Filename: 2019-01-30-Trickbot-infection-traffic.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 8.93048810959 seconds
Hash: 27c27f6013451b522f979b5a048809f1
Uploaded: 1548925357

Logfiles


packet_stats.log - (12789 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          7077          2659944      648594414     483075356       3418.7b   99.84
 IPv4      17            14         20167933      498795913     379451686          5.3b    0.16
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          7077            66687       16688557        128672        910.6m   90.53
TMM_FLOWWORKER              IPv4      17            14           350010       19762292       1803723         25.3m    2.51
TMM_RECEIVEPCAPFILE         IPv4       6          7067             2545       13828123          4864         34.4m    3.42
TMM_RECEIVEPCAPFILE         IPv4      17            14             2572           9757          3241         45.4k    0.00
TMM_DECODEPCAPFILE          IPv4       6          7067             2654       10838187          5021         35.5m    3.53
TMM_DECODEPCAPFILE          IPv4      17            14             2715          29623          4922         68.9k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          7067             2798         384433          3253         23.0m  2.88  
flow                    IPv4      17            14             2866          11289          4503         63.0k  0.01  
stream                  IPv4       6          7077             2700        6747048          7087         50.2m  6.28  
app-layer               IPv4      17            14             8526          52344         19631        274.8k  0.03  
detect                  IPv4       6          7077            44812       16654127         98914        700.0m  87.64 
detect                  IPv4      17            14           274014         479042        342432          4.8m  0.60  
tcp-prune               IPv4       6          7077             2545          53800          2886         20.4m  2.56  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             9             3479          80758         15038        135.3k  44.47 
tls                     IPv4       6            16             2654           3794          2916         46.7k  15.33 
dns                     IPv4      17            14             3179          38352          8740        122.4k  40.20 
Proto detect            IPv4      17            14             3447          22657          7326        102.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            15            18110         102559         42753        641.3k  2.63  
LOGGER_UNIFIED2             IPv4       6            15            21394         199182         67769          1.0m  4.17  
LOGGER_JSON_ALERT           IPv4       6            15            41191         114858         73636          1.1m  4.53  
LOGGER_JSON_DNS             IPv4      17            14            28912       19192483       1421359         19.9m  81.66 
LOGGER_JSON_HTTP            IPv4       6             7            39343         133276         81626        571.4k  2.34  
LOGGER_JSON_TLS             IPv4       6             8            41892         105956         71221        569.8k  2.34  
LOGGER_JSON_FILE            IPv4       6             7            58440         109165         80924        566.5k  2.32  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           744             2599        9531566         32738        24.4m  30.14 
payload                           IPv4      17            14             7136          50766         17891       250.5k  0.31  
stream                            IPv4       6           744             2545         959108         23108        17.2m  21.27 
http_uri                          IPv4       6             7             7061          21138         12404        86.8k  0.11  
http_request_line                 IPv4       6             7             3680           9217          6017        42.1k  0.05  
http_client_body                  IPv4       6            14             2656         151223         19221       269.1k  0.33  
http_header (request)             IPv4       6             7            13501         100340         45117       315.8k  0.39  
http_header (request trailer)     IPv4       6             7             2623           2836          2684        18.8k  0.02  
http_header_names (request)       IPv4       6             7             7303          22390         15901       111.3k  0.14  
http_accept (request)             IPv4       6             7             3070           4108          3590        25.1k  0.03  
http_referer (request)            IPv4       6             7             2905           3632          3230        22.6k  0.03  
http_content_len (request)        IPv4       6             7             3225           6358          4487        31.4k  0.04  
http_content_type (request)       IPv4       6             7             2936          12565          6643        46.5k  0.06  
http_start (request)              IPv4       6             7             6257          10605          8310        58.2k  0.07  
http_raw_header (request)         IPv4       6            14             3636          10138          7084        99.2k  0.12  
http_method                       IPv4       6             7             3247           7045          5060        35.4k  0.04  
http_cookie (request)             IPv4       6             7             2940           3829          3406        23.8k  0.03  
http_raw_uri                      IPv4       6             7             3636           5527          4668        32.7k  0.04  
http_user_agent                   IPv4       6             7             2912          36753         13860        97.0k  0.12  
http_host                         IPv4       6             7             3518           7697          4782        33.5k  0.04  
dns_query                         IPv4      17             7             3822          20346          9440        66.1k  0.08  
tls_sni                           IPv4       6             9             2614           6645          3384        30.5k  0.04  
http_response_line                IPv4       6             7             5515          31524         11419        79.9k  0.10  
http_header (response)            IPv4       6             7            14299          47606         27374       191.6k  0.24  
http_header (response trailer)    IPv4       6             7             2632           3327          2875        20.1k  0.02  
http_content_type (response)      IPv4       6             7             3079          15910          5163        36.1k  0.04  
http_raw_header (response)        IPv4       6           637             3853          27030          4307         2.7m  3.40  
http_cookie (response)            IPv4       6             7             2955           4356          3380        23.7k  0.03  
http_stat_code                    IPv4       6             7             3104           4273          3817        26.7k  0.03  
tls_cert_issuer                   IPv4       6             8             3737           6826          5771        46.2k  0.06  
tls_cert_subject                  IPv4       6             8             6245          29772         12262        98.1k  0.12  
tls_cert_serial                   IPv4       6             8             3537           6218          5075        40.6k  0.05  
file_data (http response)         IPv4       6           637             2569         798632         53788        34.3m  42.40 
Total                             IPv4                  2991                                         27019        80.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            33             7213          52007         24498        808.4k  0.11  
PROF_DETECT_IPONLY          IPv4      17            14            18632          43680         23630        330.8k  0.05  
PROF_DETECT_RULES           IPv4       6          7077             2530        6095201         13372         94.6m  13.46 
PROF_DETECT_RULES           IPv4      17            14           123042         311300        205794          2.9m  0.41  
PROF_DETECT_STATEFUL_START    IPv4       6           372             5112        6052955         57365         21.3m  3.03  
PROF_DETECT_STATEFUL_CONT    IPv4       6          7077             2536        7514570          7324         51.8m  7.37  
PROF_DETECT_STATEFUL_CONT    IPv4      17            14             3851          35716          6520         91.3k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          7012             2551        5978328          3688         25.9m  3.68  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            14             2634           3410          2834         39.7k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          7077             7876       16578506         33908        240.0m  34.12 
PROF_DETECT_PREFILTER       IPv4      17            14            35088          74739         53337        746.7k  0.11  
PROF_DETECT_PF_PAYLOAD      IPv4       6           744            13601       16536255         86155         64.1m  9.11  
PROF_DETECT_PF_PAYLOAD      IPv4      17            14            12466          56074         24164        338.3k  0.05  
PROF_DETECT_PF_TX           IPv4       6          7012             2583       15147825         12053         84.5m  12.02 
PROF_DETECT_PF_TX           IPv4      17             7             9228          29083         17014        119.1k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6           455             2534          47401          3216          1.5m  0.21  
PROF_DETECT_PF_SORT1        IPv4      17            14             3157          25623          5486         76.8k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6          7077             2518          49895          2711         19.2m  2.73  
PROF_DETECT_PF_SORT2        IPv4      17            14             2754           3833          3100         43.4k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6          7077             2525          47318          2889         20.5m  2.91  
PROF_DETECT_NONMPMLIST      IPv4      17            14             2778           3977          3033         42.5k  0.01  
PROF_DETECT_ALERT           IPv4       6          7077             2527         384621          2792         19.8m  2.81  
PROF_DETECT_ALERT           IPv4      17            14             2533          10063          3331         46.6k  0.01  
PROF_DETECT_CLEANUP         IPv4       6          7077             2560        5613862          3757         26.6m  3.78  
PROF_DETECT_CLEANUP         IPv4      17            14             2825           4866          3291         46.1k  0.01  
PROF_DETECT_GETSGH          IPv4       6          7077             2523        6494370          3942         27.9m  3.97  
PROF_DETECT_GETSGH          IPv4      17            14             5353           6421          5616         78.6k  0.01  


suricata-4.0.0-etopen-all-alert-2019-01-31-T-09-02-46-01312019.0900-2019-01-30-Trickbot-infection-traffic.pcap.txt - (4127 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
01/30/2019-21:03:51.382997  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 37.59.247.21:80 -> 10.1.30.101:49194
01/30/2019-21:03:51.382997  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.59.247.21:80 -> 10.1.30.101:49194
01/30/2019-21:04:05.406223  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 190.14.158.193:449 -> 10.1.30.101:49197
01/30/2019-21:04:10.771347  [**] [1:2021013:6] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 92.38.135.151:447 -> 10.1.30.101:49200
01/30/2019-21:04:59.542845  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 190.14.158.193:449 -> 10.1.30.101:49201
01/30/2019-21:05:01.999394  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 190.14.158.193:449 -> 10.1.30.101:49202
01/30/2019-21:05:22.548371  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.30.101:49203 -> 24.247.181.125:8082
01/30/2019-21:06:07.110045  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.30.101:49204 -> 24.247.181.125:8082
01/30/2019-21:06:10.021646  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.30.101:49205 -> 24.247.181.125:8082
01/30/2019-21:06:30.730375  [**] [1:2021013:6] ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 92.38.135.151:447 -> 10.1.30.101:49206
01/30/2019-21:07:04.819752  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 107.173.104.203:80 -> 10.1.30.101:49207
01/30/2019-21:07:04.819752  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 107.173.104.203:80 -> 10.1.30.101:49207
01/30/2019-21:07:04.819752  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 107.173.104.203:80 -> 10.1.30.101:49207
01/30/2019-21:07:46.268769  [**] [1:2100494:12] GPL ATTACK_RESPONSE command completed [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.30.101:49259 -> 24.247.181.125:8082
01/30/2019-21:08:01.444668  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.30.101:49260 -> 107.173.104.203:80
01/30/2019-21:08:01.603235  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 107.173.104.203:80 -> 10.1.30.101:49260
01/30/2019-21:08:01.603235  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 107.173.104.203:80 -> 10.1.30.101:49260
01/30/2019-21:13:12.661871  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 190.14.158.193:449 -> 10.1.30.101:49536
01/30/2019-21:16:37.641673  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 190.14.158.193:449 -> 10.1.30.101:49537


stats.log - (2469 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
