Filename: 2018-11-13-traffic-analysis-exercise.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.6758918762 seconds
Hash: 221168dc0865c145fe977b2c373022f3
Uploaded: 1542482775

Logfiles


packet_stats.log - (15690 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            11        200875287     3023509668    1275332096         14.0b    0.08
 IPv4       6         10047          7389605     3069154963    1698365459      17063.5b   98.28
 IPv4      17           278         21440950     3030600988    1020676371        283.7b    1.63
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            11            90398         227174        136305          1.5m    0.04
TMM_FLOWWORKER              IPv4       6         10047            66013       33164124        360513          3.6b   93.42
TMM_FLOWWORKER              IPv4      17           278           120130       10249687        563612        156.7m    4.04
TMM_RECEIVEPCAPFILE         IPv4       2            11             2544           4041          3192         35.1k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          9942             2531       20830519          5337         53.1m    1.37
TMM_RECEIVEPCAPFILE         IPv4      17           278             2545          28315          3259        906.0k    0.02
TMM_DECODEPCAPFILE          IPv4       2            11             2716           7903          4124         45.4k    0.00
TMM_DECODEPCAPFILE          IPv4       6          9942             2639        4556526          4223         42.0m    1.08
TMM_DECODEPCAPFILE          IPv4      17           278             2665          27188          3693          1.0m    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          9942             2755          85210          3731         37.1m  1.05  
flow                    IPv4      17           278             2822          39875          4570          1.3m  0.04  
stream                  IPv4       6         10047             2641        1107028         19266        193.6m  5.46  
app-layer               IPv4      17           278             2531         118046         14150          3.9m  0.11  
detect                  IPv4       2            11            84763         219367        129918          1.4m  0.04  
detect                  IPv4       6         10047            44556       33121133        313194          3.1b  88.81 
detect                  IPv4      17           278           103748        8988197        445389        123.8m  3.49  
tcp-prune               IPv4       6         10047             2534         384275          3526         35.4m  1.00  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            17             2945         102678         25325        430.5k  16.42 
tls                     IPv4       6           137             2593         160405          4734        648.6k  24.74 
tls                     IPv4      17             3             2608           3235          2878          8.6k  0.33  
smb                     IPv4       6             4             3047           5034          4086         16.3k  0.62  
smb2                    IPv4       6             2             3136           3351          3243          6.5k  0.25  
dcerpc                  IPv4       6            30             2960          30047          4589        137.7k  5.25  
dns                     IPv4      17           190             3279          99978          7226          1.4m  52.38 
Proto detect            IPv4       6             6             2744           7387          4065         24.4k
Proto detect            IPv4      17           176             2871          68770          7125          1.3m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            20            15637         110049         30742        614.9k  1.06  
LOGGER_ALERT_FAST           IPv4      17             3            12437         123968         53364        160.1k  0.28  
LOGGER_UNIFIED2             IPv4       6            20            22279         238637         55186          1.1m  1.91  
LOGGER_UNIFIED2             IPv4      17             3            17594         232654         97214        291.6k  0.50  
LOGGER_JSON_ALERT           IPv4       6            20            36937         149526         59396          1.2m  2.05  
LOGGER_JSON_ALERT           IPv4      17             3            34661          96053         57087        171.3k  0.30  
LOGGER_JSON_DNS             IPv4      17           172            26312        9397783        130699         22.5m  38.83 
LOGGER_JSON_HTTP            IPv4       6           131            52466         214757        107883         14.1m  24.41 
LOGGER_JSON_TLS             IPv4       6            79            25016         229387         71282          5.6m  9.73  
LOGGER_JSON_FILE            IPv4       6           109            63870         307273        111153         12.1m  20.93 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          4773             2551       31820100         42699       203.8m  20.70 
payload                           IPv4      17           278             3439          92967         25158         7.0m  0.71  
stream                            IPv4       6          4773             2533        7513387         54959       262.3m  26.64 
http_uri                          IPv4       6           131             9549         321467         46755         6.1m  0.62  
http_request_line                 IPv4       6           131             3900          36779          7741         1.0m  0.10  
http_client_body                  IPv4       6           131             2675         460398          9800         1.3m  0.13  
http_header (request)             IPv4       6           131            18189         159617         76217        10.0m  1.01  
http_header (request trailer)     IPv4       6           131             2592           4349          3010       394.4k  0.04  
http_header_names (request)       IPv4       6           131             5539          49728         16184         2.1m  0.22  
http_accept (request)             IPv4       6           131             3269          86374          6089       797.7k  0.08  
http_referer (request)            IPv4       6           131             2954          29761          6444       844.2k  0.09  
http_content_len (request)        IPv4       6           131             2955          29795          4466       585.2k  0.06  
http_content_type (request)       IPv4       6           131             2921          18536          3862       506.0k  0.05  
http_protocol (request)           IPv4       6           131             3167          74661          5479       717.8k  0.07  
http_start (request)              IPv4       6           131             7351          71636         16596         2.2m  0.22  
http_raw_header (request)         IPv4       6           131            10785         138606         22794         3.0m  0.30  
http_method                       IPv4       6           131             3109          23458          5787       758.1k  0.08  
http_cookie (request)             IPv4       6           131             3065          92239         11237         1.5m  0.15  
http_raw_uri                      IPv4       6           131             3398          35429          7483       980.3k  0.10  
http_user_agent                   IPv4       6           131             4841          97841         27164         3.6m  0.36  
http_host                         IPv4       6           131             3917          44395          9570         1.3m  0.13  
dns_query                         IPv4      17            86             2870          86882         18855         1.6m  0.16  
tls_sni                           IPv4       6           119             2785          25901          6282       747.6k  0.08  
http_response_line                IPv4       6           131             3537          31640          7653         1.0m  0.10  
http_header (response)            IPv4       6           131            10298         115024         46284         6.1m  0.62  
http_header (response trailer)    IPv4       6           131             2581          74983          4054       531.2k  0.05  
http_content_type (response)      IPv4       6           131             3141          22217          6308       826.4k  0.08  
http_raw_header (response)        IPv4       6          3073             4352          67319          6451        19.8m  2.01  
http_cookie (response)            IPv4       6           131             2995          17870          4136       541.9k  0.06  
http_stat_code                    IPv4       6           131             2849          17010          4350       569.9k  0.06  
tls_cert_issuer                   IPv4       6            79             2559          22066          6174       487.8k  0.05  
tls_cert_subject                  IPv4       6            79             2590          36386          9139       722.1k  0.07  
tls_cert_serial                   IPv4       6            79             2558           7003          4334       342.5k  0.03  
file_data (http response)         IPv4       6          2942             2564       10520531        149804       440.7m  44.76 
Total                             IPv4                 19425                                         50691       984.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            11            37387         125046         64570        710.3k  0.02  
PROF_DETECT_IPONLY          IPv4       6           286             3156        2421951         49151         14.1m  0.31  
PROF_DETECT_IPONLY          IPv4      17           206             3641         130321         48451         10.0m  0.22  
PROF_DETECT_RULES           IPv4       2            11             2534           3481          2896         31.9k  0.00  
PROF_DETECT_RULES           IPv4       6         10047             2523       12820767        123283          1.2b  27.07 
PROF_DETECT_RULES           IPv4      17           278            44401        8844973        294095         81.8m  1.79  
PROF_DETECT_STATEFUL_START    IPv4       6          2756             5095       10445418        176800        487.3m  10.65 
PROF_DETECT_STATEFUL_START    IPv4      17             4             8764          61260         22952         91.8k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            11             2555           3866          2931         32.2k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         10047             2506        7947174         11267        113.2m  2.47  
PROF_DETECT_STATEFUL_CONT    IPv4      17           278             2531          75413          5700          1.6m  0.03  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          9132             2540          89972          3174         29.0m  0.63  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17           172             2597          35828          3328        572.5k  0.01  
PROF_DETECT_PREFILTER       IPv4       2            11             7890          26985         11070        121.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       6         10047             7725       32648109        126022          1.3b  27.67 
PROF_DETECT_PREFILTER       IPv4      17           278            24415         180586         60060         16.7m  0.36  
PROF_DETECT_PF_PAYLOAD      IPv4       6          4773            13173       32599066        109723        523.7m  11.45 
PROF_DETECT_PF_PAYLOAD      IPv4      17           278             8706          99655         31022          8.6m  0.19  
PROF_DETECT_PF_TX           IPv4       6          9132             2548       10540031         62586        571.5m  12.49 
PROF_DETECT_PF_TX           IPv4      17            86             8097          93299         25133          2.2m  0.05  
PROF_DETECT_PF_SORT1        IPv4       6          3528             2518          48880          4143         14.6m  0.32  
PROF_DETECT_PF_SORT1        IPv4      17           278             2681          39805          4588          1.3m  0.03  
PROF_DETECT_PF_SORT2        IPv4       2            11             2518           3433          2947         32.4k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6         10047             2510         394853          3354         33.7m  0.74  
PROF_DETECT_PF_SORT2        IPv4      17           278             2552          18357          3433        954.6k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       2            11             2598          33382          5791         63.7k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6         10047             2521          95650          3335         33.5m  0.73  
PROF_DETECT_NONMPMLIST      IPv4      17           278             2560          35720          3483        968.3k  0.02  
PROF_DETECT_ALERT           IPv4       2            11             2547          16840          4234         46.6k  0.00  
PROF_DETECT_ALERT           IPv4       6         10047             2514       10373168          4194         42.1m  0.92  
PROF_DETECT_ALERT           IPv4      17           278             2520          26128          3169        881.2k  0.02  
PROF_DETECT_CLEANUP         IPv4       2            11             2554           3748          3019         33.2k  0.00  
PROF_DETECT_CLEANUP         IPv4       6         10047             2546        9217866          4305         43.3m  0.95  
PROF_DETECT_CLEANUP         IPv4      17           278             2520          19491          3448        958.8k  0.02  
PROF_DETECT_GETSGH          IPv4       2            11             2743           3911          3145         34.6k  0.00  
PROF_DETECT_GETSGH          IPv4       6         10047             2519          73237          3483         35.0m  0.77  
PROF_DETECT_GETSGH          IPv4      17           278             2540          55570          6841          1.9m  0.04  


stats.log - (3621 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
------------------------------------------------------------------------------------
Date: 11/17/2018 -- 19:26:41 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 10231
decoder.bytes                              | Total                     | 7573642
decoder.ipv4                               | Total                     | 10231
decoder.ethernet                           | Total                     | 10231
