Filename: exploitation.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 8.71113586426 seconds
Hash: 24ef6fd8696eab3895e0cfb2fdeea3a3
Uploaded: 1548358239

Logfiles


suricata-report-2019-01-24-T-19-30-48-01242019.1930-exploitation.pcap.txt - (17969 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/24ef6fd8696eab3895e0cfb2fdeea3a3d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01242019.1930-exploitation.pcap -vvv -k none
elapsedtime:7.753491
stderr:
stdout:
24/1/2019 -- 19:30:40 - <Info> - Configuration node 'rule-files' redefined.
24/1/2019 -- 19:30:40 - <Notice> - This is Suricata version 4.0.0 RELEASE
24/1/2019 -- 19:30:40 - <Info> - CPUs/cores online: 1
24/1/2019 -- 19:30:40 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33262 and 'request-body-inspect-window' set to 15587 after randomization.
24/1/2019 -- 19:30:40 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31395 and 'response-body-inspect-window' set to 15567 after randomization.
24/1/2019 -- 19:30:40 - <Config> - DNS request flood protection level: 500
24/1/2019 -- 19:30:40 - <Config> - DNS per flow memcap (state-memcap): 524288
24/1/2019 -- 19:30:40 - <Config> - DNS global memcap: 16777216
24/1/2019 -- 19:30:40 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
24/1/2019 -- 19:30:40 - <Config> - preallocated 1000 hosts of size 136
24/1/2019 -- 19:30:40 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
24/1/2019 -- 19:30:40 - <Config> - using magic-file /usr/share/file/magic
24/1/2019 -- 19:30:40 - <Config> - Core dump size is unlimited.
24/1/2019 -- 19:30:40 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/1/2019 -- 19:30:40 - <Config> - preallocated 1000 defrag trackers of size 168
24/1/2019 -- 19:30:40 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
24/1/2019 -- 19:30:40 - <Config> - stream "prealloc-sessions": 2048 (per thread)
24/1/2019 -- 19:30:40 - <Config> - stream "memcap": 33554432
24/1/2019 -- 19:30:40 - <Config> - stream "midstream" session pickups: disabled
24/1/2019 -- 19:30:40 - <Config> - stream "async-oneside": disabled
24/1/2019 -- 19:30:40 - <Config> - stream "checksum-validation": disabled
24/1/2019 -- 19:30:40 - <Config> - stream."inline": disabled
24/1/2019 -- 19:30:40 - <Config> - stream "bypass": disabled
24/1/2019 -- 19:30:40 - <Config> - stream "max-synack-queued": 5
24/1/2019 -- 19:30:40 - <Config> - stream.reassembly "memcap": 134217728
24/1/2019 -- 19:30:40 - <Config> - stream.reassembly "depth": 0
24/1/2019 -- 19:30:40 - <Config> - stream.reassembly "toserver-chunk-size": 2600
24/1/2019 -- 19:30:40 - <Config> - stream.reassembly "toclient-chunk-size": 2548
24/1/2019 -- 19:30:40 - <Config> - stream.reassembly.raw: enabled
24/1/2019 -- 19:30:40 - <Config> - stream.reassembly "segment-prealloc": 2048
24/1/2019 -- 19:30:40 - <Config> - Delayed detect disabled
24/1/2019 -- 19:30:40 - <Config> - pattern matchers: MPM: ac, SPM: bm
24/1/2019 -- 19:30:40 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
24/1/2019 -- 19:30:40 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
24/1/2019 -- 19:30:40 - <Config> - prefilter engines: MPM
24/1/2019 -- 19:30:40 - <Config> - IP reputation disabled
24/1/2019 -- 19:30:40 - <Perf> - Registered 148 keyword profiling counters.
24/1/2019 -- 19:30:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
24/1/2019 -- 19:30:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
24/1/2019 -- 19:30:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
24/1/2019 -- 19:30:41 - <Config> - No rules loaded from ET-emerging-icmp.rules.
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
24/1/2019 -- 19:30:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
24/1/2019 -- 19:30:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
24/1/2019 -- 19:30:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
24/1/2019 -- 19:30:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
24/1/2019 -- 19:30:45 - <Config> - No rules loaded from local.rules.
24/1/2019 -- 19:30:45 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
24/1/2019 -- 19:30:45 - <Info> - Threshold config parsed: 0 rule(s) found
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for tcp-packet
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for tcp-stream
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for udp-packet
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for other-ip
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_uri
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_request_line
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_client_body
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_response_line
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_header
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_header
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_header_names
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_header_names
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_accept
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_accept_enc
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_accept_lang
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_referer
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_connection
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_content_len
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_content_len
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_content_type
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_content_type
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_protocol
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_protocol
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_start
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_start
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_raw_header
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_raw_header
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_method
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_cookie
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_cookie
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_raw_uri
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_user_agent
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_host
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_raw_host
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_stat_msg
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_stat_code
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for dns_query
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for tls_sni
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for tls_cert_issuer
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for tls_cert_subject
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for tls_cert_serial
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for dce_stub_data
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for dce_stub_data
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for ssh_protocol
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for ssh_protocol
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for ssh_software
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for ssh_software
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for file_data
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for file_data
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_request_line
24/1/2019 -- 19:30:45 - <Perf> - using shared mpm ctx' for http_response_line
24/1/2019 -- 19:30:45 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
24/1/2019 -- 19:30:45 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
24/1/2019 -- 19:30:45 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
24/1/2019 -- 19:30:45 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
24/1/2019 -- 19:30:45 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
24/1/2019 -- 19:30:45 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
24/1/2019 -- 19:30:45 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
24/1/2019 -- 19:30:45 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
24/1/2019 -- 19:30:46 - <Perf> - Unique rule groups: 111
24/1/2019 -- 19:30:46 - <Perf> - Builtin MPM "toserver TCP packet": 31
24/1/2019 -- 19:30:46 - <Perf> - Builtin MPM "toclient TCP packet": 20
24/1/2019 -- 19:30:46 - <Perf> - Builtin MPM "toserver TCP stream": 31
24/1/2019 -- 19:30:46 - <Perf> - Builtin MPM "toclient TCP stream": 21
24/1/2019 -- 19:30:46 - <Perf> - Builtin MPM "toserver UDP packet": 33
24/1/2019 -- 19:30:46 - <Perf> - Builtin MPM "toclient UDP packet": 15
24/1/2019 -- 19:30:46 - <Perf> - Builtin MPM "other IP packet": 2
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_uri": 8
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_request_line": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_client_body": 6
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient http_response_line": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_header": 6
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient http_header": 3
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_header_names": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_accept": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_referer": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_content_len": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_content_type": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient http_content_type": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_start": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_method": 3
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_cookie": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient http_cookie": 2
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver http_host": 2
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver dns_query": 4
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver tls_sni": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toserver file_data": 1
24/1/2019 -- 19:30:46 - <Perf> - AppLayer MPM "toclient file_data": 5
24/1/2019 -- 19:30:47 - <Perf> - Registered 18241 rule profiling counters.
24/1/2019 -- 19:30:47 - <Info> - fast output device (regular) initialized: alert
24/1/2019 -- 19:30:47 - <Info> - eve-log output device (regular) initialized: eve.json
24/1/2019 -- 19:30:47 - <Config> - enabling 'eve-log' module 'alert'
24/1/2019 -- 19:30:47 - <Config> - enabling 'eve-log' module 'http'
24/1/2019 -- 19:30:47 - <Config> - enabling 'eve-log' module 'dns'
24/1/2019 -- 19:30:47 - <Config> - enabling 'eve-log' module 'tls'
24/1/2019 -- 19:30:47 - <Config> - enabling 'eve-log' module 'files'
24/1/2019 -- 19:30:47 - <Config> - enabling 'eve-log' module 'ssh'
24/1/2019 -- 19:30:47 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/1/2019 -- 19:30:47 - <Info> - s