------------------------------------------------------------------------------------
Date: 1/31/2019 -- 09:02:46 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 7081
decoder.bytes                              | Total                     | 6764059
decoder.ipv4                               | Total                     | 7081
decoder.ethernet                           | Total                     | 7081
decoder.tcp                                | Total                     | 7067
decoder.udp                                | Total                     | 14
decoder.avg_pkt_size                       | Total                     | 955
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 17
flow.udp                                   | Total                     | 7
tcp.sessions                               | Total                     | 17
tcp.syn                                    | Total                     | 18
tcp.synack                                 | Total                     | 15
tcp.rst                                    | Total                     | 5
detect.alert                               | Total                     | 19
detect.nonmpm_list                         | Total                     | 1
app_layer.flow.http                        | Total                     | 7
app_layer.tx.http                          | Total                     | 7
app_layer.flow.tls                         | Total                     | 8
app_layer.flow.dns_udp                     | Total                     | 7
app_layer.tx.dns_udp                       | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076032


eve.json - (26676 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{"timestamp":"2019-01-30T21:03:50.794981+0000","flow_id":2103469111910757,"pcap_cnt":1,"event_type":"dns","src_ip":"10.1.30.101","src_port":61297,"dest_ip":"10.1.30.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6097,"rrname":"hy-cosmetics.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-30T21:03:50.821058+0000","flow_id":2103469111910757,"pcap_cnt":2,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":61297,"proto":"UDP","dns":{"type":"answer","id":6097,"rcode":"NOERROR","rrname":"hy-cosmetics.com","rrtype":"A","ttl":6494,"rdata":"37.59.247.21"}}
{"timestamp":"2019-01-30T21:03:51.382997+0000","flow_id":2146704400236252,"pcap_cnt":50,"event_type":"alert","src_ip":"37.59.247.21","src_port":80,"dest_ip":"10.1.30.101","dest_port":49194,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-01-30T21:03:51.382997+0000","flow_id":2146704400236252,"pcap_cnt":50,"event_type":"alert","src_ip":"37.59.247.21","src_port":80,"dest_ip":"10.1.30.101","dest_port":49194,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-01-30T21:03:51.783811+0000","flow_id":2146704400236252,"pcap_cnt":222,"event_type":"http","src_ip":"10.1.30.101","src_port":49194,"dest_ip":"37.59.247.21","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"hy-cosmetics.com","url":"\/pro.ime"}}
{"timestamp":"2019-01-30T21:04:05.396575+0000","flow_id":1002108501584134,"pcap_cnt":231,"event_type":"tls","src_ip":"10.1.30.101","src_port":49197,"dest_ip":"190.14.158.193","dest_port":449,"proto":"TCP","tls":{"subject":"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd","issuerdn":"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"}}
{"timestamp":"2019-01-30T21:04:05.406223+0000","flow_id":1002108501584134,"pcap_cnt":233,"event_type":"alert","src_ip":"190.14.158.193","src_port":449,"dest_ip":"10.1.30.101","dest_port":49197,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2011540,"rev":6,"signature":"ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)","category":"Not Suspicious Traffic","severity":3},"app_proto":"tls"}
{"timestamp":"2019-01-30T21:04:07.660901+0000","flow_id":1562253841601957,"pcap_cnt":239,"event_type":"dns","src_ip":"10.1.30.101","src_port":58156,"dest_ip":"10.1.30.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53857,"rrname":"api.ipify.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"api.ipify.org","rrtype":"CNAME","ttl":200,"rdata":"nagano-19599.herokussl.com"}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"nagano-19599.herokussl.com","rrtype":"CNAME","ttl":3058,"rdata":"elb097307-934924932.us-east-1.elb.amazonaws.com"}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"elb097307-934924932.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"107.22.215.20"}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"elb097307-934924932.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"54.243.123.39"}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"elb097307-934924932.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"50.16.248.221"}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"elb097307-934924932.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"50.19.247.198"}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"elb097307-934924932.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"54.204.36.156"}}
{"timestamp":"2019-01-30T21:04:07.690476+0000","flow_id":1562253841601957,"pcap_cnt":240,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":58156,"proto":"UDP","dns":{"type":"answer","id":53857,"rcode":"NOERROR","rrname":"elb097307-934924932.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"23.21.121.219"}}
{"timestamp":"2019-01-30T21:04:08.783070+0000","flow_id":1454321313484534,"pcap_cnt":254,"event_type":"tls","src_ip":"10.1.30.101","src_port":49199,"dest_ip":"107.22.215.20","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.ipify.org","issuerdn":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA"}}
{"timestamp":"2019-01-30T21:04:10.762620+0000","flow_id":1122990356562296,"pcap_cnt":273,"event_type":"tls","src_ip":"10.1.30.101","src_port":49200,"dest_ip":"92.38.135.151","dest_port":447,"proto":"TCP","tls":{"subject":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","issuerdn":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com"}}
{"timestamp":"2019-01-30T21:04:10.771347+0000","flow_id":1122990356562296,"pcap_cnt":275,"event_type":"alert","src_ip":"92.38.135.151","src_port":447,"dest_ip":"10.1.30.101","dest_port":49200,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2021013,"rev":6,"signature":"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-01-30T21:04:59.535170+0000","flow_id":127041130808202,"pcap_cnt":2942,"event_type":"tls","src_ip":"10.1.30.101","src_port":49201,"dest_ip":"190.14.158.193","dest_port":449,"proto":"TCP","tls":{"subject":"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd","issuerdn":"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"}}
{"timestamp":"2019-01-30T21:04:59.542845+0000","flow_id":127041130808202,"pcap_cnt":2944,"event_type":"alert","src_ip":"190.14.158.193","src_port":449,"dest_ip":"10.1.30.101","dest_port":49201,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2011540,"rev":6,"signature":"ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)","category":"Not Suspicious Traffic","severity":3},"app_proto":"tls"}
{"timestamp":"2019-01-30T21:05:01.993038+0000","flow_id":610504124689501,"pcap_cnt":2968,"event_type":"tls","src_ip":"10.1.30.101","src_port":49202,"dest_ip":"190.14.158.193","dest_port":449,"proto":"TCP","tls":{"subject":"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd","issuerdn":"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"}}
{"timestamp":"2019-01-30T21:05:01.999394+0000","flow_id":610504124689501,"pcap_cnt":2970,"event_type":"alert","src_ip":"190.14.158.193","src_port":449,"dest_ip":"10.1.30.101","dest_port":49202,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2011540,"rev":6,"signature":"ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)","category":"Not Suspicious Traffic","severity":3},"app_proto":"tls"}
{"timestamp":"2019-01-30T21:05:22.548371+0000","flow_id":123955198432100,"pcap_cnt":3158,"event_type":"alert","src_ip":"10.1.30.101","src_port":49203,"dest_ip":"24.247.181.125","dest_port":8082,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018358,"rev":7,"signature":"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-01-30T21:05:22.548371+0000","flow_id":123955198432100,"pcap_cnt":3158,"event_type":"http","src_ip":"10.1.30.101","src_port":49203,"dest_ip":"24.247.181.125","dest_port":8082,"proto":"TCP","tx_id":0,"http":{"hostname":"24.247.181.125","url":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/81\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-01-30T21:05:22.548600+0000","flow_id":123955198432100,"pcap_cnt":3160,"event_type":"fileinfo","src_ip":"24.247.181.125","src_port":8082,"dest_ip":"10.1.30.101","dest_port":49203,"proto":"TCP","http":{"hostname":"24.247.181.125","url":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/81\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3},"app_proto":"http","fileinfo":{"filename":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/81\/","gaps":false,"state":"CLOSED","stored":false,"size":3,"tx_id":0}}
{"timestamp":"2019-01-30T21:06:07.110045+0000","flow_id":727604264844715,"pcap_cnt":3243,"event_type":"alert","src_ip":"10.1.30.101","src_port":49204,"dest_ip":"24.247.181.125","dest_port":8082,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018358,"rev":7,"signature":"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-01-30T21:06:07.110045+0000","flow_id":727604264844715,"pcap_cnt":3243,"event_type":"http","src_ip":"10.1.30.101","src_port":49204,"dest_ip":"24.247.181.125","dest_port":8082,"proto":"TCP","tx_id":0,"http":{"hostname":"24.247.181.125","url":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/83\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-01-30T21:06:07.110317+0000","flow_id":727604264844715,"pcap_cnt":3245,"event_type":"fileinfo","src_ip":"24.247.181.125","src_port":8082,"dest_ip":"10.1.30.101","dest_port":49204,"proto":"TCP","http":{"hostname":"24.247.181.125","url":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/83\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3},"app_proto":"http","fileinfo":{"filename":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/83\/","gaps":false,"state":"CLOSED","stored":false,"size":3,"tx_id":0}}
{"timestamp":"2019-01-30T21:06:10.021646+0000","flow_id":1229591452655348,"pcap_cnt":3265,"event_type":"alert","src_ip":"10.1.30.101","src_port":49205,"dest_ip":"24.247.181.125","dest_port":8082,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018358,"rev":7,"signature":"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-01-30T21:06:10.021646+0000","flow_id":1229591452655348,"pcap_cnt":3265,"event_type":"http","src_ip":"10.1.30.101","src_port":49205,"dest_ip":"24.247.181.125","dest_port":8082,"proto":"TCP","tx_id":0,"http":{"hostname":"24.247.181.125","url":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/81\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain"}}
{"timestamp":"2019-01-30T21:06:10.021854+0000","flow_id":1229591452655348,"pcap_cnt":3267,"event_type":"fileinfo","src_ip":"24.247.181.125","src_port":8082,"dest_ip":"10.1.30.101","dest_port":49205,"proto":"TCP","http":{"hostname":"24.247.181.125","url":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/81\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident\/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3},"app_proto":"http","fileinfo":{"filename":"\/ser0130us\/BRONSON-PC_W617601.9A539CBEA91F2D8402D649FD6638406A\/81\/","gaps":false,"state":"CLOSED","stored":false,"size":3,"tx_id":0}}
{"timestamp":"2019-01-30T21:06:28.324763+0000","flow_id":276574718194843,"pcap_cnt":3276,"event_type":"dns","src_ip":"10.1.30.101","src_port":59778,"dest_ip":"10.1.30.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64962,"rrname":"112.146.66.173.zen.spamhaus.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-30T21:06:28.355809+0000","flow_id":276574718194843,"pcap_cnt":3277,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":59778,"proto":"UDP","dns":{"type":"answer","id":64962,"rcode":"NXDOMAIN","rrname":"112.146.66.173.zen.spamhaus.org"}}
{"timestamp":"2019-01-30T21:06:28.355809+0000","flow_id":276574718194843,"pcap_cnt":3277,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":59778,"proto":"UDP","dns":{"type":"answer","id":64962,"rcode":"NXDOMAIN","rrname":"zen.spamhaus.org","rrtype":"SOA","ttl":10}}
{"timestamp":"2019-01-30T21:06:28.356445+0000","flow_id":1457035742048349,"pcap_cnt":3278,"event_type":"dns","src_ip":"10.1.30.101","src_port":50548,"dest_ip":"10.1.30.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32949,"rrname":"112.146.66.173.cbl.abuseat.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-30T21:06:28.402791+0000","flow_id":1457035742048349,"pcap_cnt":3279,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":50548,"proto":"UDP","dns":{"type":"answer","id":32949,"rcode":"NXDOMAIN","rrname":"112.146.66.173.cbl.abuseat.org"}}
{"timestamp":"2019-01-30T21:06:28.402791+0000","flow_id":1457035742048349,"pcap_cnt":3279,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":50548,"proto":"UDP","dns":{"type":"answer","id":32949,"rcode":"NXDOMAIN","rrname":"cbl.abuseat.org","rrtype":"SOA","ttl":600}}
{"timestamp":"2019-01-30T21:06:28.403530+0000","flow_id":1843161891874890,"pcap_cnt":3280,"event_type":"dns","src_ip":"10.1.30.101","src_port":60958,"dest_ip":"10.1.30.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5307,"rrname":"112.146.66.173.b.barracudacentral.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-30T21:06:28.444985+0000","flow_id":1843161891874890,"pcap_cnt":3281,"event_type":"dns","src_ip":"10.1.30.1","src_port":53,"dest_ip":"10.1.30.101","dest_port":60958,"proto":"UDP","dns":{"type":"answer","id":5307,"rcode":"NXDOMAIN","rrname":"112.146.66.173.b.barracudacentral.org"}}
{"timestamp":"2019-01-30T21:06:28.445553+0000","flo

This file has been truncated. Go here to download in full.


