Filename: 2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 8.85840010643 seconds
Hash: 1eab11abf7d306b7007e879964b64378
Uploaded: 1553616074

Logfiles


packet_stats.log - (12789 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3672          4757599      780405732     460685717       1691.6b   99.87
 IPv4      17             8         11167708      763889806     278724877          2.2b    0.13
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3672            66443       19423753        247476        908.7m   92.26
TMM_FLOWWORKER              IPv4      17             8           270826       10195473       1606049         12.8m    1.30
TMM_RECEIVEPCAPFILE         IPv4       6          3659             2536         138703          3037         11.1m    1.13
TMM_RECEIVEPCAPFILE         IPv4      17             8             2590           9722          3766         30.1k    0.00
TMM_DECODEPCAPFILE          IPv4       6          3659             2645       19187297         14256         52.2m    5.30
TMM_DECODEPCAPFILE          IPv4      17             8             2871          16313          5418         43.3k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3659             2805          63334          3243         11.9m  1.43  
flow                    IPv4      17             8             3078          12337          5732         45.9k  0.01  
stream                  IPv4       6          3672             2735        2561744          8826         32.4m  3.91  
app-layer               IPv4      17             8            10624          42265         20340        162.7k  0.02  
detect                  IPv4       6          3672            44555        8698957        210143        771.6m  93.06 
detect                  IPv4      17             8           197893         419739        300604          2.4m  0.29  
tcp-prune               IPv4       6          3672             2540          73485          2909         10.7m  1.29  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            12             2838          19322          6467         77.6k  52.90 
tls                     IPv4       6             2             2680           4539          3609          7.2k  4.92  
dns                     IPv4      17             8             5041          15502          7735         61.9k  42.18 
Proto detect            IPv4      17             8             6032          16791         10236         81.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            12            28476          90052         61308        735.7k  4.86  
LOGGER_UNIFIED2             IPv4       6            12            42892         170515         78698        944.4k  6.23  
LOGGER_JSON_ALERT           IPv4       6            12            54934         151306         86810          1.0m  6.87  
LOGGER_JSON_DNS             IPv4      17             8            34408        9693981       1259990         10.1m  66.52 
LOGGER_JSON_HTTP            IPv4       6            13            32944         154068         95359          1.2m  8.18  
LOGGER_JSON_TLS             IPv4       6             1            47343          47343         47343         47.3k  0.31  
LOGGER_JSON_FILE            IPv4       6            14            45181         121122         75995          1.1m  7.02  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2511             2588         144952         16832        42.3m  17.61 
payload                           IPv4      17             8            14496          28973         21809       174.5k  0.07  
stream                            IPv4       6          2511             2525        4671283         21972        55.2m  22.99 
http_uri                          IPv4       6            13             3509          82222         25221       327.9k  0.14  
http_request_line                 IPv4       6            13             3938          10029          6929        90.1k  0.04  
http_client_body                  IPv4       6            39             2599         447124         14662       571.9k  0.24  
http_header (request)             IPv4       6            13            11283          84382         59036       767.5k  0.32  
http_header (request trailer)     IPv4       6            13             2593           3266          2672        34.7k  0.01  
http_header_names (request)       IPv4       6            13             7793          44312         23224       301.9k  0.13  
http_accept (request)             IPv4       6            13             3636           8055          6349        82.5k  0.03  
http_referer (request)            IPv4       6            13             2893           7018          3706        48.2k  0.02  
http_content_len (request)        IPv4       6            13             2987           6559          3999        52.0k  0.02  
http_content_type (request)       IPv4       6            13             3106          12593          5429        70.6k  0.03  
http_start (request)              IPv4       6            13             7091          26899         12422       161.5k  0.07  
http_raw_header (request)         IPv4       6            39             5205          14057          7652       298.4k  0.12  
http_method                       IPv4       6            13             2748           6992          5013        65.2k  0.03  
http_cookie (request)             IPv4       6            13             2995          30097          7140        92.8k  0.04  
http_raw_uri                      IPv4       6            13             2645          10602          5710        74.2k  0.03  
http_user_agent                   IPv4       6            13             2879          45645         10409       135.3k  0.06  
http_host                         IPv4       6            13             3332          23449          7884       102.5k  0.04  
dns_query                         IPv4      17             4             8567          11055          9783        39.1k  0.02  
tls_sni                           IPv4       6             3             2841           6625          4196        12.6k  0.01  
http_response_line                IPv4       6            13             4530          10359          7835       101.9k  0.04  
http_header (response)            IPv4       6            13            15538          57876         38597       501.8k  0.21  
http_header (response trailer)    IPv4       6            13             2622          18859          4990        64.9k  0.03  
http_content_type (response)      IPv4       6            13             3489           8511          6003        78.0k  0.03  
http_raw_header (response)        IPv4       6          2414             3551          84755          4876        11.8m  4.91  
http_cookie (response)            IPv4       6            13             3002          14177          4100        53.3k  0.02  
http_stat_code                    IPv4       6            13             2938          53293          9055       117.7k  0.05  
tls_cert_issuer                   IPv4       6             1            13853          13853         13853        13.9k  0.01  
tls_cert_subject                  IPv4       6             1             5522           5522          5522         5.5k  0.00  
tls_cert_serial                   IPv4       6             1             5504           5504          5504         5.5k  0.00  
file_data (http response)         IPv4       6          2414             2558        5303375         52339       126.3m  52.64 
Total                             IPv4                 10219                                         23486       240.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            14             3328          47500         22670        317.4k  0.03  
PROF_DETECT_IPONLY          IPv4      17             8            19338          41343         33169        265.4k  0.03  
PROF_DETECT_RULES           IPv4       6          3672             2524        6742446         57258        210.3m  20.45 
PROF_DETECT_RULES           IPv4      17             8            80050         238405        153753          1.2m  0.12  
PROF_DETECT_STATEFUL_START    IPv4       6          1474             5099        6409163         26989         39.8m  3.87  
PROF_DETECT_STATEFUL_CONT    IPv4       6          3672             2523          98272         10216         37.5m  3.65  
PROF_DETECT_STATEFUL_CONT    IPv4      17             8             4064          32119          7900         63.2k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          3644             2546        7578933          4839         17.6m  1.72  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             8             2612           3517          2998         24.0k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          3672             7760        6377729         97810        359.2m  34.94 
PROF_DETECT_PREFILTER       IPv4      17             8            42264          72504         54715        437.7k  0.04  
PROF_DETECT_PF_PAYLOAD      IPv4       6          2511            13617        6062510         49558        124.4m  12.11 
PROF_DETECT_PF_PAYLOAD      IPv4      17             8            19573          34569         27074        216.6k  0.02  
PROF_DETECT_PF_TX           IPv4       6          3644             2544        5318418         45946        167.4m  16.29 
PROF_DETECT_PF_TX           IPv4      17             4            14286          18295         15888         63.6k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6          1976             2520          56763          3421          6.8m  0.66  
PROF_DETECT_PF_SORT1        IPv4      17             8             2965           4290          3438         27.5k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          3672             2516          35965          2835         10.4m  1.01  
PROF_DETECT_PF_SORT2        IPv4      17             8             2963           4534          3429         27.4k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          3672             2518        8258065          5549         20.4m  1.98  
PROF_DETECT_NONMPMLIST      IPv4      17             8             2936           3652          3340         26.7k  0.00  
PROF_DETECT_ALERT           IPv4       6          3672             2516          40298          2732         10.0m  0.98  
PROF_DETECT_ALERT           IPv4      17             8             2531           4218          3100         24.8k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          3672             2553          42769          2844         10.4m  1.02  
PROF_DETECT_CLEANUP         IPv4      17             8             2964           5469          3785         30.3k  0.00  
PROF_DETECT_GETSGH          IPv4       6          3672             2510          64775          2980         10.9m  1.06  
PROF_DETECT_GETSGH          IPv4      17             8             5666           6255          5959         47.7k  0.00  


