4
]ЖPš[Ώ
!
Ô
ÓdÀ¨8iPÀ
]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀPp^_]Éðèh‰ÁƒÄ<‰È[^_]ÀúN…ÃÀ
T$,¹
‰F‰ðèÍæÿÿ…À‰Åt¼1҉ð1ÿèìçÿÿ‹V‰D$¶f„Ût|€ûD„ӍKÐ1À€ùw
¸ÿÓèƒà
KŸ€ù†S„À…K€ûU„€ûS„	€ûI„à€ûT„€ûE„õ€ûMu…ÿtB
‰F¶Z
‰Â„Ûu‰t&ÇE1Ééÿÿÿf‰ð艋V‰Á€:I…ÿÿÿ…À„øþÿÿ‹F ;F$ìþÿÿ‹^‰ƒƒÀ
‰F ¶X·1À€û
†J‰$º‰ðèkåÿÿƒÄ<‰Á[‰È^_]Àx
t„ê1҉ðèüêÿÿ‰Á‹F€8I…¨þÿÿƒÀ
‰L$‰F‰ðèýüÿÿ‹L$뭍´&P
‰V¶P
€ús„A€úd„†‰ðè
þÿÿ‰Ç1À…ÿtm‹ƒøE„ƒøG„‹F€8_…½ÿÿÿÿƒÀ
‰FFè¢çÿÿ…Àˆþÿÿƒýÿ„Þ
‹V1À;V}‹FRƒÂ
‰Vˆ…ÀtÇF‰h‰x‰$‰Ù‰ðºèwäÿÿƒÄ<‰Á[‰È^_]ÃÀ‰F‰ðè.‹V1É;V}'‹NRƒÂ
‰V™…ÉtÇ
ÇAD›BÇA‰$º
‰ðèäÿÿ‰Á‹FƒF0€8I…výÿÿ…É„Yýÿÿ‹V ;V$Mýÿÿ‹^‰“ƒÂ
‰V ¶8W·€ú
†Ÿþÿÿ1Àé\þÿÿ¶‰ðè™
…ÿ„‘º
‰$‰ù‰ðè°ãÿÿ‰Ç€ûSti‹V¶€ûE„Wýÿÿ…ÿ„Âýÿÿ‹F ;F$¶ýÿÿ‹N‰<ƒÀ
‰F ¶é"ýÿÿf¶B
ƒàß<T‰ðuèž
…ÿu™‰Ç뭍¶‰ðè
ë鍴&‹V¶éåüÿÿt&‰Çé{ÿÿÿ‰ö¼'…ÿ„HýÿÿƒÂ
‰ð‰VèÛúÿÿºéEÿÿÿº
‰ðè¤èÿÿ…ÿ…+ÿÿÿ‹V‰Ç¶éüÿÿ‰ðè¸æÿÿéuÿÿÿ‰øéDþÿÿP‰V€x_„¦‹V1À;V&þÿÿ‹FRƒÂ
‰Vˆ…À„þÿÿÇÇ@5›BÇ@éöýÿÿƒÀ‰F‰ðèæÿÿ…À‰Åˆ¼ûÿÿ‰ðèpûÿÿ…À‰Ç„¥ý
]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀP<Jÿÿ‹ƒøE„šýÿÿƒøG„‘ýÿÿ‹F€8_……ýÿÿéaýÿÿƒÂ
‰ð‰L$‰Vèïùÿÿ‹L$éœüÿÿƒÀ‰FFèèäÿÿ…À‰Dÿÿÿ1ÉéPûÿÿ…ÿ‰}„Cûÿÿ‹|$…ÿt‹D$,‰|$,‰G€:E…'ûÿÿƒÂ
‹L$,‰Vé-ûÿÿvUWVS‰Ãƒì<‹h¾E<r”Á<V‰Î”Á‰òÊu"<Kt<D„òHЀùJ‡À¶Éÿ$\›BT$,1ɉØèÏáÿÿ…À‰Æ„Ÿ‹C€8F‰Ø„§è’ÿÿÿ‰…À„‚‹8Wáƒú
†Ë‹T$,…Òtl‹C ;C$}d‹K‰‹t$,ƒÀ
‰C ƒÄ<‰ð[^_]Ës4‰ØÇC4
èŸòÿÿÇ$‰ÁºB‰s4‰Øèçàÿÿ…À‰Æ‰D$,t‹C€8tP
‰S€8E„ŽƒÄ<1ö[‰ð^_]Ív¼'èK‰éTÿÿÿt&€}
x„ÿÿÿE
‰C€}
tčE‰C¶E
ƒèF<0w³¶Àÿ$…ˆœB‹L$,‹P‰H‹‰D$,‰éÿÿÿ´&‰ØèYùÿÿ‰Æ‰D$,v…ö„rÿÿÿ‹C ;C$fÿÿÿ‹S‰4‚ƒÀ
‹t$,‰C éýþÿÿ´&U
‰Ø‰SèCþÿÿ…À‰Æ„‰Øè2þÿÿ…À„ô‰$‰ñº+‰ØèÙßÿÿ‰Æ‰t$,두U
‰Ø‰SèþÿÿÇ$‰Áº$‰Øè®ßÿÿ‰Æ‰D$,écÿÿÿvU
‰Ø‰SèÓýÿÿÇ$‰Áº"‰Øè~ßÿÿ‰Æ‰D$,é3ÿÿÿvU
‰Ø‰Sè£ýÿÿÇ$‰Áº#‰ØèNßÿÿ‰Æ‰D$,éÿÿÿv¶E
PЀú	v<_tƒèA<‡]1҉ØèÌäÿÿ‰D$,‰Æ‹C€8I…ðýÿÿ‰Øèã÷ÿÿ‹L$,‰$º‰ØèðÞÿÿ‰Æéÿÿÿ‰ö¼'‰Øè¹âÿÿ‹{‰D$,‰Æ€?I…‡þÿÿ‹S8…Ò…b…À„îýÿÿ‹C ;C$âýÿÿ‹S‰4‚ƒÀ
‰C ‰Øèu÷ÿÿ됍vU
‰Ø‰SèÃâÿÿ‰D$,‰Æ‹C€8I„ò‰Øèªüÿÿ‰4$‰Áº!‰ØèYÞÿÿ‰Æ‰D$,éþÿÿU
‰Ø‰SèüÿÿÇ$‰Áº%‰Øè,Þÿÿ‰Æ‰D$,éáýÿÿ„€þÿÿ…À­B‹C;C
]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀPÇø‹s<@ƒÀ
‰C4¾…ö„ñU
‰NÇ'‹A
C0‰Sé»üÿÿt&‰Øèi‰Æ‰D$,é~ýÿÿU
‰Ø‰SèñáÿÿÇ$‰Áº(‰ØèœÝÿÿ‰Æ‰D$,éQýÿÿU
‰Ø‰SèÃûÿÿÇ$‰Áº&‰ØènÝÿÿ‰Æ‰D$,é#ýÿÿu
‰s¶E
<_„bƒè0U<	v	éf‰Ê‰S¶J
ƒè0<	vî‹C;C}0‹{,@‰ÑƒÀ
)ñ‰C<¯…ÿt…Étljw‰O€:_„F1öéýÿÿ€}_„‰Øè>àÿÿ‰Æ…ö„ýüÿÿ‹C€8_uփÀ
‰C‰Øèÿúÿÿ‰ñ‰$º-‰Øè®Üÿÿ‰ÆéÐüÿÿ‹C;C‹S@ƒÀ
‰C4Š…ö„†Ç'ÇF°BƒC0éTûÿÿ‹C;Cd‹S@ƒÀ
‰C4Š…ö„MÇ'ÇF°BƒC0éûÿÿ‹C;C+‹S@ƒÀ
‰C4Š…ö„Ç'ÇFȯBƒC0	éâúÿÿ‹C;Cò
‹S@ƒÀ
‰C4Š…ö„Û
Ç'ÇFð¯BƒC0
é©úÿÿ‹C;C¹
‹S@ƒÀ
‰C4Š…ö„¢