decoder.tcp                                | Total                     | 9942
decoder.udp                                | Total                     | 278
decoder.avg_pkt_size                       | Total                     | 740
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 143
flow.udp                                   | Total                     | 112
tcp.sessions                               | Total                     | 143
tcp.syn                                    | Total                     | 145
tcp.synack                                 | Total                     | 142
tcp.rst                                    | Total                     | 74
tcp.overlap                                | Total                     | 103
detect.alert                               | Total                     | 25
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 14
app_layer.tx.http                          | Total                     | 131
app_layer.flow.tls                         | Total                     | 79
app_layer.flow.smb                         | Total                     | 3
app_layer.flow.dcerpc_tcp                  | Total                     | 6
app_layer.flow.failed_tcp                  | Total                     | 32
app_layer.flow.dns_udp                     | Total                     | 86
app_layer.tx.dns_udp                       | Total                     | 86
app_layer.flow.failed_udp                  | Total                     | 26
flow_mgr.closed_pruned                     | Total                     | 32
flow_mgr.new_pruned                        | Total                     | 5
flow_mgr.est_pruned                        | Total                     | 28
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 21
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.flows_timeout                     | Total                     | 19
flow_mgr.flows_timeout_inuse               | Total                     | 19
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65515
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7104256


eve.json - (290048 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
{"timestamp":"2018-11-07T20:40:47.090073+0000","flow_id":1900275225812953,"pcap_cnt":3,"event_type":"dns","src_ip":"10.22.15.119","src_port":56504,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54106,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.090323+0000","flow_id":1900275225812953,"pcap_cnt":4,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56504,"proto":"UDP","dns":{"type":"answer","id":54106,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.091000+0000","flow_id":1833308095734648,"pcap_cnt":5,"event_type":"dns","src_ip":"10.22.15.119","src_port":60638,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49958,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.091195+0000","flow_id":1833308095734648,"pcap_cnt":6,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":60638,"proto":"UDP","dns":{"type":"answer","id":49958,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.095753+0000","flow_id":1308463092168201,"pcap_cnt":7,"event_type":"dns","src_ip":"10.22.15.119","src_port":55055,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39713,"rrname":"geeographic-dc.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.096007+0000","flow_id":1308463092168201,"pcap_cnt":8,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":55055,"proto":"UDP","dns":{"type":"answer","id":39713,"rcode":"NOERROR","rrname":"geeographic-dc.geeographic.com","rrtype":"A","ttl":3600,"rdata":"10.22.15.2"}}
{"timestamp":"2018-11-07T20:40:47.429709+0000","flow_id":1309642060697229,"pcap_cnt":171,"event_type":"dns","src_ip":"10.22.15.119","src_port":51356,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5953,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.429977+0000","flow_id":1309642060697229,"pcap_cnt":172,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":51356,"proto":"UDP","dns":{"type":"answer","id":5953,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.460580+0000","flow_id":1748231236028196,"pcap_cnt":175,"event_type":"dns","src_ip":"10.22.15.119","src_port":50261,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33951,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.460829+0000","flow_id":1748231236028196,"pcap_cnt":176,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":50261,"proto":"UDP","dns":{"type":"answer","id":33951,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:47.541064+0000","flow_id":1363975544455560,"pcap_cnt":187,"event_type":"dns","src_ip":"10.22.15.119","src_port":65381,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40035,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:47.541306+0000","flow_id":1363975544455560,"pcap_cnt":188,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":65381,"proto":"UDP","dns":{"type":"answer","id":40035,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-11-07T20:40:48.494873+0000","flow_id":2224452914941209,"pcap_cnt":277,"event_type":"dns","src_ip":"10.22.15.119","src_port":56639,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64206,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:48.495193+0000","flow_id":2224452914941209,"pcap_cnt":278,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56639,"proto":"UDP","dns":{"type":"answer","id":64206,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:48.495193+0000","flow_id":2224452914941209,"pcap_cnt":278,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56639,"proto":"UDP","dns":{"type":"answer","id":64206,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:48.496201+0000","flow_id":29984472207945,"pcap_cnt":279,"event_type":"dns","src_ip":"10.22.15.119","src_port":57115,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48510,"rrname":"_ldap._tcp.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:40:48.496435+0000","flow_id":29984472207945,"pcap_cnt":280,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":57115,"proto":"UDP","dns":{"type":"answer","id":48510,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:48.496435+0000","flow_id":29984472207945,"pcap_cnt":280,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":57115,"proto":"UDP","dns":{"type":"answer","id":48510,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:49.980468+0000","flow_id":1924314157938164,"pcap_cnt":406,"event_type":"dns","src_ip":"10.22.15.119","src_port":64719,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12011,"rrname":"wpad.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:49.980801+0000","flow_id":1924314157938164,"pcap_cnt":407,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":64719,"proto":"UDP","dns":{"type":"answer","id":12011,"rcode":"NXDOMAIN","rrname":"wpad.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:49.980801+0000","flow_id":1924314157938164,"pcap_cnt":407,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":64719,"proto":"UDP","dns":{"type":"answer","id":12011,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:50.618469+0000","flow_id":1872854007312357,"pcap_cnt":413,"event_type":"dns","src_ip":"10.22.15.119","src_port":56888,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11931,"rrname":"Geeographic-DC.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:50.618757+0000","flow_id":1872854007312357,"pcap_cnt":414,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56888,"proto":"UDP","dns":{"type":"answer","id":11931,"rcode":"NOERROR","rrname":"Geeographic-DC.geeographic.com","rrtype":"A","ttl":3600,"rdata":"10.22.15.2"}}
{"timestamp":"2018-11-07T20:40:50.627375+0000","flow_id":638143251518127,"pcap_cnt":415,"event_type":"dns","src_ip":"10.22.15.119","src_port":53253,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23665,"rrname":"isatap.geeographic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:50.627639+0000","flow_id":638143251518127,"pcap_cnt":416,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":53253,"proto":"UDP","dns":{"type":"answer","id":23665,"rcode":"NXDOMAIN","rrname":"isatap.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:50.627639+0000","flow_id":638143251518127,"pcap_cnt":416,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":53253,"proto":"UDP","dns":{"type":"answer","id":23665,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:50.774107+0000","flow_id":1691069516533723,"pcap_cnt":417,"event_type":"dns","src_ip":"10.22.15.119","src_port":49247,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43220,"rrname":"isatap.localdomain","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:50.791929+0000","flow_id":1691069516533723,"pcap_cnt":418,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":49247,"proto":"UDP","dns":{"type":"answer","id":43220,"rcode":"NXDOMAIN","rrname":"isatap.localdomain"}}
{"timestamp":"2018-11-07T20:40:50.791929+0000","flow_id":1691069516533723,"pcap_cnt":418,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":49247,"proto":"UDP","dns":{"type":"answer","id":43220,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":900}}
{"timestamp":"2018-11-07T20:40:52.570392+0000","flow_id":1516406081631256,"pcap_cnt":423,"event_type":"dns","src_ip":"10.22.15.119","src_port":63725,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58948,"rrname":"www.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1516406081631256,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"www.msftncsi.com","rrtype":"CNAME","ttl":1615,"rdata":"www.msftncsi.com.edgesuite.net"}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1516406081631256,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"www.msftncsi.com.edgesuite.net","rrtype":"CNAME","ttl":140,"rdata":"a1961.g2.akamai.net"}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1516406081631256,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"72.246.64.187"}}
{"timestamp":"2018-11-07T20:40:52.644208+0000","flow_id":1516406081631256,"pcap_cnt":424,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":63725,"proto":"UDP","dns":{"type":"answer","id":58948,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":19,"rdata":"72.246.64.227"}}
{"timestamp":"2018-11-07T20:40:52.684671+0000","flow_id":402811256102365,"pcap_cnt":433,"event_type":"http","src_ip":"10.22.15.119","src_port":49183,"dest_ip":"72.246.64.187","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain"}}
{"timestamp":"2018-11-07T20:40:52.684671+0000","flow_id":402811256102365,"pcap_cnt":433,"event_type":"fileinfo","src_ip":"72.246.64.187","src_port":80,"dest_ip":"10.22.15.119","dest_port":49183,"proto":"TCP","http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":14},"app_proto":"http","fileinfo":{"filename":"\/ncsi.txt","gaps":false,"state":"CLOSED","stored":false,"size":14,"tx_id":0}}
{"timestamp":"2018-11-07T20:40:54.972102+0000","flow_id":2095554504348998,"pcap_cnt":435,"event_type":"dns","src_ip":"10.22.15.119","src_port":56174,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50057,"rrname":"Danger-Win-PC.geeographic.com","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-11-07T20:40:54.972506+0000","flow_id":2095554504348998,"pcap_cnt":436,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":56174,"proto":"UDP","dns":{"type":"answer","id":50057,"rcode":"NOERROR","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:40:54.974894+0000","flow_id":521017346154542,"pcap_cnt":437,"event_type":"alert","src_ip":"10.22.15.119","src_port":62513,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2009702,"rev":5,"signature":"ET POLICY DNS Update From External net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2018-11-07T20:40:54.974894+0000","flow_id":521017346154542,"pcap_cnt":437,"event_type":"dns","src_ip":"10.22.15.119","src_port":62513,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12153,"rrname":"geeographic.com","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":521017346154542,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"CNAME","ttl":0,"rdata":"Danger-Win-PC.geeographic.com"}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":521017346154542,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"AAAA","ttl":0,"rdata":""}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":521017346154542,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"A","ttl":0,"rdata":""}}
{"timestamp":"2018-11-07T20:40:54.977431+0000","flow_id":521017346154542,"pcap_cnt":438,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":62513,"proto":"UDP","dns":{"type":"answer","id":12153,"rcode":"NOERROR","rrname":"Danger-Win-PC.geeographic.com","rrtype":"A","ttl":1200,"rdata":"10.22.15.119"}}
{"timestamp":"2018-11-07T20:41:31.227579+0000","flow_id":53812953577723,"pcap_cnt":592,"event_type":"dns","src_ip":"10.22.15.119","src_port":59195,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32540,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:41:31.227870+0000","flow_id":53812953577723,"pcap_cnt":593,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59195,"proto":"UDP","dns":{"type":"answer","id":32540,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:41:31.227870+0000","flow_id":53812953577723,"pcap_cnt":593,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59195,"proto":"UDP","dns":{"type":"answer","id":32540,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:41:31.228317+0000","flow_id":934214677265373,"pcap_cnt":594,"event_type":"dns","src_ip":"10.22.15.119","src_port":59482,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51759,"rrname":"_ldap._tcp.Geeographic-DC.geeographic.com","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-11-07T20:41:31.228499+0000","flow_id":934214677265373,"pcap_cnt":595,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59482,"proto":"UDP","dns":{"type":"answer","id":51759,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Geeographic-DC.geeographic.com"}}
{"timestamp":"2018-11-07T20:41:31.228499+0000","flow_id":934214677265373,"pcap_cnt":595,"event_type":"dns","src_ip":"10.22.15.2","src_port":53,"dest_ip":"10.22.15.119","dest_port":59482,"proto":"UDP","dns":{"type":"answer","id":51759,"rcode":"NXDOMAIN","rrname":"geeographic.com","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-11-07T20:41:31.773708+0000","flow_id":582532017671756,"pcap_cnt":680,"event_type":"dns","src_ip":"10.22.15.119","src_port":65142,"dest_ip":"10.22.15.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58289,"rrname":"dns.msftncsi.com","rrtype":"A","tx_id":0

This file has been truncated. Go here to download in full.