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-01-24-T-19-30-48-01242019.1930-exploitation.pcap.txt - (30038 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/24/2019 -- 19:30:48. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2024135      1        2        4114684      6.68   57       0        2923387     72187.44    0.00        72187.44   
  2        2102523      1        8        454429       0.74   26       0        384220      17478.04    0.00        17478.04   
  3        2103029      1        6        473745       0.77   33       0        383128      14355.91    0.00        14355.91   
  4        2016855      1        2        372814       0.61   1        0        372814      372814.00   0.00        372814.00  
  5        2020865      1        3        961092       1.56   6        0        296052      160182.00   0.00        160182.00  
  6        2016854      1        3        276911       0.45   1        0        276911      276911.00   0.00        276911.00  
  7        2020569      1        1        276744       0.45   2        0        233948      138372.00   0.00        138372.00  
  8        2014958      1        1        479721       0.78   22       0        183261      21805.50    0.00        21805.50   
  9        2022050      1        3        218508       0.35   2        0        169094      109254.00   0.00        109254.00  
  10       2018982      1        2        194385       0.32   2        0        154637      97192.50    0.00        97192.50   
  11       2008575      1        5        558549       0.91   14       0        150783      39896.36    0.00        39896.36   
  12       2015588      1        5        132191       0.21   1        0        132191      132191.00   0.00        132191.00  
  13       2015589      1        5        121071       0.20   1        0        121071      121071.00   0.00        121071.00  
  14       2012981      1        5        118975       0.19   1        0        118975      118975.00   0.00        118975.00  
  15       2019103      1        4        150322       0.24   3        0        115033      50107.33    0.00        50107.33   
  16       2024217      1        2        619050       1.00   21       7        105017      29478.57    56624.71    15905.50   
  17       2024771      1        1        2485354      4.03   136      0        102996      18274.66    0.00        18274.66   
  18       2014819      1        3        101199       0.16   1        1        101199      101199.00   101199.00   0.00       
  19       2023711      1        2        108308       0.18   3        0        100876      36102.67    0.00        36102.67   
  20       2024137      1        2        1321609      2.15   57       0        98747       23186.12    0.00        23186.12   
  21       2020855      1        3        2859821      4.64   68       0        91588       42056.19    0.00        42056.19   
  22       2017548      1        6        211026       0.34   5        0        85342       42205.20    0.00        42205.20   
  23       2019343      1        3        3114820      5.06   68       0        84642       45806.18    0.00        45806.18   
  24       2013352      1        4        90825        0.15   3        0        84169       30275.00    0.00        30275.00   
  25       2014704      1        7        1641454      2.66   69       0        82844       23789.19    0.00        23789.19   
  26       2016537      1        2        1331326      2.16   69       1        81157       19294.58    81157.00    18384.84   
  27       2025064      1        5        2675419      4.34   68       0        79035       39344.40    0.00        39344.40   
  28       2021067      1        2        2613234      4.24   69       69       77706       37872.96    37872.96    0.00       
  29       2103003      1        7        221263       0.36   8        0        75112       27657.88    0.00        27657.88   
  30       2022197      1        3        2064080      3.35   69       0        72445       29914.20    0.00        29914.20   
  31       2102383      1        21       236516       0.38   8        0        70529       29564.50    0.00        29564.50   
  32       2014956      1        1        356129       0.58   22       0        68575       16187.68    0.00        16187.68   
  33       2015986      1        5        295106       0.48   61       0        66157       4837.80     0.00        4837.80    
  34       2015744      1        4        65646        0.11   1        1        65646       65646.00    65646.00    0.00       
  35       2018959      1        3        71056        0.12   3        1        64295       23685.33    64295.00    3380.50    
  36       2102465      1        9        156289       0.25   4        2        60347       39072.25    56454.50    21690.00   
  37       2014353      1        6        66299        0.11   3        0        60001       22099.67    0.00        22099.67   
  38       2012612      1        16       1353897      2.20   57       0        57693       23752.58    0.00        23752.58   
  39       2017552      1        6        2563740      4.16   137      0        57563       18713.43    0.00        18713.43   
  40       2024133      1        2        1291916      2.10   57       0        57480       22665.19    0.00        22665.19   
  41       2024141      1        2        1290028      2.09   57       0        56830       22632.07    0.00        22632.07   
  42       2001569      1        15       373677       0.61   22       22       55800       16985.32    16985.32    0.00       
  43       2024140      1        2        1361040      2.21   57       0        55364       23877.89    0.00        23877.89   
  44       2008782      1        5        1346189      2.19   69       0        55306       19509.99    0.00        19509.99   
  45       2018241      1        2        62401        0.10   3        0        54859       20800.33    0.00        20800.33   
  46       2024134      1        2        1268197      2.06   57       0        54822       22249.07    0.00        22249.07   
  47       2009028      1        11       59353        0.10   3        0        53137       19784.33    0.00        19784.33   
  48       2024139      1        2        1379454      2.24   57       0        53134       24200.95    0.00        24200.95   
  49       2008438      1        20       103295       0.17   2        0        53127       51647.50    0.00        51647.50   
  50       2017877      1        3        52476        0.09   1        0        52476       52476.00    0.00        52476.00   
  51       2024136      1        2        1330420      2.16   57       0        51037       23340.70    0.00        23340.70   
  52       2009897      1        14       53782        0.09   2        0        49956       26891.00    0.00        26891.00   
  53       2024138      1        2        1393398      2.26   57       0        49910       24445.58    0.00        24445.58   
  54       2017876      1        3        48081        0.08   1        0        48081       48081.00    0.00        48081.00   
  55       2103046      1        5        123090       0.20   8        0        47943       15386.25    0.00        15386.25   
  56       2024430      1        3        281515       0.46   21       0        46620       13405.48    0.00        13405.48   
  57       2102954      1        4        132917       0.22   4        0        45778       33229.25    0.00        33229.25   
  58       2009909      1        10       46927        0.08   2        0        43497       23463.50    0.00        23463.50   
  59       2016538      1        3        49175        0.08   3        1        42819       16391.67    42819.00    3178.00    
  60       2021076      1        2        61714        0.10   3        1        42750       20571.33    42750.00    9482.00    
  61       2103024      1        3        118992       0.19   4        0        41172       29748.00    0.00        29748.00   
  62       2001330      1        8        360303       0.58   106      0        40917       3399.08     0.00        3399.08    
  63       2013441      1        9        44574        0.07   2        0        40881       22287.00    0.00        22287.00   
  64       2102190      1        5        268941       0.44   53       0        40501       5074.36     0.00        5074.36    
  65       2014471      1        6        39691        0.06   1        0        39691       39691.00    0.00        39691.00   
  66       2012084      1        2        238917       0.39   8        0        39624       29864.62    0.00        29864.62   
  67       2014380      1        4        499742       0.81   22       0        39169       22715.55    0.00        22715.55   
  68       2102471      1        12       120490       0.20   4        0        38810       30122.50    0.00        30122.50   
  69       2023083      1        2        38725        0.06   1        0        38725       38725.00    0.00        38725.00   
  70       2012707      1        5        1493612      2.42   69       0        37801       21646.55    0.00        21646.55   
  71       2021753      1        3        36891        0.06   1        0        36891       36891.00    0.00        36891.00   
  72       2022132      1        1        263218       0.43   16       0        36886       16451.12    0.00        16451.12   
  73       2021716      1        1        36477        0.06   1        0        36477       36477.00    0.00        36477.00   
  74       2024829      1        2        135639       0.22   6        0        36230       22606.50    0.00        22606.50   
  75       2103022      1        4        97379        0.16   4        0        35904       24344.75    0.00        24344.75   
  76       2016922      1        12       35013        0.06   1        0        35013       35013.00    0.00        35013.00   
  77       2014519      1        7        230969       0.37   12       0        34997       19247.42    0.00        19247.42   
  78       2020769      1        2        34447        0.06   1        0        34447       34447.00    0.00        34447.00   
  79       2020777      1        2        34441        0.06   1        0        34441       34441.00    0.00        34441.00   
  80       2020786      1        4        34312        0.06   1        0        34312       34312.00    0.00        34312.00   
  81       2018075      1        3        34126        0.06   1        0        34126       34126.00    0.00        34126.00   
  82       2018032      1        2        33683        0.05   1        0        33683       33683.00    0.00        33683.00   
  83       2102468      1        9        108777       0.18   4        0        33476       27194.25    0.00        27194.25   
  84       2103030      1        5        94470        0.15   4        0        32870       23617.50    0.00        23617.50   
  85       2011457      1        8        32226        0.05   1        0        32226       32226.00    0.00        32226.00   
  86       2018375      1        3        75204        0.12   4        0        31362       18801.00    0.00        18801.00   
  87       2013036      1        7        29655        0.05   1        0        29655       29655.00    0.00        29655.00   
  88       2017748      1        6        85963        0.14   5        0        28350       17192.60    0.00        17192.60   
  89       2016948      1        2        89360        0.15   5        0        28316       17872.00    0.00        17872.00   
  90       2013037      1        7        28155        0.05   1        0        28155       28155.00    0.00        28155.00   
  91       2103032      1        5        95225        0.15   4        0        28060       23806.25    0.00        23806.25   
  92       2001581      1        15       42894        0.07   2        2        28017       21447.00    21447.00    0.00       
  93       2018638      1        2        27680        0.04   1        0        27680       27680.00    0.00        27680.00   
  94       2100540      1        12       319987       0.52   88       0        27618       3636.22     0.00        3636.22    
  95       2008420      1        4        306456       0.50   83       0        27516       3692.24     0.00        3692.24    
  96       2103040      1        5        92800        0.15   4        0        27140       23200.00    0.00        23200.00   
  97       2103048      1        5        104751       0.17   8        0        26938       13093.88    0.00        13093.88   
  98       2103056      1        5        105904       0.17   8        0        26761       13238.00    0.00        13238.00   
  99       2024142      1        2        1192537      1.94   57       0        26713       20921.70    0.00        20921.70   
  100      2102402      1        6        161540       0.26   8        0        25744       20192.50    0.00        20192.50   
  101      2021012      1        2        24729        0.04   1        0        24729       24729.00    0.00        24729.00   
  102      2020793      1        2        24274        0.04   1        0        24274       24274.00    0.00        24274.00   
  103      2024909      1        2        128981       0.21   6        0        24244       21496.83    0.00        21496.83   
  104      2020614      1        2        23967        0.04   1        0        23967       23967.00    0.00        23967.00   
  105      2022552      1        2        101061       0.16   5        0        23088       20212.20    0.00        20212.20   
  106      2103054      1        5        94772        0.15   8        0        21539       11846.50    0.00        11846.50   
  107      2023316      1        2        182074       0.30   9        0        21443       20230.44    0.00        20230.44   
  108      2103038      1        5        82746        0.13   4        0        21325       20686.50    0.00        20686.50   
  109      2024219      1        1        251027       0.41   21       0        20401       11953.67    0.00        11953.67   
  110      2019345      1        2        100600       0.16   6        0        20058       16766.67    0.00        16766.67   
  111      2024216      1        1        65531        0.11   5        0        19990       13106.20    0.00        13106.20   
  112      2021151      1        1        60536        0.10   14       0        19989       4324.00     0.00        4324.00    
  113      2016143      1        3        90597        0.15   6        0        19576       15099.50    0.00        15099.50   
  114      2100540      1        12       285655       0.46   88       0        19329       3246.08     0.00        3246.08    
  115      2022051      1        2        50716        0.08   3        0        19187       16905.33    0.00        16905.33   
  116      2022653      1        2        52574        0.09   3        0        19118       17524.67    0.00        17524.67   
  117      2020421      1        2        51791        0.08   3        0        19101       17263.67    0.00        17263.67   
  118      2011865      1        6        18897        0.03   1        0        18897       18897.00    0.00        18897.00   
  119      2021312      1        2        50824        0.08   3        0        18865       16941.33    0.00        16941.33   
  120      2018464      1        4        52372        0.09   3        0        18581       17457.33    0.00        17457.33   
  121      2023464      1        2        50982        0.08   3        0        18388       16994.00    0.00        16994.00   
  122      2017944      1        5        18354        0.03   1        0        18354       18354.00    0.00        18354.00   
  123      2020838      1        3        51353        0.08   3        0        18340       17117.67    0.00        17117.67   
  124      2015809      1        5        18323        0.03   1        0        18323       18323.00    0.00        18323.00   
  125      2021954      1        2        5