keyword_perf.log - (15334 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/31/2019 -- 09:02:46
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            8771            3               3               3627            2923.00         2923.00         0.00           
  dsize            12535           4               4               3439            3133.00         3133.00         0.00           
  flow             5543716         1234            1234            1782301         4492.00         4492.00         0.00           
  threshold        21242           4               1               7776            5310.00         7476.00         4588.00        
  content          19917279        1622            696             5991346         12279.00        16900.00        8805.00        
  pcre             679755          146             63              29558           4655.00         4270.00         4948.00        
  byte_test        338745          117             81              6326            2895.00         2960.00         2748.00        
  byte_jump        169135          57              50              4542            2967.00         2909.00         3381.00        
  isdataat         32601           12              3               3014            2716.00         2630.00         2745.00        
  flowbits         1213305         421             51              15346           2881.00         3360.00         2815.00        
  urilen           107075          31              10              15864           3454.00         3144.00         3601.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            8771            3               3               3627            2923.00         2923.00         0.00           
  dsize            12535           4               4               3439            3133.00         3133.00         0.00           
  flow             5543716         1234            1234            1782301         4492.00         4492.00         0.00           
  flowbits         1142711         404             34              15346           2828.00         2965.00         2815.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4503577         794             340             146458          5672.00         3883.00         7011.00        
  pcre             402760          93              44              29558           4330.00         3869.00         4744.00        
  byte_test        338745          117             81              6326            2895.00         2960.00         2748.00        
  byte_jump        110547          37              30              4542            2987.00         2895.00         3381.00        
  isdataat         32601           12              3               3014            2716.00         2630.00         2745.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         70594           17              17              6609            4152.00         4152.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        21242           4               1               7776            5310.00         7476.00         4588.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          201302          51              10              27428           3947.00         3780.00         3987.00        
  pcre             125915          26              1               12155           4842.00         4843.00         4842.00        
  urilen           107075          31              10              15864           3454.00         3144.00         3601.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          100118          18              9               21547           5562.00         4110.00         7013.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21247           7               0               3323            3035.00         0.00            3035.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13872262        454             116             5991346         30555.00        81262.00        13153.00       
  byte_jump        58588           20              20              3700            2929.00         2929.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          791438          185             146             65184           4278.00         4422.00         3737.00        
  pcre             133751          24              18              10794           5572.00         5218.00         6637.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          84548           23              13              4430            3676.00         3641.00         3720.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11310           3               3               4097            3770.00         3770.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11483           3               0               3964            3827.00         0.00            3827.00        
  pcre             17329           3               0               7284            5776.00         0.00            5776.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          51250           12              9               14299           4270.00         4483.00         3633.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          218606          58              39              14910           3769.00         4026.00         3241.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10495           3               0               3853            3498.00         0.00            3498.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          20404           6               6               4061            3400.00         3400.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19239           5               5               4951            3847.00         3847.00         0.00           


suricata-report-2019-01-31-T-09-02-46-01312019.0900-2019-01-30-Trickbot-infection-traffic.pcap.txt - (18130 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/27c27f6013451b522f979b5a048809f1d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01312019.0900-2019-01-30-Trickbot-infection-traffic.pcap -vvv -k none
elapsedtime:8.032675
stderr:
stdout:
31/1/2019 -- 09:02:38 - <Info> - Configuration node 'rule-files' redefined.
31/1/2019 -- 09:02:38 - <Notice> - This is Suricata version 4.0.0 RELEASE
31/1/2019 -- 09:02:38 - <Info> - CPUs/cores online: 1
31/1/2019 -- 09:02:38 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33625 and 'request-body-inspect-window' set to 16047 after randomization.
31/1/2019 -- 09:02:38 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33001 and 'response-body-inspect-window' set to 16966 after randomization.
31/1/2019 -- 09:02:38 - <Config> - DNS request flood protection level: 500
31/1/2019 -- 09:02:38 - <Config> - DNS per flow memcap (state-memcap): 524288
31/1/2019 -- 09:02:38 - <Config> - DNS global memcap: 16777216
31/1/2019 -- 09:02:38 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
31/1/2019 -- 09:02:38 - <Config> - preallocated 1000 hosts of size 136
31/1/2019 -- 09:02:38 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
31/1/2019 -- 09:02:38 - <Config> - using magic-file /usr/share/file/magic
31/1/2019 -- 09:02:38 - <Config> - Core dump size is unlimited.
31/1/2019 -- 09:02:38 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
31/1/2019 -- 09:02:38 - <Config> - preallocated 1000 defrag trackers of size 168
31/1/2019 -- 09:02:38 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
31/1/2019 -- 09:02:38 - <Config> - stream "prealloc-sessions": 2048 (per thread)
31/1/2019 -- 09:02:38 - <Config> - stream "memcap": 33554432
31/1/2019 -- 09:02:38 - <Config> - stream "midstream" session pickups: disabled
31/1/2019 -- 09:02:38 - <Config> - stream "async-oneside": disabled
31/1/2019 -- 09:02:38 - <Config> - stream "checksum-validation": disabled
31/1/2019 -- 09:02:38 - <Config> - stream."inline": disabled
31/1/2019 -- 09:02:38 - <Config> - stream "bypass": disabled
31/1/2019 -- 09:02:38 - <Config> - stream "max-synack-queued": 5
31/1/2019 -- 09:02:38 - <Config> - stream.reassembly "memcap": 134217728
31/1/2019 -- 09:02:38 - <Config> - stream.reassembly "depth": 0
31/1/2019 -- 09:02:38 - <Config> - stream.reassembly "toserver-chunk-size": 2672
31/1/2019 -- 09:02:38 - <Config> - stream.reassembly "toclient-chunk-size": 2660
31/1/2019 -- 09:02:38 - <Config> - stream.reassembly.raw: enabled
31/1/2019 -- 09:02:38 - <Config> - stream.reassembly "segment-prealloc": 2048
31/1/2019 -- 09:02:38 - <Config> - Delayed detect disabled
31/1/2019 -- 09:02:38 - <Config> - pattern matchers: MPM: ac, SPM: bm
31/1/2019 -- 09:02:38 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
31/1/2019 -- 09:02:38 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
31/1/2019 -- 09:02:38 - <Config> - prefilter engines: MPM
31/1/2019 -- 09:02:38 - <Config> - IP reputation disabled
31/1/2019 -- 09:02:38 - <Perf> - Registered 148 keyword profiling counters.
31/1/2019 -- 09:02:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
31/1/2019 -- 09:02:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
31/1/2019 -- 09:02:38 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
31/1/2019 -- 09:02:39 - <Config> - No rules loaded from ET-emerging-icmp.rules.
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
31/1/2019 -- 09:02:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
31/1/2019 -- 09:02:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
31/1/2019 -- 09:02:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
31/1/2019 -- 09:02:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
31/1/2019 -- 09:02:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
31/1/2019 -- 09:02:42 - <Config> - No rules loaded from local.rules.
31/1/2019 -- 09:02:42 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
31/1/2019 -- 09:02:42 - <Info> - Threshold config parsed: 0 rule(s) found
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for tcp-packet
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for tcp-stream
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for udp-packet
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for other-ip
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_uri
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_request_line
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_client_body
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_response_line
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_header
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_header
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_header_names
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_header_names
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_accept
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_accept_enc
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_accept_lang
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_referer
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_connection
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_content_len
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_content_len
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_content_type
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_content_type
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_protocol
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_protocol
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_start
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_start
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_raw_header
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_raw_header
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_method
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_cookie
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_cookie
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_raw_uri
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_user_agent
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_host
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_raw_host
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_stat_msg
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_stat_code
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for dns_query
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for tls_sni
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for tls_cert_issuer
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for tls_cert_subject
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for tls_cert_serial
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for dce_stub_data
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for dce_stub_data
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for ssh_protocol
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for ssh_protocol
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for ssh_software
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for ssh_software
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for file_data
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for file_data
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_request_line
31/1/2019 -- 09:02:42 - <Perf> - using shared mpm ctx' for http_response_line
31/1/2019 -- 09:02:42 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
31/1/2019 -- 09:02:42 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
31/1/2019 -- 09:02:42 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
31/1/2019 -- 09:02:42 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
31/1/2019 -- 09:02:42 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
31/1/2019 -- 09:02:42 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
31/1/2019 -- 09:02:42 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
31/1/2019 -- 09:02:42 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
31/1/2019 -- 09:02:43 - <Perf> - Unique rule groups: 111
31/1/2019 -- 09:02:43 - <Perf> - Builtin MPM "toserver TCP packet": 31
31/1/2019 -- 09:02:43 - <Perf> - Builtin MPM "toclient TCP packet": 20
31/1/2019 -- 09:02:43 - <Perf> - Builtin MPM "toserver TCP stream": 31
31/1/2019 -- 09:02:43 - <Perf> - Builtin MPM "toclient TCP stream": 21
31/1/2019 -- 09:02:43 - <Perf> - Builtin MPM "toserver UDP packet": 33
31/1/2019 -- 09:02:43 - <Perf> - Builtin MPM "toclient UDP packet": 15
31/1/2019 -- 09:02:43 - <Perf> - Builtin MPM "other IP packet": 2
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_uri": 8
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_request_line": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_client_body": 6
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient http_response_line": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_header": 6
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient http_header": 3
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_header_names": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_accept": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_referer": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_content_len": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_content_type": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient http_content_type": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_start": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_method": 3
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_cookie": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient http_cookie": 2
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver http_host": 2
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver dns_query": 4
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver tls_sni": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toserver file_data": 1
31/1/2019 -- 09:02:43 - <Perf> - AppLayer MPM "toclient file_data": 5
31/1/2019 -- 09:02:44 - <Perf> - Registered 18241 rule profiling counters.