keyword_perf.log - (20496 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:26:41
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            31359           8               8               4416            3919.00         3919.00         0.00           
  flow             70553774        19404           19404           2860966         3636.00         3636.00         0.00           
  threshold        150177          8               0               72206           18772.00        0.00            18772.00       
  content          337835186       34039           11136           627227          9924.00         10275.00        9754.00        
  pcre             46325294        8290            353             7700720         5588.00         26671.00        4650.00        
  byte_test        12832560        2224            1136            5214965         5770.00         3428.00         8214.00        
  byte_jump        1147021         293             125             31920           3914.00         3705.00         4070.00        
  isdataat         235516          77              1               4411            3058.00         4411.00         3040.00        
  flowbits         20698362        6230            295             402541          3322.00         3756.00         3300.00        
  urilen           5713683         1613            1019            85834           3542.00         3507.00         3602.00        
  byte_extract     1555063         473             473             30155           3287.00         3287.00         0.00           
  dce_iface        120272          36              0               4965            3340.00         0.00            3340.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            31359           8               8               4416            3919.00         3919.00         0.00           
  flow             70553774        19404           19404           2860966         3636.00         3636.00         0.00           
  flowbits         20155150        6104            169             402541          3301.00         3342.00         3300.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          81430679        18730           3813            401473          4347.00         6697.00         3746.00        
  pcre             11083750        754             136             7700720         14699.00        60437.00        4634.00        
  byte_test        12818892        2220            1134            5214965         5774.00         3428.00         8223.00        
  byte_jump        1088598         277             117             31920           3929.00         3738.00         4069.00        
  isdataat         235516          77              1               4411            3058.00         4411.00         3040.00        
  byte_extract     1555063         473             473             30155           3287.00         3287.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         543212          126             126             15682           4311.00         4311.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        150177          8               0               72206           18772.00        0.00            18772.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9832373         2429            1282            58491           4047.00         4130.00         3955.00        
  pcre             5341054         870             131             89400           6139.00         5856.00         6189.00        
  urilen           5713683         1613            1019            85834           3542.00         3507.00         3602.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          124117          20              2               30544           6205.00         6173.00         6209.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          337240          103             0               4244            3274.00         0.00            3274.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          216853771       6287            1820            627227          34492.00        35240.00        34187.00       
  pcre             23330582        5580            54              291324          4181.00         3907.00         4183.00        
  byte_test        13668           4               2               3649            3417.00         3587.00         3246.00        
  byte_jump        58423           16              8               4539            3651.00         3221.00         4081.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22574332        4912            3421            95071           4595.00         4606.00         4570.00        
  pcre             5313187         828             20              34874           6416.00         7400.00         6392.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          700458          165             33              26118           4245.00         4121.00         4276.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3570            1               1               3570            3570.00         3570.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          37146           1               1               37146           37146.00        37146.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          97885           18              18              18211           5438.00         5438.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3461            1               1               3461            3461.00         3461.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4854            1               0               4854            4854.00         0.00            4854.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          313057          86              41              20428           3640.00         4101.00         3220.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3794            1               0               3794            3794.00         0.00            3794.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4412865         1045            528             113162          4222.00         4613.00         3823.00        
  pcre             1256721         258             12              18198           4871.00         5774.00      

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2018-11-17-T-19-26-41-11172018.1923-2018-11-13-traffic-analysis-exercise.pcap.txt - (155351 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/17/2018 -- 19:26:41. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2809850      1        2        8234096      0.74   21       0        7729512     392099.81   0.00        392099.81  
  2        2025519      1        1        7563684      0.68   4        0        7552506     1890921.00  0.00        1890921.00 
  3        2103158      1        6        8177375      0.74   293      0        7045865     27909.13    0.00        27909.13   
  4        2023831      1        2        5743908      0.52   47       0        5224197     122210.81   0.00        122210.81  
  5        2014472      1        7        5989898      0.54   97       0        3612737     61751.53    0.00        61751.53   
  6        2821562      1        3        7058558      0.63   253      0        2879092     27899.44    0.00        27899.44   
  7        2830740      1        1        8565298      0.77   9        0        1755533     951699.78   0.00        951699.78  
  8        2814736      1        7        4930887      0.44   4        0        1459696     1232721.75  0.00        1232721.75 
  9        2012970      1        2        79066214     7.11   325      0        1305674     243280.66   0.00        243280.66  