This file has been truncated. Go here to download in full.


packet_stats.log - (9469 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           649          4291219      224164217     102294285         66.4b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           649            66828       17162299        405608        263.2m   91.26
TMM_RECEIVEPCAPFILE         IPv4       6           617             2551       19237044         37708         23.3m    8.07
TMM_DECODEPCAPFILE          IPv4       6           617             2659          38385          3173          2.0m    0.68

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           617             2845         387959          4467          2.8m  1.18  
stream                  IPv4       6           649             2854         423211         19888         12.9m  5.54  
detect                  IPv4       6           649            44398       17125730        331457        215.1m  92.31 
tcp-prune               IPv4       6           649             2552          35888          3493          2.3m  0.97  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            27094          36864         31979         64.0k  21.04 
smb                     IPv4       6            11             3142         110542         14021        154.2k  50.74 
smb2                    IPv4       6            18             3186           4067          3466         62.4k  20.52 
dcerpc                  IPv4       6             6             2788           6073          3901         23.4k  7.70  
Proto detect            IPv4       6            18             2711          18743          4543         81.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             6            25236         150112         79077        474.5k  2.85  
LOGGER_UNIFIED2             IPv4       6             6            41298         680075        217010          1.3m  7.81  
LOGGER_JSON_ALERT           IPv4       6             6            65552        7674284       1365315          8.2m  49.16 
LOGGER_JSON_HTTP            IPv4       6            69            35792         204509         71922          5.0m  29.78 
LOGGER_JSON_FILE            IPv4       6            23            49510         131284         75323          1.7m  10.40 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           407             2560         398719         30017        12.2m  18.78 
stream                            IPv4       6           407             2543       16888972         81296        33.1m  50.85 
http_uri                          IPv4       6            69             4052          33951          7685       530.3k  0.81  
http_request_line                 IPv4       6            69             3231          16796          4376       302.0k  0.46  
http_client_body                  IPv4       6            70             2669          84417          7275       509.3k  0.78  
http_header (request)             IPv4       6            69             6158          95568         18449         1.3m  1.96  
http_header (request trailer)     IPv4       6            69             2573           3777          2890       199.5k  0.31  
http_header_names (request)       IPv4       6            69             4205          22692          8523       588.1k  0.90  
http_accept (request)             IPv4       6            69             2785           4881          3553       245.2k  0.38  
http_referer (request)            IPv4       6            69             2729          24337          3445       237.7k  0.37  
http_content_len (request)        IPv4       6            69             2750          24505          3809       262.9k  0.40  
http_content_type (request)       IPv4       6            69             2755           4382          3265       225.3k  0.35  
http_start (request)              IPv4       6            69             4609          37626          7430       512.7k  0.79  
http_raw_header (request)         IPv4       6            70             4607          37083         10203       714.3k  1.10  
http_method                       IPv4       6            69             2633          64857          4830       333.3k  0.51  
http_cookie (request)             IPv4       6            69             2772          21077          3562       245.8k  0.38  
http_raw_uri                      IPv4       6            69             3024          18529          4245       292.9k  0.45  
http_user_agent                   IPv4       6            69             4102          23278          7974       550.2k  0.85  
http_host                         IPv4       6            69             2761          16887          3624       250.1k  0.38  
http_response_line                IPv4       6            69             3003          19930          4724       326.0k  0.50  
http_header (response)            IPv4       6            69             4824          57695         11488       792.7k  1.22  
http_header (response trailer)    IPv4       6            69             2575           3942          2898       200.0k  0.31  
http_content_type (response)      IPv4       6            69             3113          22926          4766       328.9k  0.51  
http_raw_header (response)        IPv4       6           136             3265          27440          6148       836.2k  1.29  
http_cookie (response)            IPv4       6            69             2740          17603          3469       239.4k  0.37  
http_stat_code                    IPv4       6            69             2751          75655          4656       321.3k  0.49  
file_data (http response)         IPv4       6           136             2582        1142297         69442         9.4m  14.51 
Total                             IPv4                  2675                                         24323        65.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            52            18689       11326748        247910         12.9m  4.34  
PROF_DETECT_RULES           IPv4       6           649             2533        5793477        125504         81.5m  27.45 
PROF_DETECT_STATEFUL_START    IPv4       6           229             5142        1045579         91853         21.0m  7.09  
PROF_DETECT_STATEFUL_CONT    IPv4       6           649             2517         143082          5974          3.9m  1.31  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           419             2551         383327          4146          1.7m  0.59  
PROF_DETECT_PREFILTER       IPv4       6           649             7855       16944843        135049         87.6m  29.54 
PROF_DETECT_PF_PAYLOAD      IPv4       6           407            16083       16912855        120455         49.0m  16.52 
PROF_DETECT_PF_TX           IPv4       6           419             2566        1174598         64652         27.1m  9.13  
PROF_DETECT_PF_SORT1        IPv4       6           328             2538          79342          4318          1.4m  0.48  
PROF_DETECT_PF_SORT2        IPv4       6           649             2518          27715          3127          2.0m  0.68  
PROF_DETECT_NONMPMLIST      IPv4       6           649             2533          33071          3125          2.0m  0.68  
PROF_DETECT_ALERT           IPv4       6           649             2525          38603          3319          2.2m  0.73  
PROF_DETECT_CLEANUP         IPv4       6           649             2556          43662          3280          2.1m  0.72  
PROF_DETECT_GETSGH          IPv4       6           649             2532          33311          3451          2.2m  0.75  