31/1/2019 -- 09:02:44 - <Info> - fast output device (regular) initialized: alert
31/1/2019 -- 09:02:44 - <Info> - eve-log output device (regular) initialized: eve.json
31/1/2019 -- 09:02:44 - <Config> - enabling 'eve-log' module 'alert'
31/1/2019 -- 09:02:44 - <Config> - enabling 'eve-log' module 'http'
31/1/2019 -- 09:02:44 - <Config> - enabling 'eve-log' module 'dns'
31/1/2019 -- 09:02:44 - <Config> - enabling 'eve-log' module 'tls'
31/1/2019 -- 09:02:44 - <Config> - enabling 'eve-log' module 'files'
31/1/2019 -- 09:02:44 - <Config> - enabling 'eve-log' module 'ssh'
31/1/2019 -- 09:02:44 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
31/1/2019

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1180 bytes) - download
1
2
3
4
5
6
7
8
2019-01-31 09:02:37,375 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-31 09:02:38,095 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-31 09:02:38,096 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-01-31 09:02:38,096 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-31 09:02:38,096 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-31 09:02:38,096 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/27c27f6013451b522f979b5a048809f1d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01312019.0900-2019-01-30-Trickbot-infection-traffic.pcap -vvv -k none
2019-01-31 09:02:46,131 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-31 09:02:46,132 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.76472496986


suricata-4.0.0-etopen-all-perf.txt-2019-01-31-T-09-02-46-01312019.0900-2019-01-30-Trickbot-infection-traffic.pcap.txt - (39382 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/31/2019 -- 09:02:46. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020865      1        3        10234240     15.71  32       0        6063858     319820.00   0.00        319820.00  
  2        2018636      1        2        5578207      8.56   1        0        5578207     5578207.00  0.00        5578207.00 
  3        2016537      1        2        5550003      8.52   243      2        1794340     22839.52    82298.50    22346.08   
  4        2016855      1        2        670283       1.03   3        0        250044      223427.67   0.00        223427.67  
  5        2018342      1        2        1273841      1.96   10       0        206127      127384.10   0.00        127384.10  
  6        2022797      1        2        1340238      2.06   11       0        205218      121839.82   0.00        121839.82  
  7        2016854      1        3        519508       0.80   3        0        181616      173169.33   0.00        173169.33  
  8        2021749      1        6        248504       0.38   4        0        171546      62126.00    0.00        62126.00   
  9        2023476      1        5        749692       1.15   7        0        154551      107098.86   0.00        107098.86  
  10       2008575      1        5        4045976      6.21   553      0        152847      7316.41     0.00        7316.41    
  11       2021375      1        2        577945       0.89   5        0        146648      115589.00   0.00        115589.00  
  12       2019715      1        2        809821       1.24   11       0        122535      73620.09    0.00        73620.09   
  13       2011894      1        19       184623       0.28   3        0        109861      61541.00    0.00        61541.00   
  14       2018358      1        7        321407       0.49   6        3        96522       53567.83    17923.33    89212.33   
  15       2021013      1        6        166845       0.26   2        2        95169       83422.50    83422.50    0.00       
  16       2023670      1        3        201145       0.31   6        3        91615       33524.17    11859.00    55189.33   
  17       2019832      1        4        376035       0.58   5        0        86403       75207.00    0.00        75207.00   
  18       2021068      1        2        190094       0.29   4        3        81168       47523.50    51028.33    37009.00   
  19       2018005      1        6        488609       0.75   9        0        79034       54289.89    0.00        54289.89   
  20       2022627      1        12       352645       0.54   7        0        70766       50377.86    0.00        50377.86   
  21       2022198      1        2        223913       0.34   4        0        67634       55978.25    0.00        55978.25   
  22       2021946      1        2        279276       0.43   5        0        67126       55855.20    0.00        55855.20   
  23       2008438      1        20       153561       0.24   3        0        63440       51187.00    0.00        51187.00   
  24       2023315      1        2        138320       0.21   3        0        62613       46106.67    0.00        46106.67   
  25       2014819      1        3        175455       0.27   3        0        61215       58485.00    0.00        58485.00   
  26       2022220      1        2        140358       0.22   3        0        60464       46786.00    0.00        46786.00   
  27       2022987      1        3        104938       0.16   2        0        60088       52469.00    0.00        52469.00   
  28       2022535      1        11       347894       0.53   7        0        59569       49699.14    0.00        49699.14   
  29       2014353      1        6        149882       0.23   3        0        59296       49960.67    0.00        49960.67   
  30       2009909      1        10       136366       0.21   3        0        53365       45455.33    0.00        45455.33   
  31       2021067      1        2        90164        0.14   2        2        53357       45082.00    45082.00    0.00       
  32       2016858      1        10       107789       0.17   3        0        53301       35929.67    0.00        35929.67   
  33       2018959      1        3        155831       0.24   3        3        53032       51943.67    51943.67    0.00       
  34       2023711      1        2        126575       0.19   3        0        52385       42191.67    0.00        42191.67   
  35       2018241      1        2        150524       0.23   3        0        51998       50174.67    0.00        50174.67   
  36       2025119      1        3        50761        0.08   1        0        50761       50761.00    0.00        50761.00   
  37       2019141      1        3        115796       0.18   3        0        49368       38598.67    0.00        38598.67   
  38       2013352      1        4        140868       0.22   3        0        47727       46956.00    0.00        46956.00   
  39       2024565      1        3        129354       0.20   4        0        46574       32338.50    0.00        32338.50   
  40       2018457      1        1        53174        0.08   3        0        45878       17724.67    0.00        17724.67   
  41       2022339      1        2        126552       0.19   3        0        45813       42184.00    0.00        42184.00   
  42       2009897      1        14       131507       0.20   3        0        45165       43835.67    0.00        43835.67   
  43       2021556      1        2        126952       0.19   4        0        44721       31738.00    0.00        31738.00   
  44       2018958      1        18       125904       0.19   3        0        44018       41968.00    0.00        41968.00   
  45       2020388      1        8        128353       0.20   3        0        43837       42784.33    0.00        42784.33   
  46       2025441      1        2        43325        0.07   1        0        43325       43325.00    0.00        43325.00   
  47       2022502      1        4        122797       0.19   3        0        43170       40932.33    0.00        40932.33   
  48       2020741      1        1        133552       0.21   4        0        43000       33388.00    0.00        33388.00   
  49       2019344      1        5        102860       0.16   3        0        42938       34286.67    0.00        34286.67   
  50       2009028      1        11       124206       0.19   3        0        42126       41402.00    0.00        41402.00   
  51       2023083      1        2        41610        0.06   1        0        41610       41610.00    0.00        41610.00   
  52       2017613      1        9        112354       0.17   3        0        41578       37451.33    0.00        37451.33   
  53       2018242      1        5        105902       0.16   3        0        41288       35300.67    0.00        35300.67   
  54       2013441      1        9        121746       0.19   3        0        40864       40582.00    0.00        40582.00   
  55       2012707      1        5        170890       0.26   7        0        40731       24412.86    0.00        24412.86   
  56       2019345      1        2        1135552      1.74   79       0        40680       14374.08    0.00        14374.08   
  57       2012969      1        2        40236        0.06   1        0        40236       40236.00    0.00        40236.00   
  58       2018055      1        3        122521       0.19   4        0        39980       30630.25    0.00        30630.25   
  59       2018789      1        3        81805        0.13   4        0        39770       20451.25    0.00        20451.25   
  60       2012612      1        16       125774       0.19   5        0        39455       25154.80    0.00        25154.80   
  61       2014956      1        1        432645       0.66   33       0        39356       13110.45    0.00        13110.45   
  62       2019000      1        3        38689        0.06   1        0        38689       38689.00    0.00        38689.00   
  63       2008276      1        15       38650        0.06   1        1        38650       38650.00    38650.00    0.00       
  64       2014471      1        6        113616       0.17   3        0        38248       37872.00    0.00        37872.00   
  65       2025064      1        5        104591       0.16   3        0        38133       34863.67    0.00        34863.67   
  66       2024771      1        1        3019003      4.63   633      0        38127       4769.36     0.00        4769.36    
  67       2023875      1        2        106382       0.16   3        0        37925       35460.67    0.00        35460.67   
  68       2022609      1        2        104307       0.16   3        0        37762       34769.00    0.00        34769.00   
  69       2009702      1        5        203962       0.31   14       0        37641       14568.71    0.00        14568.71   
  70       2018981      1        4        95793        0.15   3        0        37584       31931.00    0.00        31931.00   
  71       2019881      1        3        89290        0.14   3        0        36882       29763.33    0.00        29763.33   
  72       2018316      1        4        125918       0.19   4        0        35745       31479.50    0.00        31479.50   
  73       2021076      1        2        84359        0.13   3        2        35415       28119.67    34550.50    15258.00   
  74       2018452      1        15       101412       0.16   3        0        35396       33804.00    0.00        33804.00   
  75       2020569      1        1        104176       0.16   3        0        35355       34725.33    0.00        34725.33   
  76       2016538      1        3        78056        0.12   3        2        35271       26018.67    34413.00    9230.00    
  77       2018010      1        5        75323        0.12   3        0        35051       25107.67    0.00        25107.67   
  78       2018982      1        2        103564       0.16   3        0        34663       34521.33    0.00        34521.33   
  79       2025178      1        2        34288        0.05   1        0        34288       34288.00    0.00        34288.00   
  80       2020496      1        2        34152        0.05   1        0        34152       34152.00    0.00        34152.00   
  81       2022050      1        3        100667       0.15   3        0        33922       33555.67    0.00        33555.67   
  82       2022503      1        2        100213       0.15   3        0        33918       33404.33    0.00        33404.33   
  83       2022080      1        1        119368       0.18   4        4        33800       29842.00    29842.00    0.00       
  84       2018666      1        4        121453       0.19   4        0        33793       30363.25    0.00        30363.25   
  85       2011457      1        8        94021        0.14   3        0        33345       31340.33    0.00        31340.33   
  86       2020742      1        1        118657       0.18   4        0        32211       29664.25    0.00        29664.25   
  87       2019230      1        2        68635        0.11   4        0        32086       17158.75    0.00        17158.75   
  88       2024829      1        2        843872       1.30   43       0        32058       19624.93    0.00        19624.93   
  89       2013672      1        3        114463       0.18   4        0        31607       28615.75    0.00        28615.75   
  90       2022207      1        4        86092        0.13   3        0        31266       28697.33    0.00        28697.33   
  91       2022552      1        2        667830       1.03   34       0        31172       19642.06    0.00        19642.06   
  92       2103158      1        6        114820       0.18   31       0        30917       3703.87     0.00        3703.87    
  93       2017552      1        6        3460623      5.31   248      0        30683       13954.12    0.00        13954.12   
  94       2022653      1        2        60736        0.09   3        0        30407       20245.33    0.00        20245.33   
  95       2019693      1        5        83763        0.13   3        0        29794       27921.00    0.00        27921.00   
  96       2022262      1        3        83854        0.13   3        0        29579       27951.33    0.00        27951.33   
  97       2024767      1        2        82700        0.13   3        0        29511       27566.67    0.00        27566.67   
  98       2018496      1        9        82616        0.13   3        0        29483       27538.67    0.00        27538.67   
  99       2024775      1        1        98984        0.15   25       0        29470       3959.36     0.00        3959.36    
  100      2022147      1        2        56173        0.09   2        0        29152       28086.50    0.00        28086.50   
  101      2025162      1        2        29019        0.04   1        0        29019       29019.00    0.00        29019.00   
  102      2013036      1        7        86005        0.13   3        0        28932       28668.33    0.00        28668.33   
  103      2014519      1        7        260217       0.40   68       0        28848       3826.72     0.00        3826.72    
  104      2013037      1        7        82341        0.13   3        0        28545       27447.00    0.00        27447.00   
  105      2022197      1        3        55846        0.09   2        0        28448       27923.00    0.00        27923.00   
  106      2018983      1        7        81283        0.12   3        0        28245       27094.33    0.00        27094.33   
  107      2011540      1        6        128668       0.20   5        5        28237       25733.60    25733.60    0.00       
  108      2020295      1        6        80332        0.12   3        0        27927       26777.33    0.00        26777.33   
  109      2017748      1        6        364073       0.56   26       0        26783       14002.81    0.00        14002.81   
  110      2023691      1        2        26777        0.04   1        0        26777       26777.00    0.00        26777.00   
  111      2018375      1        3        240942       0.37   18       0        26479       13385.67    0.00        13385.67   
  112      2024778      1        1        374411       0.57   122      0        26457       3068.94     0.00        3068.94    
  113      2100540      1        12       78212        0.12   20       0        25361       3910.60     0.00        3910.60    
  114      2014473      1        5        358375       0.55   26       0        25050       13783.65    0.00        13783.65   
  115      2016112      1        3        475260       0.73   34       0        24288       13978.24    0.00        13978.24   
  116      2014701      1        12       156854       0.24   14       0        23757       11203.86    0.00        11203.86   
  117      2002023      1        16       23361        0.04   1        0        23361       23361.00    0.00        23361.00   
  118      2007943      1        9        23357        0.04   1        0        23357       23357.00    0.00        23357.00   
  119      2024178      1        2        65713        0.10   3        0        23357       21904.33    0.00        21904.33   
  120      2024555      1        7        44901        0.07   2        0        22861       22450.50    0.00        22450.50   
  121      2023217      1        1        22794        0.03   1        0        22794       22794.00    0.00        22794.00   
  122      2024554      1        7        45203        0.07   2        0        22652       22601.50    0.00        22601.50   
  123      2003492      1        30       64333        0.10   3        0        22329       21444.33    0.00        21444.33   
  124      2003657      1        18       62566        0.10   3        0        22178       20855.33    0.00        20855.33   
  125      2022049      1        3        6

This file has been truncated. Go here to download in full.