Ç'ÇFܯBƒC0	épúÿÿ‹C1ö;Cbúÿÿ‹S@ƒÀ
‰C4Š…ö„KúÿÿÇÇFM›BÇFé2úÿÿ‹C1ö;C$úÿÿ‹S@ƒÀ
‰C4Š…ö„
úÿÿÇÇFH›BÇFéôùÿÿ‹C;Cë
‹K4@ƒÀ
‰C1ҍ4±‰t$,Ç,¶Eƒè0<	–Âf‰V†ï
䯏
ùÿÿ‰F‹D$,‹@…À„òùÿÿCèÝÿÿ‹S1À€:tB
‰C1À€:s”À‹t$,f‰F
éqùÿÿ‹C;C‹S@ƒÀ
‰C4Š…ötnÇ'ÇF@°BƒC0é<ùÿÿ‹C;C}P‹S@ƒÀ
‰C4Š…öt=Ç'ÇF,°BƒC0éùÿÿ‰Øè^øÿÿÇ$‰ÁºJ‰Øè	Úÿÿ‰Æ‰D$,é¾ùÿÿÇD$,¡1ÿƒÆ
‰Ø‰sè øÿÿ‰ù‰$º*‰ØèÏÙÿÿ‰Æéñùÿÿ‰ØèÑòÿ4]ЖPš[Å
Ô
ÓdÀ¨8iPÀ]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀPp^_]Éðèh‰ÁƒÄ<‰È[^_]ÀúN…ÃÀ
T$,¹
‰F‰ðèÍæÿÿ…À‰Åt¼1҉ð1ÿèìçÿÿ‹V‰D$¶f„Ût|€ûD„ӍKÐ1À€ùw
¸ÿÓèƒà
KŸ€ù†S„À…K€ûU„€ûS„	€ûI„à€ûT„€ûE„õ€ûMu…ÿtB
‰F¶Z
‰Â„Ûu‰t&ÇE1Ééÿÿÿf‰ð艋V‰Á€:I…ÿÿÿ…À„øþÿÿ‹F ;F$ìþÿÿ‹^‰ƒƒÀ
‰F ¶X·1À€û
†J‰$º‰ðèkåÿÿƒÄ<‰Á[‰È^_]Àx
t„ê1҉ðèüêÿÿ‰Á‹F€8I…¨þÿÿƒÀ
‰L$‰F‰ðèýüÿÿ‹L$뭍´&P
‰V¶P
€ús„A€úd„†‰ðè
þÿÿ‰Ç1À…ÿtm‹ƒøE„ƒøG„‹F€8_…½ÿÿÿÿƒÀ
‰FFè¢çÿÿ…Àˆþÿÿƒýÿ„Þ
‹V1À;V}‹FRƒÂ
‰Vˆ…ÀtÇF‰h‰x‰$‰Ù‰ðºèwäÿÿƒÄ<‰Á[‰È^_]ÃÀ‰F‰ðè.‹V1É;V}'‹NRƒÂ
‰V™…ÉtÇ
ÇAD›BÇA‰$º
‰ðèäÿÿ‰Á‹FƒF0€8I…výÿÿ…É„Yýÿÿ‹V ;V$Mýÿÿ‹^‰“ƒÂ
‰V ¶8W·€ú
†Ÿþÿÿ1Àé\þÿÿ¶‰ðè™
…ÿ„‘º
‰$‰ù‰ðè°ãÿÿ‰Ç€ûSti‹V¶€ûE„Wýÿÿ…ÿ„Âýÿÿ‹F ;F$¶ýÿÿ‹N‰<ƒÀ
‰F ¶é"ýÿÿf¶B
ƒàß<T‰ðuèž
…ÿu™‰Ç뭍¶‰ðè
ë鍴&‹V¶éåüÿÿt&‰Çé{ÿÿÿ‰ö¼'…ÿ„HýÿÿƒÂ
‰ð‰VèÛúÿÿºéEÿÿÿº
‰ðè¤èÿÿ…ÿ…+ÿÿÿ‹V‰Ç¶éüÿÿ‰ðè¸æÿÿéuÿÿÿ‰øéDþÿÿP‰V€x_„¦‹V1À;V&þÿÿ‹FRƒÂ
‰Vˆ…À„þÿÿÇÇ@5›BÇ@éöýÿÿƒÀ‰F‰ðèæÿÿ…À‰Åˆ¼ûÿÿ‰ðèpûÿÿ…À‰Ç„¥ý]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀP<Jÿÿ‹ƒøE„šýÿÿƒøG„‘ýÿÿ‹F€8_……ýÿÿéaýÿÿƒÂ
‰ð‰L$‰Vèïùÿÿ‹L$éœüÿÿƒÀ‰FFèèäÿÿ…À‰Dÿÿÿ1ÉéPûÿÿ…ÿ‰}„Cûÿÿ‹|$…ÿt‹D$,‰|$,‰G€:E…'ûÿÿƒÂ
‹L$,‰Vé-ûÿÿvUWVS‰Ãƒì<‹h¾E<r”Á<V‰Î”Á‰òÊu"<Kt<D„òHЀùJ‡À¶Éÿ$\›BT$,1ɉØèÏáÿÿ…À‰Æ„Ÿ‹C€8F‰Ø„§è’ÿÿÿ‰…À„‚‹8Wáƒú
†Ë‹T$,…Òtl‹C ;C$}d‹K‰‹t$,ƒÀ
‰C ƒÄ<‰ð[^_]Ës4‰ØÇC4
èŸòÿÿÇ$‰ÁºB‰s4‰Øèçàÿÿ…À‰Æ‰D$,t‹C€8tP
‰S€8E„ŽƒÄ<1ö[‰ð^_]Ív¼'èK‰éTÿÿÿt&€}
x„ÿÿÿE
‰C€}
tčE‰C¶E
ƒèF<0w³¶Àÿ$…ˆœB‹L$,‹P‰H‹‰D$,‰éÿÿÿ´&‰ØèYùÿÿ‰Æ‰D$,v…ö„rÿÿÿ‹C ;C$fÿÿÿ‹S‰4‚ƒÀ
‹t$,‰C éýþÿÿ´&U
‰Ø‰SèCþÿÿ…À‰Æ„‰Øè2þÿÿ…À„ô‰$‰ñº+‰ØèÙßÿÿ‰Æ‰t$,두U
‰Ø‰SèþÿÿÇ$‰Áº$‰Øè®ßÿÿ‰Æ‰D$,écÿÿÿvU
‰Ø‰SèÓýÿÿÇ$‰Áº"‰Øè~ßÿÿ‰Æ‰D$,é3ÿÿÿvU
‰Ø‰Sè£ýÿÿÇ$‰Áº#‰ØèNßÿÿ‰Æ‰D$,éÿÿÿv¶E
PЀú	v<_tƒèA<‡]1҉ØèÌäÿÿ‰D$,‰Æ‹C€8I…ðýÿÿ‰Øèã÷ÿÿ‹L$,‰$º‰ØèðÞÿÿ‰Æéÿÿÿ‰ö¼'‰Øè¹âÿÿ‹{‰D$,‰Æ€?I…‡þÿÿ‹S8…Ò…b…À„îýÿÿ‹C ;C$âýÿÿ‹S‰4‚ƒÀ
‰C ‰Øèu÷ÿÿ됍vU
‰Ø‰SèÃâÿÿ‰D$,‰Æ‹C€8I„ò‰Øèªüÿÿ‰4$‰Áº!‰ØèYÞÿÿ‰Æ‰D$,éþÿÿU
‰Ø‰SèüÿÿÇ$‰Áº%‰Øè,Þÿÿ‰Æ‰D$,éáýÿÿ„€þÿÿ…À­B‹C;C]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀPÇø‹s<@ƒÀ
‰C4¾…ö„ñU
‰NÇ'‹A
C0‰Sé»üÿÿt&‰Øèi‰Æ‰D$,é~ýÿÿU
‰Ø‰SèñáÿÿÇ$‰Áº(‰ØèœÝÿÿ‰Æ‰D$,éQýÿÿU