suricata-report-2019-03-26-T-16-01-23-01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap.txt - (18130 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/1eab11abf7d306b7007e879964b64378d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap -vvv -k none
elapsedtime:7.952882
stderr:
stdout:
26/3/2019 -- 16:01:15 - <Info> - Configuration node 'rule-files' redefined.
26/3/2019 -- 16:01:15 - <Notice> - This is Suricata version 4.0.0 RELEASE
26/3/2019 -- 16:01:15 - <Info> - CPUs/cores online: 1
26/3/2019 -- 16:01:15 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34185 and 'request-body-inspect-window' set to 16193 after randomization.
26/3/2019 -- 16:01:15 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31457 and 'response-body-inspect-window' set to 16402 after randomization.
26/3/2019 -- 16:01:15 - <Config> - DNS request flood protection level: 500
26/3/2019 -- 16:01:15 - <Config> - DNS per flow memcap (state-memcap): 524288
26/3/2019 -- 16:01:15 - <Config> - DNS global memcap: 16777216
26/3/2019 -- 16:01:15 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
26/3/2019 -- 16:01:15 - <Config> - preallocated 1000 hosts of size 136
26/3/2019 -- 16:01:15 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
26/3/2019 -- 16:01:15 - <Config> - using magic-file /usr/share/file/magic
26/3/2019 -- 16:01:15 - <Config> - Core dump size is unlimited.
26/3/2019 -- 16:01:15 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
26/3/2019 -- 16:01:15 - <Config> - preallocated 1000 defrag trackers of size 168
26/3/2019 -- 16:01:15 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
26/3/2019 -- 16:01:15 - <Config> - stream "prealloc-sessions": 2048 (per thread)
26/3/2019 -- 16:01:15 - <Config> - stream "memcap": 33554432
26/3/2019 -- 16:01:15 - <Config> - stream "midstream" session pickups: disabled
26/3/2019 -- 16:01:15 - <Config> - stream "async-oneside": disabled
26/3/2019 -- 16:01:15 - <Config> - stream "checksum-validation": disabled
26/3/2019 -- 16:01:15 - <Config> - stream."inline": disabled
26/3/2019 -- 16:01:15 - <Config> - stream "bypass": disabled
26/3/2019 -- 16:01:15 - <Config> - stream "max-synack-queued": 5
26/3/2019 -- 16:01:15 - <Config> - stream.reassembly "memcap": 134217728
26/3/2019 -- 16:01:15 - <Config> - stream.reassembly "depth": 0
26/3/2019 -- 16:01:15 - <Config> - stream.reassembly "toserver-chunk-size": 2593
26/3/2019 -- 16:01:15 - <Config> - stream.reassembly "toclient-chunk-size": 2545
26/3/2019 -- 16:01:15 - <Config> - stream.reassembly.raw: enabled
26/3/2019 -- 16:01:15 - <Config> - stream.reassembly "segment-prealloc": 2048
26/3/2019 -- 16:01:15 - <Config> - Delayed detect disabled
26/3/2019 -- 16:01:15 - <Config> - pattern matchers: MPM: ac, SPM: bm
26/3/2019 -- 16:01:15 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
26/3/2019 -- 16:01:15 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
26/3/2019 -- 16:01:15 - <Config> - prefilter engines: MPM
26/3/2019 -- 16:01:15 - <Config> - IP reputation disabled
26/3/2019 -- 16:01:15 - <Perf> - Registered 148 keyword profiling counters.
26/3/2019 -- 16:01:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
26/3/2019 -- 16:01:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
26/3/2019 -- 16:01:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
26/3/2019 -- 16:01:16 - <Config> - No rules loaded from ET-emerging-icmp.rules.
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
26/3/2019 -- 16:01:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
26/3/2019 -- 16:01:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
26/3/2019 -- 16:01:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
26/3/2019 -- 16:01:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
26/3/2019 -- 16:01:19 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
26/3/2019 -- 16:01:19 - <Config> - No rules loaded from local.rules.
26/3/2019 -- 16:01:19 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
26/3/2019 -- 16:01:19 - <Info> - Threshold config parsed: 0 rule(s) found
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for tcp-packet
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for tcp-stream
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for udp-packet
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for other-ip
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_uri
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_client_body
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_accept
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_accept_enc
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_accept_lang
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_referer
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_connection
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_method
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_raw_uri
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_user_agent
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_host
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_raw_host
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_stat_msg
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_stat_code
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for dns_query
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for tls_sni
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for tls_cert_issuer
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for tls_cert_subject
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for tls_cert_serial
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 16:01:19 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 16:01:19 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
26/3/2019 -- 16:01:19 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
26/3/2019 -- 16:01:20 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
26/3/2019 -- 16:01:20 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
26/3/2019 -- 16:01:20 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
26/3/2019 -- 16:01:20 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
26/3/2019 -- 16:01:20 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
26/3/2019 -- 16:01:20 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
26/3/2019 -- 16:01:21 - <Perf> - Unique rule groups: 111
26/3/2019 -- 16:01:21 - <Perf> - Builtin MPM "toserver TCP packet": 31
26/3/2019 -- 16:01:21 - <Perf> - Builtin MPM "toclient TCP packet": 20
26/3/2019 -- 16:01:21 - <Perf> - Builtin MPM "toserver TCP stream": 31
26/3/2019 -- 16:01:21 - <Perf> - Builtin MPM "toclient TCP stream": 21
26/3/2019 -- 16:01:21 - <Perf> - Builtin MPM "toserver UDP packet": 33
26/3/2019 -- 16:01:21 - <Perf> - Builtin MPM "toclient UDP packet": 15
26/3/2019 -- 16:01:21 - <Perf> - Builtin MPM "other IP packet": 2
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_uri": 8
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_header": 6
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient http_header": 3
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_header_names": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_accept": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_referer": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_content_len": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_content_type": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient http_content_type": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_start": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_method": 3
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver http_host": 2
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver tls_sni": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toserver file_data": 1
26/3/2019 -- 16:01:21 - <Perf> - AppLayer MPM "toclient file_data": 5
26/3/2019 -- 16:01:21 - <Perf> - Registered 18241 rule profiling counters.
26/3/2019 -- 16:01:21 - <Info> - fast output device (regular) initialized: alert
26/3/2019 -- 16:01:21 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2019 -- 16:01:21 - <Config> - enabling 'eve-log' module 'alert'
26/3/2019 -- 16:01:21 - <Config> - enabling 'eve-log' module 'http'
26/3/2019 -- 16:01:21 - <Config> - enabling 'eve-log' module 'dns'
26/3/2019 -- 16:01:21 - <Config> - enabling 'eve-log' module 'tls'
26/3/2019 -- 16:01:21 - <Config> - enabling 'eve-log' module 'files'
26/3/2019 -- 16:01:21 - <Config> - enabling 'eve-log' module 'ssh'
26/3/2019 -- 16:01:21 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
26/3/2019

This file has been truncated. Go here to download in full.


stats.log - (2915 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
------------------------------------------------------------------------------------
Date: 3/26/2019 -- 16:01:23 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3667
decoder.bytes                              | Total                     | 3341433
decoder.ipv4                               | Total                     | 3667
decoder.ethernet                           | Total                     | 3667
decoder.tcp                                | Total                     | 3659
decoder.udp                                | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 911
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 4
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 15
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 13
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 4
app_layer.tx.dns_udp                       | Total                     | 4
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65533
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076896