unified2.alert.1548358247 - (177127 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
4ZX‡—
¦ Á	À¨8êÀ¨8fª½ªZX‡—ZX‡—
¦Ž'6„'øíhE€Ð7@@wŸÀ¨8êÀ¨8fª½bt©üAÉ@€íó
ʯ¶HÿSMBu`ÿÿÿ\\192.168.56.102\IPC$?????4ZX‡¢1°ãiÀ¨8êÀ¨8fª½‡ZX‡¢ZX‡¢1°kE]ÇúÀ¨8êÀ¨8fª½PPj1ÿSMB+`AAAAAAAAAAA‹ZX‡¢ZX‡¢1°oEa·öÀ¨8êÀ¨8fª½P&ý5ÿSMB3Àÿþ@	5ÐóAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€9»AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ZX‡¥Ù˾cÀ¨8êÀ¨8fPÀ	ÖZX‡¥ZX‡¥Ù˺E¬««À¨8êÀ¨8fPÀ	PmHTTP/1.1 200 OK
Content-Type: application/octet-stream
Connection: close
Server: Apache
Content-Length: 206937

MZARUH‰åHƒì Hƒäðè[HÃ³ÿÓHÃ8H‰;I‰ØjZÿÐøº´	Í!¸LÍ!This program cannot be run in DOS mode.