‰Ø‰SèÃûÿÿÇ$‰Áº&‰ØènÝÿÿ‰Æ‰D$,é#ýÿÿu
‰s¶E
<_„bƒè0U<	v	éf‰Ê‰S¶J
ƒè0<	vî‹C;C}0‹{,@‰ÑƒÀ
)ñ‰C<¯…ÿt…Étljw‰O€:_„F1öéýÿÿ€}_„‰Øè>àÿÿ‰Æ…ö„ýüÿÿ‹C€8_uփÀ
‰C‰Øèÿúÿÿ‰ñ‰$º-‰Øè®Üÿÿ‰ÆéÐüÿÿ‹C;C‹S@ƒÀ
‰C4Š…ö„†Ç'ÇF°BƒC0éTûÿÿ‹C;Cd‹S@ƒÀ
‰C4Š…ö„MÇ'ÇF°BƒC0éûÿÿ‹C;C+‹S@ƒÀ
‰C4Š…ö„Ç'ÇFȯBƒC0	éâúÿÿ‹C;Cò
‹S@ƒÀ
‰C4Š…ö„Û
Ç'ÇFð¯BƒC0
é©úÿÿ‹C;C¹
‹S@ƒÀ
‰C4Š…ö„¢
Ç'ÇFܯBƒC0	épúÿÿ‹C1ö;Cbúÿÿ‹S@ƒÀ
‰C4Š…ö„KúÿÿÇÇFM›BÇFé2úÿÿ‹C1ö;C$úÿÿ‹S@ƒÀ
‰C4Š…ö„
úÿÿÇÇFH›BÇFéôùÿÿ‹C;Cë
‹K4@ƒÀ
‰C1ҍ4±‰t$,Ç,¶Eƒè0<	–Âf‰V†ï
䯏
ùÿÿ‰F‹D$,‹@…À„òùÿÿCèÝÿÿ‹S1À€:tB
‰C1À€:s”À‹t$,f‰F
éqùÿÿ‹C;C‹S@ƒÀ
‰C4Š…ötnÇ'ÇF@°BƒC0é<ùÿÿ‹C;C}P‹S@ƒÀ
‰C4Š…öt=Ç'ÇF,°BƒC0éùÿÿ‰Øè^øÿÿÇ$‰ÁºJ‰Øè	Úÿÿ‰Æ‰D$,é¾ùÿÿÇD$,¡1ÿƒÆ
‰Ø‰sè øÿÿ‰ù‰$º*‰ØèÏÙÿÿ‰Æéñùÿÿ‰ØèÑòÿ4]ЖPš[½8
Ô
ÓdÀ¨8iPÀ]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀPp^_]Éðèh‰ÁƒÄ<‰È[^_]ÀúN…ÃÀ
T$,¹
‰F‰ðèÍæÿÿ…À‰Åt¼1҉ð1ÿèìçÿÿ‹V‰D$¶f„Ût|€ûD„ӍKÐ1À€ùw
¸ÿÓèƒà
KŸ€ù†S„À…K€ûU„€ûS„	€ûI„à€ûT„€ûE„õ€ûMu…ÿtB
‰F¶Z
‰Â„Ûu‰t&ÇE1Ééÿÿÿf‰ð艋V‰Á€:I…ÿÿÿ…À„øþÿÿ‹F ;F$ìþÿÿ‹^‰ƒƒÀ
‰F ¶X·1À€û
†J‰$º‰ðèkåÿÿƒÄ<‰Á[‰È^_]Àx
t„ê1҉ðèüêÿÿ‰Á‹F€8I…¨þÿÿƒÀ
‰L$‰F‰ðèýüÿÿ‹L$뭍´&P
‰V¶P
€ús„A€úd„†‰ðè
þÿÿ‰Ç1À…ÿtm‹ƒøE„ƒøG„‹F€8_…½ÿÿÿÿƒÀ
‰FFè¢çÿÿ…Àˆþÿÿƒýÿ„Þ
‹V1À;V}‹FRƒÂ
‰Vˆ…ÀtÇF‰h‰x‰$‰Ù‰ðºèwäÿÿƒÄ<‰Á[‰È^_]ÃÀ‰F‰ðè.‹V1É;V}'‹NRƒÂ
‰V™…ÉtÇ
ÇAD›BÇA‰$º
‰ðèäÿÿ‰Á‹FƒF0€8I…výÿÿ…É„Yýÿÿ‹V ;V$Mýÿÿ‹^‰“ƒÂ
‰V ¶8W·€ú
†Ÿþÿÿ1Àé\þÿÿ¶‰ðè™
…ÿ„‘º
‰$‰ù‰ðè°ãÿÿ‰Ç€ûSti‹V¶€ûE„Wýÿÿ…ÿ„Âýÿÿ‹F ;F$¶ýÿÿ‹N‰<ƒÀ
‰F ¶é"ýÿÿf¶B
ƒàß<T‰ðuèž
…ÿu™‰Ç뭍¶‰ðè
ë鍴&‹V¶éåüÿÿt&‰Çé{ÿÿÿ‰ö¼'…ÿ„HýÿÿƒÂ
‰ð‰VèÛúÿÿºéEÿÿÿº
‰ðè¤èÿÿ…ÿ…+ÿÿÿ‹V‰Ç¶éüÿÿ‰ðè¸æÿÿéuÿÿÿ‰øéDþÿÿP‰V€x_„¦‹V1À;V&þÿÿ‹FRƒÂ
‰Vˆ…À„þÿÿÇÇ@5›BÇ@éöýÿÿƒÀ‰F‰ðèæÿÿ…À‰Åˆ¼ûÿÿ‰ðèpûÿÿ…À‰Ç„¥ý]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀP<Jÿÿ‹ƒøE„šýÿÿƒøG„‘ýÿÿ‹F€8_……ýÿÿéaýÿÿƒÂ
‰ð‰L$‰Vèïùÿÿ‹L$éœüÿÿƒÀ‰FFèèäÿÿ…À‰Dÿÿÿ1ÉéPûÿÿ…ÿ‰}„Cûÿÿ‹|$…ÿt‹D$,‰|$,‰G€:E…'ûÿÿƒÂ
‹L$,‰Vé-ûÿÿvUWVS‰Ãƒì<‹h¾E<r”Á<V‰Î”Á‰òÊu"<Kt<D„òHЀùJ‡À¶Éÿ$\›BT$,1ɉØèÏáÿÿ…À‰Æ„Ÿ‹C€8F‰Ø„§è’ÿÿÿ‰…À„‚‹8Wáƒú
†Ë‹T$,…Òtl‹C ;C$}d‹K‰‹t$,ƒÀ
‰C ƒÄ<‰ð[^_]Ës4‰ØÇC4
èŸòÿÿÇ$‰ÁºB‰s4‰Øèçàÿÿ…À‰Æ‰D$,t‹C€8tP
‰S€8E„ŽƒÄ<1ö[‰ð^_]Ív¼'èK‰éTÿÿÿt&€}
x„ÿÿÿE
‰C€}
tčE‰C¶E
ƒèF<0w³¶Àÿ$…ˆœB‹L$,‹P‰H‹‰D$,‰éÿÿÿ´&‰ØèYùÿÿ‰Æ‰D$,v…ö„rÿÿÿ‹C ;C$fÿÿÿ‹S‰4‚ƒÀ
‹t$,‰C éýþÿÿ´&U
‰Ø‰SèCþÿÿ…À‰Æ„‰Øè2þÿÿ…À„ô‰$‰ñº+‰ØèÙßÿÿ‰Æ‰t$,두U
‰Ø‰SèþÿÿÇ$‰Áº$‰Øè®ßÿÿ‰Æ‰D$,écÿÿÿvU
‰Ø‰SèÓýÿÿÇ$‰Áº"‰Øè~ßÿÿ‰Æ‰D$,é3ÿÿÿvU
‰Ø‰Sè£ýÿÿÇ$‰Áº#‰ØèNßÿÿ‰Æ‰D$,éÿÿÿv¶E
PЀú	v<_tƒèA<‡]1҉ØèÌäÿÿ‰D$,‰Æ‹C€8I…ðýÿÿ‰Øèã÷ÿÿ‹L$,‰$º‰ØèðÞÿÿ‰Æéÿÿÿ‰ö¼'‰Øè¹âÿÿ‹{‰D$,‰Æ€?I…‡þÿÿ‹S8…Ò…b…À„îýÿÿ‹C ;C$âýÿÿ‹S‰4‚ƒÀ