eve.json - (23534 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{"timestamp":"2019-01-10T22:38:44.686851+0000","flow_id":496377045220099,"pcap_cnt":1,"event_type":"dns","src_ip":"10.1.10.101","src_port":60657,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43479,"rrname":"datitngforllives.info","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:44.805583+0000","flow_id":496377045220099,"pcap_cnt":2,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":60657,"proto":"UDP","dns":{"type":"answer","id":43479,"rcode":"NOERROR","rrname":"datitngforllives.info","rrtype":"A","ttl":5,"rdata":"88.208.7.193"}}
{"timestamp":"2019-01-10T22:38:45.311464+0000","flow_id":1565218311627259,"pcap_cnt":10,"event_type":"http","src_ip":"10.1.10.101","src_port":49159,"dest_ip":"88.208.7.193","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"datitngforllives.info","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:45.360076+0000","flow_id":1034867159957132,"pcap_cnt":11,"event_type":"dns","src_ip":"10.1.10.101","src_port":55958,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10387,"rrname":"www.needgrow.info","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:45.479147+0000","flow_id":1034867159957132,"pcap_cnt":12,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":55958,"proto":"UDP","dns":{"type":"answer","id":10387,"rcode":"NOERROR","rrname":"www.needgrow.info","rrtype":"A","ttl":5,"rdata":"185.56.233.186"}}
{"timestamp":"2019-01-10T22:38:45.762891+0000","flow_id":594504163087309,"pcap_cnt":23,"event_type":"tls","src_ip":"10.1.10.101","src_port":49165,"dest_ip":"185.56.233.186","dest_port":443,"proto":"TCP","tls":{"subject":"CN=needgrow.info","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-01-10T22:38:46.898303+0000","flow_id":2033288142549669,"pcap_cnt":45,"event_type":"alert","src_ip":"10.1.10.101","src_port":49167,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":2033288142549669,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024354,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.056346+0000","flow_id":2033288142549669,"pcap_cnt":61,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024355,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":2033288142549669,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024362,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.057735+0000","flow_id":2033288142549669,"pcap_cnt":78,"event_type":"alert","src_ip":"176.53.161.71","src_port":80,"dest_ip":"10.1.10.101","dest_port":49167,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016827,"rev":3,"signature":"ET INFO Suspicious Possible CollectGarbage in base64 3","category":"Misc activity","severity":3}}
{"timestamp":"2019-01-10T22:38:47.215838+0000","flow_id":2033288142549669,"pcap_cnt":103,"event_type":"http","src_ip":"10.1.10.101","src_port":49167,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjHyQR=known&RLezWS=criticized&efkEXDELP=known&tcfgg4=m3S9Pp5f-NYbAroi0aHfFE0nNtaVQkVpK7630mHzBfJhZeE9BbfUTp1u9CTUbI&fgdd3s=wXnQMvXcJwDQDYbGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&lcywHOQM=detonator&MhYU=strategy&OLUJgoARt=difference&KbHYfz=perpetual&kFqtfvAM=difference&moYcb=detonator&jkCWqBcYNDk3NDQ0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:47.670313+0000","flow_id":428284633838344,"pcap_cnt":108,"event_type":"alert","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:47.670313+0000","flow_id":428284633838344,"pcap_cnt":108,"event_type":"alert","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014726,"rev":110,"signature":"ET POLICY Outdated Flash Version M1","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2019-01-10T22:38:47.831691+0000","flow_id":428284633838344,"pcap_cnt":149,"event_type":"http","src_ip":"10.1.10.101","src_port":49166,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?NTY0Nzg2&fxdHtUMO&fgdd3s=wXfQMvXcJwDQDYbGMvrESLtDNknQA0KK2Ij2_dqyEoH9fWnihNzUSkr76B2aCm3S&JCAADqEwDpBRic=strategy&wgNPPdER=perpetual&PaoiDRBWQfuvQao=strategy&eFoeQKlDAaH=criticized&MvTDtSlkplYeG=community&QTxsXsucUtoHal=strategy&DDtsYDxFL=known&HiinXW=golfer&dGGXjZPv=referred&XYIQwaOPuQJNfq=community&OpwtDAkoL=professional&tcfgg4=9PV5f-NYbArohUaHfFE0nNtaVQkVpK7630mHzBfJhZeE-hbfUQlD_JWcE4F4nwvF&MGXQAShN=difference&ZCEBeUbfC=everyone&aPdSnKfnTBCNMG=blackmail&uUeilSxHmaiwo=already&CODcssdzxNDI4ODMy","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/x-shockwave-flash"}}
{"timestamp":"2019-01-10T22:38:51.942171+0000","flow_id":708209127627101,"pcap_cnt":158,"event_type":"alert","src_ip":"10.1.10.101","src_port":49170,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024049,"rev":2,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:53.165096+0000","flow_id":708209127627101,"pcap_cnt":809,"event_type":"http","src_ip":"10.1.10.101","src_port":49170,"dest_ip":"176.53.161.71","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.53.161.71","url":"\/?NTgxNTM4&xPPmZDFrSehlGee&ByHCbhyhLcL=blackmail&wchiumQhaCAV=detonator&puPFBsD=difference&DEBAiFkrVEg=heartfelt&fgdd3s=wHfQMvXcJwDJFYbGMvrERqNbNknQA06PxpH2_drYdZqxKGni1-b5UUSk6FuCEh3h9vI&jmxzfYbewVI=vest&yddhzfp=known&CYxTETSmutZ=heartfelt&VTofgMElKGpgC=everyone&ANheaHFkbsz=already&qSfyMreHMO=known&veVdeVp=community&UJhUlFUvJfGgP=known&ajdklwKeGf=referred&UCdIyXWEd=golfer&tcfgg4=keeABNVLohUyDfAI1yYldB11A8fqoiRWEmxOdicKH_ROOMw11-ZuWF7Iz2VTFkvEXd_s&TTOkOtrpyQt=heartfelt&sGwhHmzJMTQ2MTc1","http_content_type":"application\/x-msdownload"}}
{"timestamp":"2019-01-10T22:38:54.647052+0000","flow_id":665358239195020,"pcap_cnt":811,"event_type":"dns","src_ip":"10.1.10.101","src_port":54819,"dest_ip":"10.1.10.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5330,"rrname":"tepingost.ug","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-10T22:38:55.058667+0000","flow_id":665358239195020,"pcap_cnt":812,"event_type":"dns","src_ip":"10.1.10.1","src_port":53,"dest_ip":"10.1.10.101","dest_port":54819,"proto":"UDP","dns":{"type":"answer","id":5330,"rcode":"NOERROR","rrname":"tepingost.ug","rrtype":"A","ttl":5,"rdata":"190.115.22.22"}}
{"timestamp":"2019-01-10T22:38:55.490426+0000","flow_id":1329291463689188,"pcap_cnt":819,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"tepingost.ug","url":"\/251","http_content_type":"text\/html"}}
{"timestamp":"2019-01-10T22:38:55.495951+0000","flow_id":1329291463689188,"pcap_cnt":821,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/251","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":162},"app_proto":"http","fileinfo":{"filename":"\/251","gaps":false,"state":"CLOSED","stored":false,"size":186,"tx_id":0}}
{"timestamp":"2019-01-10T22:38:55.821066+0000","flow_id":1329291463689188,"pcap_cnt":860,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.462718+0000","flow_id":1329291463689188,"pcap_cnt":1191,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.563920+0000","flow_id":1329291463689188,"pcap_cnt":1203,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"tepingost.ug","url":"\/freebl3.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:56.566213+0000","flow_id":1329291463689188,"pcap_cnt":1205,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/freebl3.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":334288},"app_proto":"http","fileinfo":{"filename":"\/freebl3.dll","gaps":false,"state":"CLOSED","stored":false,"size":334288,"tx_id":1}}
{"timestamp":"2019-01-10T22:38:56.734529+0000","flow_id":1329291463689188,"pcap_cnt":1345,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:56.736863+0000","flow_id":1329291463689188,"pcap_cnt":1366,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"tepingost.ug","url":"\/mozglue.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:56.738292+0000","flow_id":1329291463689188,"pcap_cnt":1368,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/mozglue.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":137168},"app_proto":"http","fileinfo":{"filename":"\/mozglue.dll","gaps":false,"state":"CLOSED","stored":false,"size":137168,"tx_id":2}}
{"timestamp":"2019-01-10T22:38:57.082465+0000","flow_id":1329291463689188,"pcap_cnt":1849,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57.243581+0000","flow_id":1329291463689188,"pcap_cnt":1893,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"tepingost.ug","url":"\/msvcp140.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:57.246341+0000","flow_id":1329291463689188,"pcap_cnt":1895,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/msvcp140.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":440120},"app_proto":"http","fileinfo":{"filename":"\/msvcp140.dll","gaps":false,"state":"CLOSED","stored":false,"size":440120,"tx_id":3}}
{"timestamp":"2019-01-10T22:38:57.786119+0000","flow_id":1329291463689188,"pcap_cnt":3270,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57.792212+0000","flow_id":1329291463689188,"pcap_cnt":3334,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"tepingost.ug","url":"\/nss3.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:57.794514+0000","flow_id":1329291463689188,"pcap_cnt":3336,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/nss3.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1246160},"app_proto":"http","fileinfo":{"filename":"\/nss3.dll","gaps":false,"state":"CLOSED","stored":false,"size":1246160,"tx_id":4}}
{"timestamp":"2019-01-10T22:38:57.963737+0000","flow_id":1329291463689188,"pcap_cnt":3488,"event_type":"alert","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-01-10T22:38:57.965063+0000","flow_id":1329291463689188,"pcap_cnt":3502,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":5,"http":{"hostname":"tepingost.ug","url":"\/softokn3.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:38:57.966769+0000","flow_id":1329291463689188,"pcap_cnt":3504,"event_type":"fileinfo","src_ip":"190.115.22.22","src_port":80,"dest_ip":"10.1.10.101","dest_port":49173,"proto":"TCP","http":{"hostname":"tepingost.ug","url":"\/softokn3.dll","http_content_type":"application\/x-msdos-program","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":144848},"app_proto":"http","fileinfo":{"filename":"\/softokn3.dll","gaps":false,"state":"CLOSED","stored":false,"size":144848,"tx_id":5}}
{"timestamp":"2019-01-10T22:38:58.133733+0000","flow_id":1329291463689188,"pcap_cnt":3600,"event_type":"http","src_ip":"10.1.10.101","src_port":49173,"dest_ip":"190.115.22.22","dest_port":80,"proto":"TCP","tx_id":6,"http":{"hostname":"tepingost.ug","url":"\/vcruntime140.dll","http_content_type":"application\/x-msdos-program"}}
{"timestamp":"2019-01-10T22:39:04.754701+0000","flow_id":1943308578882573,"pcap_cnt":3601,"event_type":"dns","src_ip":"10.1.10.101","src_port":56851,"dest_

This file has been truncated. Go here to download in full.