  10       2815453      1        4        10708088     0.96   11       0        1242110     973462.55   0.00        973462.55  
  11       2809301      1        2        1164273      0.10   1        0        1164273     1164273.00  0.00        1164273.00 
  12       2016537      1        2        26115597     2.35   1563     1        825757      16708.64    94084.00    16659.10   
  13       2823140      1        2        1409438      0.13   3        0        648647      469812.67   0.00        469812.67  
  14       2819664      1        2        19942037     1.79   102      0        594845      195510.17   0.00        195510.17  
  15       2820158      1        2        21976812     1.98   112      0        541141      196221.54   0.00        196221.54  
  16       2827748      1        2        3256957      0.29   21       0        535772      155093.19   0.00        155093.19  
  17       2820157      1        2        21352363     1.92   112      0        530750      190646.10   0.00        190646.10  
  18       2811745      1        4        36912993     3.32   302      0        506755      122228.45   0.00        122228.45  
  19       2018299      1        3        7019131      0.63   28       0        465994      250683.25   0.00        250683.25  
  20       2017501      1        2        3761173      0.34   18       0        461270      208954.06   0.00        208954.06  
  21       2017500      1        2        3913283      0.35   18       0        446517      217404.61   0.00        217404.61  
  22       2808144      1        2        1494564      0.13   9        0        435324      166062.67   0.00        166062.67  
  23       2017502      1        2        3969696      0.36   18       0        432471      220538.67   0.00        220538.67  
  24       2806802      1        2        16536940     1.49   665      0        429694      24867.58    0.00        24867.58   
  25       2017499      1        2        3136950      0.28   18       0        426135      174275.00   0.00        174275.00  
  26       2024650      1        1        7739740      0.70   484      0        416901      15991.20    0.00        15991.20   
  27       2819940      1        3        9584422      0.86   55       0        414948      174262.22   0.00        174262.22  
  28       2020865      1        3        8396416      0.76   53       0        407398      158422.94   0.00        158422.94  
  29       2024771      1        1        20584723     1.85   2659     0        401652      7741.53     0.00        7741.53    
  30       2809747      1        2        2185773      0.20   14       0        400541      156126.64   0.00        156126.64  
  31       2811363      1        2        2093436      0.19   9        0        398123      232604.00   0.00        232604.00  
  32       2816510      1        3        9508404      0.86   55       0        397004      172880.07   0.00        172880.07  
  33       2815269      1        2        7320639      0.66   88       0        357509      83189.08    0.00        83189.08   
  34       2819930      1        2        19156844     1.72   102      0        349623      187812.20   0.00        187812.20  
  35       2021749      1        6        9369623      0.84   59       0        338211      158807.17   0.00        158807.17  
  36       2808299      1        5        1380667      0.12   7        0        329654      197238.14   0.00        197238.14  
  37       2809735      1        2        2256015      0.20   12       0        328720      188001.25   0.00        188001.25  
  38       2809313      1        2        2604728      0.23   46       0        320575      56624.52    0.00        56624.52   
  39       2021743      1        4        555732       0.05   2        0        290948      277866.00   0.00        277866.00  
  40       2017072      1        3        2587650      0.23   20       0        288946      129382.50   0.00        129382.50  
  41       2016393      1        3        456926       0.04   3        0        288655      152308.67   0.00        152308.67  
  42       2806641      1        3        287745       0.03   1        0        287745      287745.00   0.00        287745.00  
  43       2806974      1        2        1943630      0.17   14       0        287585      138830.71   0.00        138830.71  
  44       2809745      1        2        2315408      0.21   19       0        275469      121863.58   0.00        121863.58  
  45       2828863      1        2        4605881      0.41   56       0        270583      82247.88    0.00        82247.88   
  46       2809740      1        5        2871725      0.26   24       0        269974      119655.21   0.00        119655.21  
  47       2017373      1        6        839280       0.08   4        0        268007      209820.00   0.00        209820.00  
  48       2018342      1        2        11520643     1.04   82       0        264696      140495.65   0.00        140495.65  
  49       2020397      1        2        261917       0.02   1        0        261917      261917.00   0.00        261917.00  
  50       2021735      1        4        499056       0.04   2        0        261447      249528.00   0.00        249528.00  
  51       2814961      1        5        478692       0.04   2        0        259796      239346.00   0.00        239346.00  
  52       2808764      1        3        532649       0.05   3        0        257851      177549.67   0.00        177549.67  
  53       2802987      1        5        5025985      0.45   140      0        253114      35899.89    0.00        35899.89   
  54       2807655      1        2        449742       0.04   3        0        250788      149914.00   0.00        149914.00  
  55       2021736      1        3        489866       0.04   2        0        247213      244933.00   0.00        244933.00  
  56       2025185      1        3        17568516     1.58   177      0        245122      99257.15    0.00        99257.15   
  57       2806975      1        2        1721929      0.15   14       0        238948      122994.93   0.00        122994.93  
  58       2806009      1        2        238921       0.02   1        0        238921      238921.00   0.00        238921.00  
  59       2017073      1        3        231782       0.02   1        0        231782      231782.00   0.00        231782.00  
  60       2829230      1        2        12251851     1.10   122      0        231335      100425.01   0.00        100425.01  
  61       2822102      1        3        1021936      0.09   7        0        230674      145990.86   0.00        145990.86  
  62       2019181      1        7        228704       0.02   1        0        228704      228704.00   0.00        228704.00  
  63       2806643      1        3        425597       0.04   2        0        222753      212798.50   0.00        212798.50  
  64       2810021      1        2        931135       0.08   9        0        220974      103459.44   0.00        103459.44  
  65       2814832      1        2        4846436      0.44   49       0        218875      98906.86    0.00        98906.86   
  66       2816449      1        2        804081       0.07   20       0        217260      40204.05    0.00        40204.05   
  67       2016855      1        2        215272       0.02   1        0        215272      215272.00   0.00        215272.00  
  68       2803027      1        6        3372264      0.30   68       0        212446      49592.12    0.00        49592.12   
  69       2809744      1        2        2123001      0.19   19       0        212014      111736.89   0.00        111736.89  
  70       2822213      1        2        6401663      0.58   73       0        211539      87694.01    0.00        87694.01   