‰C ‰Øèu÷ÿÿ됍vU
‰Ø‰SèÃâÿÿ‰D$,‰Æ‹C€8I„ò‰Øèªüÿÿ‰4$‰Áº!‰ØèYÞÿÿ‰Æ‰D$,éþÿÿU
‰Ø‰SèüÿÿÇ$‰Áº%‰Øè,Þÿÿ‰Æ‰D$,éáýÿÿ„€þÿÿ…À­B‹C;C]ЖP]ЖPš[
EsÔ
ÓdÀ¨8iPÀPÇø‹s<@ƒÀ
‰C4¾…ö„ñU
‰NÇ'‹A
C0‰Sé»üÿÿt&‰Øèi‰Æ‰D$,é~ýÿÿU
‰Ø‰SèñáÿÿÇ$‰Áº(‰ØèœÝÿÿ‰Æ‰D$,éQýÿÿU
‰Ø‰SèÃûÿÿÇ$‰Áº&‰ØènÝÿÿ‰Æ‰D$,é#ýÿÿu
‰s¶E
<_„bƒè0U<	v	éf‰Ê‰S¶J
ƒè0<	vî‹C;C}0‹{,@‰ÑƒÀ
)ñ‰C<¯…ÿt…Étljw‰O€:_„F1öéýÿÿ€}_„‰Øè>àÿÿ‰Æ…ö„ýüÿÿ‹C€8_uփÀ
‰C‰Øèÿúÿÿ‰ñ‰$º-‰Øè®Üÿÿ‰ÆéÐüÿÿ‹C;C‹S@ƒÀ
‰C4Š…ö„†Ç'ÇF°BƒC0éTûÿÿ‹C;Cd‹S@ƒÀ
‰C4Š…ö„MÇ'ÇF°BƒC0éûÿÿ‹C;C+‹S@ƒÀ
‰C4Š…ö„Ç'ÇFȯBƒC0	éâúÿÿ‹C;Cò
‹S@ƒÀ
‰C4Š…ö„Û
Ç'ÇFð¯BƒC0
é©úÿÿ‹C;C¹
‹S@ƒÀ
‰C4Š…ö„¢
Ç'ÇFܯBƒC0	épúÿÿ‹C1ö;Cbúÿÿ‹S@ƒÀ
‰C4Š…ö„KúÿÿÇÇFM›BÇFé2úÿÿ‹C1ö;C$úÿÿ‹S@ƒÀ
‰C4Š…ö„
úÿÿÇÇFH›BÇFéôùÿÿ‹C;Cë
‹K4@ƒÀ
‰C1ҍ4±‰t$,Ç,¶Eƒè0<	–Âf‰V†ï
䯏
ùÿÿ‰F‹D$,‹@…À„òùÿÿCèÝÿÿ‹S1À€:tB
‰C1À€:s”À‹t$,f‰F
éqùÿÿ‹C;C‹S@ƒÀ
‰C4Š…ötnÇ'ÇF@°BƒC0é<ùÿÿ‹C;C}P‹S@ƒÀ
‰C4Š…öt=Ç'ÇF,°BƒC0éùÿÿ‰Øè^øÿÿÇ$‰ÁºJ‰Øè	Úÿÿ‰Æ‰D$,é¾ùÿÿÇD$,¡1ÿƒÆ
‰Ø‰sè øÿÿ‰ù‰$º*‰ØèÏÙÿÿ‰Æéñùÿÿ‰ØèÑòÿ

Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1            18          7749912      229110982     106333658          1.9b    2.42
 IPv4       2            14          3969818      230706110      85350692          1.2b    1.51
 IPv4       6           310           194748      234744752     160199494         49.7b   62.70
 IPv4      17           225          4532434      236741602     117478379         26.4b   33.37
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1            18           114954         625332        201755          3.6m    1.27
TMM_FLOWWORKER              IPv4       2            14           132296         196136        147711          2.1m    0.72
TMM_FLOWWORKER              IPv4       6           310           115148        4481484        432857        134.2m   46.82
TMM_FLOWWORKER              IPv4      17           225           203990       25161274        626748        141.0m   49.20
TMM_RECEIVEPCAPFILE         IPv4       1            18             4692           6416          5122         92.2k    0.03
TMM_RECEIVEPCAPFILE         IPv4       2            14             4458           5238          4687         65.6k    0.02
TMM_RECEIVEPCAPFILE         IPv4       6           307             4462          22804          5184          1.6m    0.56