keyword_perf.log - (16538 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/26/2019 -- 16:01:23
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            9452            3               3               3306            3150.00         3150.00         0.00           
  flow             15357269        5272            5272            48418           2912.00         2912.00         0.00           
  threshold        6394            1               1               6394            6394.00         6394.00         0.00           
  content          30483075        3436            686             6106193         8871.00         12947.00        7855.00        
  pcre             1521471         446             12              33649           3411.00         9514.00         3242.00        
  byte_test        200726          67              32              5942            2995.00         3292.00         2724.00        
  byte_jump        505471          159             86              40722           3179.00         3416.00         2899.00        
  isdataat         37476           13              9               3628            2882.00         2887.00         2872.00        
  flowbits         7109088         2500            112             49315           2843.00         3162.00         2828.00        
  urilen           46587           14              3               4100            3327.00         3355.00         3320.00        
  byte_extract     39003           14              14              4188            2785.00         2785.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            9452            3               3               3306            3150.00         3150.00         0.00           
  flow             15357269        5272            5272            48418           2912.00         2912.00         0.00           
  flowbits         7062110         2489            101             49315           2837.00         3041.00         2828.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6757048         1220            295             110114          5538.00         7003.00         5071.00        
  pcre             446670          129             1               33649           3462.00         2949.00         3466.00        
  byte_test        165263          55              26              5942            3004.00         3308.00         2732.00        
  byte_jump        424874          133             60              40722           3194.00         3553.00         2899.00        
  isdataat         27613           10              6               3072            2761.00         2687.00         2872.00        
  byte_extract     39003           14              14              4188            2785.00         2785.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         46978           11              11              5268            4270.00         4270.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        6394            1               1               6394            6394.00         6394.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          396638          103             21              15868           3850.00         4053.00         3798.00        
  pcre             77088           11              3               14735           7008.00         12690.00        4877.00        
  isdataat         9863            3               3               3628            3287.00         3287.00         0.00           
  urilen           46587           14              3               4100            3327.00         3355.00         3320.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          752210          14              7               159100          53729.00        41261.00        66196.00       
  pcre             6135            1               1               6135            6135.00         6135.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43685           13              0               3858            3360.00         0.00            3360.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15199590        1783            215             245621          8524.00         26815.00        6016.00        
  pcre             812480          283             0               17907           2870.00         0.00            2870.00        
  byte_test        35463           12              6               4914            2955.00         3226.00         2683.00        
  byte_jump        80597           26              26              4549            3099.00         3099.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          649852          165             76              20957           3938.00         4213.00         3704.00        
  pcre             128320          16              7               19419           8020.00         9574.00         6810.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6332338         46              41              6106193         137659.00       5140.00         1224319.00     
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3690            1               1               3690            3690.00         3690.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25064           6               0               4669            4177.00         0.00            4177.00        
  pcre             50778           6               0               10046           8463.00         0.00            8463.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43315           8               8               19288           5414.00         5414.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3431            1               1               3431            3431.00         3431.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33933           6               0               15577           5655.00         0.00            5655.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          67240           14              14              22114           4802.00         4802.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          27880           7               7               5222            3982.00         3982.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- -----------

This file has been truncated. Go here to download in full.


unified2.alert.1553616081 - (44583 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
4\7Év
´ÿâq

e°5¡GÀPR\7Év\7Év
´ÿ6E(Qî

e°5¡GÀPPšŸPOST /?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjHyQR=known&RLezWS=criticized&efkEXDELP=known&tcfgg4=m3S9Pp5f-NYbAroi0aHfFE0nNtaVQkVpK7630mHzBfJhZeE9BbfUTp1u9CTUbI&fgdd3s=wXnQMvXcJwDQDYbGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&lcywHOQM=detonator&MhYU=strategy&OLUJgoARt=difference&KbHYfz=perpetual&kFqtfvAM=difference&moYcb=detonator&jkCWqBcYNDk3NDQ0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 176.53.161.71
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

4\7ÉwÜ㢰5¡G

ePÀ\7Éw\7ÉwÜêEÜO:°5¡G

ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜzElPª°5¡G

ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7ÉwÜ㣰5¡G

ePÀ\7Éw\7ÉwÜêEÜO:°5¡G

ePÀPg	ÇH4¡þÂÆtº¯¸oqBêEßbk#h¦.º¨»õ'cþËÜ[ȯØ&êY¨;¨ð秤{Ù³A_!I×7°ã'ämýÓéV}0VtÿèÚϘ#§u¦Z
2ébüÀ¶('u ’z@®…Át‹;öõ:fåpíæ<è)ý•dtîè°ñ³¥áê¡àYÝh™NÙßDÀ+óåtðhBhë)ñö Ï˜ë¹’)@‹ž#–ønÈaµxìºygö¸éƒžºÞòíàì|:¸a'Œ¼p)Y…‹øm¦¤gs½Àv„B®}4säzÖ{T}-ë5ápSL˺@ǶGaººÒ}±=õUoMR\¯àª¿»ï?¸m߈ë…%ýs²…5æn}O#à·ýsæ:ÇøôÈYê‡KV­Çî$=ä‘ÜK¨_݆ޣ<aë
ð
¦ÚےµÞï¡þ}â¡?¨ïí´xƒ~VⓅ1?-IJp"o'¸¿„¦X—‰êÞÑ3P?<!÷æ!®»Ü;ÑWðzbsfÂÁŒ>ÔiPê.®ç›l90’'„Á‘П¶Ú?cýuN¯Ë…½¥âr~ؾ‘OÕß#/Ãï½ÌåËBýôzMýì²>zm
e›¿Uöä=ô}6x¼Ñ¯0ÅwªãâߑKpeU߸±~˜‘gÁ¿ˤܬ:“ñ©x{}Ä¥BŸ™:âK
2000
š‘gn‡<+°Ð!yæŸè3…”ó"R®Å?SÉØx¬ÍGú,'åh™E¿¥å2ú­ÎµáæäYlñíÒgÿ­Ba‰“ëgRŸ@á³
Ú_ÖnLû«‘o'ŸäýˆÐj®ýº!ø#mÚåsÀµÚ oŠoUR9Ø­öï¡
ÿ’®+Z`cŒó‚ŽîÛ#mæWu
Üïî—jÞ¢¿Íùz^±1¸Y'›³¿]GÖk>qûþß«oÖAúMèMt#oJ]Gc^ò|ë·ñGëúmþõ}xÿ½÷«z1aææÿƒøÞ·x8¡õÍÿu¸þ¸ÿ¯Ð巌÷3ì·Ëg7ø]x|¡óíºÞÿZ”K~&QyÅúÆäåÅ`·’g×sù7ȀóMÞ_ó5º‚Eúß=ß܂ȶœÊ*¦üfÿˆþ/jðWîùì¿S»Å·G*ÑTª›´Tª×ˆT_Qy]§¸ÀS~¶Ûzç
šDÜþ7ë‹×rI¿n÷û?îÿ¸ÿãþû?îÿ¸ÿãþû?îÙ=ú<¨=¶!z¾Gý mêLjoÏÍ©‘êÅ¢+ÏF׺;ñ9’º’k…èªÔ÷ ‘zæ‡ÜPß_ÃgDÚ9Qß&ñω3ÞwYê¼øÞ$:{[£º}§ö;õøö·ÛñBôÍ ÞïΙ¿4“«úэ6'ÅØ7h;PûHà|rō,rvnAíÃFŸDξjÑ:­}æ4ôV¾=¾~<òírüH[O‹kë?Ä7x1ñæ õ›ö'õWçWp3¿<ó‘µè{õt9Z駩}°|¨¯yTúh/ûx‰ÃͲñÜOx?ÐïõËßéw¶ÓÀc˜¸ùm<º€Çk&}»ÄÿÞ±µÿ¸ÿãþû?îÿ¸ÿãþû?îÿ¸ÿÿÎý»ïþoƒðÇý÷Üÿqÿ÷$´É¥îbÎzu¡±‚ºmÔ6u›$¥›—+WK½ä
¦2s#7ojÓg,¤‹-×äۂ>Ó¨i]l¸0+Ÿ…^ÑP2ucK½Ô]åÒå쌺m<î™*ÉÌG¥åÌ6s	Q73éùrl‰¹,—p偯ÂBËi4\Œ•ó‹{í6ËM2®\NqÏÚ¥®Š²\z¯ÜE»º\ب[ã`U©‹Œ}3yXå¨Û«ÄQ‡/×ÀQVõ|G
\1s÷..}/¾Ñwçù}œ_”»W߈–\7Éw\7ÉwÜzElPª°5¡G