$ÃÒëù‡³…ª‡³…ª‡³…ªÁâdª£³…ªÁâeªû³…ªÁâZª³…ªŽËª†³…ªŽËª–³…ª‡³„ªN³…ªŠáeª™³…ªŠáYª†³…ªŠá[ª†³…ªRich‡³…ªPEd†æ:Zð" L,`€ ½× `´
x¾´p€ ”p0 .text… `.rdata6¢0¤"@@.dataà…à8Æ@À.pdata€pþ@@.reloc@BH‰\$WHƒì H‹úº\H‹ÙèZ.H…ÀtHX3ɺ˜A¸DI@ÿ!H‰ßH…À„‰H‹ÈèîH‹
ÇA¹ÿAQL‹ÃèM-H‹
®è™,H‹
¢ÿÀ‰H‹“‰¸H‹
†èH‹
zÿÌ H‹
mH‹ØèÁH‹
^3ÒA¸€ÿˆ H‹ÃH‹\$0HƒÄ _ÃÌÌÌÌÌÌH‹ÄH‰XH‰hH‰pH‰x ·H‹ÚH‹ù…À~FLc‘E3À‹èE3É3ÒE…Ò~#H‹CN@¾:A·;ÁuHÿÂAÿÁIƒÃI;Ò|åE;Êt"IÿÀL;Å|ƸH‹\$H‹l$H‹t$H‹|$ Ã3ÀëçÌÌÌÌÌÌÌÌH‰\$H‰l$H‰t$WHƒì H‹•‹êI‹PH‹ùH‹ËI‹ðèEÿÿÿ…Àu
‹ƒH‰3ÀëL‹Æ‹ÕH‹Ïÿ“hH‹\$0H‹l$8H‹t$@HƒÄ _ÃÌÌÌÌÌÌÌÌÌH‰\$H‰t$WHƒì H‹5.H‹ÚH‹QH‹ùH‹Îèàþÿÿ…Àu0¸ú"Ĺà\'~ÇCà\'Ž‰C‰C‰C‰C‰‰K3À‰KÇC €ëH‹ÓH‹Ïÿ–pH‹\$0H‹t$8HƒÄ _ÃÌÌÌÌÌÌÌÌH‹ÄH‰XH‰hH‰pH‰x AVHƒì0H‹¤D‹òI‹PH‹ùH‹ËI‹éI‹ðèPþÿÿ…Àu‹ƒH‰ë"‹D$hL‹ÍL‹Æ‰D$(‹D$`A‹ÖH‹Ï‰D$ ÿ“xH‹\$@H‹l$HH‹t$PH‹|$XHƒÄ0A^ÃÌÌÌÌÌÌÌÌL‹1L‹\$8A‹‚L;ØuH‰3ÀÃL‰\$8Iÿ¢€ÌÌÌÌÌÌL‹A‹‚H;ÈuI‰H‹ë‹ˆH‹D$8‰¸@ÃIÿ¢ˆÌÌÌÌÌÌÌÌÌH‹Á‹‚H;Èu3ÀÃHÿ¢ÌÌÌÌÌÌÌÌL‹ÜI‰[UVWHƒì`I‹ØICI‹é‹òD‹ÂA¹HƒÉÿH‹ÓI‰C¨ÿÀ‹ÆHT$0+ÃA¸0‹ÎƒèÆCé‰Cÿ—H‹T$HH‹L$0LL$TA¸@ÿtD‹D$TH‹T$HH‹L$0F+îLŒ$ˆƒíÆé‰(ÿJL‹D$HH‹T$0HƒÉÿÿH‹œ$€HƒÄ`_^]ÃÌÌÌÌÌÌH‰\$H‰l$H‰t$WATAUAVAWHƒì L‹éH
:"ÿH‹ØH…À„AH1"H‹Èÿ¸H9"H‹ËH‹øÿ¥H>"H‹ËH‹ðÿ’H;"H‹ËH‹èÿH8"H‹ËL‹ðÿlH5"H‹ËL‹øÿYI<L
#þÿÿ‹×I‹ÍL‹ÃL‹àèwþÿÿI‰ˆIL
ÂüÿÿL‹Ã‹ÖI‹ÍèUþÿÿI‰pI(L
 ýÿÿL‹Ã‹ÕI‹Íè3þÿÿI‰xI2L
ŠýÿÿL‹ÃA‹ÖI‹ÍèþÿÿI‰€IL
ïûÿÿL‹ÃA‹×I‹ÍèíýÿÿI‰hIFL
´ýÿÿL‹ÃA‹ÔI‹ÍèÊýÿÿI‰H‹\$PH‹l$XH‹t$`HƒÄ A_A^A]A\_ÃÌÌÌÌÌÌH‰\$WHƒì`‹ÚI‹øHT$0‹ËA¸0ÿjH‹T$HH‹L$0LL$TA¸@ÿG‹ÓH„$ˆHƒËÿA¹L‹ÇH‹ËH‰D$ ÿ2D‹D$TH‹T$HH‹L$0LL$xÿL‹D$HH‹T$0H‹ËÿÝH‹\$pHƒÄ`_ÃÌÌÌÌÌÌH‹ÄH‰XH‰hH‰pH‰x AUAVAWHƒì L‹éH
u ÿÏL‹øH…À„ÚHôH‹Èÿ{HüI‹ÏH‹ØÿhH I‹ÏH‹øÿUHþI‹ÏH‹ðÿBHûI‹ÏH‹èÿ/HøI‹ÏL‹ðÿM…<‹ÓI‹ÍL‹øè¤þÿÿM…‹×I‹Íè“þÿÿM…(‹ÖI‹Íè‚þÿÿM…2‹ÕI‹ÍèqþÿÿM…A‹ÖI‹Íè_þÿÿM…FA‹×I‹ÍèMþÿÿH‹\$@H‹l$HH‹t$PH‹|$XHƒÄ A_A^A]ÃÌÌÌÌÌÌH‰\$UVWAVAWHƒì0‹‘H‹ù¾@‹B<½0D‹ÎÂD‹Å‹PPH‹H0‹Øÿ_E3ö‰‡…Àu‹SPD‹ÎD‹Å3ÉÿA‰‡‹CPH
ù‰‡ÿ]HîH‹ÈÿIƒÏÿH…Àt%‹EOLD$`H‰L$h‹KPHT$h‰L$`I‹ÏÿÐD‹KTD‹‡‹—I‹ÏL‰t$ ÿè·CA‹îfD;ss?Hs,Hð‹‡D‹‹VøD‹NüLÀ‹‡I‹ÏHÐL‰t$ ÿ©·CÿÅHv(;è|ÈH‹\$pHƒÄ0A_A^_^]ÃÌÌH‰\$WHƒì H‹Ù肁{à*
‹øt0{ðµ¢Vt{þ2êu3Éÿy‹ÇH‹\$0HƒÄ _Ã3Éÿ\Ì3ÉÿcÌÌÌH‰\$H‰l$H‰t$ WATAUAVAWHƒì@L‹áH‹ÊH‹úè‚aL‹-ÿýºH‹Ï3ÛE3ÿL‹ðèhºH‹ÏH‹ðèšh‹èH…öu
»Wé騅˜LD$0ºH‹ÏèGg…Àuغ‘H‹ÏèÆgH‹ðH…ÀtÃ@öÅuE‹T$0H‹L$8èò!H‹øH…ÀuD‹D$0H‹T$8H‹ÎèøõÿÿH‹øëA¿H‹ÇH÷ØÛ÷ӁãëD‹D$0H‹T$8H‹ÈèZH‹¼$€‹Ø…ÛuKëH‹¼$€H…ÿuH‹ÎÿH‹øH…Àuÿ=‹Ø@öÅtH…ÿtM‹ÎM‹ÄA‹×H‹ÏL‰l$ è:‹ØM…öt
M‹ÆI‹Ô‹Ëè.iL\$@‹ÃI‹[0I‹k8I‹sHI‹ãA_A^A]A\_ÃÌÌÌÌÌÌH‰\$H‰l$H‰t$WAVAWHƒì H‹ñ½M‹ñMBI‹øD‹úèÿ$H‹ØH…À„£DEB3ÒH‹Èè]+H‰3HH‹ÎE…ÿtSèFH‹HH‰Cè3H‹H!H‰Cè H‹H&H‰Cè
H‹H#H‰C èúëVÿÂH‹HÈH‰Cÿ®H‹HÌH‰CÿšH‹HÐH‰Cÿ†H‹HÌH‰C ÿrH‰C(H…ÿt
H‹RûH‰H‹SH…ÒtkH‹D$`H‹ÏH‰C8ÿÒH‹
qû‹èH‰K0…ÀuDHƒ{ tH‹{8ë
H‹ÿS H‹¿¸H…ÿuîH‹CH…ÀtHK@ºÿÐH‹
åúH‹ÓèÅ[ëH‹Ëèc#M…ötNH‹{0ëBL‹ºI‹Îè0`H‹±úH‹0ëH‹FH;ÃtH‹P H…ÒtH‹ÿÒH‹6H…öuáH‹¿¸H;{8u¸H‹\$@H‹t$P‹ÅH‹l$HHƒÄ A_A^_ÃÌÌÌÌÌÌÌÌÌH‹ÄH‰XH‰hH‰pH‰x AVHƒì H‹<úA‹ðH‹êH‹L‹ñH…Ût*H‹{I‹ÖHO@è£+…ÀuHƒ(uH‹ëۋÖH‹ÍÿW(븐H‹\$0H‹l$8H‹t$@H‹|$HHƒÄ A^ÃÌÌÌÌÌÌÌÌÌH‰\$H‰t$WHƒì H‹ñH‹ÊH‹Úè]ºÍH‹ËH‹øèëdH…ÀtH‹N(A¸H‹ÐIÈèY#H…ÿt
L‹ÇH‹Ö3Éè'fH‹\$0H‹t$83ÀHƒÄ _ÃÌÌÌÌÌÌÌÌÌH‰\$WHƒì H‹ùH‹Êè]H‹ØH…Àt(L‹G(ºÎA¹IƒÀ H‹ÈèäaL‹ÃH‹×3ÉèÇe3ÀH‹\$0HƒÄ _ÃÌÌÌÌÌÌH‰\$H‰t$WHƒì H‹òH‹ùºÎH‹Î3Ûè(dH…ÀtH‹O(DCH‹ÐHƒÁ è—"ë» D‹ÃH‹ÖH‹ÏèšfH‹\$0H‹t$83ÀHƒÄ _ÃÌÌÌÌÌÌÌÌH‰\$H‰t$WHì`H‹ùH‹ÊèG\3öH‹ØH…À„ÐHL$@ºÿí…À„«V\HL$@DŽ$€è5*‰t$8H‰t$0LŒ$ˆHL$@E3À3ÒH‰t$(f‰pH‰t$ ÿöH”$€HŒ$Pÿ˜‹Œ$ˆL„$P·ÁL‰D$0Á麉D$(‰L$ HL$@L
EDBÿèL!LD$@ºÌH‹Ëèr]L‹ÃH‹×3ÉèMdLœ$`3ÀI‹[I‹sI‹ã_ÃÌÌH‰\$H‰t$WHƒì0H‹ñH‹ÊH‹úè3[H‹ØH…Àt<º
H‹ÏH‰D$ èÅaH‹
N÷LD$ HH‰D$(èTYL‹ÃH‹Ö3ÉèÓcH‹\$@H‹t$H3ÀHƒÄ0_ÃÌÌÌÌÌÌÌÌÌHƒì(è;UH
Ø¿H‰ùöHƒÄ(éØkÌÌÌÌÌÌÌÌH‰\$WHƒì H‹ùëH‹CH…ÀtH‹ÏÿÐH‹ËèSH‹
¼öè+XH‹ØH…ÀuÖH
€¿èÏkH‹
œöH‹\$0HƒÄ _éUÌÌÌÌÌÌÌÌÌH‰\$WHƒì H‹YI‹øH‹Âƒ;u	AǟëH‹[`º¯H‹Èèí`H‰C8ƒ'¸H‹\$0HƒÄ _ÃÌÌÌÌÌÌH‰\$H‰t$WHƒì H‹ÚH‹ñH…ÉtPHƒ9tJH…ÒtEHJ@€9t<H‹VH…Òt3è€'…Àu*H‹{0ëL‹H‹º
èV[H‹¿¸H;{8uã¸ë3ÀH‹\$0H‹t$8HƒÄ _ÃéG)ÌÌÌÌÌÌÌH‰\$VWAVHì@H‹ñ3ÿH‰|$0@ˆ|$@»ÿD‹Ã3ÒHL$AèÁ$@ˆ¼$@D‹Ã3ÒHŒ$Aè§$‰¼$pèçtH9=Tõu3Éÿ
H‰Cõ3ÉèÈ(H‹ÈèÔ'èÒrL‹ðH‰D$0èíuH‹ØH…ÀuHÿÈéVH‰p(‹F‰ƒˆèa{‹È‰ƒN‰‹Œ‰¼$hHV0L„$hH‹Ëè5
…Àu¹ ë¬H‹KH‹AH…ÀtH‹ÿÐHñH‰CxHº	H‰ƒ€Hl
H‰CI‹FH‰C8ègýÿÿ‹”$hHƒÂ0HÖH‹ËèHs@L‹ÎºÿA¸H‹K8ÿµ
…ÀuÿãH‹ÈL‹Æºÿÿ¢
H‹Ëèâu…Àt
¹