TMM_RECEIVEPCAPFILE         IPv4      17           225             4444          23482          4925          1.1m    0.39
TMM_DECODEPCAPFILE          IPv4       1            18             4766          25764          6405        115.3k    0.04
TMM_DECODEPCAPFILE          IPv4       2            14             4566           5500          4802         67.2k    0.02
TMM_DECODEPCAPFILE          IPv4       6           307             4558          42726          4943          1.5m    0.53
TMM_DECODEPCAPFILE          IPv4      17           225             4580          38188          5145          1.2m    0.40

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1            18             5020           6148          5537         99.7k  0.04  
flow                    IPv4       6           307             4766          43876          5900          1.8m  0.80  
flow                    IPv4      17           225             4582          22426          6230          1.4m  0.62  
stream                  IPv4       6           310             4522        1111772         17794          5.5m  2.43  
app-layer               IPv4      17           225             4436          64444         11616          2.6m  1.15  
detect                  IPv4       1            18            95806         603866        181753          3.3m  1.44  
detect                  IPv4       2            14           122934         186678        137755          1.9m  0.85  
detect                  IPv4       6           310            77864        3953926        374473        116.1m  51.05 
detect                  IPv4      17           225           176436        8444046        413296         93.0m  40.89 
tcp-prune               IPv4       6           310             4428          63568          5440          1.7m  0.74  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            19676          21100         20388         40.8k  5.94  
tls                     IPv4       6             3             4674           7708          5824         17.5k  2.54  
tls                     IPv4      17             1             5866           5866          5866          5.9k  0.85  
