM_FLOWWORKER              IPv4      17             8           335228        9898856       1626941         13.0m    1.02
TMM_RECEIVEPCAPFILE         IPv4       6          3659             2535        4631296          4203         15.4m    1.20
TMM_RECEIVEPCAPFILE         IPv4      17             8             2582          10244          3711         29.7k    0.00
TMM_DECODEPCAPFILE          IPv4       6          3659             2645        4519424          7808         28.6m    2.23
TMM_DECODEPCAPFILE          IPv4      17             8             2860          31297          7132         57.1k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3659             2813          51913          3310         12.1m  1.04  
flow                    IPv4      17             8             3486          22668          7744         62.0k  0.01  
stream                  IPv4       6          3672             2765       10294947         11128         40.9m  3.51  
app-layer               IPv4      17             8            10532          63744         27210        217.7k  0.02  
detect                  IPv4       6          3672            45218       16345247        298611          1.1b  94.20 
detect                  IPv4      17             8           268510         640556        386959          3.1m  0.27  
tcp-prune               IPv4       6          3672             2543          62704          3031         11.1m  0.96  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            12             2838          26389          7484         89.8k  47.96 
tls                     IPv4       6             2             2700           3732          3216          6.4k  3.43  
dns                     IPv4      17             8             4946          32447         11378         91.0k  48.61 
Proto detect            IPv4      17             8             6115          38177         16229        129.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            13            20318          97377         63965        831.5k  5.43  
LOGGER_UNIFIED2             IPv4       6            13            41610         154916         90390          1.2m  7.68  
LOGGER_JSON_ALERT           IPv4       6            13            37114         163101         96561          1.3m  8.20  
LOGGER_JSON_DNS             IPv4      17             8            34157        9135576       1186386          9.5m  62.02 
LOGGER_JSON_HTTP            IPv4       6            13            34097         160961        108352          1.4m  9.20  
LOGGER_JSON_TLS             IPv4       6             1            67620          67620         67620         67.6k  0.44  
LOGGER_JSON_FILE            IPv4       6            14            43425         111877         76731          1.1m  7.02  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2511             2579       16203286         27610        69.3m  19.38 
payload                           IPv4      17             8            21830          32452         27045       216.4k  0.06  
stream                            IPv4       6          2511             2533        1867177         35631        89.5m  25.01 
http_uri                          IPv4       6            13             3505          82150         25845       336.0k  0.09  
http_request_line                 IPv4       6            13             3652          11440          7714       100.3k  0.03  
http_client_body                  IPv4       6            39             2599         697113         27304         1.1m  0.30  
http_header (request)             IPv4       6            13            22994         136351         87416         1.1m  0.32  
http_header (request trailer)     IPv4       6            13             2601           3098          2721        35.4k  0.01  
http_header_names (request)       IPv4       6            13             9585          31653         21354       277.6k  0.08  
http_accept (request)             IPv4       6            13             4101           8410          6393        83.1k  0.02  
http_referer (request)            IPv4       6            13             2940           8416          3757        48.8k  0.01  
http_content_len (request)        IPv4       6            13             2936           5960          3941        51.2k  0.01  
http_content_type (request)       IPv4       6            13             2941          11652          5489        71.4k  0.02  
http_protocol (request)           IPv4       6            13             3081           6979          5493        71.4k  0.02  
http_start (request)              IPv4       6            13             8758          24096         17699       230.1k  0.06  
http_raw_header (request)         IPv4       6            39             5325          38377          9828       383.3k  0.11  
http_method                       IPv4       6            13             3895          19003          7290        94.8k  0.03  
http_cookie (request)             IPv4       6            13             3021          23295          5258        68.4k  0.02  
http_raw_uri                      IPv4       6            13             2672          14514          6720        87.4k  0.02  
http_user_agent                   IPv4       6            13             2958          29760          8941       116.2k  0.03  