éÿÿÿH‹H‰CHè,‰CP‰CTÿ<H‹ÈH‰|$ A¹LD$@¾‹Öÿ$HL$@èÆ'H‰CXHL$@è¸'H‰C`ÿr‹ÈÿH‹ÈH‰|$ A¹L„$@‹ÖÿÜHŒ$@è{'H‰ChHŒ$@èj'H‰CpèÝy‰ƒH‹KH…É„•H‹A(H…ÀtÿЅÀuH‹CH‹HxH‰KëÖH‹CI‹ÖH‹ËÿP@‹ðH‹KH‹A0H…ÀtÿÐH‹KH‹A H…Àt…öu	H9{Vt‹×ÿЅöuH‹CH…Àt/H‰CH‰{ëH‹CH‹HxH‰K‹K …Étèæx‰{ H‹ËèӀë†H‹SH‹ËH…ÒtèØëíèÅûÿÿè¤tè+iH‹ËètëH‹L$0è›r‹¼$p‹ÇH‹œ$`HÄ@A^_^ÃÌÌÌÌÌÌH‹$ÃÌÌÌÌÌÌÌ@SUVWATAUAVAWHƒì(3íD‹íD‹åH‰¬$€D‹õ‹õH‰l$pD‹ýèÁÿÿÿDMH‹Ø¸MZf9uHcS<HJÀHù¿w	<PEtI+Ùë×eH‹%`H‰œ$ˆH‹HH‹y H‰|$xH…ÿ„»AºÿÿH‹WPD·GHH‹ÍÁÉ
€:ar
¶ƒè H˜ë¶HÈIÑfEÂu߁ù[¼Jj…ßH‹W ·ó»ÿÿHcB<‹¬ˆD‹T D‹\$LÒLÚE3ÉAyE‹A‹ÉLÂAŠÁÉ
¾ÀIÿÀÈAŠ„ÀuîùŽNìtùªü
|tùTʯ‘tùò2öuT‹DE·LùŽNìu	G‹,Lêë1ùªü
|u	G‹$Lâë ùTʯ‘u	G‹4Lòëùò2öuG‹<LúfóE3ÉIƒÂLßf…ö…^ÿÿÿL‰¤$€3í锁ù]hú<…¢L‹G A¼»ÿÿIc@<A·ôA|$F‹œˆG‹L G‹T$MÈMÐA‹	‹ÕIȊÁÊ
¾ÀIÌЊ„Àuïú¸
LSuC‹DA·fóI‹,‘IèH‰l$p3íIƒÁL×f…öu´L‹¤$€H‹t$pH‹|$xA¹AYAºÿÿM…ítM…ätM…öt
M…ÿtH…öuH‹?H‰|$xH…ÿ…þÿÿH‹œ$ˆHcs<3ÉA¸0HóDI@‹VPAÿ֋VPH‹ÈH‹øAÿ׋VTH‹ËA»H…ÒtL‹ÇL+ÊAˆIËI+ÓuòD·N·FM…Ét8HN,HȋQøD‹D‹QüH×LÃM+ËM…ÒtAŠMÈIÓM+ÓuðHƒÁ(M…ÉuϋžHß9+„›H‹¬$€‹KHÏAÿÕL‹à3ÀM…4ZX‡¥ޅΏ!À¨8êÀ¨8fPÀ	JvZX‡¥ZX‡¥ޅJZEJL~À¨8êÀ¨8fPÀ	P
J‹KhH…Ét
è-ÓHƒchH‹OXH…Ét
èÓHƒgXH‹O`H…Ét
èÓHƒg`H‹ÏèúÒH‹\$0H‹t$8HƒÄ _ÃÌÌÌÌÌÌH‰\$WHƒì ‹AhH‹y`H‹Ú‰‚‹AlA¸‰‚‹Ap‰‚H‹QXH‹Ëè
äH‹W(H…ÒtH‹A¸èïãH‹WH…ÒtH‹A¸è¨ÓH‹W@H…ÒtH‹A¸€è¹ãH‹WHH…ÒtH‹A¸@èžãH‹WPH…ÒtH‹ŒA¸@èƒãH‹WXH…ÒtH‹ èñH‹\$0HƒÄ _ÃÌÌÌÌÌÌÌHƒì(H‹A`º"H‹HXH…Étè%ãE"‹ÂHƒÄ(ÃÌÌÌÌÌÌÌH‰\$H‰l$H‰t$WAVAWHƒì@H‹ùA¿ˆH‹òA‹ÏèÜÑAO L‹ðèÐÑ3íH‹ØH…ötÇ"M‹Ç3ÒI‹Îè+Ø3ÒA¸¨H‹ËèØHf9)t	è¶áH‰C(Hf9)t	è¡áH‰C@Hf9)t	èŒáH‰CHHŒf9)t	èwáH‰CPH@ËA¸H‹ÏèÎ܋ͅÀ”Á‰H f9)tèDáH‰CXH…ötH‹ÈèâÀH‹KH…Ét	è½ÐH‰k3ÀH·HT$ DxH‹Î@ˆl$ E‹ÇH‰D$!H‰D$)f‰D$1ˆD$3è߅ÀtA‹Ïè¸ÐE‹ÇH‹ÖH‹ÈH‰CèžÑH«ñÿÿH‰CxHôÿÿH‰ƒ€HæóÿÿH‰ƒˆHLôÿÿH‰ƒH.ôÿÿH‰ƒ˜HÌóÿÿH‰ƒ ‹‡A‰Fh‹‡A‰Fl‹‡A‰Fp‹÷ØɃáƒÁA‰H‹ÏèDàI‰FXH‰C HÑôÿÿI‰FHHŠùÿÿI‰^`I‰F@Hß÷ÿÿI‰F(HùÿÿI‰F0H‰ûÿÿI‰F8èx-H‹\$`H‹l$hH‹t$pA‰FtH†ýÿÿI‰FI‹ÆHƒÄ@A_A^_ÃÌL‹ÜI‰[WHƒì@H‹ù‹ÂA¸`„ƒ?¹2à„HNÉDEÁH
;É…ÀHEÑIƒcðH‹OE‰CèIƒcàL‹G0IƒcØE3ÉÿyÄH‹ØH…Àu
¹ÿ.Áë=ƒ?t<A¹LD$XH‹ÈAQÇD$X€3ÿ7Ä…Àu¹ÿøÀH‹ËÿÄ3ÀëH‹ÃH‹\$PHƒÄ@_ÃÌÌÌÌÌÌÌÌÌHÿ%åÃÌÌÌÌÌÌÌÌÌHÿ%åÃÌÌÌÌÌÌÌÌÌHƒì8H‹ÂH‹QXD‰L$ H‹ÈM‹ÈH…ÒtAƒÈÿëE3À3ÒÿÈÃHƒÄ8ÃÌÌÌÌÌÌÌH‹ÄHƒì8Hƒ`èLHL@ º Ç@ÿžÃ…Àt|$XÈt¸Jë3ÀHƒÄ8ÃÌÌÌÌÌÌH‰\$H‰|$UH¬$PøÿÿHì°H‹Y`ƒd$ E3ÉL‹C@H‹ùH‹K(M…ÀtAQë3ÒÿÃH‰CH…Àu3Àé-H°3ÒA¸èTÔHM°3ÒA¸èCÔ3ÒHL$@DBhè3Ô¹ÿH…°‰L$`‰MH‹OXH‰D$XHE°LL$@E3À3ÒÇD$@hH‰Eˆÿ¿ÂH‹K0H…Ét
è1ÍHƒc0HM°è‡ÝH‰C0èú*Hƒd$8ƒd$0D·D$d‰GtH‹KH•°E3ÉÇD$(Hƒd$ ÿ4ÂH‰CH…À„ ÿÿÿHƒ{@tHH‹KHH…Étè
ÞL‹CHH‹KL‹Èº+ÿÂH‹KPH…ÉtèæÝL‹CPH‹KL‹Èº,ÿèÁ¸Lœ$°I‹[I‹{I‹ã]ÃÌÌÌÌÌÌH‹A`HñüÿÿHƒ ˜H‰PxHÆýÿÿH‰€H˜ýÿÿH‰ˆHâýÿÿH‰HŒýÿÿH‰ HþÿÿH‰A(ÃÌH‹ÄH‰XH‰hH‰p WAVAWHƒì@ƒ`3íE3öI‹øH‹òH…ÒtH!*M…ÀtA!(H!l$0E3ÉE3Àº€ÇD$(€ÇD$ ÿ¿L‹øHƒøÿu
ÿ½‹Øëe3ÒH‹Èÿñ¾‹Ø…Àu
ÿu½‹ØëAH‹Ëè¹ËL‹ðH…ÀuXë,Hƒd$ ‹ÕLL$hIÖD‹ÃI‹Ïÿ°½…Àt
l$h+\$huÖ3ÛI‹ÏÿŸ½…ÛuH…ötL‰6H…ÿt‰/H‹l$pH‹t$x‹ÃH‹\$`HƒÄ@A_A^_ÃÌÌÌÌÌÌÌÌÌH‹ÄH‰XH‰hVWAVHƒì@3ÛA‹øL‹òH‰XØÇ@ЀE3ÉE3Àº@Ç@È‹ó‰X ÿ%¾H‹èHƒøÿu
ÿž¼‹Øë6…ÿt)‹ÖLL$xD‹ÇH‹ÍIÖH‰\$ ÿã¼…Àt
t$x+|$xu×H‹ÍÿܼH‹l$h‹ÃH‹\$`HƒÄ@A^_^ÃÌÌÌ@SHƒì ¹ èŒÊH‹ØH…Àt'Hƒ Hƒ`ƒ`è¦H‰CH…ÀuH‹Ëè3ÀëH‹ÃHƒÄ [ÃÌÌÌÌÌÌÌÌH…Ét_H‰\$WHƒì H‹ùH‹IèÝH‹H…ÉtH‹HƒaHƒ!èØÉH‹ËH…ÛuçH‹OƒgèÏH‹OèvH‹Ïè²ÉH‹\$0HƒÄ _ÃÌÌÌÌÌÌÌH‰\$WHƒì 3ÿH‹ÙH…ÉtH‹IèoH‹K‹{胋ÇH‹\$0HƒÄ _ÃÌÌÌÌÌÌH‰\$H‰t$WHƒì 3ۋòH‹ùH…Éu3Àë9H‹Iè(9wvH‹H…Àt…öt
H‹ÿÎH…ÀuòH…ÀtH‹XH‹OèH‹ÃH‹\$0H‹t$8HƒÄ _ÃÌÌÌÌÌÌÌÌH‰\$H‰t$WHƒì H‹òH‹ÙH…Éu3Àë<H‹Iè¹H‹;ëH…ötH‹OÿÖH‹ÏH‹?è²ÈH…ÿuåH‹KH!{H!;詍GH‹\$0H‹t$8HƒÄ _ÃÌÌÌÌÌÌé×ÌÌÌÌÌÌÌH‰\$WHƒì H‹ÚH‹ùH…Ét8H…Òt3H‹IèAH‹ë	H9ZtH‹H…ÒuòH‹ÏèRH‹O‹Øè;‹Ãë3ÀH‹\$0HƒÄ _ÃÌÌÌÌÌÌH‰\$H‰t$WHƒì 3ۋòH‹ùH…Éu3Àë8H‹IèÜ9wvH‹ë	…ötH‹ÿÎH…Òuòë
H‹Ïèæ‹ØH‹OèÏ‹ÃH‹\$0H‹t$8HƒÄ _ÃÌÌÌÌÌÌÌÌÌH‰\$H‰t$WHƒì H‹òH‹ÙH…Éu3ÀëV¹èÀÇH‹øH…ÀtêHƒ Hƒ`H‰pH‹KèNH‹CH…Àt
H‰8H‹CH‰GëH‰;H‹KÿCH‰{èE¸H‹\$0H‹t$8HƒÄ _ÃÌÌÌÌÌÌÌÌH‰\$WHƒì 3ÿH‹ÙH…Éu3Àë*H‹IèçH‹SH…ÒtH‹zH‹ËèþH‹KèéH‹ÇH‹\$0HƒÄ _ÃÌÌÌÌÌÌÌH‰\$WHƒì 3ÿH‹ÙH…Éu3Àë)H‹Iè“H‹H…ÒtH‹zH‹Ëè«H‹Kè–H‹ÇH‹\$0HƒÄ _ÃÌÌÌÌÌÌÌÌH‹ÄH‰XH‰hH‰pH‰x AVHƒì M‹ðH‹êH‹ñH…Ét@H…Òt;H‹Iè+H‹>3ÛëH‹WI‹ÎÿՅÀu…Ût»H‹?H…ÿuâH‹Nè‹Ãë3ÀH‹\$0H‹l$8H‹t$@H‹|$HHƒÄ A^ÃÌÌÌÌÌÌÌÌHƒì(E3ÒL‹ÊL‹ÁH…ÉtnH…Òti‹AÿÈu	L‰L‰Që?H‹H;ÂuH‹H‰L‰Pë+H‹AH;Âu
H‹@H‰AL‰ëH‹I‹IH‰JI‹QI‹	H‰
AÿHI‹ÉM‰M‰QèoŸë3ÀHƒÄ(ÃÌH‰\$H‰t$WHƒì ‹ñ¹HH‹úè‚ÅH‹ØH…ÀtS3ÒH‹ÈDBHèä˹ÿi»‹Î‰Cÿ^»Hƒc ƒc(‰CH…ÿtL‹ÇºH‹ËèÝ…Àt
H‹Ëèý3ÛH‹t$8H‹ÃH‹\$0HƒÄ _ÃÌÌÌÌÌÌÌÌH‰\$WHƒì@H‹ùè껍K
ƒø
LD$ DÙH‹Ïºèþ…ÀuQH‹T$(‹Ëè*ÿÿÿH‹ØH…Àt=LD$0ºH‹ÏèÔH‹Ë…ÀuL‹D$8ºèBƒ8tH‰_@H‰{@ëèY3ÛH‹ÃH‹\$PHƒÄ@_ÃÌÌÌÌÌÌÌÌÌ@SHƒì ¹Hè\ÄH‹ØH…Àt3ÒH‹ÈDBHè¾ÊHƒc ƒc(H‹ÃHƒÄ [ÃÌÌÌÌÌÌÌÌH…É„’H‰\$WHƒì H‹ÙH‹I H…ÉtD‹C(3ÒèzÊH‹K è¹ÃH‹K0H…Ét?ë'H‹H…ÉtD‹G3ÒèSÊH‹è“ÃH‹Ïè‹ÃH‹K0èfüÿÿH‹øH…ÀuÌH‹K0èeùÿÿ3ÒH‹ËDBHèÊH‹Ëè[ÃH‹\$0HƒÄ _ÃÌÌÌÌÌÌÌÌ@SHƒì E‹H(I‹ØM‹@ è