  71       2021993      1        2        211364       0.02   1        0        211364      211364.00   0.00        211364.00  
  72       2814836      1        2        1150156      0.10   16       0        210668      71884.75    0.00        71884.75   
  73       2819933      1        2        1935621      0.17   13       0        209142      148893.92   0.00        148893.92  
  74       2819659      1        4        1797861      0.16   13       0        208187      138297.00   0.00        138297.00  
  75       2023476      1        5        2088040      0.19   20       0        207873      104402.00   0.00        104402.00  
  76       2022868      1        4        205823       0.02   1        0        205823      205823.00   0.00        205823.00  
  77       2803657      1        5        1854804      0.17   41       0        205229      45239.12    0.00        45239.12   
  78       2819683      1        2        5662540      0.51   70       0        203993      80893.43    0.00        80893.43   
  79       2809299      1        2        203873       0.02   1        0        203873      203873.00   0.00        203873.00  
  80       2020842      1        2        947138       0.09   6        0        200332      157856.33   0.00        157856.33  
  81       2826726      1        2        198804       0.02   1        0        198804      198804.00   0.00        198804.00  
  82       2826332      1        2        778146       0.07   7        0        198430      111163.71   0.00        111163.71  
  83       2808755      1        5        2448027      0.22   24       0        197879      102001.12   0.00        102001.12  
  84       2801930      1        7        4245978      0.38   92       0        197159      46151.93    0.00        46151.93   
  85       2822531      1        2        2112389      0.19   21       0        196371      100589.95   0.00        100589.95  
  86       2809666      1        3        3362859      0.30   30       0        194085      112095.30   0.00        112095.30  
  87       2815271      1        4        827060       0.07   8        0        191221      103382.50   0.00        103382.50  
  88       2828865      1        2        10316586     0.93   122      0        189663      84562.18    0.00        84562.18   
  89       2806816      1        2        343129       0.03   3        0        188591      114376.33   0.00        114376.33  
  90       2801929      1        7        4413274      0.40   92       0        188076      47970.37    0.00        47970.37   
  91       2808154      1        2        1278372      0.11   12       0        184117      106531.00   0.00        106531.00  
  92       2021948      1        2        183019       0.02   1        0        183019      183019.00   0.00        183019.00  
  93       2822096      1        2        376307       0.03   3        0        182386      125435.67   0.00        125435.67  
  94       2804911      1        3        3514597      0.32   79       0        181288      44488.57    0.00        44488.57   
  95       2815270      1        2        396955       0.04   4        0        180669      99238.75    0.00        99238.75   
  96       2814979      1        2        6646616      0.60   72       0        179711      92314.11    0.00        92314.11   
  97       2804906      1        3        2005928      0.18   48       0        178330      41790.17    0.00        41790.17   
  98       2809300      1        2        177971       0.02   1        0        177971      177971.00   0.00        177971.00  
  99       2807099      1        3        177081       0.02   1        0        177081      177081.00   0.00        177081.00  
  100      2016854      1        3        176007       0.02   1        0        176007      176007.00   0.00        176007.00  
  101      2814978      1        2        6883347      0.62   72       0        174677      95602.04    0.00        95602.04   
  102      2822095      1        2        4948414      0.45   58       0        174565      85317.48    0.00        85317.48   
  103      2811956      1        2        265851       0.02   2        0        174282      132925.50   0.00        132925.50  
  104      2022502      1        4        3515682      0.32   127      0        174114      27682.54    0.00        27682.54   
  105      2808153      1        2        1406334      0.13   12       0        173705      117194.50   0.00        117194.50  
  106      2001330      1        8        9390037      0.84   2951     0        172883      3181.98     0.00        3181.98    
  107      2823835      1        2        171188       0.02   1        0        171188      171188.00   0.00        171188.00  
  108      2822527      1        2        2696723      0.24   24       0        170889      112363.46   0.00        112363.46  
  109      2807098      1        3        169236       0.02   1        0        169236      169236.00   0.00        169236.00  
  110      2827094      1        2        4440437      0.40   44       0        164749      100919.02   0.00        100919.02  
  111      2806642      1        3        162118       0.01   1        0        162118      162118.00   0.00        162118.00  
  112      2806640      1        3        160021       0.01   1        0        160021      160021.00   0.00        160021.00  
  113      2808990      1        5        273396       0.02   2        0        157331      136698.00   0.00        136698.00  
  114      2820119      1        3        156765       0.01   1        0        156765      156765.00   0.00        156765.00  
  115      2825608      1        2        1464956      0.13   16       0        156676      91559.75    0.00        91559.75   
  116      2809312      1        2        238934       0.02   2        0        155085      119467.00   0.00        119467.00  
  117      2823838      1        2        270320       0.02   2        0        154500      135160.00   0.00        135160.00  
  118      2826727      1        2        154448       0.01   1        0        154448      154448.00   0.00        154448.00  
  119      2016734      1        2        302376       0.03   3        0        153710      100792.00   0.00        100792.00  
  120      2807800      1        2        152986       0.01   1        0        152986      152986.00   0.00        152986.00  
  121      2816909      1        2        8760584      0.79   128      0        152253      68442.06    0.00        68442.06   
  122      2022524      1        4        932756       0.08   8        0        151946      116594.50   0.00        116594.50  
  123      2823161      1        2        377731       0.03   3        0        151619      125910.33   0.00        125910.33  
  124      2816328      1        5        4320794      0.39   128      0        149895      33756.20    0.00        33756.20   
  125      2816922      1        5        

This file has been truncated. Go here to download in full.


unified2.alert.1542482799 - (74286 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
4[ãMÖà.ªf!
w
ô15¸[ãMÖ[ãMÖà.œ‹÷ j/ÑnREŽø€z
w
ô15z5Þ/y(geeographiccom
Danger-Win-PCgeeographiccomþÀ!ÿÀ!ÿÀ!°
w4[ãOP
ßÑΏ!. „
wPÀ8[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8Pèìýÿ„Ò0‹ÿÿÿ8udë¥ÿPÿÿ‹E€ jPM¼ÛÿŒ^‹u€-jcjž è‹%è¥Mǵ‹éP¼Ç3Eut00I€ËE0ÿ»:ÿ àh®Ù‹lWÿ‹W—­4§h£‚±]ÀxW3w
‡¯Ð
ÀB5Dh̋áË1
c_ =•äK~)
³Ì̧T¥#$‹à8(CYpÊôÌèÐBÄj¦4'ÌWÌhWÿÊ8€+,`ë&ùô§‹ÿ̧ÿh\áQ¸uh‹	ßõbRى‹Z¢‚ ¿ÉM¨pÌN3W§è¶Z‰²²Ìƒh•Hhh&%hÄ|OÅvz3	q+!)X{ÿ‹§W"IÁœ5¬‹žB(Y3WÌèjXúÝ‹£ÿ‹WWhÌÿĖg­‡H	Úè苋.`ßtLÌ觼ˆ
}êq
—L‚A§‹@ârÁ^À*hh€=ô‡•R.	ñʧ6º€RÒhhA˜‹èhh†<}jÓÊÙcèhhÌÿW§à®àWÿȩ̧̘̀£?¤e(‹K‹(é8£ñöÿL§hèh/uÁÎ$»—šwŠ„Õ8& WÿgÅU>ʒWWxTÕJH hW\t(
èh÷ž;+à@Ê&x-ȓ§‹èÿ©µŠ]Ý;ˆ      ÄÂ×rŸ"ø§SRȦ|â‚ã    ƒö]Mðؐÿëð‹àèÓüÿgô•ýçùlj‹ÀÀ‰ŸY0sð¿0PEW yXÍ °4ÇËè ÿú