http_host                         IPv4       6            13             3774          10152          7472        97.1k  0.03  
dns_query                         IPv4      17             4             8318          13549         10447        41.8k  0.01  
tls_sni                           IPv4       6             3             3172          10086          7083        21.2k  0.01  
http_response_line                IPv4       6            13             3404          11483          8920       116.0k  0.03  
http_header (response)            IPv4       6            13            15092         109240         45667       593.7k  0.17  
http_header (response trailer)    IPv4       6            13             2612          42277          7964       103.5k  0.03  
http_content_type (response)      IPv4       6            13             3633          10234          8223       106.9k  0.03  
http_raw_header (response)        IPv4       6          2414             3540          31675          4847        11.7m  3.27  
http_cookie (response)            IPv4       6            13             3139           4997          3513        45.7k  0.01  
http_stat_code                    IPv4       6            13             2782          19437          5315        69.1k  0.02  
tls_cert_issuer                   IPv4       6             1            15153          15153         15153        15.2k  0.00  
tls_cert_subject                  IPv4       6             1             5032           5032          5032         5.0k  0.00  
tls_cert_serial                   IPv4       6             1             6099           6099          6099         6.1k  0.00  
file_data (http response)         IPv4       6          2401             2553        6535451         75604       181.5m  50.75 
Total                             IPv4                 10219                                         35005       357.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            14             3395         108965         43622        610.7k  0.04  
PROF_DETECT_IPONLY          IPv4      17             8            37582          82658         52751        422.0k  0.03  
PROF_DETECT_RULES           IPv4       6          3672             2531        7843189        111445        409.2m  27.13 
PROF_DETECT_RULES           IPv4      17             8            84294         310705        194749          1.6m  0.10  
PROF_DETECT_STATEFUL_START    IPv4       6          1567             5098        7510562         51945         81.4m  5.40  
PROF_DETECT_STATEFUL_CONT    IPv4       6          3672             2531       14467636         18055         66.3m  4.39  
PROF_DETECT_STATEFUL_CONT    IPv4      17             8             5791          88887         20441        163.5k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          3644             2546          37461          2845         10.4m  0.69  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             8             2628           3822          2980         23.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          3672             7771       16259605        127072        466.6m  30.93 
PROF_DETECT_PREFILTER       IPv4      17             8            46742          86911         61048        488.4k  0.03  
PROF_DETECT_PF_PAYLOAD      IPv4       6          2511            13806       16216067         71511        179.6m  11.90 
PROF_DETECT_PF_PAYLOAD      IPv4      17             8            26910          37766         32213        257.7k  0.02  
PROF_DETECT_PF_TX           IPv4       6          3644             2549        6551599         61384        223.7m  14.83 
PROF_DETECT_PF_TX           IPv4      17             4            14011          20027         16353         65.4k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6          2049             2527          58198          3768          7.7m  0.51  
PROF_DETECT_PF_SORT1        IPv4      17             8             3165           4085          3597         28.8k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          3672             2510          46508          2919         10.7m  0.71  
PROF_DETECT_PF_SORT2        IPv4      17             8             2866          12028          4451         35.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          3672             2533        6300979          4722         17.3m  1.15  
PROF_DETECT_NONMPMLIST      IPv4      17             8             2925           3834          3342         26.7k  0.00  
PROF_DETECT_ALERT           IPv4       6          3672             2512          63534          2807         10.3m  0.68  
PROF_DETECT_ALERT           IPv4      17             8             2524          18008          4733         37.9k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          3672             2556          37981          2890         10.6m  0.70  
PROF_DETECT_CLEANUP         IPv4      17             8             3388          31623          7645         61.2k  0.00  
PROF_DETECT_GETSGH          IPv4       6          3672             2518          50888          2981         10.9m  0.73  
PROF_DETECT_GETSGH          IPv4      17             8             6260           7731          6661         53.3k  0.00  