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2019-01-24-T-19-30-48-01242019.1930-exploitation.pcap.txt - (1679 bytes) - download
1
2
3
4
5
6
7
8
01/12/2018-10:01:59.859302  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.56.234:43531 -> 192.168.56.102:445
01/12/2018-10:02:10.143792  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.56.234:43531 -> 192.168.56.102:445
01/12/2018-10:02:13.317899  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.56.234:80 -> 192.168.56.102:49161
01/12/2018-10:02:13.319109  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.56.234:80 -> 192.168.56.102:49161
01/12/2018-10:02:13.319109  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.234:80 -> 192.168.56.102:49161
01/12/2018-10:02:13.319109  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.234:80 -> 192.168.56.102:49161
01/12/2018-10:02:13.352524  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.56.234:80 -> 192.168.56.102:49161
01/12/2018-10:02:16.240924  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.56.234:36315 -> 192.168.56.102:445


stats.log - (2615 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
------------------------------------------------------------------------------------
Date: 1/24/2019 -- 19:30:48 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 619
decoder.bytes                              | Total                     | 737658
decoder.ipv4                               | Total                     | 617
decoder.ethernet                           | Total                     | 619
decoder.tcp                                | Total                     | 617
decoder.avg_pkt_size                       | Total                     | 1191
decoder.max_pkt_size                       | Total                     | 24874
flow.tcp                                   | Total                     | 26
tcp.sessions                               | Total                     | 26
tcp.syn                                    | Total                     | 26
tcp.synack                                 | Total                     | 26
tcp.rst                                    | Total                     | 22
detect.alert                               | Total                     | 8
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 69
app_layer.flow.smb                         | Total                     | 4
app_layer.flow.dcerpc_tcp                  | Total                     | 2
flow.spare                                 | Total                     | 9994
flow_mgr.flows_checked                     | Total                     | 7
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65529
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077760