unified2.alert.1548925364 - (65793 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
4\R7ØΏ!%;÷
ePÀ*N\R7\R7Ø2E$q%;÷
ePÀ*P &‚ù9iyÀNçF…Ò†¶Œ®¬G`‡ ãWOQ!Μ'dŽ#ëA¾mcÒÈ©
zè!ٖߤ'÷P÷Ðæ
Ã=V‡	„è§ìUwð<t¦Ã;I(…ëí1K›”i€du'Q3HÞÌâ@8˜Ý½êÓ+*ô-(›<+r,™›ß$¹$è”ÔÖÙRCK¯4`üªWœïuü•:¨½ú0¼†qÎs[ÀZb îêAÇ­Ÿ(ûWYT«Õ'Y^Jr`°5úJˆ<‚‡¦õ	s4nj2z‹†V.rlRˆè	͉»E°ÌbŠ(šO\µÎ<LU]1*\î?¢Áégb—aøëy½ÇÁk„cöîîá÷áõççÔE¾rîÁ§îÏ77ŒYpëæ|W$¯ô¯¡»Ì~n7­Äö´GL%‘Ð}[ðvàkØdŒ,Ê÷¡\ŽUé°	àOL¤þâKU…-MâØhi÷ºB>›Í$½@÷è8ŠðŸ%õ?*kºÍePÆ 8[5^:4zÝeÕS>8â”æz>aáÄüþ™×ö„ˆÅD‡×#þñ¶9yBÎk^æU´íê
Èì.%h·¢뇟V·±™S¦BWV]
î«ÕåÍîOÄ 
·—,×£=K¿,tNÌËè´€
å!['~x×èh$È jà5
´	õªän߂²S¯Ý˜(­žã+Ռ;®BoÂ>RÄDÇ(ñm` q”‘ÓÏý€@ø{ -‚ž'ä<±ë²Y|fKš®þ%Ñh¼cZgÜ?¢gÂ{eB‚Vµ§§öy2%{ÙUÏkúLÅñâ˜Ö”`žݯéfiý-"NÊêÍÊÔ+5q>ˆ³=½Ñ=ÈibÓè®DÙGs]‡0ÖʛcsJKsæŸÓVG„ÜdãÆõo›_‚ð©T™HVn±¾Ç•VÙ§1mçãñ°-2Ô SŒè	‹1ç™Í¯ÊIèNˆð6ädY㌉
Cµ(+á+<ÊnúÀ®‹ó ›pm0Æg*t؎ø<Ëoî¾QuFkÑ·Ý\ûSnTÝÂè±úgà-h ¼HÓE¿0Ÿa«óL'é´Üꯅ6uèù¸¢r‰ÔûΔ™—cL÷ᵔ’Yòä8Ö¿ÖÅ_¥ÇnÃcÞ)S¢:#meåë„Iiºs*ðÒ¼9)Xß6	ÑísÆy‚ŒGʁ&»¥\l‘¹!4܉­Å83;²…øÔËKg}xPC¦֟1,®>€Ç
*Êe
=H†«(/
­Ï"	ôºeŸÏÑS¯tœVü¹ï“¥¤-8½z2ð-¢âè÷ZÐeùÈ~ˆÈal̈Ò
„ñ”î(˜Mjœ}:Ѫ
´L‡9&Ìô"ÞE-o$\’xAð^gÿ՝ÞâVeiDÜÂËw¡f¹/‘:ÑW‘ƒwèMíÿ˜™+ýN絎ÎÝÂònǏOËÐ÷h÷Bù2ØÖýTÇí¾²cß|Ua€’
¼»:oìW4Õ×Õ§ký Ÿé¤/LQQ43ÌÎcóPLeq`ÒÛÍP-Dª£Ë†ðùĚmn8¹æ¿ÖëæÀ¶icZ†/H¸,î¢ëß²šK´¦*еgÅ®Ò~—hÀÈ»üÐkꆳöÎ6l0Çð¬+)	
m’±sºC-C÷ŒÅYÍ7¿N\R7\R7Ø2E$q%;÷
ePÀ*Pc*GÈøۏ¡J?ãW$Äɵ‚œÉÁ‡xú+!#µ~TçÊ	BÌ~ŽÓót$¹’c´V0ól*¤|¦B
d¼ÌRŸb~ãøú>A/HG 0v"ÃÌÏð{ª¤ÖÎZKý—V!?ŽÀéÇR×¼¥øمm”n¦~ÜãL#‘ùéʼb˜æxE$ãrÈs<ÇÁ?Â/DßoÀ_$—íåՏR€ Ç¿÷\ùÒðýVT®ø,	;ë+ÆC¶æƒo
ŠÕnûve^a­·²Dñ`ƺ(”b¦]]~š2‡bAd~~…èxˆË=Xýò曘zš%"¶¦'0¥kÍ+7¾ôé…Û&ð=òuq†ä/‰ßBð÷ד%GÎâIĂp<wI1¨IXj@×h6úâ“äç-\TwJÕ³•æí©†§¹­ÚdÙµFO_@,Vw	àD 8Û~8‰ýJ\/*{;÷zªÐ­¥êÁÅÇþJ̙û¨¬Â/NiòF,·
w–ÉüððÇÞ+O9€}ÖÌ`Õ¦‡¢+PFßo\
sBW%=‰|‹+¸J“IÁ(j;¹9¥G8¤/ÞHa0Vò`×_C¿íl¥cª»WbSóÙ£|zù΂@“ÿUBTÛ%R£XÌöü$&ãæo1!â
—Íø
Ríà73õ˜»0¡—QzP`Þ+Ÿœ½Æ«u×.ßÒµ0Õï,(ù¦†°ª±*)Àe܂âuJI	Pýþ‚yæûÎ4*&ÿ+²l˜Éì3¿×`ªÆrçø~Ù¢ÙbåSWž›*Mú›®¾YèšÂ™0xàƵŽÇJƒ5r¥ÜZø4N³£ç›n™èç°3™Pó£¡êBž@𲷇ørèÃC<€4ê*@¸|-+zÉY„¦nXCþÇöîÖâ©lOÓŧdn7(|ä¬
ßdo¯ÔxÂ蜃mZ¨ZlÈjÿ&R/@Á]`>–LŸ|ÍNÛ¤§’Óà•|‹®Eý„\§$½±”Ë¿mªsYDÉyÿRšq.šâdL,ÊQNÛa=ÈÑÏ+öÌZ;ðޘy”Bâ³9Ñq”þ2Ë
žÖh Ësµú4FÜ¿šhί~þ¼ç²ëÕ¡Dæ˜yÜ¥‹¯DóöÌV´ƒoÖfù?°ê¾‡TøÎëì(\q’aæV-0ÉÂï.@[ðº¦k,˜?ñžëÊ6¨šò>²¹ËÀRõ‰üUúa8§ç\“fB„,òeG¦6P´
–,Â5»Æ€p¤)$7¤¼q¾’å¡>`Dóá~·Ð{árÖ©Åk¥.¥hí¡g…È:KͬG ©[äœ`ßß,©Vp5UÓt'qžOÔî*Z 2„c
U
wüžŸÜJÅÌ 	Ìüy›b:¯ëöQ§¬“6­PϤL:
Cä)þ´`ވQ® ãÕòêªÉzÃl‹m‘úóü¤J4ÆÌ3Io‹ˆí@[@(S)
£‹þöúçžáòrӗ3¡ZÇ3ƒG„–ÕÑ_Š@?ÿŒP1/×ö(>rLn!«sϜˆ*Qg¥—«˜3œºú±ýçŠN]”Íôs†,€*Øo¸ÂÑ@ºsÚ¹Em㸴ýJ'¬ôáGÚ1|(U}76_“‹;ñ'¶ï_m˜öýN\R7\R7Ø2E$q%;÷
ePÀ*PtÉ«8…´B¤‚Älu®4ÔÖ´AþÒ	Á‘&üwË1+ìö<ŽÔöuëfæ0ÑBV£iSí(Ÿ}`óƒAϹLCÞmùšµÃZ¾ƒÓÀ$=°ìɱn'IùPóKç»({Á"kH
ž\ÉË%Õ»µw耪_ãØÈÕz®4½Pçojd#fï¦K©‰ˆYöyqW.Ólctûî)u%ø‹CŠÞ¼y(vkÁÐ#~bBuÎÄB̈Ý÷&â_z	³eèBBõOuòÖøUM¥øš[¼W`‹}þ9Ã$|]îcå«o<2_ÃÎáGpÀ(9Ò4ºÈÐݬDGyfõ¸tÃ7·<ü¬ÑIØ`ðödCì@@Äƒ¢vª÷yC«,…êa¼Ÿà+ úSé˜Ìš£‘€P½­”àIì”/Æ°‡Š'Щa15ýPÕÒ^&LîR_>B8¶%¸é„¬åz„
®
q ZûRQZÃëX♌¢œ4i8`†Tº](HHȯÑÖAG'¡Í%R:`¦Iÿîd:‰õÖ bXä¤y½\L¼
i[ö?ù>Zu=SYVGƒ[œ‚~œ±x•u7y_ôBE¯ÁÁ]\™ÿÔ"Ê8ŒÓ—^Á•¨òÂ\èà	¼Ò`@a–¢Åœ…h(ªìãÕXÚÑÀŠÁê}-¸ÛE4 ½yU·†”ÆÎNƒÚ䬍k(ìbryšê½
¤Ýù>BðÅPiØÚý
¸öxîTÑï;âô‡ÈÁqð9eàfH
Õê7t]Þ†P/õýåˆr43Öiæ D„À´*8|ÛL×½ù;‡MG4YŽíº“–DÀÛ47•Ê+ô8´4óÔÜêpA|TÔù"~®MÉq¿Ÿêe[2€˜kâ¦!1ÁAãUœ7üœ=k>ùV—a
æ¬bºÕêÜÒØب¨
/»¥\‚pæ22ýá¹I-¸ÝDût	ïê²6Ïåñ¡°µH%þ_ï~ö c R”z¬©«øUÿäRé¿UC›ž· Y ÂàÌP0ôNÀåë\åË_O}5n1꯵ѷ˜+‚н8¡›ÚëwŠ”Á„z{Æ<äLÆÿ£z2ŠèJ?ÁäO¨kpkaK§óÍ.¨mH	JñŸZ7΀½ƒ~-Ãeâ!ð“e