------------------------------------------------------------------------------------
Date: 1/28/2019 -- 14:15:12 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3667
decoder.bytes                              | Total                     | 3341433
decoder.ipv4                               | Total                     | 3667
decoder.ethernet                           | Total                     | 3667
decoder.tcp                                | Total                     | 3659
decoder.udp                                | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 911
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 4
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 19
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 6
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 13
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 4
app_layer.tx.dns_udp                       | Total                     | 4
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65533
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076896

{"timestamp":"2019-01-10T22:38:44.686851+0000","flow_id":1792572405349123,"pcap_cnt":1,"event_type":"dns","src_ip":"10.1.10.101","src_port":60657,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43479,"rrname":"datitngforllives.info","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:44.805583+0000","flow_id":1792572405349123,"pcap_cnt":2,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":60657,"proto":"UDP","dns":{"type":"answer","id":43479,"rcode":"NOERROR","rrname":"datitngforllives.info","rrtype":"A","ttl":5,"rdata":"88.208.7.193"}}
{"timestamp":"2019-01-10T22:38:45.311464+0000","flow_id":378072171143675,"pcap_cnt":10,"event_type":"http","src_ip":"10.1.10.101","src_port":49159,"dest_ip":"88.208.7.193","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"datitngforllives.info","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:45.360076+0000","flow_id":574807443078796,"pcap_cnt":11,"event_type":"dns","src_ip":"10.1.10.101","src_port":55958,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10387,"rrname":"www.needgrow.info","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:45.479147+0000","flow_id":574807443078796,"pcap_cnt":12,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":55958,"proto":"UDP","dns":{"type":"answer","id":10387,"rcode":"NOERROR","rrname":"www.needgrow.info","rrtype":"A","ttl":5,"rdata":"185.56.233.186"}}
{"timestamp":"2019-01-10T22:38:45.762891+0000","flow_id":1827434654946253,"pcap_cnt":23,"event_type":"tls","src_ip":"10.1.10.101","src_port":49165,"dest_ip":"185.56.233.186","dest_port":443,"proto":"TCP","tls":{"subject":"CN=needgrow.info","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-01-10T22:38:46.898303+0000","flow_id":722133411328677,"pcap_cnt":45,"event_type":"alert","src_ip":"10.1.10.101","src_port":49167,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":722133411328677,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2826034,"rev":1,"signature":"ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M5","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":722133411328677,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024354,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":722133411328677,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024355,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816231,"rev":3,"signature":"ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2820087,"rev":3,"signature":"ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in Sundown\/Xer EK","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024362,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":722133411328677,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016827,"rev":3,"signature":"ET INFO Suspicious Possible CollectGarbage in base64 3","category":"Misc activity","severity":3}}
{"timestamp":"2019-01-10T22:38:47.215838+0000","flow_id":722133411328677,"pcap_cnt":103,"event_type":"http","src_ip":"10.1.10.101","src_port":49167,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjHyQR=known&RLezWS=criticized&efkEXDELP=known&tcfgg4=m3S9Pp5f-NYbAroi0aHfFE0nNtaVQkVpK7630mHzBfJhZeE9BbfUTp1u9CTUbI&fgdd3s=wXnQMvXcJwDQDYbGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&lcywHOQM=detonator&MhYU=strategy&OLUJgoARt=difference&KbHYfz=perpetual&kFqtfvAM=difference&moYcb=detonator&jkCWqBcYNDk3NDQ0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:47.670313+0000","flow_id":1100880807359240,"pcap_cnt":108,"event_type":"alert","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.670313+0000","flow_id":1100880807359240,"pcap_cnt":108,"event_type":"alert","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014726,"rev":110,"signature":"ET POLICY Outdated Flash Version M1","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2019-01-10T22:38:47.831691+0000","flow_id":1100880807359240,"pcap_cnt":149,"event_type":"http","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?NTY0Nzg2&fxdHtUMO&fgdd3s=wXfQMvXcJwDQDYbGMvrESLtDNknQA0KK2Ij2_dqyEoH9fWnihNzUSkr76B2aCm3S&JCAADqEwDpBRic=strategy&wgNPPdER=perpetual&PaoiDRBWQfuvQao=strategy&eFoeQKlDAaH=criticized&MvTDtSlkplYeG=community&QTxsXsucUtoHal=strategy&DDtsYDxFL=known&HiinXW=golfer&dGGXjZPv=referred&XYIQwaOPuQJNfq=community&OpwtDAkoL=professional&tcfgg4=9PV5f-NYbArohUaHfFE0nNtaVQkVpK7630mHzBfJhZeE-hbfUQlD_JWcE4F4nwvF&MGXQAShN=difference&ZCEBeUbfC=everyone&aPdSnKfnTBCNMG=blackmail&uUeilSxHmaiwo=already&CODcssdzxNDI4ODMy","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/x-shockwave-flash"}}