eve.json - (50343 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{"timestamp":"2018-01-12T10:01:59.859302+0000","flow_id":1360544835028807,"pcap_cnt":9,"event_type":"alert","src_ip":"192.168.56.234","src_port":43531,"dest_ip":"192.168.56.102","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-01-12T10:02:10.143792+0000","flow_id":1360544835028807,"pcap_cnt":149,"event_type":"alert","src_ip":"192.168.56.234","src_port":43531,"dest_ip":"192.168.56.102","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2018-01-12T10:02:13.317899+0000","flow_id":1902419384734363,"pcap_cnt":269,"event_type":"alert","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49161,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2014819,"rev":3,"signature":"ET INFO Packed Executable Download","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2018-01-12T10:02:13.319109+0000","flow_id":1902419384734363,"pcap_cnt":276,"event_type":"alert","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49161,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2018-01-12T10:02:13.319109+0000","flow_id":1902419384734363,"pcap_cnt":276,"event_type":"alert","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49161,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-01-12T10:02:13.319109+0000","flow_id":1902419384734363,"pcap_cnt":276,"event_type":"alert","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49161,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2021076,"rev":2,"signature":"ET INFO SUSPICIOUS Dotted Quad Host MZ Response","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-01-12T10:02:13.333858+0000","flow_id":1902419384734363,"pcap_cnt":294,"event_type":"http","src_ip":"192.168.56.102","src_port":49161,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bcQmTITl0CI-OpxYIsDw5Gcwwac7N_vg0241-eitpdEeTL7Gi71UnxCbR1C9A1uwX5za9cbawnHGuD","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:13.352524+0000","flow_id":1902419384734363,"pcap_cnt":297,"event_type":"alert","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49161,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2018-01-12T10:02:13.352524+0000","flow_id":1902419384734363,"pcap_cnt":297,"event_type":"fileinfo","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49161,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bcQmTITl0CI-OpxYIsDw5Gcwwac7N_vg0241-eitpdEeTL7Gi71UnxCbR1C9A1uwX5za9cbawnHGuD","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":206937},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bcQmTITl0CI-OpxYIsDw5Gcwwac7N_vg0241-eitpdEeTL7Gi71UnxCbR1C9A1uwX5za9cbawnHGuD","gaps":false,"state":"CLOSED","stored":false,"size":206937,"tx_id":0}}
{"timestamp":"2018-01-12T10:02:15.940406+0000","flow_id":499605756660732,"pcap_cnt":304,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:15.941326+0000","flow_id":499605756660732,"pcap_cnt":305,"event_type":"fileinfo","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49162,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":571},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":571,"tx_id":0}}
{"timestamp":"2018-01-12T10:02:16.028569+0000","flow_id":499605756660732,"pcap_cnt":306,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.032159+0000","flow_id":499605756660732,"pcap_cnt":308,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.044462+0000","flow_id":499605756660732,"pcap_cnt":312,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.044462+0000","flow_id":499605756660732,"pcap_cnt":312,"event_type":"fileinfo","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":423,"tx_id":3}}
{"timestamp":"2018-01-12T10:02:16.045939+0000","flow_id":499605756660732,"pcap_cnt":314,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.046341+0000","flow_id":499605756660732,"pcap_cnt":315,"event_type":"fileinfo","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49162,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":128},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":128,"tx_id":4}}
{"timestamp":"2018-01-12T10:02:16.046664+0000","flow_id":499605756660732,"pcap_cnt":316,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":5,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.047802+0000","flow_id":499605756660732,"pcap_cnt":320,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":6,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.047802+0000","flow_id":499605756660732,"pcap_cnt":320,"event_type":"fileinfo","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":176,"tx_id":6}}
{"timestamp":"2018-01-12T10:02:16.049736+0000","flow_id":499605756660732,"pcap_cnt":322,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":7,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.050150+0000","flow_id":499605756660732,"pcap_cnt":323,"event_type":"fileinfo","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49162,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":144},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":144,"tx_id":7}}
{"timestamp":"2018-01-12T10:02:16.050487+0000","flow_id":499605756660732,"pcap_cnt":324,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":8,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.056109+0000","flow_id":499605756660732,"pcap_cnt":328,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":9,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.056109+0000","flow_id":499605756660732,"pcap_cnt":328,"event_type":"fileinfo","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":160,"tx_id":9}}
{"timestamp":"2018-01-12T10:02:16.060203+0000","flow_id":499605756660732,"pcap_cnt":330,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":10,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.091750+0000","flow_id":499605756660732,"pcap_cnt":332,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":11,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.093226+0000","flow_id":499605756660732,"pcap_cnt":334,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":12,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.093634+0000","flow_id":499605756660732,"pcap_cnt":335,"event_type":"fileinfo","src_ip":"192.168.56.234","src_port":80,"dest_ip":"192.168.56.102","dest_port":49162,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":144},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":144,"tx_id":12}}
{"timestamp":"2018-01-12T10:02:16.094181+0000","flow_id":499605756660732,"pcap_cnt":336,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":13,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.095431+0000","flow_id":499605756660732,"pcap_cnt":340,"event_type":"http","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","tx_id":14,"http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-01-12T10:02:16.095431+0000","flow_id":499605756660732,"pcap_cnt":340,"event_type":"fileinfo","src_ip":"192.168.56.102","src_port":49162,"dest_ip":"192.168.56.234","dest_port":80,"proto":"TCP","http":{"hostname":"192.168.56.234","url":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/octet-stream","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"\/Eg_akWEL9goc5h3kRr6bQgEaHeSOxDH-0KEpghX4PJ3KT2ZYmSNfl\/","gaps":false,"state":"CLOSED","stored":false,"size":160,"tx_id":14}}
{"timestamp":"2018-01-12T10:02:16.107217+0000","flow_i

This file has been truncated. Go here to download in full.


keyword_perf.log - (12460 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/24/2019 -- 19:30:48
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            81572           24              24              11877           3398.00         3398.00         0.00           
  flow             8012544         1574            1574            2895968         5090.00         5090.00         0.00           
  threshold        161083          31              0               24684           5196.00         0.00            5196.00        
  content          12347302        2606            1054            311672          4738.00         5028.00         4540.00        
  pcre             1436403         290             146             38088           4953.00         5400.00         4499.00        
  byte_test        203098          60              27              5748            3384.00         3145.00         3580.00        
  byte_jump        154853          45              23              5674            3441.00         3458.00         3423.00        
  isdataat         2638            1               1               2638            2638.00         2638.00         0.00           
  flowbits         749245          205             99              77444           3654.00         3453.00         3843.00        
  byte_extract     8719            2               2               4792            4359.00         4359.00         0.00           
  asn1             52524           2               0               26866           26262.00        0.00            26262.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            81572           24              24              11877           3398.00         3398.00         0.00           
  flow             8012544         1574            1574            2895968         5090.00         5090.00         0.00           
  flowbits         493208          132             26              77444           3736.00         3300.00         3843.00        
  asn1             52524           2               0               26866           26262.00        0.00            26262.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4340589         769             324             212425          5644.00         6394.00         5098.00        
  pcre             194212          16              9               30124           12138.00        14833.00        8672.00        
  byte_test        203098          60              27              5748            3384.00         3145.00         3580.00        
  byte_jump        126406          38              16              4942            3326.00         3193.00         3423.00        
  isdataat         2638            1               1               2638            2638.00         2638.00         0.00           
  byte_extract     8719            2               2               4792            4359.00         4359.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         256037          73              73              6883            3507.00         3507.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        161083          31              0               24684           5196.00         0.00            5196.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          532712          139             0               16102           3832.00         0.00            3832.00        
  pcre             271088          68              0               22291           3986.00         0.00            3986.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          203627          69              0               3760            2951.00         0.00            2951.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1697140         90              30              311672          18857.00        20529.00        18021.00       
  byte_jump        28447           7               7               5674            4063.00         4063.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5339157         1475            695             39508           3619.00         3732.00         3519.00        
  pcre             971103          206             137             38088           4714.00         4780.00         4582.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          206429          57              0               15542           3621.00         0.00            3621.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5411            1               0               5411            5411.00         0.00            5411.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3991            1               1               3991            3991.00         3991.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4019            1               0               4019            4019.00         0.00            4019.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14227           4               4               4550            3556.00         3556.00         0.00           


IDSDeathBlossom.py.log - (1155 bytes) - download
1
2
3
4
5
6
7
8
2019-01-24 19:30:39,633 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-24 19:30:40,373 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-24 19:30:40,373 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-01-24 19:30:40,374 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-24 19:30:40,374 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-24 19:30:40,374 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/24ef6fd8696eab3895e0cfb2fdeea3a3d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01242019.1930-exploitation.pcap -vvv -k none
2019-01-24 19:30:48,130 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-24 19:30:48,131 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.50547289848