;ùJº·&ŽQ&-ÛXqaxå9NÈé'YN{Iø#õWo„n\?¶Ù»¢~p¦ã‹ê:”tédŒ$™t¦_zRf»°Hš©În(¢uòŠóü“Õ(]Ø8SyÅÙª°>„\yºøn¿RÁä´)@÷×3—ÓSû±lèˆt$ ±'ނ´¸®'8N×éìªjÄP®6Ò-)¨7£ì.ÖÌ	ˆ(¶8LygœöŠtfúÿN¯ªç‘Õcg0‚¯¡šL™žÈ¨Wú¯<=åˆ$Rg½(
( ©ãó%HŒ†€„¼º‰ò¸²öΜ§ðµ+Ê{Eƒ:Îáp§æ7™ÑËR…Ê‚øÛtÿêˆx˜»_=Òp°“UñU³Ô¢“Uq÷¸#Œ¢Å9æ¥ÌdáA8»$‚²¦³ÊË£“!V%òÄ»Ô
&¤:ÜþÂ1å[MÚ7Ò¥­[Í‚ŒãS‹T# Ë]€å&Se±F¦éÕl–_W¦¯	-ã!ôÊ\™­N\R7\R7Ø2E$q%;÷
ePÀ*P#e¸ŒýŽv“Œ0”ò˜½íVØÉÜ:Q}í¬Šà÷‚7ºáۀáJ¡¡Ç€ÑŸu¥cæ’G¤ßÆ<\ؘs\Uçš›.ŽÙ•¹D8ãG(&äQž85üŠþç­Üàæ=_—ÙxÕøГ/ãß^ w26„¡Ù§æðO)ÃÂ8ëqÔgߕFnHäV%WÀXÎZ Y~_û[uÀ>GÄg@×òž—Ùçh>KÎ9PA½
G'WZ2’ǁ~)ðê=ôxhÔjL>¶B.mF¸GöÞTwzÖZìJõTj
×G‹½½cóßíýÆègÉÆÇ
Š€ñ1>è#ѽòÇ͟1§ßŸt‡oɉcê룴Uò°|6-•î|¿c	Z|³ªÄÍ⧠[ñ–±xûÕdÓ¬ç (î;úg«ßcC>qþ.¤è¤²}Ù±'€¬—"?§aúø¹ÿ(áuýrŒçú¤#|ái ñoî÷2¸þë;ÈX#¶­	•žD.Òxµ`ïcôiÏ©“
`€3FÆáó¤±{§œüOmçs8@ÊÒircÙè¼ß~ˆÃTö}•<×T™[@¨<éMïßzÈ4Z|œ‘\ª	‡Dâñ“Ômc&Œ».™×,
+_yÔ	uOÖY«¡ëRM÷yCF­M¬‹ñÈ­A»‡@ۅé|2¨?5zßV‰ÁÞèéWÔ}–vڗýy¨»è­†¬;Úù K4ÿ•„Å~‰Oç†çjÁ9ƒBÌ'qK£û&Ç*>~.1¦:}÷‰Ý Èõ„¶¦ú¶³oòÛÁùŸä?"ýS›GíC<yÅõÑSD3–«eöh¨ð´2OÓ$»L3dT°ë˜!LEÍÆIr™Ÿ*$Øza«^¿wŠS@Âú¢°§§æU'Öü8ý™‹í¥qpOˆ†KÝ-Ú*Þñ$\/þäçK¹+2҉˜—¾/Pði¤«•É1­#HΛô¥çŸÑ´¢¹Õb
õs²ø¹®Öãt;uZ/%@/J‚®ÿhñ…L-™J덁óZ/ñƒŒ›ã&ÉӐG¦ö,¶’E5U•5f/Œ8‰öÜ$N0-]±;Ñt±Ìzº¹.:+ØïۅŒW™^(™…˜¯ÿ}unÃIE·¼tÊ6fæš"Ôë"¬÷Pòô!»UÍ–@µZ§D2*«:cµ&÷*ë¡tMlÄàjAàUêF}¹ê¨‘‰Å&}MN‚ª µ8=OjZ;ÉÞ¨$Ú*ðLÞ$x‡7:rÌ8JCæ3EÆÕÕ+ÙoÏoþücæFވ\72ÃFºÆÂÍ`ÝA‰Ã]ü…dŒ€Ú•KµÕž#jCª/£Pæš
Ą%½ÚWU„ï§Þ=›çÄëyp×kIq#‘þþC&o³)”|«œ\á©1¾!ւæ¼ñ{Ç;làPlÕ	‘&Àø»¤ɶ¶nÎu_0ÖX¼´}ö†IÉaÐôN»!Hj4I%thzU–wþ>oYÅ%â¢R§i+AŒèC‡NfÅ׆PO‰•sˆDÑ-‹ÂKME¹N×´½¸ôùËióåçm|4́:@þՋÜñ
ΪÝÓ©»ý¨g­("Ëh–îÀñ'hí˜ÔŠžë²(§;v¤²¯ÿkDOò‰Éf©†Šñ4\R7ØÅ%;÷
ePÀ*N\R7\R7Ø2E$q%;÷
ePÀ*P &‚ù9iyÀNçF…Ò†¶Œ®¬G`‡ ãWOQ!Μ'dŽ#ëA¾mcÒÈ©
zè!ٖߤ'÷P÷Ðæ
Ã=V‡	„è§ìUwð<t¦Ã;I(…ëí1K›”i€du'Q3HÞÌâ@8˜Ý½êÓ+*ô-(›<+r,™›ß$¹$è”ÔÖÙRCK¯4`üªWœïuü•:¨½ú0¼†qÎs[ÀZb îêAÇ­Ÿ(ûWYT«Õ'Y^Jr`°5úJˆ<‚‡¦õ	s4nj2z‹†V.rlRˆè	͉»E°ÌbŠ(šO\µÎ<LU]1*\î?¢Áégb—aøëy½ÇÁk„cöîîá÷áõççÔE¾rîÁ§îÏ77ŒYpëæ|W$¯ô¯¡»Ì~n7­Äö´GL%‘Ð}[ðvàkØdŒ,Ê÷¡\ŽUé°	àOL¤þâKU…-MâØhi÷ºB>›Í$½@÷è8ŠðŸ%õ?*kºÍePÆ 8[5^:4zÝeÕS>8â”æz>aáÄüþ™×ö„ˆÅD‡×#þñ¶9yBÎk^æU´íê
Èì.%h·¢뇟V·±™S¦BWV]
î«ÕåÍîOÄ 
·—,×£=K¿,tNÌËè´€
å!['~x×èh$È jà5
´	õªän߂²S¯Ý˜(­žã+Ռ;®BoÂ>RÄDÇ(ñm` q”‘ÓÏý€@ø{ -‚ž'ä<±ë²Y|fKš®þ%Ñh¼cZgÜ?¢gÂ{eB‚Vµ§§öy2%{ÙUÏkúLÅñâ˜Ö”`žݯéfiý-"NÊêÍÊÔ+5q>ˆ³=½Ñ=ÈibÓè®DÙGs]‡0ÖʛcsJKsæŸÓVG„ÜdãÆõo›_‚ð©T™HVn±¾Ç•VÙ§1mçãñ°-2Ô SŒè	‹1ç™Í¯ÊIèNˆð6ädY㌉
Cµ(+á+<ÊnúÀ®‹ó ›pm0Æg*t؎ø<Ëoî¾QuFkÑ·Ý\ûSnTÝÂè±úgà-h ¼HÓE¿0Ÿa«óL'é´Üꯅ6uèù¸¢r‰ÔûΔ™—cL÷ᵔ’Yòä8Ö¿ÖÅ_¥ÇnÃcÞ)S¢:#meåë„Iiºs*ðÒ¼9)Xß6	ÑísÆy‚ŒGʁ&»¥\l‘¹!4܉­Å83;²…øÔËKg}xPC¦֟1,®>€Ç
*Êe
=H†«(/
­Ï"	ôºeŸÏÑS¯tœVü¹ï“¥¤-8½z2ð-¢âè÷ZÐeùÈ~ˆÈal̈Ò
„ñ”î(˜Mjœ}:Ѫ
´L‡9&Ìô"ÞE-o$\’xAð^gÿ՝ÞâVeiDÜÂËw¡f¹/‘:ÑW‘ƒwèMíÿ˜™+ýN絎ÎÝÂònǏOËÐ÷h÷Bù2ØÖýTÇí¾²cß|Ua€’
¼»:oìW4Õ×Õ§ký Ÿé¤/LQQ43ÌÎcóPLeq`ÒÛÍP-Dª£Ë†ðùĚmn8¹æ¿ÖëæÀ¶icZ†/H¸,î¢ëß²šK´¦*еgÅ®Ò~—hÀÈ»üÐkꆳöÎ6l0Çð¬+)	
m’±sºC-C÷ŒÅYÍ7¿N\R7\R7Ø2E$q%;÷
ePÀ*Pc*GÈøۏ¡J?ãW$Äɵ‚œÉÁ‡xú+!#µ~TçÊ	BÌ~ŽÓót$¹’c´V0ól*¤|¦B
d¼ÌRŸb~ãøú>A/HG 0v"ÃÌÏð{ª¤ÖÎZKý—V!?ŽÀéÇR×¼¥øمm”n¦~ÜãL#‘ùéʼb˜æxE$ãrÈs<ÇÁ?Â/DßoÀ_$—íåՏR€ Ç¿÷\ùÒðýVT®ø,	;ë+ÆC¶æƒo
ŠÕnûve^a­·²Dñ`ƺ(”b¦]]~š2‡bAd~~…èxˆË=Xýò曘zš%"¶¦'0¥kÍ+7¾ôé…Û&ð=òuq†ä/‰ßBð÷ד%GÎâIĂp<wI1¨IXj@×h6úâ“äç-\TwJÕ³•æí©†§¹­ÚdÙµFO_@,Vw	àD 8Û~8‰ýJ\/*{;÷zªÐ­¥êÁÅÇþJ̙û¨¬Â/NiòF,·
w–ÉüððÇÞ+O9€}ÖÌ`Õ¦‡¢+PFßo\
sBW%=‰|‹+¸J“IÁ(j;¹9¥G8¤/ÞHa0Vò`×_C¿íl¥cª»WbSóÙ£|zù΂@“ÿUBTÛ%R£XÌöü$&ãæo1!â
—Íø
Ríà73õ˜»0¡—QzP`Þ+Ÿœ½Æ«u×.ßÒµ0Õï,(ù¦†°ª±*)Àe܂âuJI	Pýþ‚yæûÎ4*&ÿ+²l˜Éì3¿×`ªÆrçø~Ù¢ÙbåSWž›*Mú›®¾YèšÂ™0xàƵŽÇJƒ5r¥ÜZø4N³£ç›n™èç°3™Pó£¡êBž@𲷇ørèÃC<€4ê*@¸|-+zÉY„¦nXCþÇöîÖâ©lOÓŧdn7(|ä¬