{"timestamp":"2019-01-10T22:38:51.942171+0000","flow_id":1387745968298333,"pcap_cnt":158,"event_type":"alert","src_ip":"10.1.10.101","src_port":49170,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:53.165096+0000","flow_id":1387745968298333,"pcap_cnt":809,"event_type":"http","src_ip":"10.1.10.101","src_port":49170,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?NTgxNTM4&xPPmZDFrSehlGee&ByHCbhyhLcL=blackmail&wchiumQhaCAV=detonator&puPFBsD=difference&DEBAiFkrVEg=heartfelt&fgdd3s=wHfQMvXcJwDJFYbGMvrERqNbNknQA06PxpH2_drYdZqxKGni1-b5UUSk6FuCEh3h9vI&jmxzfYbewVI=vest&yddhzfp=known&CYxTETSmutZ=heartfelt&VTofgMElKGpgC=everyone&ANheaHFkbsz=already&qSfyMreHMO=known&veVdeVp=community&UJhUlFUvJfGgP=known&ajdklwKeGf=referred&UCdIyXWEd=golfer&tcfgg4=keeABNVLohUyDfAI1yYldB11A8fqoiRWEmxOdicKH_ROOMw11-ZuWF7Iz2VTFkvEXd_s&TTOkOtrpyQt=heartfelt&sGwhHmzJMTQ2MTc1","http_content_type":"application\/x-msdownload"}}
{"timestamp":"2019-01-10T22:38:54.647052+0000","flow_id":4629060312972,"pcap_cnt":811,"event_type":"dns","src_ip":"10.1.10.101","src_port":54819,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5330,"rrname":"tepingost.ug","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:55.058667+0000","flow_id":4629060312972,"pcap_cnt":812,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":54819,"proto":"UDP","dns":{"type":"answer","id":5330,"rcode":"NOERROR","rrname":"tepingost.ug","rrtype":"A","ttl":5,"rdata":"190.115.22.22"}}
{"timestamp":"2019-01-10T22:38:55.490426+0000","flow_id":1894161267491812,"pcap_cnt":819,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"tepingost.ug","url":"\/251","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:55.495951+0000","flow_id":1894161267491812,"pcap_cnt":821,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/251","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":162},"app_proto":"http","fileinfo":{"filename":"\/251","gaps":false,"state":"CLOSED","stored":false,"size":186,"tx_id":0}}
{"timestamp":"2019-01-10T22:38:55.821440+0000","flow_id":1894161267491812,"pcap_cnt":862,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.462718+0000","flow_id":1894161267491812,"pcap_cnt":1191,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.563920+0000","flow_id":1894161267491812,"pcap_cnt":1203,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"tepingost.ug","url":"\/freebl3.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:56.566213+0000","flow_id":1894161267491812,"pcap_cnt":1205,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/freebl3.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":334288},"app_proto":"http","fileinfo":{"filename":"\/freebl3.dll","gaps":false,"state":"CLOSED","stored":false,"size":334288,"tx_id":1}}
{"timestamp":"2019-01-10T22:38:56.734529+0000","flow_id":1894161267491812,"pcap_cnt":1345,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.736863+0000","flow_id":1894161267491812,"pcap_cnt":1366,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"tepingost.ug","url":"\/mozglue.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:56.738292+0000","flow_id":1894161267491812,"pcap_cnt":1368,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/mozglue.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":137168},"app_proto":"http","fileinfo":{"filename":"\/mozglue.dll","gaps":false,"state":"CLOSED","stored":false,"size":137168,"tx_id":2}}
{"timestamp":"2019-01-10T22:38:57.082465+0000","flow_id":1894161267491812,"pcap_cnt":1849,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57.243581+0000","flow_id":1894161267491812,"pcap_cnt":1893,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"tepingost.ug","url":"\/msvcp140.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:57.246341+0000","flow_id":1894161267491812,"pcap_cnt":1895,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/msvcp140.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":440120},"app_proto":"http","fileinfo":{"filename":"\/msvcp140.dll","gaps":false,"state":"CLOSED","stored":false,"size":440120,"tx_id":3}}
{"timestamp":"2019-01-10T22:38:57.786119+0000","flow_id":1894161267491812,"pcap_cnt":3270,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57.792212+0000","flow_id":1894161267491812,"pcap_cnt":3334,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"tepingost.ug","url":"\/nss3.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:57.794514+0000","flow_id":1894161267491812,"pcap_cnt":3336,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/nss3.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1246160},"app_proto":"http","fileinfo":{"filename":"\/nss3.dll","gaps":false,"state":"CLOSED","stored":false,"size":1246160,"tx_id":4}}
{"timestamp":"2019-01-10T22:38:57.963737+0000","flow_id":1894161267491812,"pcap_cnt":3488,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57

lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1eab11abf7d306b7007e879964b6437856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap -vvv -k none
elapsedtime:21.769546
stderr:
stdout:
28/1/2019 -- 14:14:50 - <Info> - Configuration node 'rule-files' redefined.
28/1/2019 -- 14:14:50 - <Notice> - This is Suricata version 4.0.0 RELEASE
28/1/2019 -- 14:14:50 - <Info> - CPUs/cores online: 1
28/1/2019 -- 14:14:50 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31418 and 'request-body-inspect-window' set to 15743 after randomization.
28/1/2019 -- 14:14:50 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32898 and 'response-body-inspect-window' set to 15899 after randomization.
28/1/2019 -- 14:14:50 - <Config> - DNS request flood protection level: 500
28/1/2019 -- 14:14:50 - <Config> - DNS per flow memcap (state-memcap): 524288
28/1/2019 -- 14:14:50 - <Config> - DNS global memcap: 16777216
28/1/2019 -- 14:14:50 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
28/1/2019 -- 14:14:50 - <Config> - preallocated 1000 hosts of size 136
28/1/2019 -- 14:14:50 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
28/1/2019 -- 14:14:50 - <Config> - using magic-file /usr/share/file/magic
28/1/2019 -- 14:14:50 - <Config> - Core dump size is unlimited.
28/1/2019 -- 14:14:50 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
28/1/2019 -- 14:14:50 - <Config> - preallocated 1000 defrag trackers of size 168
28/1/2019 -- 14:14:50 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
28/1/2019 -- 14:14:50 - <Config> - stream "prealloc-sessions": 2048 (per thread)
28/1/2019 -- 14:14:50 - <Config> - stream "memcap": 33554432
28/1/2019 -- 14:14:50 - <Config> - stream "midstream" session pickups: disabled
28/1/2019 -- 14:14:50 - <Config> - stream "async-oneside": disabled
28/1/2019 -- 14:14:50 - <Config> - stream "checksum-validation": disabled
28/1/2019 -- 14:14:50 - <Config> - stream."inline": disabled
28/1/2019 -- 14:14:50 - <Config> - stream "bypass": disabled
28/1/2019 -- 14:14:50 - <Config> - stream "max-synack-queued": 5
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "memcap": 134217728
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "depth": 0
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "toserver-chunk-size": 2579
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "toclient-chunk-size": 2509
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly.raw: enabled
28/1/2019 -- 14:14:50 - <Config> - stream.reassembly "segment-prealloc": 2048
28/1/2019 -- 14:14:50 - <Config> - Delayed detect disabled
28/1/2019 -- 14:14:50 - <Config> - pattern matchers: MPM: ac, SPM: bm
28/1/2019 -- 14:14:50 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
28/1/2019 -- 14:14:50 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
28/1/2019 -- 14:14:50 - <Config> - prefilter engines: MPM
28/1/2019 -- 14:14:50 - <Config> - IP reputation disabled
28/1/2019 -- 14:14:50 - <Perf> - Registered 148 keyword profiling counters.
28/1/2019 -- 14:14:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
28/1/2019 -- 14:14:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
28/1/2019 -- 14:14:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
28/1/2019 -- 14:14:55 - <Config> - No rules loaded from ET-icmp.rules.
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
28/1/2019 -- 14:14:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
28/1/2019 -- 14:14:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
28/1/2019 -- 14:14:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
28/1/2019 -- 14:14:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
28/1/2019 -- 14:14:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
28/1/2019 -- 14:14:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
28/1/2019 -- 14:14:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
28/1/2019 -- 14:15:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
28/1/2019 -- 14:15:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
28/1/2019 -- 14:15:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
28/1/2019 -- 14:15:03 - <Config> - No rules loaded from local.rules.
28/1/2019 -- 14:15:03 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
28/1/2019 -- 14:15:03 - <Info> - Threshold config parsed: 0 rule(s) found
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tcp-packet
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tcp-stream
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for udp-packet
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for other-ip
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_uri
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_request_line
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_client_body
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_response_line
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header_names
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_header_names
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_accept
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_accept_enc
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_accept_lang
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_referer
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_connection
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_len
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_len
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_type
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_content_type
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_start
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_start
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_header
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_method
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_cookie
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_cookie
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_uri
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_user_agent
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_host
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_raw_host
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_stat_msg
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_stat_code
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for dns_query
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_sni
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_cert_issuer
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_cert_subject
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for tls_cert_serial
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for dce_stub_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for dce_stub_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_protocol
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_software
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for ssh_software
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for file_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for file_data
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_request_line
28/1/2019 -- 14:15:03 - <Perf> - using shared mpm ctx' for http_response_line
28/1/2019 -- 14:15:03 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
28/1/2019 -- 14:15:03 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
28/1/2019 -- 14:15:04 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
28/1/2019 -- 14:15:04 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
28/1/2019 -- 14:15:04 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
28/1/2019 -- 14:15:04 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
28/1/2019 -- 14:15:04 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
28/1/2019 -- 14:15:04 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
28/1/2019 -- 14:15:08 - <Perf> - Unique rule groups: 104
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toserver TCP packet": 35
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toclient TCP packet": 17
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toserver TCP stream": 33
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toclient TCP stream": 19
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toserver UDP packet": 27
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "toclient UDP packet": 17
28/1/2019 -- 14:15:08 - <Perf> - Builtin MPM "other IP packet": 3
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_uri": 14
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_request_line": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_client_body": 6
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_response_line": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_header": 10
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_header": 6
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_header_names": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_accept": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_referer": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_content_len": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_content_type": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_content_type": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_protocol": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_start": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_method": 5
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_cookie": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_cookie": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver http_host": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver dns_query": 4
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver tls_sni": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toserver file_data": 1
28/1/2019 -- 14:15:08 - <Perf> - AppLayer MPM "toclient file_data": 7
28/1/2019 -- 14:15:10 - <Perf> - Registered 39590 rule profiling counters.
28/1/2019 -- 14:15:10 - <Info> - fast output device (regular) initialized: alert
28/1/2019 -- 14:15:10 - <Info> - eve-log output device (regular) initialized: eve.json
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'alert'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'http'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'dns'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'tls'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'files'
28/1/2019 -- 14:15:10 - <Config> - enabling 'eve-log' module 'ssh'
28/1/2019 -- 14:15:10 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
28/1/2019 -- 14:15:10 - <Info> - stats output device (regular) initialized: stats.log
28/1/2019 -- 14:15:10 - <Config> - AutoFP mode using "Hash" flow load balancer
28/1/2019 -- 14:15:10 - <Info> - reading pcap file /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap
28/1/2019 -- 14:15:10 - <Config> - 