dns                     IPv4      17            80             5102          26030          7782        622.6k  90.66 
Proto detect            IPv4      17            79             4784          49206          7523        594.3k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           113562         113562        113562        113.6k  0.40  
LOGGER_UNIFIED2             IPv4       6             1           154994         154994        154994        155.0k  0.55  
LOGGER_JSON_ALERT           IPv4       6             1           197408         197408        197408        197.4k  0.70  
LOGGER_JSON_DNS             IPv4      17            48            34096       24335902        569256         27.3m  96.22 
LOGGER_JSON_HTTP            IPv4       6             1           180500         180500        180500        180.5k  0.64  
LOGGER_JSON_TLS             IPv4       6             2            52372          72180         62276        124.6k  0.44  
LOGGER_JSON_FILE            IPv4       6             1           301450         301450        301450        301.5k  1.06  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1            18             5380          21150         12879       231.8k  0.54  
payload                           IPv4       6           209             4726         167204         26070         5.4m  12.77 
payload                           IPv4      17           225             5204        8229164         51753        11.6m  27.29 
stream                            IPv4       6           209             4446         427356         42854         9.0m  20.99 
http_uri                          IPv4       6             1            34714          34714         34714        34.7k  0.08  
http_request_line                 IPv4       6             1            10890          10890         10890        10.9k  0.03  
http_client_body                  IPv4       6             1            12136          12136         12136        12.1k  0.03  
http_header (request)             IPv4       6             1            44898          44898         44898        44.9k  0.11  
http_header (request trailer)     IPv4       6             1             4782           4782          4782         4.8k  0.01  