ßdo¯ÔxÂ蜃mZ¨ZlÈjÿ&R/@Á]`>–LŸ|ÍNÛ¤§’Óà•|‹®Eý„\§$½±”Ë¿mªsYDÉyÿRšq.šâdL,ÊQNÛa=ÈÑÏ+öÌZ;ðޘy”Bâ³9Ñq”þ2Ë
žÖh Ësµú4FÜ¿šhί~þ¼ç²ëÕ¡Dæ˜yÜ¥‹¯DóöÌV´ƒoÖfù?°ê¾‡TøÎëì(\q’aæV-0ÉÂï.@[ðº¦k,˜?ñžëÊ6¨šò>²¹ËÀRõ‰üUúa8§ç\“fB„,òeG¦6P´
–,Â5»Æ€p¤)$7¤¼q¾’å¡>`Dóá~·Ð{árÖ©Åk¥.¥hí¡g…È:KͬG ©[äœ`ßß,©Vp5UÓt'qžOÔî*Z 2„c
U
wüžŸÜJÅÌ 	Ìüy›b:¯ëöQ§¬“6­PϤL:
Cä)þ´`ވQ® ãÕòêªÉzÃl‹m‘úóü¤J4ÆÌ3Io‹ˆí@[@(S)
£‹þöúçžáòrӗ3¡ZÇ3ƒG„–ÕÑ_Š@?ÿŒP1/×ö(>rLn!«sϜˆ*Qg¥—«˜3œºú±ýçŠN]”Íôs†,€*Øo¸ÂÑ@ºsÚ¹Em㸴ýJ'¬ôáGÚ1|(U}76_“‹;ñ'¶ï_m˜öýN\R7\R7Ø2E$q%;÷
ePÀ*PtÉ«8…´B¤‚Älu®4ÔÖ´AþÒ	Á‘&üwË1+ìö<ŽÔöuëfæ0ÑBV£iSí(Ÿ}`óƒAϹLCÞmùšµÃZ¾ƒÓÀ$=°ìɱn'IùPóKç»({Á"kH
ž\ÉË%Õ»µw耪_ãØÈÕz®4½Pçojd#fï¦K©‰ˆYöyqW.Ólctûî)u%ø‹CŠÞ¼y(vkÁÐ#~bBuÎÄB̈Ý÷&â_z	³eèBBõOuòÖøUM¥øš[¼W`‹}þ9Ã$|]îcå«o<2_ÃÎáGpÀ(9Ò4ºÈÐݬDGyfõ¸tÃ7·<ü¬ÑIØ`ðödCì@@Äƒ¢vª÷yC«,…êa¼Ÿà+ úSé˜Ìš£‘€P½­”àIì”/Æ°‡Š'Щa15ýPÕÒ^&LîR_>B8¶%¸é„¬åz„
®
q ZûRQZÃëX♌¢œ4i8`†Tº](HHȯÑÖAG'¡Í%R:`¦Iÿîd:‰õÖ bXä¤y½\L¼
i[ö?ù>Zu=SYVGƒ[œ‚~œ±x•u7y_ôBE¯ÁÁ]\™ÿÔ"Ê8ŒÓ—^Á•¨òÂ\èà	¼Ò`@a–¢Åœ…h(ªìãÕXÚÑÀŠÁê}-¸ÛE4 ½yU·†”ÆÎNƒÚ䬍k(ìbryšê½
¤Ýù>BðÅPiØÚý
¸öxîTÑï;âô‡ÈÁqð9eàfH
Õê7t]Þ†P/õýåˆr43Öiæ D„À´*8|ÛL×½ù;‡MG4YŽíº“–DÀÛ47•Ê+ô8´4óÔÜêpA|TÔù"~®MÉq¿Ÿêe[2€˜kâ¦!1ÁAãUœ7üœ=k>ùV—a
æ¬bºÕêÜÒØب¨
/»¥\‚pæ22ýá¹I-¸ÝDût	ïê²6Ïåñ¡°µH%þ_ï~ö c R”z¬©«øUÿäRé¿UC›ž· Y ÂàÌP0ôNÀåë\åË_O}5n1꯵ѷ˜+‚н8¡›ÚëwŠ”Á„z{Æ<äLÆÿ£z2ŠèJ?ÁäO¨kpkaK§óÍ.¨mH	JñŸZ7΀½ƒ~-Ãeâ!ð“e
;ùJº·&ŽQ&-ÛXqaxå9NÈé'YN{Iø#õWo„n\?¶Ù»¢~p¦ã‹ê:”tédŒ$™t¦_zRf»°Hš©În(¢uòŠóü“Õ(]Ø8SyÅÙª°>„\yºøn¿RÁä´)@÷×3—ÓSû±lèˆt$ ±'ނ´¸®'8N×éìªjÄP®6Ò-)¨7£ì.ÖÌ	ˆ(¶8LygœöŠtfúÿN¯ªç‘Õcg0‚¯¡šL™žÈ¨Wú¯<=åˆ$Rg½(
( ©ãó%HŒ†€„¼º‰ò¸²öΜ§ðµ+Ê{Eƒ:Îáp§æ7™ÑËR…Ê‚øÛtÿêˆx˜»_=Òp°“UñU³Ô¢“Uq÷¸#Œ¢Å9æ¥ÌdáA8»$‚²¦³ÊË£“!V%òÄ»Ô
&¤:ÜþÂ1å[MÚ7Ò¥­[Í‚ŒãS‹T# Ë]€å&Se±F¦éÕl–_W¦¯	-ã!ôÊ\™­N\R7\R7Ø2E$q%;÷
ePÀ*P#e¸ŒýŽv“Œ0”ò˜½íVØÉÜ:Q}í¬Šà÷‚7ºáۀáJ¡¡Ç€ÑŸu¥cæ’G¤ßÆ<\ؘs\Uçš›.ŽÙ•¹D8ãG(&äQž85üŠþç­Üàæ=_—ÙxÕøГ/ãß^ w26„¡Ù§æðO)ÃÂ8ëqÔgߕFnHäV%WÀXÎZ Y~_û[uÀ>GÄg@×òž—Ùçh>KÎ9PA½
G'WZ2’ǁ~)ðê=ôxhÔjL>¶B.mF¸GöÞTwzÖZìJõTj
×G‹½½cóßíýÆègÉÆÇ
Š€ñ1>è#ѽòÇ͟1§ßŸt‡oɉcê룴Uò°|6-•î|¿c	Z|³ªÄÍ⧠[ñ–±xûÕdÓ¬ç (î;úg«ßcC>qþ.¤è¤²}Ù±'€¬—"?§aúø¹ÿ(áuýrŒçú¤#|ái ñoî÷2¸þë;ÈX#¶­	•žD.Òxµ`ïcôiÏ©“
`€3FÆáó¤±{§œüOmçs8@ÊÒircÙè¼ß~ˆÃTö}•<×T™[@¨<éMïßzÈ4Z|œ‘\ª	‡Dâñ“Ômc&Œ».™×,
+_yÔ	uOÖY«¡ëRM÷yCF­M¬‹ñÈ­A»‡@ۅé|2¨?5zßV‰ÁÞèéWÔ}–vڗýy¨»è­†¬;Úù K4ÿ•„Å~‰Oç†çjÁ9ƒBÌ'qK£û&Ç*>~.1¦:}÷‰Ý Èõ„¶¦ú¶³oòÛÁùŸä?"ýS›GíC<yÅõÑSD3–«eöh¨ð´2OÓ$»L3dT°ë˜!LEÍÆIr™Ÿ*$Øza«^¿wŠS@Âú¢°§§æU'Öü8ý™‹í¥qpOˆ†KÝ-Ú*Þñ$\/þäçK¹+2҉˜—¾/Pði¤«•É1­#HΛô¥çŸÑ´¢¹Õb
õs²ø¹®Öãt;uZ/%@/J‚®ÿhñ…L-™J덁óZ/ñƒŒ›ã&ÉӐG¦ö,¶’E5U•5f/Œ8‰öÜ$N0-]±;Ñt±Ìzº¹.:+ØïۅŒW™^(™…˜¯ÿ}unÃIE·¼tÊ6fæš"Ôë"¬÷Pòô!»UÍ–@µZ§D2*«:cµ&÷*ë¡tMlÄàjAàUêF}¹ê¨‘‰Å&}MN‚ª µ8=OjZ;ÉÞ¨$Ú*ðLÞ$x‡7:rÌ8JCæ3EÆÕÕ+ÙoÏoþücæFވ\72ÃFºÆÂÍ`ÝA‰Ã]ü…dŒ€Ú•KµÕž#jCª/£Pæš
Ą%½ÚWU„ï§Þ=›çÄëyp×kIq#‘þþC&o³)”|«œ\á©1¾!ւæ¼ñ{Ç;làPlÕ	‘&Àø»¤ɶ¶nÎu_0ÖX¼´}ö†IÉaÐôN»!Hj4I%thzU–wþ>oYÅ%â¢R§i+AŒèC‡NfÅ׆PO‰•sˆDÑ-‹ÂKME¹N×´½¸ôùËióåçm|4́:@þՋÜñ
ΪÝÓ©»ý¨g­("Ëh–îÀñ'hí˜ÔŠžë²(§;v¤²¯ÿkDOò‰Éf©†Šñ4\RE2ϱ”¾žÁ
eÁÀ-N\RE\RE2Ï2E$0Ÿ¾žÁ
eÁÀ-P&YUåè[j†^R3"MŠ½åG	Å)´mƒÝoxab 4£ˆ¦ë‘í4IμÉ)®m$ÒùˆUp¨³†8À
ÿnjgd0‚`0‚H 	÷óÈ®à¸Í"0
	*†H†÷
0E10	UAU10U
Some-State1!0U
Internet Widgits Pty Ltd0
180924152453Z
190924152453Z0E10	UAU10U
Some-State1!0U
Internet Widgits Pty Ltd0‚"0
	*†H†÷
‚0‚
‚Ù]ÐÖÓ*òXcƍ=¸üe[iß"š=ä顸®±ìvUòAóŒWû«,i\x\7e
G¹†<Œ}"ؾZæee{y?ö{†ØÉO÷p\h¢~ç¥!õšýæùsu=‰5ê`dSz¿är}Èþ¢ŒòÚþrª£—ņýFIÎÔH¶§D¿h‡üàû+šbÞhû‹zÅ>7\×hÖཎꙊ¤è¦(Z”B”o¬	ˆáç\3ýć¦å`®66„3F¯ ØΪ