4
\7Év
´ÿâq




e°5¡GÀPR
\7Év\7Év
´ÿ
6E(Qî


e°5¡GÀPPšŸPOST /?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjHyQR=known&RLezWS=criticized&efkEXDELP=known&tcfgg4=m3S9Pp5f-NYbAroi0aHfFE0nNtaVQkVpK7630mHzBfJhZeE9BbfUTp1u9CTUbI&fgdd3s=wXnQMvXcJwDQDYbGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&lcywHOQM=detonator&MhYU=strategy&OLUJgoARt=difference&KbHYfz=perpetual&kFqtfvAM=difference&moYcb=detonator&jkCWqBcYNDk3NDQ0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 176.53.161.71
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

4\7ÉwÜ+2


°5¡G


ePÀ\7Éw\7ÉwÜ
êEÜO:°5¡G


ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn
}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜ
zElPª°5¡G


ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ
?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf
	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7ÉwÜã¢

°5¡G


ePÀ\7Éw\7ÉwÜ
êEÜO:°5¡G


ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn
}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜ
zElPª°5¡G


ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ
?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf
	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7ÉwÜã£

°5¡G


ePÀ\7Éw\7ÉwÜ
êEÜO:°5¡G


ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn
}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜ
zElPª°5¡G


ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ
?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf
	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7Éwá‡*øç

°5¡G


ePÀN\7Éw\7Éwá‡
2E$Oò°5¡G


ePÀPѝG«•ó…´Ý
ûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-Âb
Ýïf&Øp`œ9íSÍ
'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rn
Ýal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡
2E$Oò°5¡G


ePÀP ùõó%;‹	q×ÀS2	y<qx–yš	þ¬z¿Uxjö;K«º®F]Õº1ôƒƒ×Îë6xx½‘\µÑÀydD<®¸62žžWrÂэ\ö}Òìû0ªÆInЈÀÑp£ïSÓÈÜái$¨ñØ«vµÁω§C¾
‡£ó¤
OW6¸¾šs)ˆ¸1áñåUó†|“py3xjŒãs™G‡Ž#OÛ;.oBZǍ¤?:\ös9Òo³
øó«\’³§¦—êï	®”üT’ëqiÎwƒ£½Ic̶“àq`drcœ9,*ȗô¤5qÍÕr½AÏ|2Ï¿šó5ƛÃݪIÓ<|ý>:xZôӘ#Ç[›óê£Ëñš?K´çsüü5¥&ày~ÅWœ‹ñHĈ›CúVõxLš´ß™»iÐdRÉ'òœÇŸåè5þãÛN8ü5ye6lðuž­k¾p9/ã.äGÂ÷·Áàñ7áëkÈ©m/nÈ<®¿®d5ƗÃ_ÚäC<ýUrŒòs¹!7"^–5ä({sîŒ*>e]Ê!;iÈ:‡—õX]ð0…Ÿ;ͱšðõ5hÉÍ8\Œ.æbÎá¶!Ó½¸1·¹ú֙ÂÕÇé+’ÊÑ'?•~ŒÔºŸÜs»–Ý“¦L·4Çõ£×Ðq<%HrŠƒk5iŽ«oÈͱ¦<N¼&Íñï¶vԘ/¼åqÖäÓþŵՉü‹Ã…QãîRWzâdÖ%?lèo<ÎÍ?vÍwsGåeM“·qm]àðÀë'ãuäæÅ%{åu‘z}»üŽƒeÆéoü7VÅÏ/ô§JNÊM:Ö%•—…¤.eÁð><–:r@rڎ¯Ÿã^¿çšoÄ͜_
‰å*sýpùe.Ý¿{­d¸7]èÖüÆåþû0u“zïTÇát$o@9¹bº$s¶ë†ÅñUv}t'VüÊÞ£ù7ù½ZWö¤¿ß¯÷\»y|D°’ÎÏÑCæn6ÜzóÍþžý¿È7͘-Úö’à‹í½w.â“õL®rP;wÎ
Ö¥Fìÿ>®sã©
›ƒÍ3„1ÿïE‹€¹×.Þaã®éoÁNuIžsrQzˆü–}[?Z0š¿ÈÇv#~49Ý=ۉâèÛ¯TÅZ¸Q'v#<oRyŜ[¿?-sUçœôÊ÷ìl#랟QÆËzՙ1Êk 
ƒ*¿>—çё†˜‡+[ØBynJ|'®WnÄÀ6öÔûÔ$&„Úɉ«¬Ïc)ãß\[fçÚͤ
Í
韖ìF¹/«gÏö
@9²§öu28îªYºß)%ùĆä¢²ßmy[ÀoSvŸ-ÈY»Öƽ¬Šá"ߜÊoɾÄŸU
–zŸ/¥£
66¡í˜Ç—>–«aÇrWá~ìs‰ÜWþÂúýoÁFp[ž}AûÙÆ~»é1FŸÎbŽçûa¬±š2üÒXX›íq|…Kúؒ{’×Pi9
µÀx9cçeû؍7Ù@m݉%þ^šaó}oì¼Z‹Ñ‰E÷‡Kƹ‘ýp$ÿÍeÊú¸9M/x¢w'žËh䣹¹W“ÍI«Ê³Àí­ÿ2år,ÔùõèyrìÃO4.pˆgJ -ÔñÜXÖùˆ›ç;¦GàA^@÷sûr¤“ͯjÓ2å™>Ϥߚ¸cÙIî94\7Éwá‡+÷