ePÀP7Ǒ"Þ«[¥t~G|Ÿ8÷ø>±g´­›¶ÇƉ7­›Ò-),X;Ɗ†ÿwó‘Ú½{#Dä»îÉü¯h¬ùÜ»ý|¤×ÏßÓhèhq>ãÔëçÿù2ºU]2î:¥3S¡!²sîوk5çBbÊ'¸,×ħ~æÂnEêÊgÏXH,£*uóÒPaJDqÎÚ!ˆ}ú|Ÿ3óös×ÜÜ~ßx~—nè2Ã5Ý$·ŸäöíçʍçßÓ¾Nù©¦ü’…O7Âåظ.÷ÌãÃê„o„Ì	ZÎËM6v9/yY†jûT~åÜØÑìfØTLynó[ҟ֬¤™ûý§!å4¼Õ =ºDÀÚg!g>l‹…ŠS¾Öº•«ù‹zÝ¡‰C—Óõ–áë	g©_P˜L—Ë9<±g,̝éÚ=œå7ýûiwdý<ì÷Мuk@Á—ÊËÀ?^Ã5ßg†ÓÿŸ¡»þO¸‹ÿÿ6ÜÿqÿÇýÿîÉ*ûe4ûèæz5ž™ngªV²꘏< f+Wh•m™+gD¼)8›såÈœ+på¤F¹Œ/çóåZ|¹Ùˆo7ù¯©ûÜÿqÿÇý÷ÜÿqÿÇý÷Üÿº¿‘y„fâ`Ûðw/cø³ù¸	Fۙ¼N'™ŽíN`Ú½¾Á"µ…^fG,Çʎ{v#ó!͔zYf	Æ¡€9æYw¿ŠB–=ä]eîÁòÙðÅsŒÃŠdU_õ­½_Ý]»:cÉ)ò¥0ÅLÚ«Ñ	î;	\oef¡™rc1~JXÖÛ8Ñ’dáÁúlüöF†åÕnMö˜¹ìí2ºt~ó¥ëLÌis"B;‰5
Ë~ˆ™^~ÖIü|ӞÎÝè)³ÛÞüFvš©³½¥®#tËÌ-\Ƥž!we=꘬̭¾—ßc&žYaê÷$+¯)œod0ûÐjÞYøY*xóÞÇ”sWêîÂKëòço‘¼o´YâíNß[·²ôØ¢§ ß1—#<yöîÆþ«Þ²s<&½ßŽºùÚ$™v®3:IçÄϺoÁ@l=%ðM–æ+©C2õžux‡Y¨
 Õ×9ŒÁj¾‰ÊÌS~wÃéHËÅäm•‰)fBTÒÔ«¥~K%®ð{¨Ÿeýç+©+@Ý`$žþ‹õÚf'„ïŸod>¦Ù¥´ÎÉ´ÅpÛÁÓ¦K§ÌD|;kø¿ƒ¯g§{ðÆЗÖeæ'’mpâ]g$¾ÊJ²¢s´7­iiì‰Ð_Ö	WŽu™ÙfûGѹý4Þ:?}"YŒÈ³xNö4š”sëVv±b:PD-‚oóM®™îe/+<)ÙÂúžË2#Ì:¶4šýë»1‡1óá³sÍ'—y¸Ÿšbϗ´>ˊ]õ[é‡{Eß<Çt~8?
ä+ùq3›a,\fóú4\7Éwá‡ãª°5¡G

ePÀN\7Éw\7Éwá‡2E$Oò°5¡G

ePÀPѝG«•ó…´ÝûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-ÂbÝïf&Øp`œ9íSÍ'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rnÝal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡2E$Oò°5¡G

ePÀP ùõó%;‹	q×ÀS2	y<qx–yš	þ¬z¿Uxjö;K«º®F]Õº1ôƒƒ×Îë6xx½‘\µÑÀydD<®¸62žžWrÂэ\ö}Òìû0ªÆInЈÀÑp£ïSÓÈÜái$¨ñØ«vµÁω§C¾
‡£ó¤OW6¸¾šs)ˆ¸1áñåUó†|“py3xjŒãs™G‡Ž#OÛ;.oBZǍ¤?:\ös9Òo³
øó«\’³§¦—êï	®”üT’ëqiÎwƒ£½Ic̶“àq`drcœ9,*ȗô¤5qÍÕr½AÏ|2Ï¿šó5ƛÃݪIÓ<|ý>:xZôӘ#Ç[›óê£Ëñš?K´çsüü5¥&ày~ÅWœ‹ñHĈ›CúVõxLš´ß™»iÐdRÉ'òœÇŸåè5þãÛN8ü5ye6lðuž­k¾p9/ã.äGÂ÷·Áàñ7áëkÈ©m/nÈ<®¿®d5ƗÃ_ÚäC<ýUrŒòs¹!7"^–5ä({sîŒ*>e]Ê!;iÈ:‡—õX]ð0…Ÿ;ͱšðõ5hÉÍ8\Œ.æbÎá¶!Ó½¸1·¹ú֙ÂÕÇé+’ÊÑ'?•~ŒÔºŸÜs»–Ý“¦L·4Çõ£×Ðq<%HrŠƒk5iŽ«oÈͱ¦<N¼&Íñï¶vԘ/¼åqÖäÓþŵՉü‹Ã…QãîRWzâdÖ%?lèo<ÎÍ?vÍwsGåeM“·qm]àðÀë'ãuäæÅ%{åu‘z}»üŽƒeÆéoü7VÅÏ/ô§JNÊM:Ö%•—…¤.eÁð><–:r@rڎ¯Ÿã^¿çšoÄ͜_
‰å*sýpùe.Ý¿{­d¸7]èÖüÆåþû0u“zïTÇát$o@9¹bº$s¶ë†ÅñUv}t'VüÊÞ£ù7ù½ZWö¤¿ß¯÷\»y|D°’ÎÏÑCæn6ÜzóÍþžý¿È7͘-Úö’à‹í½w.â“õL®rP;wÎ
Ö¥Fìÿ>®sã©
›ƒÍ3„1ÿïE‹€¹×.Þaã®éoÁNuIžsrQzˆü–}[?Z0š¿ÈÇv#~49Ý=ۉâèÛ¯TÅZ¸Q'v#<oRyŜ[¿?-sUçœôÊ÷ìl#랟QÆËzՙ1Êk 
ƒ*¿>—çё†˜‡+[ØBynJ|'®WnÄÀ6öÔûÔ$&„Úɉ«¬Ïc)ãß\[fçÚͤ
Í
韖ìF¹/«gÏö
@9²§öu28îªYºß)%ùĆä¢²ßmy[ÀoSvŸ-ÈY»Öƽ¬Šá"ߜÊoɾÄŸU
–zŸ/¥£
66¡í˜Ç—>–«aÇrWá~ìs‰ÜWþÂúýoÁFp[ž}AûÙÆ~»é1FŸÎbŽçûa¬±š2üÒXX›íq|…Kúؒ{’×Pi9
µÀx9cçeû؍7Ù@m݉%þ^šaó}oì¼Z‹Ñ‰E÷‡Kƹ‘ýp$ÿÍeÊú¸9M/x¢w'žËh䣹¹W“ÍI«Ê³Àí­ÿ2år,ÔùõèyrìÃO4.pˆgJ -ÔñÜXÖùˆ›ç;¦GàA^@÷sûr¤“ͯjÓ2å™>Ϥߚ¸cÙIî94\7Éwá‡Æ;°5¡G

ePÀN\7Éw\7Éwá‡2E$Oò°5¡G

ePÀPѝG«•ó…´ÝûSR¥Ÿ
v‚ãA"rõ”uƒ®›à¸H<ÞY_ÛÍòd¬
•µ[÷KÆ\ày]¶ÆÇl`•ôÆÆN?Í(}]⽜StŽ’²êôJ¿ŠÞjØÜ3Ø¿—¸¤ôRÑf9OTžÆK€ñW;—sžÎ«æ•UÍUtKÆ¡p/ƋñÎÍÍrŒñ\—£EF3$—º[ñ‡zB¿'ž–sbÖçhÒW®¤ãA¬NÂ3Ҋ–`|¤ÉϔÏKÎr®rì+º©è°_ʳª®&f8‚þÕ<™Œ7Ú*%ŸeõG¹†ƒá±ÏóJÆ_æ5íT}åäjõ,¯ðFqÔçyû->ËÆ(¯æڄ㳍1oÎw†Û†ì`Ï"¾\©Ÿ¹jêÆ^ÃxH<îN§óóÌ´ƒZ`´œÈ~ £Ìø%â‚ëÁ-–‰àK,ƒ{¤'ÜÓ`êmÀAŽ±õð\|('àAh+‘êç`£uàðæMôŸc|5ð™ܟ/k8/@>]焿3›;€°a¸ðÎÏÑ_ÅމØ­ ±é`£µçŸðÔv-ÂbÝïf&Øp`œ9íSÍ'¢Š{5°>ô»Øw}!PŸ
ð(âÛ7`ñ™.a¼:Ì7èïû¶Ùc{?@¹à‡"‡poƒ©`|>°(
Û3ÄØ&	òxòùîïü°vTìôӒTìgçzmÎO¿Cd!Ž%´§¸'‰Ê±’OϼŽ<k™YÍ[I›s²Éµ_Ó<SIë’Ç•sùb~ÚÔ`rºM-Ÿb•“‡5¬0~YŇÙ¥:R›ÐL-Ïêùk}, åG¾­rnÝal?È`Zï¤ú–ÔKyù…lkÍçW¼œê
'ÜCãØä…tÎ"ßmkH¯¦ÒÐa¾Ö¹㧟5"[AžÜeòqaT–
%»cÔÔ3•³¢ë<õñ{Ä'ý^ødlUôÙ’ê{~_(mö}p*Ðï7'•Ê{x¶AºÁï¡®Göý¦Mpß>Eîûӗ…°Å½\þèbžû'°qž$ÿ ô'%JþY°ÉÞ0·”’µiìм“Ó=Ø{ÓÚ¯þh¶›µ[‘õ#]lÁcgî<eZ¸Øy…õ~´Ú@cÝ蚅#m§s;{åšb黸X¿W/â´Øº×È>€-—ÖûËê3;|ºïì]f{Í®ÏWÊä¿÷Ú$>	ù\¯ñŸTéó¨Êyä<ÞÔº³º¬Aü$¥ÍϝUV{"•ÿCÄgÆb’ƒ­^Õëø*ím5:§nË»‹Iä:AZ·ºl'}
€·°µœzï¸D|6´/Ìd§lØ©¾Í(ô›´8^æ-®Or½ĝ@Ǿ-3°¸|LtxWÆÖõ݋>3úÆÞî
ßM?kS£>!懡{@Xʼ~ä\æÃ
Ê\Ëܳ°|6©×né™1øi³\§-óZ̝s]65ÊøÃ¼ÞëùR–]É)Wv—õreÇUÙ_¯UÁÏÁ qõÖ}H:IU¯sªöyZe\L’òu´Ê¼ÛÈ;k<ôê:¬”ïK›ïÉ%QÎI¯aqxNí
ÏM\í«þ7ñ¢U8là 3Òª‹ëo–¦\=Üs;åÚåûðµÌGŒõó8rØyb´N\7Éw\7Éwá‡2E$Oò°5¡G