  7Û". áщ2$™о;p2¬¯Lÿ{ˆƒD†ÿ7* ‘¡º[2κ 8G†ûM RÂv‹ÿF苅P‰pg%f^9ÇE‰ÿ׎0EìÏfþ b0ÿþWMQÿQi‰‰ä
ÿ‹ü\ÿÒtȋUƒ¼ü‰ÌhMF
‹ûî\VèäüèÈÿ‹Q÷ÿç0é à胉…ñþ×{ž,öu.‹ ÿé1Bÿ¸ÒEèÇÿ0EÃÛÀ>xkHÿü]ސ„\‹7íZõV…ÿVüìÉ(ÿVÿÜÍtY‹Àséèè@DÿE‰¿0èun‹òøëüÿ3eðë‹NèÿúlØÿP‹ÙN‹Ö0ÿ9WøERP¸ÿý͙ÿh…ÿHhPö…ÿEX݋ËBQÿÿ{©udðÿo‰óù‹ÿ‹rKsàÀEjÝûMuèÿéLÍr÷uíVèÿü‰ÿéAÈt$÷àü¶V¶èoSPÿPÿþ……ÿJ@]3ëÛ‹ð]„è0DœË„ÒÐè ä¾ŠS‹ÿÀ}ÿÿÿC….shÝÿÈèü1–ƒÀ[j÷üÿ·üi ‹ž„ÿu)ltäpÀìÿÆ_ÀtEÿPèó@è]ÿ䋄
ÿÿ]0"•‹ðïý*ÿh‹xRUøÿïPÀ`ë
0ÿ0F)ü¬ÿÁ
Ge$è… SÀë|uƒV€ec‹3€…sü0ÿP‹…ÿ0aÐ ^óâÿF„ƒY¡ýèøNèSÿ…Ëp‹)÷%ÉC¼Fonuÿ
ÿÖ$½ƒÿ*üP3EÜÿi]é0u0¸èAn‹VuRÌsp
0ü[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8P–¥+gÿªÿsWÄþIEÃ6Mÿt_‹JÿAqÿ.‘…Ùÿ ÿY_¸7ÿÇ&\V÷‹‹ðèë¬ÚÑlÿéÿhL‹ÿðÿB¨ …Fi€X%…‡,ÿé4P
ýi.ÿÿÿÎ!+f0èÿ¬d‹èp8ÿ܄hÿï‹ÿ‰3ÿTPeøÂéƒ%SUÃCYÿÿ3P‹MÿÂuüÿÿBÿ…PÿÉÿuÿþ4ewÿð…0tMQ³t%Æ΋H;0ìÿhÿŽsV~èþohE¥‹žþ¡…&þð$ä‹êèYÿu%5…*åÿƒ…‹cÿäÿèy9… ö8üè•fÆxñ… oÿÃo]huQ0Pƒÿ‰7þ½¯]ì»u胡:ŽA€ÿÓÃè,ÿ0PVÿÖ3_ÿƒ·0LǍÿ59lõýMÐ0ÿƒÿèè‹ÿ¸‹u‹uut…‹¿…‰Gɍc‹‰V^Éÿè0µÿrÿQ¨J è¸Rpÿƒÿÿ1Ãð2ECˆ‹…Ø‹eVÿ…TDrÿÿØpuÿ‹J‹0ÌÃèÿ{ÿMø‹ÈJ«}öu›En‹‹Äze…ªÿüü÷Sè„þÔMìèÙ0GÿH ÿeéHÿ¥‹0‹Ypuü0‹tó8‰‹×‹_iPÿüË0P E‰t0›…ƒðþ“荍ø=²ü´…þS/èéëw€eÌð0N ‹P‹òiöuÏ
tÿDÿ¤Äì¸èéy‹ÿ5;i.ȅéShé3ÔÿÉ@j ÿÿeè‰h pÿMÿÿŒó‹è‹‹‹Hÿr‹èn¤à0v,‰]èÿý•%X胚00…GMìUÿu…ÿóíE_#…õÌEÿƒ‹ÿuiièèè\‹;N0‹îuuÿƒu…ÆÈðè=ÿ…N܉JÿUa·BEFÿÿÿ…ü‹g4ÿâ¶ÿÀ¼¸ÌÿEsÿöWüyƒuìhW®1ÿée„”pojPÿWN*ÿ…sèy~sÿ‰‹‹éÿ3t0iԋ‹ÀÿŒPèÿ‹Yéÿ)nP(ÿþ‹ÿPH3‹(‹®‹ðÿÿSO‰L¡‰iøð‰rHéÒC^4ÿ3ðð‹$Vÿþè®3PH‹ð¥P$Øÿ0u;B7Srsÿ0 ö¹Dguµüeé0½P…ì…Éw]ÿSÿ‹WüTjÿKÆðHÿÿü¡ÿ!ÿSÆoLuEŒ0e]Ãfª0èøÀoéað‹ÿÌ蜏nÊEˆ‹hCVÿÇÌuÿcÈ!¬%þP^déÉ7Ûe˜,éëèE0li‹ûÿ@In‹ÿ³T£\A]›àðhÏÿFÿÖ0ü‰‹þçÿi]U0Uv`ÿuà]PÿM$•­Üððar…~0l“å0‰ÿë+fÿV‹3ìV‹.µì‚0MÃè‰èQÿ*@ì$0ÿa|h@Uÿ„ÿFþYÿÿaÿÆè^BÀ!I3Äÿ¸èýru†GÿƒP~ÿ¤t‹YWj;DvûUÿ8ÿð…ÀVDÏh…è[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PèèPB£PEÿÀ(0ы‹Œƒÿÿé	ÿ_èM‹Eó‹ÿÿUìÎÛöÿ^tjƒÃûýÿoð‰ÚteV„^Mst¹&
¸iÐdà‰ÿ‰¸~¾Âôÿ‹èi¸0;ËP~xÿöØEÀ‹AV ÿþPÿuUEÄыäüÿ½(‰¥$©lÿ‰PY¥ýÅå…è`‹‹ÿ
ÃÿÛÈ„µè$ÿlsuÿG‹r­Tÿéÿètþ þÿeÿü0ûɉÿE?j…„gü€‡èWÿöˆJÿÆý»ÿhÿè…;öutƒÿB[:1ÿKXÃ
d¾Jt‰fè]oêƒbì†é%‹o‹ÿÿˆ)9d0ÿ èu…Â%*tj%ÿ‰‹ò¶ 0Úü =ÈÿnÀ0Q¢Pt€‹ûþë}Ïÿ0‰0‹V‹à@½è‹]ƒ3ƌÀ‹sÿ¡P~ÿt©veÿ0g€äƒÿ3hÿýHü¡u/ÿEoür]ˆ÷‹fÂÿé0E‹“n‰P‰èA|ÿð‰W…"ÂEÿ>$MVεÄÿÀlÐt[ÆüƒëÍ4ÿ‹0Ès¸ÿë‹
þäoüÀÿ‹ÿ0É| ‹ƒÏƋu¡%tþ‹éò0‹ÿëaÂÇ0‰Èô‰ÿÚülÉü‹…ÿ;Àœ‹ÿN¾Ãÿ%•âeéH‰ÿ[^MV*éLnÿŠè3lÿ0‹f¸èÿÿë9ÿÌì]éð‹$„n[èEtè0üEÁŸÿÿ(|ô‰„‹ÿlEQ‹u½xr©|àÿ0 ‹ÝW]SYìtè ÿÿÿœ£0A0‹ÜV>ìÿ‰VPÿDuéþÿc‰P‰d‹áÀs&Aü€­ÇNVÿ¬PÆd¬üMMÛþY$2bto6Mslÿ¹P…Ut;‰P‰%Døp‹€ÇxÀûÿFÿ"¬Ü‹ˆoMh‹ƒ.uÅ]L1‹ýÿé*¹Q„‹‰ÿnWúèÌÿ‹ìÒ̬ÂýÿÄVÈb¹(‹‹"Îω…ÅèY½<ÿ‹ÿ}ée…ÿVÈMÄh‹ƒY·cùcü"å"ÿÿ0©&Eÿÿ¾èèEƒy·iŒ}¬}Dÿguÿ‹¸ƒ‹Øh ÿÎÄÿÿô‚l0ûä0è^…÷3ðsk…L˜ÿÿ}ɾêua¥Âÿ.Óx_ni9éèð0E‹øWp0‹ñðh¨…ô…•M‰Kñ
üEj艙Ш\À‹ÿSÅüÀÒVQ
…û=Aÿ0ǐ‹tÈj/µr냭…éýVü‡‹ü‹æ…üÿ0"ëW-ÿ‰ÿ0}Ý>è‰ÿÆýj”èSE=˜Tà¹iwÿhèP30T<…jt2ÿ؄h¾Y10§0Ê8j©Ìÿaì¨ÿƒðƒÿuhcÿ‹…èÿ0ÿ„Àƒ‰‰‹ÀŽ3£ah@ÿ‹4i¸þèÿɘ‹PUüÀ‹ÿ… …èÿëÿï‹EMèŸÌÿ[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PÑ9‰ ‰QüjöItiEêÄíèè¸ÆÌÿn…_ŒTxpþÿñuHÆUìÿ}„S‰<3u>@Pþ㍓¸0]ènÏÿÿ]P0jˆèÀõ…øWÿ0+‹2«ÿ‰%ÿÖPE3…füÙn…ÿÿjPÿãtà…è 3o0AU¶o0‰PxìÿýSþ‹o‹e…ßÿWÿ%ÿ0j0e¸nÿ1E„‹ø‹jtuÿàƒ@3ÿ°0…<‰â‹ièü0t‹Øª8Rå0±jù)cË0PDÿ¦ÿ‹ÿ;à0tƒe!uÿ>0$VÿSÈR4¸ÿhv€$Y,‹½PÿfWMue\0N0Hs0€pøþJ÷SÈ
_	QØòƒe‹ÿüÿ‹ÿ`ŽÀ?hÿøèQû‹f‹lØÿVýÿPØxô¡ ąjE‹‹tfVdPVÿù0é0‹oÿ,ÿ“OPm‹jÿiYÀÿÿÿEÈèÁ#…ÿÌ~jÀÿDPtÿÿƒP"èøÿó(ÿëh‹ÿ¬VP…PSPBëNƳþHfÿ‰ƒeÈÿvƒÏÿÿéÿÀ¾…ÿÿÜ]€Êýàÿ;^Pùʀcx‰$¿hu9u‹û°^‰0ôUoWÿEÀrg¨„õìÿóÿ‹ÿÐ ucÏâÊüÿuE"tœ0þÀCðèeìš]Àÿxý…štõWøÇh]‹F%SüElü¸ÿǍfAÿÿ÷‹viPt0ÿèÿ‹ü‹‹‹ÿÿt‹uÿìÄÿ s0þ0	ÿýÿ)•ƒþþ0é‹ÿ‰ì ü…cPtÿèPtuNCuÿÂaüÿÛ!‹Dÿ0ßPèðÿ…üAlS$…Æ0ÿÿoýÿV…uƒü_‹0ìtƃèéDÿœ¡$Mô‹$¡ŽþY‹wý ‹Èÿ€ÿÖû‹8‹ˆýÇøuWüþèå.‡Qûÿ…ÿÎú0
0ƒÆï6þÉøÄtÿ0ˆÿ]t9QEs¸WÂ0RþøSÿE$°vEGu`‰þöÿ@ðØQ5ëW‰rеr0M+þ0HQÿý;ÿè
ÿÿ02ÿüüþ^0Yô-dƒÿÿEë00nu…èø„ÿèþÿEƒÿè‹è’ÿFðû‹J…NPuËÿÿ‰¿
‹þ
…P‹EDzhé+FÿÿhèÿþÿÆì0cƒ3$ðìÒe*fG‹ùƒéŠ‡PüP…uFA…b‹h‹¼ˆÿÁ
ÿ‹ÿs‹*•…ÿÅþÔü0þèÿQÉ‹ÿEþÙÂÂ^jQÿǹ‹‹BŠ‹ñÄ|0sñV荰ÆNÿÿê3o‰@ÿè}Ç  ¿0èþdð0Eÿô[ÿE…	‹”ÿx‹…‹*…èÂBW0Æÿÿ	3
m‹jÿ…Q
Çq‹”ÿ‰ttÀtˆQˆÿ0öM0¦^…ÿuiþü‹…ÿýyPóuùe]ÀQéMÏ$$ÿf‰
”cƒ‹è9d3„(0ÿè[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8Pˆxèÿÿ0–½t*ðMs%=„öÁÿjMVWPèÿƒn›t30u*Doxf¸üEDÿŠ
%i¼ÿÿƒÿM	pè9‰shèMàì•ÿuj1… ²ðuû‹iÿëà{èèÿ0ƒud…üWûýÿEÿÜÿÀÿÿ Tÿd¹N¸‹éTuðÒN3ÿèVöý°ÌsiG}FÀ0èD_€YVLë3M‰_Tq\š9•Y3Eÿàël8EQ@CUTéÿ$¶‰P"C³Å\$”‹jþfudÿ‹%0fV4õÿhiÿ‹%ÈE‰{Crg‹èÿÕèÿ,nÿ u7‹tÿnÿEmèuNWlÿEøM‹hréuÿ;+@ìÄiBøèÕP‹ÿWýGxÍé¬öt‰èƒèÖàÿÿÀÿBÿè.‰”ïÿ#x…Ý1EðyEV±[éÿ͍è*tˆüýEB‹tÿS‹;Fÿ3ÿÿÀP3&08Ô9ÿÿ荐W~Pÿÿÿ‹]}Âï¸ÊEµ–.ô=ƒEðj‰0uýÂÚЋé3Nppˆ3þi1ö¹Yÿèe}AÅd‹ÑÿTÿÿi¸ƒ À
 pÿà)Aÿsþ'„uè0%ÿòtTàè‰]͐ÿ•DmÿWÿBüÿð]×Vuÿ†lÄnt²fþqµ¡gèfV7Ç1ÿ‰å+ÿÿEü m¬¹6ÿv‹oSsét}F QƒÄÁ ÿlƒ„ÿM0jèZƒ…‹Ä0‹è½‹Q­otPÿe^¸ÀÐC‹NÿjÀÿ0eèC$ÿ¶P·ÛÿH}ÿ…6ÿ0ëŠèZ¾0T%è…eOÿô#fÛÿÏG[ÍÿDé„ÿ_QYÖM¬éƒuLÚþtj‹^AÿhÇP!ÿp#ýtÿ°‹ÀҍEE'^i½Æÿèì=V<;PpÿP½uøÿÿúM¾_ [eÊY…À‹Q‰þ»žxÿ½ðöt©B‰‹‹ÿtàÿäTM0ÿÖÔ=DètÿÿEuhYÿ@ë‹
ÿ¸@E‹¨Tÿ”ÿƒ…ÿµ"éYè¾[þì‹KMY$Eÿ‹MStwfÿxJƅÿEƒ‹eˆý
ˆ0fAðþиÀù!ÿ¸+f$ÿIÜtëeÿ‹t6éȃPÿvhօÿvEÿY‹èE…‹VÿEÎ0å…ÿë‹öüU}ÿ…Áÿÿ ˆ@ÎàtMè´uÂÿ“àMäEÿoÿñÿ»…EtÉIƒEÿuÿYPJ¸ÿVû0uÃuùyj‹Ç3tÂËÇìOOÿ"EøðT5ü±ÏèV„.M…éöÿC3ÿÀÿ0ÀQÉÊÿ·raÿÿì…èTÿ/"dÀȋþÔÇBÿþÿMèü‹$Áübfg¸‹ÿÿìÿ3é tU=aÿÿEŽÿ½t0ÒÖ¸„Wÿu ×ø&M€¸µÿ=;P0Wÿü{jÿ<¼ûÊ£{ÿW‹8ÆÿSsÿÌÿø·çQBÿ·ÀþMÿ[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8P¹t0j3AÛ¿ÿþëÿtŸÀs¼ÿ‹À‹x‹$˃»ÿÿu_tÿÿ{ iˆFVu7çél*Ÿ5MVòþÿÐMÍÿt°PörÿaÿSKb†u'BDù¨P"Fÿä÷ðÙÂP0ŽT‹"n‹Eéx·ÿxwÿÿÄiÙEèÛ7ÛWð0Üÿ6ýPRè3u¢òì[ÃÌÌÌÌáD°{Ú壳`»
íÄìq	=‘ØIJ`
¶ä;ŠCãg¿'j
·a[}}c
“ãpÁ|}hc¢œ†»²¶Å‹G`‡_í}½ú‡e ‰nå×ãmA‡a;º³naA¶ìÆoÚdh=ÁCdÔ¯k3`WæÔE/JÛ¬Þ<ÏDÕ­^[óóØÜk4@ÝÕBVÝS‹WÝOzfÝæ‹h½5þ$Ö}š
¿F]"­šºë#qò§ßî¸Ý^Û©ë[s
(·\Ýx|ÓuݽwV·ù'V»i.\a½¤šî3h#žÓ"qf2y{ÝI‚ê=+ûâe#kYÀ!r4rúòrIS!CyÊ钣¶#ËHP‰áÌmÖ™rƒL@Hï×&_j˜*A/ê|)ÈEi £Nò9Ûô¡1€pˆ)™‘#SÌÓ«¥Ï` IJquÙ»êÀüÿè‚ý£¤Áùx9ۛÑpP!g@ºˆÃò+ñq‰mX*Ž€rf‰ï$pÙ\+	ØÑsÀüÿè‚È¡5´Ž¡t6‚öó›ùì#¨àd’*"2d»á ö"
Iᔉzù(I[	ú€ËšYøí*	‚¸ê2gߢù~â‚ª"aIßáÐ*"Ay¢„™zVGX[c>ØÚcÈA¾ÀI‚ŠIm¢*zˆ(ÖD㬩ðmÝÃ?« #«^€lä²6ÔÃðLždY@a€SÀĶ}u;€øEÕö}Ú؂»Ö ›Ö.]ãi¡¤˜ùƒU¶6w£JydD‰r’ý%/Ù*Ify%þ‰…"­ØƒZLÂiU£d6‚I	ù&ËS®	ûf]“[¡¶6¶¬#ˆa,À^:Ý{Âd†
‚þŒ6Ê܎û¶óUƒB¯|ºAªVÌwyÂV‚ëǁšoE÷8xɸ£‡l)<)wä©ð€Z©£]šC`*ªtcÊ’©ÎQÁß~Ãæ.y[¹ÏxI’èÌ䢦™%ό¢*	i¬¡5´‚®Áf…÷Ύ1ÃĎ8Cª[@’9=œ-¼ƒ“Cä
¶±(yÛÃMÉÆ®9HàI˜ãªÉ!f,>¥¼‘ƒ{¢1‘ª‚ç.yˆ,I”ØĞ’¸ö]d £»«P£4¶¡E¦Œ§u›«ÃfŽÈΎ:Çû˜‚æ
Êî®ÃÞ*º6Ñ}“w)š£)¦¢%Ëv]ÕöÝö£©Íñ©Ìi_ÈgùuÿŒ@^xBdžzÃè2{wVT]K›Ö¡Ž‹äHß)hƒ`ªyß)HùR`Aèªr·ÅºË?¯â5…’¨Q
lmw"Iy¤+«êKÐÚx¶E¶p¢ivpÂR¾Á¢HôUKh2HÅ#íi.Ê؞£5‚©]a,©š)}EC£PE÷:ÂZ²¡|–«XUcs‹Ð‚C4eË늀ª]€wyuÿ8cç6š‹wY˜«‹£ Êk‚©‹'ã}ÿLªª^l‚š"H‘mt‚+ÂPˆ«¡}á”Í*J×®+ú<AÔuÙ`:	‚¨*Aª*ª
A‚ª"Hª	’*"A’Š(H’"
I’ˆ"I’¢(I(*I‚Š*I¢*	‚¨*Aª*ª
A‚ª"Hª	’*"²[ãOP[ãOP
ßÑ–EˆÍB. „
wPÀ8P<iA’Š(H’"
Izˆ"I’ù©¢æ<hI	*YR¢£ŠE¼hAPªƒò¾`Hì4€á6’››†`
;\YТ~#@¢Š§òŠ²h	}§ò{¾hD'¹×’è"ú«`%+"Ì)8
’ÝÝÊ)ò2’¢\A™«PYÀŠÁV›!íÀ¨A`UÕn“’Gö­H€ªâ`£¡;‚È(Ãé’	Ãɒ¢(ÌÛ\:-	Ÿ*I¢¡æ!'Aª*Ó©C}	ãrÁ
K’+ãÊ!M<
’Ì?®±ì:ª)£Òj*‹Ü{#PÊ*9‚¨{+U¹ßè
Ü#¡ó„è€UنÊ!M<
’¯±¦†Ê"`e£Ð¶ò£¹Ò–È*zâB	²¨*¾â¾@í9ÝUÀªxÁW#‹Ê†h"Ê؞£:‚!¹3‚Ê")aIÄP4§¨ØzïéÀ¨ÂÛlUՋֺò¾`HðU~ÂՑ‚†È( ÁÞõ¶ólA‘ì$J\,@	êŠIó@	};ýUÒª£‹­¾HAâU‘‹„èYm™…UЊ×ûè2HIz-Ù¶m!ìYs@*ɂŠ@IïéÀ¨ÕÒw¾h™)µUÀª«ËS¾J	©éUЊ«¨–§Ê=‰è¯Ž/fcCzÕ?†u™öà*áƒTÕ¾n:ir!‰Š–è"Ëp¨Éæ/©ža+ÃÔ*õ?ŠØÝú-¶jIú‚Ѷ}ë¡ÊÛ¶h	H(ÄPÞ2ƒ©‚#ØKƦš->`AÀÝÀ.hÝõÂ)76’¡Wu™oÀ!>)mY+…UÒª¡O:#‰ò–è"Ã#1K’¡\uu\\‘™pYЈ©Êq¶jI—è^M}½Õ™›±À¨¡?¨/Õ|©±;’è"ÃIK’¯â5–u·B©‰‚†Ê"l’£(I—×^I	å]R¢zc†W™î„è*÷¡Ð‚U±“„èŒR_Ê)ð8
’©¹æ†Ê"Hl/«†j*èŽBI¢*^};ñUÒª¯Èg¨ÇBm"Xª1þàñ©ÂèšjH¡½]Ј©ò%¶jI™£…]ÀŠ‰ìQ€‚1>#ØD–‡Ãzª"HŸBÄՑö†È(ÃÊÔ²mwB¶!}<יš–È*¶£>K‚W˜Áª*à@Qõ¾ã!¡ƒ„èŠr+§æ—×û96HIm;•]Т×û¶(*I}8ŠI¢ÂÂyWÕÊ#>J#øBԖ¯úhª	XG	ç\Ð"Z#wTEmŸ]P(ÕÚYžhIG)l+UÒª¡F+ËA’ª"Éqªøömy©?¶ÏH’"ŠÌmü%ò–¢(Iù-‘K‚Š*Ân†«î‚¨*aU^ÓIÈ]ñ¯Û_¾J	À}smó\Ð"UÊT m<1/“Ój*r!"*	è¨ÕòS¾hí9íUÀª©ûêºJ	ö‹A’Š£ž¡ÊE+@"I’)(rb0^M`}ÁT›)™À¨+°â6ƒ™Ð‚#jP!§Ð*«	²«2‚`
HU‹¡ú†à(-™=*I‚Š¡Ct+'	‚¨*ÊA>JøZhBƒð‹Sûœž+ƒè»ÙQ,7Ÿ'µïESPÜ8ï#‚!‹•ÔÙwI.Úª®ãuLÀPÓ/[Îô^õ몛„5}<ÁÕê”ânَ¢BŸú)œ€Ûþ¯«ðÄîVWgBL®ª7UÕ`a½.á|ÈhëÜÏ?'¨
eCT¥vÂæ؇\ô¼·AUwß#÷Ý$xB[ßÒ9Ž0ü8¶Ëikëä+á6åUkDõþ§«LÖéñ4å5,ð4[ãOP
ßÑÅ. „
wPÀ8[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8Pèìýÿ„Ò0‹ÿÿÿ8udë¥ÿPÿÿ‹E€ jPM¼ÛÿŒ^‹u€-jcjž è‹%è¥Mǵ‹éP¼Ç3Eut00I€ËE0ÿ»:ÿ àh®Ù‹lWÿ‹W—­4§h£‚±]ÀxW3w
‡¯Ð
ÀB5Dh̋áË1
c_ =•äK~)
³Ì̧T¥#$‹à8(CYpÊôÌèÐBÄj¦4'ÌWÌhWÿÊ8€+,`ë&ùô§‹ÿ̧ÿh\áQ¸uh‹	ßõbRى‹Z¢‚ ¿ÉM¨pÌN3W§è¶Z‰²²Ìƒh•Hhh&%hÄ|OÅvz3	q+!)X{ÿ‹§W"IÁœ5¬‹žB(Y3WÌèjXúÝ‹£ÿ‹WWhÌÿĖg­‡H	Úè苋.`ßtLÌ觼ˆ
}êq
—L‚A§‹@ârÁ^À*hh€=ô‡•R.	ñʧ6º€RÒhhA˜‹èhh†<}jÓÊÙcèhhÌÿW§à®àWÿȩ̧̘̀£?¤e(‹K‹(é8£ñöÿL§hèh/uÁÎ$»—šwŠ„Õ8& WÿgÅU>ʒWWxTÕJH hW\t(
èh÷ž;+à@Ê&x-ȓ§‹èÿ©µŠ]Ý;ˆ      ÄÂ×rŸ"ø§SRȦ|â‚ã    ƒö]Mðؐÿëð‹àèÓüÿgô•ýçùlj‹ÀÀ‰ŸY0sð¿0PEW yXÍ °4ÇËè ÿú
  7Û". áщ2$™о;p2¬¯Lÿ{ˆƒD†ÿ7* ‘¡º[2κ 8G†ûM RÂv‹ÿF苅P‰pg%f^9ÇE‰ÿ׎0EìÏfþ b0ÿþWMQÿQi‰‰ä
ÿ‹ü\ÿÒtȋUƒ¼ü‰ÌhMF