(ŸÔ4éª"ÿ¬oªémÖ±ÞÌdõq‘õë|Á‹Ãnµ­Cù7¦3€ÓÇy½º;†Ô¹7¬Ãæ©£S0Q0U£ÿ´E(ÂüzRû³=×äÏô0U#0€£ÿ´E(ÂüzRû³=×äÏô0Uÿ0ÿ0
	*†H†÷
‚rh³`³ŽòÑ¥Ss£×]VÄNëZ¢FâÚ<šGݘ[±~½Ÿˆ3QŒ1ß1¢ÕH’îF5xÀ‡¬ÞïÊnä:1úߋÞjÿɜé³eÙP¼„¼=â²wÛBx.V8?¿Ü¡‡=ƒAMªÐ¿ŒRNOgÇš.O
ýw1o¼yÈٖHgɲ¾ˆæßÄäaaÄaô6¶Z%‡ìP?·,IT›xî³ëÈqÀ5pʤÂìá"ÿ‰··°ÝxàFZ™ ÑF@(>•tÑ´)/†¯ŒŽAÔD‹¶ô§ùLþe'{_i$‚ñɟ<1¬´)u{÷=昈¸y¥¶?QXr2˜#…‰KGAà5¸‰ÜÎP
Ų\Ql}¢Q*ƀÚ*Ì-˜âáØ8x¹6\µ¥¹é…â¥7éè㹔)<ZÜtlfËÖ¿ÏAöÖÿúhhHe’7´¦ú@ÌʽžZä1×8Ë	•Ñ4o‚gú<8ó†fe·ôeٍÆߛᆈn¢Œ¥ƒØ¬dTÕ¯ÞCNå[–yŒù’mYð×2V“?½È:¤+¡ãŸßÞ}¹ÈHWkÓÈÊÓjÞ×Ëè.ÆY_hÌ•y²xý
’e¬î¹¼yS/ÞYóù²LP†Üá7ˤë*ICtÕ&‰C1 ¥©ä«ç’›LNéu~f˜§IÖÚÖöÂ
ð`G…Éþ:H“shRˆ á"è€\RE\RE2ÏdEV5m¾žÁ
eÁÀ-Pò|îáÓ»"ÃA÷ c™èuÁÛy¯‚>¤<Ö]踲
Ô53“#¯qª4\RJÅ֕\&‡—
e¿À0N\RJ\RJÅ2E$©±\&‡—
e¿À0PšHYUÃûÃøÐíÃε¶4{7©:XÇH!%«·’Ccq’ 
Êv%b×z¨žgðã‰"Öí© ÖÙtÙ‚º‹¡À
ÿÏËÈÅ0‚Á0‚© 	³°ÂLG› 0
	*†H†÷
0w10	UGB10
ULondon10
ULondon10U
Global Security10U
IT Department10Uexample.com0
190128085254Z
200128085254Z0w10	UGB10
ULondon10
ULondon10U
Global Security10U
IT Department10Uexample.com0‚"0
	*†H†÷
‚0‚
‚°»Ë­+‘ÊvqO Ù':u
Óí¿[‚<¿Z¡†;VkŽ­$W±ÙHç€A”fÝå\~QjxÈ´*¿|/4Îø×8G˜Å²æo÷}q˗*T´Þ#4fª¯Ta½5-¾‚nü‡R–•™GŒi0ª|{àJ^K©™?*bûdCò’Pșû)¡7†hãˆ9™D£$]{@+<>tøÓð5BcÀ0jÍÌ?œ«—¿ñÊï1:š«Î6lWôju>ـŽÜ+3šdH'Ðhr¨0¡f=Ö2y~€$—B
Ùª€û6ôR±gI<X+n&?.êiSž§õ²'Íä)3ǵ£P0N0U%â=G¸ù0Ç®t‹<çÆ0U#0€%â=G¸ù0Ç®t‹<çÆ0U0ÿ0
	*†H†÷
‚w$pŠ# ƒš‹@ÃÓJþH‹TÚDU@oGÁ7í3·VIô'MnHVîJç+݋§þàŸE7ò]´«‰O*¾¿éVH0&ÚÎù´
þ`"×ßÌÌ«í´ š¬S}ºÍŽÛkH_eOÁÍ*WF‚Ž	µ›"0œ¡õu8k-þ€²¡˜ÂAµUŠ(§›)0{kqµ³‹ÏkgžÿžRXh6myÔwâXi)蟫‡¢"è:yŸ1/wfKTÉ°¤U{X͵¿Ñ¸›X•‰xs^‡õzž9­<>áÊ/2‚Ù†­Ñwräó|ý¸ú,~¶ÅÀ£Z U΄$øóKGAM[;x!?rք&_psÒL$U@*ƒÂ<ÄÀÍÒT{¥ý¸Áæ)_>õ0XÞešw:}Qþ-®áŽT‚v?Sx=Ñr,…ç©„ÔY½º_ú§mÏîØ1•¾öýs~Žf†ž®sŸ‘¥m)ÉË«UÇó>{2v*y&·šæ<¹Í‹|]bÒ=jÜëåŸÊ†ˆ„¨®ã7®ÿub®Ë×l~bÒo‚&R@Sï’mMá\RJ\RJÅÅE·®\&‡—
e¿À0P¨õÏ‘òçbuàôZñ{ê)”ÛÐ`Úf4‚K
ŸJjußpÿ”‚c¨’ò„ayXom¸ú”Cý¿B¼‚û„‘¶µÅŠÊ¼{7êé˜'Çñoá|k?lU,ß¹¬UéيL?&TØHø̉¬æø	6É~9‰g‹òÆO‘ó,Œ4\R{H}±”¾žÁ
eÁÀ1N\R{\R{H}2E$0Ÿ¾žÁ
eÁÀ1P¡YU¥ª{g \;ö¸ÉxBÀX;SÕæ÷µ[¿u¹ÝÛ±xÆ ç4Lµ$}ˆ?`ûë1žŽ›þñ	y·Î9or·9Vë:ÓÀ
ÿnjgd0‚`0‚H 	÷óÈ®à¸Í"0
	*†H†÷
0E10	UAU10U
Some-State1!0U
Internet Widgits Pty Ltd0
180924152453Z
190924152453Z0E10	UAU10U
Some-State1!0U
Internet Widgits Pty Ltd0‚"0
	*†H†÷
‚0‚
‚Ù]ÐÖÓ*òXcƍ=¸üe[iß"š=ä顸®±ìvUòAóŒWû«,i\x\7e
G¹†<Œ}"ؾZæee{y?ö{†ØÉO÷p\h¢~ç¥!õšýæùsu=‰5ê`dSz¿är}Èþ¢ŒòÚþrª£—ņýFIÎÔH¶§D¿h‡üàû+šbÞhû‹zÅ>7\×hÖཎꙊ¤è¦(Z”B”o¬	ˆáç\3ýć¦å`®66„3F¯ ØΪ
(ŸÔ4éª"ÿ¬oªémÖ±ÞÌdõq‘õë|Á‹Ãnµ­Cù7¦3€ÓÇy½º;†Ô¹7¬Ãæ©£S0Q0U£ÿ´E(ÂüzRû³=×äÏô0U#0€£ÿ´E(ÂüzRû³=×äÏô0Uÿ0ÿ0
	*†H†÷
‚rh³`³ŽòÑ¥Ss£×]VÄNëZ¢FâÚ<šGݘ[±~½Ÿˆ3QŒ1ß1¢ÕH’îF5xÀ‡¬ÞïÊnä:1úߋÞjÿɜé³eÙP¼„¼=â²wÛBx.V8?¿Ü¡‡=ƒAMªÐ¿ŒRNOgÇš.O
ýw1o¼yÈٖHgɲ¾ˆæßÄäaaÄaô6¶Z%‡ìP?·,IT›xî³ëÈqÀ5pʤÂìá"ÿ‰··°ÝxàFZ™ ÑF@(>•tÑ´)/†¯ŒŽAÔD‹¶ô§ùLþe'{_i$‚ñɟ<1¬´)u{÷=昈¸y¥¶?QXr2˜#…‰KGAJÌô¸bÛL¤Ã<#ÂJDŽÝû
ÃëÕh•}ùÑF‰¦_áàM¸j~7)µ~€	Ê|õ4/Ån4%œ~HWgæ#6ÿEòuáe­Ž—·*6yÞÃ%AZŽ•š]¹t2I¥ßsòóFðm¶úvÎlé{½¨x”J×û›GÝwæ
0;˜Ï]ou°¨¹â3`oJüB˜¾ûî9VŒüŠ—^Ê^
­ÆµÂQñ'õ;6;ßñ€Ù"ª!‚wqGKB¼ôÉ}{5ø|Jrw(ü§1¬Ÿóò'éގîBŸ V^5¶27
,Ýat•6›¤Õ©þ„ÑãßdÏ®é
^™C™‘M–ábdz-ð—Ùiø\‰6)¤r€\R{\R{H}dEV5m¾žÁ
eÁÀ1P­ë¯ÝÅè˜Ë„̟㚇©+H$¤þUÎ8‘ˆ…¿O?‚ëGß4\R}?â±”¾žÁ
eÁÀ2N\R}\R}?â2E$0Ÿ¾žÁ
eÁÀ2PÀYU•¿ÅªÙsPbZ¿
Øk5WGöcûºÕ±ËôæÀ ÈBM¢÷ûçS9x§0lİΉ±l…3ð|($½Z‘Á	À
ÿnjgd0‚`0‚H 	÷óÈ®à¸Í"0
	*†H†÷
0E10	UAU10U
Some-State1!0U
Internet Widgits Pty Ltd0
180924152453Z
190924152453Z0E10	UAU10U
Some-State1!0U
Internet Widgits Pty Ltd0‚"0
	*†H†÷
‚0‚
‚Ù]ÐÖÓ*òXcƍ=¸üe[iß"š=ä顸®±ìvUòAóŒWû«,i\

This file has been truncated. Go here to download in full.