°5¡G


ePÀN\7Éw\7Éwá‡
2E$Oò°5¡G


ePÀPѝG«•ó…´Ý
ûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-Âb
Ýïf&Øp`œ9íSÍ
'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rn
Ýal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡
2E$Oò°5¡G


ePÀP ùõó%;‹	q×ÀS2	y<qx–yš	þ¬z¿Uxjö;K«º®F]Õº1ôƒƒ×Îë6xx½‘\µÑÀydD<®¸62žžWrÂэ\ö}Òìû0ªÆInЈÀÑp£ïSÓÈÜái$¨ñØ«vµÁω§C¾
‡£ó¤
OW6¸¾šs)ˆ¸1áñåUó†|“py3xjŒãs™G‡Ž#OÛ;.oBZǍ¤?:\ös9Òo³
øó«\’³§¦—êï	®”üT’ëqiÎwƒ£½Ic̶“àq`drcœ9,*ȗô¤5qÍÕr½AÏ|2Ï¿šó5ƛÃݪIÓ<|ý>:xZôӘ#Ç[›óê£Ëñš?K´çsüü5¥&ày~ÅWœ‹ñHĈ›CúVõxLš´ß™»iÐdRÉ'òœÇŸåè5þãÛN8ü5ye6lðuž­k¾p9/ã.äGÂ÷·Áàñ7áëkÈ©m/nÈ<®¿®d5ƗÃ_ÚäC<ýUrŒòs¹!7"^–5ä({sîŒ*>e]Ê!;iÈ:‡—õX]ð0…Ÿ;ͱšðõ5hÉÍ8\Œ.æbÎá¶!Ó½¸1·¹ú֙ÂÕÇé+’ÊÑ'?•~ŒÔºŸÜs»–Ý“¦L·4Çõ£×Ðq<%HrŠƒk5iŽ«oÈͱ¦<N¼&Íñï¶vԘ/¼åqÖäÓþŵՉü‹Ã…QãîRWzâdÖ%?lèo<ÎÍ?vÍwsGåeM“·qm]àðÀë'ãuäæÅ%{åu‘z}»üŽƒeÆéoü7VÅÏ/ô§JNÊM:Ö%•—…¤.eÁð><–:r@rڎ¯Ÿã^¿çšoÄ͜_
‰å*sýpùe.Ý¿{­d¸7]èÖüÆåþû0u“zïTÇát$o@9¹bº$s¶ë†ÅñUv}t'VüÊÞ£ù7ù½ZWö¤¿ß¯÷\»y|D°’ÎÏÑCæn6ÜzóÍþžý¿È7͘-Úö’à‹í½w.â“õL®rP;wÎ
Ö¥Fìÿ>®sã©
›ƒÍ3„1ÿïE‹€¹×.Þaã®éoÁNuIžsrQzˆü–}[?Z0š¿ÈÇv#~49Ý=ۉâèÛ¯TÅZ¸Q'v#<oRyŜ[¿?-sUçœôÊ÷ìl#랟QÆËzՙ1Êk 
ƒ*¿>—çё†˜‡+[ØBynJ|'®WnÄÀ6öÔûÔ$&„Úɉ«¬Ïc)ãß\[fçÚͤ
Í
韖ìF¹/«gÏö
@9²§öu28îªYºß)%ùĆä¢²ßmy[ÀoSvŸ-ÈY»Öƽ¬Šá"ߜÊoɾÄŸU
–zŸ/¥£
66¡í˜Ç—>–«aÇrWá~ìs‰ÜWþÂúýoÁFp[ž}AûÙÆ~»é1FŸÎbŽçûa¬±š2üÒXX›íq|…Kúؒ{’×Pi9
µÀx9cçeû؍7Ù@m݉%þ^šaó}oì¼Z‹Ñ‰E÷‡Kƹ‘ýp$ÿÍeÊú¸9M/x¢w'žËh䣹¹W“ÍI«Ê³Àí­ÿ2år,ÔùõèyrìÃO4.pˆgJ -ÔñÜXÖùˆ›ç;¦GàA^@÷sûr¤“ͯjÓ2å™>Ϥߚ¸cÙIî94\7Éwá‡ãª