ePÀP ùõó%;‹	q×ÀS2	y<qx–yš	þ¬z¿Uxjö;K«º®F]Õº1ôƒƒ×Îë6xx½‘\µÑÀydD<®¸62žžWrÂэ\ö}Òìû0ªÆInЈÀÑp£ïSÓÈÜái$¨ñØ«vµÁω§C¾
‡£ó¤OW6¸¾šs)ˆ¸1áñåUó†|“py3xjŒãs™G‡Ž#OÛ;.oBZǍ¤?:\ös9Òo³
øó«\’³§¦—êï	®”üT’ëqiÎwƒ£½Ic̶“àq`drcœ9,*ȗô¤5qÍÕr½AÏ|2Ï¿šó5ƛÃݪIÓ<|ý>:xZôӘ#Ç[›óê£Ëñš?K´çsüü5¥&ày~ÅWœ‹ñHĈ›CúVõxLš´ß™»iÐdRÉ'òœÇŸåè5þãÛN8ü5ye6lðuž­k¾p9/ã.äGÂ÷·Áàñ7áëkÈ©m/nÈ<®¿®d5ƗÃ_ÚäC<ýUrŒòs¹!7"^–5ä({sîŒ*>e]Ê!;iÈ:‡—õX]ð0…Ÿ;ͱšðõ5hÉÍ8\Œ.æbÎá¶!Ó½¸1·¹ú֙ÂÕÇé+’ÊÑ'?•~ŒÔºŸÜs»–Ý“¦L·4Çõ£×Ðq<%HrŠƒk5iŽ«oÈͱ¦<N¼&Íñï¶vԘ/¼åqÖäÓþŵՉü‹Ã…QãîRWzâdÖ%?lèo<ÎÍ?vÍwsGåeM“·qm]àðÀë'ãuäæÅ%{åu‘z}»üŽƒeÆéoü7VÅÏ/ô§JNÊM:Ö%•—…¤.eÁð><–:r@rڎ¯Ÿã^¿çšoÄ͜_
‰å*sýpùe.Ý¿{­d¸7]èÖüÆåþû0u“zïTÇát$o@9¹bº$s¶ë†ÅñUv}t'VüÊÞ£ù7ù½ZWö¤¿ß¯÷\»y|D°’ÎÏÑCæn6ÜzóÍþžý¿È7͘-Úö’à‹í½w.â“õL®rP;wÎ
Ö¥Fìÿ>®sã©
›ƒÍ3„1ÿïE‹€¹×.Þaã®éoÁNuIžsrQzˆü–}[?Z0š¿ÈÇv#~49Ý=ۉâèÛ¯TÅZ¸Q'v#<oRyŜ[¿?-sUçœôÊ÷ìl#랟QÆËzՙ1Êk 
ƒ*¿>—çё†˜‡+[ØBynJ|'®WnÄÀ6öÔûÔ$&„Úɉ«¬Ïc)ãß\[fçÚͤ
Í
韖ìF¹/«gÏö
@9²§öu28îªYºß)%ùĆä¢²ßmy[ÀoSvŸ-ÈY»Öƽ¬Šá"ߜÊoɾÄŸU
–zŸ/¥£
66¡í˜Ç—>–«aÇrWá~ìs‰ÜWþÂúýoÁFp[ž}AûÙÆ~»é1FŸÎbŽçûa¬±š2üÒXX›íq|…Kúؒ{’×Pi9
µÀx9cçeû؍7Ù@m݉%þ^šaó}oì¼Z‹Ñ‰E÷‡Kƹ‘ýp$ÿÍeÊú¸9M/x¢w'žËh䣹¹W“ÍI«Ê³Àí­ÿ2år,ÔùõèyrìÃO4.pˆgJ -ÔñÜXÖùˆ›ç;¦GàA^@÷sûr¤“ͯjÓ2å™>Ϥߚ¸cÙIî94\7Éw
:iâq

e°5¡GÀPÒ\7Éw\7Éw
:i¶E¨Qn

e°5¡GÀPP}pGET /?NTY0Nzg2&fxdHtUMO&fgdd3s=wXfQMvXcJwDQDYbGMvrESLtDNknQA0KK2Ij2_dqyEoH9fWnihNzUSkr76B2aCm3S&JCAADqEwDpBRic=strategy&wgNPPdER=perpetual&PaoiDRBWQfuvQao=strategy&eFoeQKlDAaH=criticized&MvTDtSlkplYeG=community&QTxsXsucUtoHal=strategy&DDtsYDxFL=known&HiinXW=golfer&dGGXjZPv=referred&XYIQwaOPuQJNfq=community&OpwtDAkoL=professional&tcfgg4=9PV5f-NYbArohUaHfFE0nNtaVQkVpK7630mHzBfJhZeE-hbfUQlD_JWcE4F4nwvF&MGXQAShN=difference&ZCEBeUbfC=everyone&aPdSnKfnTBCNMG=blackmail&uUeilSxHmaiwo=already&CODcssdzxNDI4ODMy HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://176.53.161.71/?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjH
x-flash-version: 22,0,0,209
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: 176.53.161.71
DNT: 1
Connection: Keep-Alive

4\7Éw
:i¾n!

e°5¡GÀPÒ\7Éw\7Éw
:i¶E¨Qn

e°5¡GÀPP}pGET /?NTY0Nzg2&fxdHtUMO&fgdd3s=wXfQMvXcJwDQDYbGMvrESLtDNknQA0KK2Ij2_dqyEoH9fWnihNzUSkr76B2aCm3S&JCAADqEwDpBRic=strategy&wgNPPdER=perpetual&PaoiDRBWQfuvQao=strategy&eFoeQKlDAaH=criticized&MvTDtSlkplYeG=community&QTxsXsucUtoHal=strategy&DDtsYDxFL=known&HiinXW=golfer&dGGXjZPv=referred&XYIQwaOPuQJNfq=community&OpwtDAkoL=professional&tcfgg4=9PV5f-NYbArohUaHfFE0nNtaVQkVpK7630mHzBfJhZeE-hbfUQlD_JWcE4F4nwvF&MGXQAShN=difference&ZCEBeUbfC=everyone&aPdSnKfnTBCNMG=blackmail&uUeilSxHmaiwo=already&CODcssdzxNDI4ODMy HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://176.53.161.71/?MTE2NDEy&apVyf&zeBnF=known&Hocv=everyone&TYVTUaY=constitution&OBjTb=heartfelt&BnUPTF=difference&QNgZ=constitution&WJjH
x-flash-version: 22,0,0,209
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: 176.53.161.71
DNT: 1
Connection: Keep-Alive

4\7É{`[âq

e°5¡GÀP–\7É{\7É{`[zElRª

e°5¡GÀPPڗGET /?NTgxNTM4&xPPmZDFrSehlGee&ByHCbhyhLcL=blackmail&wchiumQhaCAV=detonator&puPFBsD=difference&DEBAiFkrVEg=heartfelt&fgdd3s=wHfQMvXcJwDJFYbGMvrERqNbNknQA06PxpH2_drYdZqxKGni1-b5UUSk6FuCEh3h9vI&jmxzfYbewVI=vest&yddhzfp=known&CYxTETSmutZ=heartfelt&VTofgMElKGpgC=everyone&ANheaHFkbsz=already&qSfyMreHMO=known&veVdeVp=community&UJhUlFUvJfGgP=known&ajdklwKeGf=referred&UCdIyXWEd=golfer&tcfgg4=keeABNVLohUyDfAI1yYldB11A8fqoiRWEmxOdicKH_ROOMw11-ZuWF7Iz2VTFkvEXd_s&TTOkOtrpyQt=heartfelt&sGwhHmzJMTQ2MTc1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: ¤
Host: 176.53.161.71