http_header_names (request)       IPv4       6             1            15876          15876         15876        15.9k  0.04  
http_accept (request)             IPv4       6             1            16792          16792         16792        16.8k  0.04  
http_referer (request)            IPv4       6             1             6162           6162          6162         6.2k  0.01  
http_content_len (request)        IPv4       6             1             6066           6066          6066         6.1k  0.01  
http_content_type (request)       IPv4       6             1             5466           5466          5466         5.5k  0.01  
http_protocol (request)           IPv4       6             1             8420           8420          8420         8.4k  0.02  
http_start (request)              IPv4       6             1            38302          38302         38302        38.3k  0.09  
http_raw_header (request)         IPv4       6             1            14546          14546         14546        14.5k  0.03  
http_method                       IPv4       6             1            11094          11094         11094        11.1k  0.03  
http_cookie (request)             IPv4       6             1            12824          12824         12824        12.8k  0.03  
http_raw_uri                      IPv4       6             1             8490           8490          8490         8.5k  0.02  
http_user_agent                   IPv4       6             1             5146           5146          5146         5.1k  0.01  
http_host                         IPv4       6             1            12186          12186         12186        12.2k  0.03  
dns_query                         IPv4      17            24             5092          16772          9496       227.9k  0.53  
tls_sni                           IPv4       6             3             8520          31742         18407        55.2k  0.13  
http_response_line                IPv4       6             1            12324          12324         12324        12.3k  0.03  
http_header (response)            IPv4       6             1           100182         100182        100182       100.2k  0.23  
http_header (response trailer)    IPv4       6             1           121854         121854        121854       121.9k  0.29  