‹ûî\VèäüèÈÿ‹Q÷ÿç0é à胉…ñþ×{ž,öu.‹ ÿé1Bÿ¸ÒEèÇÿ0EÃÛÀ>xkHÿü]ސ„\‹7íZõV…ÿVüìÉ(ÿVÿÜÍtY‹Àséèè@DÿE‰¿0èun‹òøëüÿ3eðë‹NèÿúlØÿP‹ÙN‹Ö0ÿ9WøERP¸ÿý͙ÿh…ÿHhPö…ÿEX݋ËBQÿÿ{©udðÿo‰óù‹ÿ‹rKsàÀEjÝûMuèÿéLÍr÷uíVèÿü‰ÿéAÈt$÷àü¶V¶èoSPÿPÿþ……ÿJ@]3ëÛ‹ð]„è0DœË„ÒÐè ä¾ŠS‹ÿÀ}ÿÿÿC….shÝÿÈèü1–ƒÀ[j÷üÿ·üi ‹ž„ÿu)ltäpÀìÿÆ_ÀtEÿPèó@è]ÿ䋄
ÿÿ]0"•‹ðïý*ÿh‹xRUøÿïPÀ`ë
0ÿ0F)ü¬ÿÁ
Ge$è… SÀë|uƒV€ec‹3€…sü0ÿP‹…ÿ0aÐ ^óâÿF„ƒY¡ýèøNèSÿ…Ëp‹)÷%ÉC¼Fonuÿ
ÿÖ$½ƒÿ*üP3EÜÿi]é0u0¸èAn‹VuRÌsp
0ü[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8P–¥+gÿªÿsWÄþIEÃ6Mÿt_‹JÿAqÿ.‘…Ùÿ ÿY_¸7ÿÇ&\V÷‹‹ðèë¬ÚÑlÿéÿhL‹ÿðÿB¨ …Fi€X%…‡,ÿé4P
ýi.ÿÿÿÎ!+f0èÿ¬d‹èp8ÿ܄hÿï‹ÿ‰3ÿTPeøÂéƒ%SUÃCYÿÿ3P‹MÿÂuüÿÿBÿ…PÿÉÿuÿþ4ewÿð…0tMQ³t%Æ΋H;0ìÿhÿŽsV~èþohE¥‹žþ¡…&þð$ä‹êèYÿu%5…*åÿƒ…‹cÿäÿèy9… ö8üè•fÆxñ… oÿÃo]huQ0Pƒÿ‰7þ½¯]ì»u胡:ŽA€ÿÓÃè,ÿ0PVÿÖ3_ÿƒ·0LǍÿ59lõýMÐ0ÿƒÿèè‹ÿ¸‹u‹uut…‹¿…‰Gɍc‹‰V^Éÿè0µÿrÿQ¨J è¸Rpÿƒÿÿ1Ãð2ECˆ‹…Ø‹eVÿ…TDrÿÿØpuÿ‹J‹0ÌÃèÿ{ÿMø‹ÈJ«}öu›En‹‹Äze…ªÿüü÷Sè„þÔMìèÙ0GÿH ÿeéHÿ¥‹0‹Ypuü0‹tó8‰‹×‹_iPÿüË0P E‰t0›…ƒðþ“荍ø=²ü´…þS/èéëw€eÌð0N ‹P‹òiöuÏ
tÿDÿ¤Äì¸èéy‹ÿ5;i.ȅéShé3ÔÿÉ@j ÿÿeè‰h pÿMÿÿŒó‹è‹‹‹Hÿr‹èn¤à0v,‰]èÿý•%X胚00…GMìUÿu…ÿóíE_#…õÌEÿƒ‹ÿuiièèè\‹;N0‹îuuÿƒu…ÆÈðè=ÿ…N܉JÿUa·BEFÿÿÿ…ü‹g4ÿâ¶ÿÀ¼¸ÌÿEsÿöWüyƒuìhW®1ÿée„”pojPÿWN*ÿ…sèy~sÿ‰‹‹éÿ3t0iԋ‹ÀÿŒPèÿ‹Yéÿ)nP(ÿþ‹ÿPH3‹(‹®‹ðÿÿSO‰L¡‰iøð‰rHéÒC^4ÿ3ðð‹$Vÿþè®3PH‹ð¥P$Øÿ0u;B7Srsÿ0 ö¹Dguµüeé0½P…ì…Éw]ÿSÿ‹WüTjÿKÆðHÿÿü¡ÿ!ÿSÆoLuEŒ0e]Ãfª0èøÀoéað‹ÿÌ蜏nÊEˆ‹hCVÿÇÌuÿcÈ!¬%þP^déÉ7Ûe˜,éëèE0li‹ûÿ@In‹ÿ³T£\A]›àðhÏÿFÿÖ0ü‰‹þçÿi]U0Uv`ÿuà]PÿM$•­Üððar…~0l“å0‰ÿë+fÿV‹3ìV‹.µì‚0MÃè‰èQÿ*@ì$0ÿa|h@Uÿ„ÿFþYÿÿaÿÆè^BÀ!I3Äÿ¸èýru†GÿƒP~ÿ¤t‹YWj;DvûUÿ8ÿð…ÀVDÏh…è[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PèèPB£PEÿÀ(0ы‹Œƒÿÿé	ÿ_èM‹Eó‹ÿÿUìÎÛöÿ^tjƒÃûýÿoð‰ÚteV„^Mst¹&
¸iÐdà‰ÿ‰¸~¾Âôÿ‹èi¸0;ËP~xÿöØEÀ‹AV ÿþPÿuUEÄыäüÿ½(‰¥$©lÿ‰PY¥ýÅå…è`‹‹ÿ
ÃÿÛÈ„µè$ÿlsuÿG‹r­Tÿéÿètþ þÿeÿü0ûɉÿE?j…„gü€‡èWÿöˆJÿÆý»ÿhÿè…;öutƒÿB[:1ÿKXÃ
d¾Jt‰fè]oêƒbì†é%‹o‹ÿÿˆ)9d0ÿ èu…Â%*tj%ÿ‰‹ò¶ 0Úü =ÈÿnÀ0Q¢Pt€‹ûþë}Ïÿ0‰0‹V‹à@½è‹]ƒ3ƌÀ‹sÿ¡P~ÿt©veÿ0g€äƒÿ3hÿýHü¡u/ÿEoür]ˆ÷‹fÂÿé0E‹“n‰P‰èA|ÿð‰W…"ÂEÿ>$MVεÄÿÀlÐt[ÆüƒëÍ4ÿ‹0Ès¸ÿë‹
þäoüÀÿ‹ÿ0É| ‹ƒÏƋu¡%tþ‹éò0‹ÿëaÂÇ0‰Èô‰ÿÚülÉü‹…ÿ;Àœ‹ÿN¾Ãÿ%•âeéH‰ÿ[^MV*éLnÿŠè3lÿ0‹f¸èÿÿë9ÿÌì]éð‹$„n[èEtè0üEÁŸÿÿ(|ô‰„‹ÿlEQ‹u½xr©|àÿ0 ‹ÝW]SYìtè ÿÿÿœ£0A0‹ÜV>ìÿ‰VPÿDuéþÿc‰P‰d‹áÀs&Aü€­ÇNVÿ¬PÆd¬üMMÛþY$2bto6Mslÿ¹P…Ut;‰P‰%Døp‹€ÇxÀûÿFÿ"¬Ü‹ˆoMh‹ƒ.uÅ]L1‹ýÿé*¹Q„‹‰ÿnWúèÌÿ‹ìÒ̬ÂýÿÄVÈb¹(‹‹"Îω…ÅèY½<ÿ‹ÿ}ée…ÿVÈMÄh‹ƒY·cùcü"å"ÿÿ0©&Eÿÿ¾èèEƒy·iŒ}¬}Dÿguÿ‹¸ƒ‹Øh ÿÎÄÿÿô‚l0ûä0è^…÷3ðsk…L˜ÿÿ}ɾêua¥Âÿ.Óx_ni9éèð0E‹øWp0‹ñðh¨…ô…•M‰Kñ
üEj艙Ш\À‹ÿSÅüÀÒVQ
…û=Aÿ0ǐ‹tÈj/µr냭…éýVü‡‹ü‹æ…üÿ0"ëW-ÿ‰ÿ0}Ý>è‰ÿÆýj”èSE=˜Tà¹iwÿhèP30T<…jt2ÿ؄h¾Y10§0Ê8j©Ìÿaì¨ÿƒðƒÿuhcÿ‹…èÿ0ÿ„Àƒ‰‰‹ÀŽ3£ah@ÿ‹4i¸þèÿɘ‹PUüÀ‹ÿ… …èÿëÿï‹EMèŸÌÿ[ãOP[ãOP
ßÑêEÜÌî. „
wPÀ8PÑ9‰ ‰QüjöItiEêÄíèè¸ÆÌÿn…_ŒTxpþÿñuHÆUìÿ}„S‰<3u>@Pþ㍓¸0]ènÏÿÿ]P0jˆèÀõ…øWÿ0+‹2«ÿ‰%ÿÖPE3…füÙn…ÿÿjPÿãtà…è 3o0AU¶o0‰PxìÿýSþ‹o‹e…ßÿWÿ%ÿ0j0e¸nÿ1E„‹ø‹jtuÿàƒ@3ÿ°0…<‰â‹ièü0t‹Øª8Rå0±jù)cË0PDÿ¦ÿ‹ÿ;à0tƒe!uÿ>0$VÿSÈR4¸ÿhv€$Y,‹½PÿfWMue\0N0Hs0€pøþJ÷SÈ
_	QØòƒe‹ÿüÿ‹ÿ`ŽÀ?hÿøèQû‹f‹lØÿVýÿPØxô¡ ąjE‹‹tfVdPVÿù0é0‹oÿ,ÿ“OPm‹jÿiYÀÿÿÿEÈèÁ#…ÿÌ~jÀÿDPtÿÿƒP"èøÿó(ÿëh‹ÿ¬

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2018-11-17-T-19-26-41-11172018.1923-2018-11-13-traffic-analysis-exercise.pcap.txt - (5766 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
11/07/2018-20:40:54.974894  [**] [1:2009702:5] ET POLICY DNS Update From External net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.22.15.119:62513 -> 10.22.15.2:53
11/07/2018-20:47:12.712657  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:47:12.712657  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:47:12.712657  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:47:14.996292  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 46.29.160.132:80 -> 10.22.15.119:49208
11/07/2018-20:49:57.408013  [**] [1:2023472:5] ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.22.15.119:64497 -> 208.67.222.222:53
11/07/2018-20:49:57.429411  [**] [1:2023472:5] ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.22.15.119:64498 -> 208.67.222.222:53
11/07/2018-20:49:58.301693  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49214
11/07/2018-20:49:59.610945  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49216
11/07/2018-20:50:10.636735  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49217
11/07/2018-20:53:19.592165  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49218
11/07/2018-20:53:20.626015  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49219
11/07/2018-20:56:40.630576  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49221
11/07/2018-20:56:41.636840  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49222
11/07/2018-20:56:52.616868  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49223
11/07/2018-20:57:03.945227  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49224
11/07/2018-21:00:01.661042  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49225
11/07/2018-21:00:02.756465  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49226
11/07/2018-21:00:14.889732  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49229
11/07/2018-21:00:25.873220  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 95.181.198.115:443 -> 10.22.15.119:49230
11/07/2018-21:03:22.833605  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 46.229.214.92:443 -> 10.22.15.119:49231
11/07/2018-21:03:23.988865  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 46.229.214.92:443 -> 10.22.15.119:49232
11/07/2018-21:03:35.168473  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 46.229.214.92:443 -> 10.22.15.119:49233
11/07/2018-21:20:03.968180  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 46.229.214.92:443 -> 10.22.15.119:49298
11/07/2018-21:20:15.132346  [**] [1:2824248:3] ETPRO TROJAN Zeus Panda Banker / Urnsif Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 46.229.214.92:443 -> 10.22.15.119:49299


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2018-11-17 19:26:15,858 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-17 19:26:16,665 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-17 19:26:16,666 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-11-17 19:26:16,666 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-17 19:26:16,666 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-17 19:26:16,667 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/221168dc0865c145fe977b2c373022f356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11172018.1923-2018-11-13-traffic-analysis-exercise.pcap -vvv -k none
2018-11-17 19:26:41,332 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-17 19:26:41,333 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.4835278988


suricata-report-2018-11-17-T-19-26-41-11172018.1923-2018-11-13-traffic-analysis-exercise.pcap.txt - (18036 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/221168dc0865c145fe977b2c373022f356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11172018.1923-2018-11-13-traffic-analysis-exercise.pcap -vvv -k none
elapsedtime:24.662528
stderr:
stdout:
17/11/2018 -- 19:26:16 - <Info> - Configuration node 'rule-files' redefined.
17/11/2018 -- 19:26:16 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/11/2018 -- 19:26:16 - <Info> - CPUs/cores online: 1
17/11/2018 -- 19:26:16 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33750 and 'request-body-inspect-window' set to 16930 after randomization.
17/11/2018 -- 19:26:16 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32670 and 'response-body-inspect-window' set to 16926 after randomization.
17/11/2018 -- 19:26:16 - <Config> - DNS request flood protection level: 500
17/11/2018 -- 19:26:16 - <Config> - DNS per flow memcap (state-memcap): 524288
17/11/2018 -- 19:26:16 - <Config> - DNS global memcap: 16777216
17/11/2018 -- 19:26:16 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/11/2018 -- 19:26:16 - <Config> - preallocated 1000 hosts of size 136
17/11/2018 -- 19:26:16 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/11/2018 -- 19:26:16 - <Config> - using magic-file /usr/share/file/magic