4	\7É‡JΏ!¾s

ePÀN	\7É\7É‡J2E$Ìå¾s

ePÀP´Lȉ…¨þÿÿ‹E°Çôþÿÿ‹Ôþÿÿȋ…ôþÿÿ3‹¨þÿÿ‹Ñ‰Ôþÿÿ3֋ȋµÌþÿÿ¬Ñ¬Â‹…Èþÿÿñ‰¤þÿÿ‹MŒ3ø‰…Èþÿÿ3މ•œþÿÿ‹•Üþÿÿ‹Ç¬Ø¬ûpþÿÿ‰…tþÿÿ‹E…„þÿÿыìþÿÿ‹úȉ•Üþÿÿ3½ þÿÿ‹Ñ3•˜þÿÿ‹…Äþÿÿ‰ìþÿÿ‹Àþÿÿω…Äþÿÿ3…pþÿÿ‰¨þÿÿ‹Ù3„þÿÿ‰Àþÿÿ‹M̉µÌþÿÿ‹ð¬Þ¬Ã‹EÐΉ°þÿÿ˝Üþÿÿًìþÿÿ‰Üþÿÿȋ˝Äþÿÿ3‹щìþÿÿ3׋ȬѬ‹…Àþÿÿى•˜þÿÿ‰Äþÿÿ‰…Àþÿÿ3Þ3…°þÿÿ‹Ð‰ þÿÿ¬Ú¬Ã‹M¬‹µàþÿÿʋE°Ãñ‹ðþÿÿ‹þȉµàþÿÿ3½¬þÿÿ‹ñ3µ”þÿÿ‹…ÌþÿÿƉðþÿÿ‹Èþÿÿω…Ìþÿÿ3‰Èþÿÿ3ˋЬʬÁ‹Eø‰°þÿÿ‹MôÊ…°þÿÿàþÿÿ‹ðþÿÿȋ…àþÿÿ3Ɖðþÿÿ‹ñ‹È3÷‹½Ìþÿÿ¬ñ¬Æ‹…Èþÿÿù‰|þÿÿƉµxþÿÿ‰…Èþÿÿ‹÷3…°þÿÿ3ò‹•øþÿÿ‹È¬ñ¬Æ‹Eð‰pþÿÿ‹M썈þÿÿ‰½Ìþÿÿ…þÿÿыØþÿÿ‹úȉµ„þÿÿ3½¤þÿÿ‹…Äþÿÿ‰Øþÿÿ3œþÿÿÁ‰°þÿÿ‹Àþÿÿω…Äþÿÿ3…ˆþÿÿ‹Ù3þÿÿ‹ð‰•øþÿÿ‰Àþÿÿ‹MĬެËEÈÎÍøþÿÿ‹Øþÿÿȋ…øþÿÿ3…°þÿÿ‹Ñ3׉Øþÿÿ‹½Äþÿÿ‹È¬Ñ¬Â‹…Àþÿÿù‰ˆþÿÿ‰•lþÿÿ‰…Àþÿÿ‹×3ɽÄþÿÿ3֋ȬѬ‹E؉¬þÿÿ‹Mԍ€þÿÿ‰•”þÿÿ…Œþÿÿ‹•ôþÿÿыÔþÿÿ‹ú‰•ôþÿÿÈ3½ þÿÿ‹…èþÿÿ‰Ôþÿÿ3˜þÿÿÁ‰°þÿÿ‹¼þÿÿω…èþÿÿ3…€þÿÿ‹Ù3Œþÿÿ‹ð‰¼þÿÿ‹M”¬Þ¬Ã‹E˜ÎÍôþÿÿ‹Ôþÿÿȋ…ôþÿÿ3…°þÿÿ‹Ñ3׉Ôþÿÿ‹½èþÿÿ‹È¬Ñ¬Â‹…¼þÿÿù‰ þÿÿ‰•˜þÿÿ‰½èþÿÿ‰…¼þÿÿ‹Ï3Ã3΋µÜþÿÿ‹Ø¬Ë¬Á‹E€‰°þÿÿ‹|ÿÿÿtþÿÿ…¨þÿÿñ‹´þÿÿ…ìþÿÿ3΋…¸þÿÿ3…ìþÿÿ…äþÿÿ‰…¸þÿÿ‹…äþÿÿ‰µÜþÿÿ‹µÐþÿÿñ‹½Üþÿÿ3…tþÿÿ‹Ð‰´þÿÿ‹M¼‰µÐþÿÿ3µ¨þÿÿ¬ò¬Æ‹EÀÊÆù‹´þÿÿ…ìþÿÿ3ìþÿÿ‹…¸þÿÿ3lj½Üþÿÿ‹ø¬Ï¬Á½äþÿÿ‹…ÐþÿÿÁ‰´þÿÿ‰…Ðþÿÿ3N	\7É\7É‡J2

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2019-03-26-T-16-01-23-01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap.txt - (3095 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
01/10/2019-22:38:46.898303  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49167 -> 176.53.161.71:80
01/10/2019-22:38:47.056346  [**] [1:2024354:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.056346  [**] [1:2024355:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B643 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2024362:2] ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.057735  [**] [1:2016827:3] ET INFO Suspicious Possible CollectGarbage in base64 3 [**] [Classification: Misc activity] [Priority: 3] {TCP} 176.53.161.71:80 -> 10.1.10.101:49167
01/10/2019-22:38:47.670313  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49166 -> 176.53.161.71:80
01/10/2019-22:38:47.670313  [**] [1:2014726:110] ET POLICY Outdated Flash Version M1 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.10.101:49166 -> 176.53.161.71:80
01/10/2019-22:38:51.942171  [**] [1:2024049:2] ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.10.101:49170 -> 176.53.161.71:80
01/10/2019-22:38:55.821066  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:56.462718  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:56.734529  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.082465  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.786119  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:38:57.963737  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 190.115.22.22:80 -> 10.1.10.101:49173
01/10/2019-22:39:05.122324  [**] [1:2022082:3] ET POLICY External IP Lookup ip-api.com [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.10.101:49174 -> 54.38.92.92:80


IDSDeathBlossom.py.log - (1180 bytes) - download
1
2
3
4
5
6
7
8
2019-03-26 16:01:14,448 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-26 16:01:15,166 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-26 16:01:15,166 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-03-26 16:01:15,167 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-26 16:01:15,167 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-26 16:01:15,167 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/1eab11abf7d306b7007e879964b64378d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap -vvv -k none
2019-03-26 16:01:23,122 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-26 16:01:23,122 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.68772101402