°5¡G


ePÀN\7Éw\7Éwá‡
2E$Oò°5¡G


ePÀPѝG«•ó…´Ý
ûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-Âb
Ýïf&Øp`œ9íSÍ
'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rn
Ýal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡
2E$Oò°5¡G


ePÀ

  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/28/2019 -- 14:15:12
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            9038            3               3               3133            3012.00         3012.00         0.00           
  flow             26328811        8741            8741            90816           3012.00         3012.00         0.00           
  threshold        13829           1               1               13829           13829.00        13829.00        0.00           
  content          95806646        8324            2130            6447059         11509.00        20052.00        8571.00        
  pcre             3187525         722             43              51640           4414.00         8600.00         4149.00        
  byte_test        4284356         1431            449             39746           2993.00         3118.00         2936.00        
  byte_jump        667490          212             112             41235           3148.00         3352.00         2919.00        
  isdataat         36425           13              9               3341            2801.00         2802.00         2801.00        
  flowbits         14480586        5067            121             58977           2857.00         3140.00         2850.00        
  urilen           258364          81              21              4426            3189.00         3186.00         3190.00        
  byte_extract     48780           18              18              3360            2710.00         2710.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            9038            3               3               3133            3012.00         3012.00         0.00           
  flow             26328811        8741            8741            90816           3012.00         3012.00         0.00           
  flowbits         14410189        5052            106             58977           2852.00         2920.00         2850.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          46158376        5399            1233            139251          8549.00         15645.00        6449.00        
  pcre             609057          143             5               23059           4259.00         13500.00        3924.00        
  byte_test        4243930         1417            441             39746           2995.00         3121.00         2938.00        
  byte_jump        543307          184             84              5133            2952.00         2991.00         2919.00        
  isdataat         27774           10              6               3312            2777.00         2761.00         2801.00        
  byte_extract     48780           18              18              3360            2710.00         2710.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         70397           15              15              6621            4693.00         4693.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        13829           1               1               13829           13829.00        13829.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          914892          207             80              19018           4419.00         4903.00         4114.00        
  pcre             341938          47              9               21759           7275.00         8709.00         6935.00        
  isdataat         8651            3               3               3341            2883.00         2883.00         0.00           
  urilen           258364          81              21              4426            3189.00         3186.00         3190.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1706416         43              15              177733          39684.00        40427.00        39285.00       
  pcre             57869           2               1               51640           28934.00        6229.00         51640.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          39864           13              0               3617            3066.00         0.00            3066.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43936018        1909            363             6447059         23015.00        56628.00        15122.00       
  pcre             1552155         462             0               24265           3359.00         0.00            3359.00        
  byte_test        40426           14              8               3564            2887.00         3006.00         2729.00        
  byte_jump        124183          28              28              41235           4435.00         4435.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2122160         496             302             19091           4278.00         4465.00         3987.00        
  pcre             520055          56              22              25212           9286.00         8125.00         10038.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          378627          99              65              5457            3824.00         3904.00         3672.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2970            1               0               2970            2970.00         0.00            2970.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31732           9               9               4257            3525.00         3525.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26181           6               0               4675            4363.00         0.00            4363.00        
  pcre             67500           6               0               25652           11250.00        0.00            11250.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          96487           27              24              4745            3573.00         3607.00         3299.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          77116           21              15              4706            3672.00         3777.00         3409.00        
  pcre             38951           6               6               10718           6491.00         6491.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3828            1               1               3828            3828.00         3828.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19722           6               0               3605            3287.00         0.00            3287.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match  

01/10/2019-22:38:46.898303  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49167 -> 176.53.161.71:80
01/10/2019-22:38:47.056346  [**] [1:2826034:1] ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M5 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.056346  [**] [1:2024354:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.056346  [**] [1:2024355:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2816231:3] ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2820087:3] ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in Sundown/Xer EK [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2024362:2] ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2016827:3] ET INFO Suspicious Possible CollectGarbage in base64 3 [**] [Classification: Misc activity] [Priority: 3] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.670313  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49166 -> 176.53.161.71:80
01/10/2019-22:38:47.670313  [**] [1:2014726:110] ET POLICY Outdated Flash Version M1 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.10.101:49166 -> 176.53.161.71:80
01/10/2019-22:38:51.942171  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49170 -> 176.53.161.71:80
01/10/2019-22:38:55.821440  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:56.462718  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:56.734529  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.082465  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.786119  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.963737  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:39:05.122324  [**] [1:2022082:3] ET POLICY External IP Lookup ip-api.com [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.10.101:49174 -> 54.38.92.92:80
01/10/2019-22:39:13.123168  [**] [1:2816808:2] ETPRO CURRENT_EVENTS RIG EK Flash Exploit Mar 29 2016 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49166

2019-01-28 14:14:49,769 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-28 14:14:50,496 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-28 14:14:50,496 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-28 14:14:50,496 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-28 14:14:50,496 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-28 14:14:50,497 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/1eab11abf7d306b7007e879964b6437856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap -vvv -k none
2019-01-28 14:15:12,268 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-28 14:15:12,269 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.513890028