17/11/2018 -- 19:26:16 - <Config> - Core dump size is unlimited.
17/11/2018 -- 19:26:16 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/11/2018 -- 19:26:16 - <Config> - preallocated 1000 defrag trackers of size 168
17/11/2018 -- 19:26:16 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/11/2018 -- 19:26:16 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/11/2018 -- 19:26:16 - <Config> - stream "memcap": 33554432
17/11/2018 -- 19:26:16 - <Config> - stream "midstream" session pickups: disabled
17/11/2018 -- 19:26:16 - <Config> - stream "async-oneside": disabled
17/11/2018 -- 19:26:16 - <Config> - stream "checksum-validation": disabled
17/11/2018 -- 19:26:16 - <Config> - stream."inline": disabled
17/11/2018 -- 19:26:16 - <Config> - stream "bypass": disabled
17/11/2018 -- 19:26:16 - <Config> - stream "max-synack-queued": 5
17/11/2018 -- 19:26:16 - <Config> - stream.reassembly "memcap": 134217728
17/11/2018 -- 19:26:16 - <Config> - stream.reassembly "depth": 0
17/11/2018 -- 19:26:16 - <Config> - stream.reassembly "toserver-chunk-size": 2565
17/11/2018 -- 19:26:16 - <Config> - stream.reassembly "toclient-chunk-size": 2615
17/11/2018 -- 19:26:16 - <Config> - stream.reassembly.raw: enabled
17/11/2018 -- 19:26:16 - <Config> - stream.reassembly "segment-prealloc": 2048
17/11/2018 -- 19:26:16 - <Config> - Delayed detect disabled
17/11/2018 -- 19:26:16 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/11/2018 -- 19:26:16 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/11/2018 -- 19:26:16 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/11/2018 -- 19:26:16 - <Config> - prefilter engines: MPM
17/11/2018 -- 19:26:16 - <Config> - IP reputation disabled
17/11/2018 -- 19:26:16 - <Perf> - Registered 148 keyword profiling counters.
17/11/2018 -- 19:26:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
17/11/2018 -- 19:26:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
17/11/2018 -- 19:26:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
17/11/2018 -- 19:26:21 - <Config> - No rules loaded from ET-icmp.rules.
17/11/2018 -- 19:26:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
17/11/2018 -- 19:26:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
17/11/2018 -- 19:26:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
17/11/2018 -- 19:26:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
17/11/2018 -- 19:26:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
17/11/2018 -- 19:26:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
17/11/2018 -- 19:26:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
17/11/2018 -- 19:26:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
17/11/2018 -- 19:26:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
17/11/2018 -- 19:26:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
17/11/2018 -- 19:26:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
17/11/2018 -- 19:26:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
17/11/2018 -- 19:26:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
17/11/2018 -- 19:26:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
17/11/2018 -- 19:26:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
17/11/2018 -- 19:26:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
17/11/2018 -- 19:26:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
17/11/2018 -- 19:26:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
17/11/2018 -- 19:26:29 - <Config> - No rules loaded from local.rules.
17/11/2018 -- 19:26:29 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
17/11/2018 -- 19:26:29 - <Info> - Threshold config parsed: 0 rule(s) found
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for tcp-packet
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for tcp-stream
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for udp-packet
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for other-ip
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_uri
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_client_body
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_accept
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_accept_enc
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_accept_lang
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_referer
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_connection
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_method
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_raw_uri
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_user_agent
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_host
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_raw_host
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_stat_msg
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_stat_code
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for dns_query
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for tls_sni
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 19:26:30 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 19:26:30 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
17/11/2018 -- 19:26:30 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/11/2018 -- 19:26:30 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/11/2018 -- 19:26:30 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/11/2018 -- 19:26:30 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/11/2018 -- 19:26:30 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/11/2018 -- 19:26:30 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/11/2018 -- 19:26:30 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/11/2018 -- 19:26:36 - <Perf> - Unique rule groups: 104
17/11/2018 -- 19:26:36 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/11/2018 -- 19:26:36 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/11/2018 -- 19:26:36 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/11/2018 -- 19:26:36 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/11/2018 -- 19:26:36 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/11/2018 -- 19:26:36 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/11/2018 -- 19:26:36 - <Perf> - Builtin MPM "other IP packet": 3
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_header": 10
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient http_header": 6
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_header_names": 2
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_protocol": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_start": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_method": 5
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver http_host": 2
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver tls_sni": 2
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toserver file_data": 1
17/11/2018 -- 19:26:36 - <Perf> - AppLayer MPM "toclient file_data": 7
17/11/2018 -- 19:26:38 - <Perf> - Registered 39590 rule profiling counters.
17/11/2018 -- 19:26:39 - <Info> - fast output device (regular) initialized: alert
17/11/2018 -- 19:26:39 - <Info> - eve-log output device (regular) initialized: eve.json
17/11/2018 -- 19:26:39 - <Config> - enabling 'eve-log' module 'alert'
17/11/2018 -- 19:26:39 - <Config> - enabling 'eve-log' module 'http'
17/11/2018 -- 19:26:39 - <Config> - enabling 'eve-log' module 'dns'
17/11/2018 -- 19:26:39 - <Config> - enabling 'eve-log' module 'tls'
17/11/2018 -- 19:26:39 - <Config> - enabling 'eve-log' module 'files'
17/11/2018 -- 19:26:39 - <Config> - enabling 'eve-log' module 'ssh'
17/11/2018 -- 19:26:39 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/11/2018 -- 19:26:39 - <Info> - stats output device (regular) initialized: stats.log
17/11/2018 -- 19:26:39 - <Config> - Aut

This file has been truncated. Go here to download in full.