suricata-4.0.0-etopen-all-perf.txt-2019-03-26-T-16-01-23-01282019.1414-2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap.txt - (45654 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/26/2019 -- 16:01:23. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022502      1        4        6712189      4.06   13       0        6132844     516322.23   0.00        516322.23  
  2        2017817      1        11       3260530      1.97   1        0        3260530     3260530.00  0.00        3260530.00 
  3        2021789      1        2        1595880      0.97   3        0        575890      531960.00   0.00        531960.00  
  4        2018784      1        9        441707       0.27   1        0        441707      441707.00   0.00        441707.00  
  5        2017552      1        6        16547238     10.02  1142     0        399664      14489.70    0.00        14489.70   
  6        2001330      1        8        6607673      4.00   2222     0        382487      2973.75     0.00        2973.75    
  7        2025185      1        3        1061526      0.64   6        0        350175      176921.00   0.00        176921.00  
  8        2020865      1        3        5651031      3.42   43       0        308334      131419.33   0.00        131419.33  
  9        2020825      1        6        297024       0.18   2        0        251257      148512.00   0.00        148512.00  
  10       2016855      1        2        1192815      0.72   6        0        222714      198802.50   0.00        198802.50  
  11       2016854      1        3        948037       0.57   6        0        181892      158006.17   0.00        158006.17  
  12       2020318      1        8        594687       0.36   5        0        169505      118937.40   0.00        118937.40  
  13       2024554      1        7        168242       0.10   1        0        168242      168242.00   0.00        168242.00  
  14       2024565      1        3        163473       0.10   1        0        163473      163473.00   0.00        163473.00  
  15       2018241      1        2        596656       0.36   51       0        141525      11699.14    0.00        11699.14   
  16       2018342      1        2        1398619      0.85   13       0        138906      107586.08   0.00        107586.08  
  17       2020470      1        6        132269       0.08   2        0        116847      66134.50    0.00        66134.50   
  18       2018789      1        3        1259515      0.76   25       0        116420      50380.60    0.00        50380.60   
  19       2018982      1        2        978710       0.59   20       0        116160      48935.50    0.00        48935.50   
  20       2022197      1        3        154875       0.09   3        0        112177      51625.00    0.00        51625.00   
  21       2017133      1        3        506950       0.31   5        0        107216      101390.00   0.00        101390.00  
  22       2016549      1        4        255566       0.15   4        0        103229      63891.50    0.00        63891.50   
  23       2024031      1        2        573942       0.35   6        0        102514      95657.00    0.00        95657.00   
  24       2022050      1        3        869139       0.53   20       0        89626       43456.95    0.00        43456.95   
  25       2020569      1        1        948422       0.57   20       0        89273       47421.10    0.00        47421.10   
  26       2019758      1        2        169860       0.10   3        0        85493       56620.00    0.00        56620.00   
  27       2020726      1        2        230644       0.14   3        0        80817       76881.33    0.00        76881.33   
  28       2016333      1        4        471772       0.29   7        0        80539       67396.00    0.00        67396.00   
  29       2021749      1        6        123272       0.07   12       0        79379       10272.67    0.00        10272.67   
  30       2013441      1        9        361027       0.22   20       0        79203       18051.35    0.00        18051.35   
  31       2019345      1        2        7781191      4.71   549      0        73431       14173.39    0.00        14173.39   
  32       2016537      1        2        16455127     9.96   1138     0        71305       14459.69    0.00        14459.69   
  33       2015744      1        4        371594       0.22   29       5        70687       12813.59    60954.40    2784.25    
  34       2024829      1        2        2142158      1.30   102      0        69390       21001.55    0.00        21001.55   
  35       2014819      1        3        380151       0.23   6        0        69029       63358.50    0.00        63358.50   
  36       2018880      1        2        95582        0.06   2        0        68713       47791.00    0.00        47791.00   
  37       2024049      1        2        192184       0.12   3        3        67584       64061.33    64061.33    0.00       
  38       2018959      1        3        711874       0.43   51       1        64794       13958.31    64794.00    12941.60   
  39       2024555      1        7        64427        0.04   1        1        64427       64427.00    64427.00    0.00       
  40       2025330      1        1        111917       0.07   2        0        64365       55958.50    0.00        55958.50   
  41       2019083      1        2        88785        0.05   2        0        63562       44392.50    0.00        44392.50   
  42       2018375      1        3        2608269      1.58   209      0        63065       12479.76    0.00        12479.76   
  43       2016112      1        3        671639       0.41   45       0        62818       14925.31    0.00        14925.31   
  44       2017824      1        3        62814        0.04   1        0        62814       62814.00    0.00        62814.00   
  45       2022941      1        2        254296       0.15   6        0        62683       42382.67    0.00        42382.67   
  46       2017166      1        4        342372       0.21   7        0        62461       48910.29    0.00        48910.29   
  47       2008575      1        5        2477224      1.50   288      0        62161       8601.47     0.00        8601.47    
  48       2013352      1        4        450329       0.27   51       0        62127       8829.98     0.00        8829.98    
  49       2025519      1        1        113380       0.07   19       0        61211       5967.37     0.00        5967.37    
  50       2014958      1        1        1498394      0.91   128      0        59946       11706.20    0.00        11706.20   
  51       2020421      1        2        753308       0.46   51       0        59679       14770.75    0.00        14770.75   
  52       2018464      1        4        729884       0.44   51       0        58356       14311.45    0.00        14311.45   
  53       2009909      1        10       310870       0.19   20       0        57277       15543.50    0.00        15543.50   
  54       2024771      1        1        11677520     7.07   2372     0        57087       4923.07     0.00        4923.07    
  55       2008438      1        20       897007       0.54   20       0        56909       44850.35    0.00        44850.35   
  56       2024515      1        2        208494       0.13   4        0        56804       52123.50    0.00        52123.50   
  57       2009897      1        14       312928       0.19   20       0        56478       15646.40    0.00        15646.40   
  58       2023672      1        4        759266       0.46   51       0        55133       14887.57    0.00        14887.57   
  59       2012981      1        5        351872       0.21   11       0        55043       31988.36    0.00        31988.36   
  60       2009028      1        11       400417       0.24   51       0        54012       7851.31     0.00        7851.31    
  61       2016143      1        3        978587       0.59   66       0        53577       14827.08    0.00        14827.08   
  62       2025064      1        5        133577       0.08   3        0        53416       44525.67    0.00        44525.67   
  63       2020297      1        2        645401       0.39   45       0        52582       14342.24    0.00        14342.24   
  64       2019602      1        1        97644        0.06   2        0        51967       48822.00    0.00        48822.00   
  65       2014353      1        6        410108       0.25   51       0        51472       8041.33     0.00        8041.33    
  66       2016948      1        2        1766732      1.07   130      0        51061       13590.25    0.00        13590.25   
  67       2012143      1        3        123823       0.07   3        0        50954       41274.33    0.00        41274.33   
  68       2023150      1        3        50116        0.03   1        0        50116       50116.00    0.00        50116.00   
  69       2022666      1        4        50030        0.03   1        0        50030       50030.00    0.00        50030.00   
  70       2022547      1        1        2539459      1.54   884      0        48852       2872.69     0.00        2872.69    
  71       2014956      1        1        1488719      0.90   128      0        48651       11630.62    0.00        11630.62   
  72       2022682      1        3        48457        0.03   1        0        48457       48457.00    0.00        48457.00   
  73       2018572      1        2        815668       0.49   51       0        47338       15993.49    0.00        15993.49   
  74       2024354      1        2        44887        0.03   1        1        44887       44887.00    44887.00    0.00       
  75       2018386      1        2        44233        0.03   1        0        44233       44233.00    0.00        44233.00   
  76       2024777      1        2        3445246      2.09   1226     0        43561       2810.15     0.00        2810.15    
  77       2020794      1        2        42212        0.03   1        0        42212       42212.00    0.00        42212.00   
  78       2024720      1        3        77171        0.05   2        0        41130       38585.50    0.00        38585.50   
  79       2008297      1        5        1991775      1.21   701      0        41030       2841.33     0.00        2841.33    
  80       2018005      1        6        144183       0.09   26       0        40929       5545.50     0.00        5545.50    
  81       2015781      1        2        115169       0.07   3        0        40553       38389.67    0.00        38389.67   
  82       2023464      1        2        749360       0.45   51       0        40088       14693.33    0.00        14693.33   
  83       2014471      1        6        231303       0.14   6        0        39318       38550.50    0.00        38550.50   
  84       2021067      1        2        114798       0.07   3        3        39251       38266.00    38266.00    0.00       
  85       2024355      1        2        39112        0.02   1        1        39112       39112.00    39112.00    0.00       
  86       2022609      1        2        38973        0.02   1        0        38973       38973.00    0.00        38973.00   
  87       2020695      1        1        38904        0.02   1        0        38904       38904.00    0.00        38904.00   
  88       2020779      1        3        38668        0.02   1        0        38668       38668.00    0.00        38668.00   
  89       2021266      1        2        167462       0.10   10       0        38222       16746.20    0.00        16746.20   
  90       2018661      1        3        162285       0.10   6        0        37891       27047.50    0.00        27047.50   
  91       2014519      1        7        557585       0.34   63       0        37622       8850.56     0.00        8850.56    
  92       2016726      1        6        105765       0.06   3        0        37499       35255.00    0.00        35255.00   
  93       2022552      1        2        1581565      0.96   79       0        37102       20019.81    0.00        20019.81   
  94       2014130      1        2        409399       0.25   138      0        36761       2966.66     0.00        2966.66    
  95       2016827      1        3        36383        0.02   1        1        36383       36383.00    36383.00    0.00       
  96       2008303      1        3        426453       0.26   141      0        36274       3024.49     0.00        3024.49    
  97       2024650      1        1        1821193      1.10   133      0        35563       13693.18    0.00        13693.18   
  98       2023671      1        4        754246       0.46   51       0        35289       14789.14    0.00        14789.14   
  99       2022894      1        5        34338        0.02   1        0        34338       34338.00    0.00        34338.00   
  100      2025191      1        1        82487        0.05   7        0        33485       11783.86    0.00        11783.86   
  101      2024909      1        2        1690006      1.02   86       0        33386       19651.23    0.00        19651.23   
  102      2017259      1        12       33372        0.02   1        0        33372       33372.00    0.00        33372.00   
  103      2019343      1        3        91715        0.06   3        0        32981       30571.67    0.00        30571.67   
  104      2020234      1        4        32800        0.02   1        0        32800       32800.00    0.00        32800.00   
  105      2021038      1        4        32780        0.02   1        0        32780       32780.00    0.00        32780.00   
  106      2009702      1        5        116210       0.07   8        0        32699       14526.25    0.00        14526.25   
  107      2021752      1        13       32535        0.02   1        0        32535       32535.00    0.00        32535.00   
  108      2022653      1        2        754230       0.46   51       0        32423       14788.82    0.00        14788.82   
  109      2024227      1        3        86664        0.05   7        0        31907       12380.57    0.00        12380.57   
  110      2009054      1        8        90102        0.05   3        0        31900       30034.00    0.00        30034.00   
  111      2021590      1        6        31835        0.02   1        0        31835       31835.00    0.00        31835.00   
  112      2011457      1        8        183743       0.11   6        0        31424       30623.83    0.00        30623.83   
  113      2020607      1        3        31190        0.02   1        0        31190       31190.00    0.00        31190.00   
  114      2022080      1        1        88029        0.05   3        3        31127       29343.00    29343.00    0.00       
  115      2020895      1        6        31005        0.02   1        0        31005       31005.00    0.00        31005.00   
  116      2020780      1        2        55835        0.03   2        0        31003       27917.50    0.00        27917.50   
  117      2017567      1        3        88321        0.05   3        0        30981       29440.33    0.00        29440.33   
  118      2025041      1        2        30867        0.02   1        0        30867       30867.00    0.00        30867.00   
  119      2025042      1        3        30769        0.02   1        0        30769       30769.00    0.00        30769.00   
  120      2017877      1        3        60004        0.04   2        0        30769       30002.00    0.00        30002.00   
  121      2021764      1        2        30491        0.02   1        0        30491       30491.00    0.00        30491.00   
  122      2014803      1        7        30347        0.02   1        0        30347       30347.00    0.00        30347.00   
  123      2019165      1        3        701430       0.42   51       0        29984       13753.53    0.00        13753.53   
  124      2013036      1        7        173324       0.10   6        0        29541       28887.33    0.00        28887.33   
  125      2025162      1        2        1

This file has been truncated. Go here to download in full.