http_content_type (response)      IPv4       6             1            11466          11466         11466        11.5k  0.03  
http_raw_header (response)        IPv4       6           179             7830          34352          8794         1.6m  3.69  
http_cookie (response)            IPv4       6             1             8840           8840          8840         8.8k  0.02  
http_stat_code                    IPv4       6             1             6448           6448          6448         6.4k  0.02  
tls_cert_issuer                   IPv4       6             2             7608          12216          9912        19.8k  0.05  
tls_cert_subject                  IPv4       6             2             7182          11232          9207        18.4k  0.04  
tls_cert_serial                   IPv4       6             2             7990          10278          9134        18.3k  0.04  
file_data (http response)         IPv4       6           178             4494        1027856         78372        14.0m  32.69 
Total                             IPv4                  1075                                         39698        42.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             8            41332         461224         94946        759.6k  0.30  
PROF_DETECT_IPONLY          IPv4       2            14            41914          84782         47875        670.3k  0.27  
PROF_DETECT_IPONLY          IPv4       6            16             6480          72302         41170        658.7k  0.26  
PROF_DETECT_IPONLY          IPv4      17            88             5572         481272         52939          4.7m  1.85  
PROF_DETECT_RULES           IPv4       1            18             4456          36070         23246        418.4k  0.17  
PROF_DETECT_RULES           IPv4       2            14             4444           6102          4672         65.4k  0.03  
PROF_DETECT_RULES           IPv4       6           310             4436        2616728        134412         41.7m  16.56 
PROF_DETECT_RULES           IPv4      17           225            76248        5528182        221294         49.8m  19.78 
PROF_DETECT_STATEFUL_START    IPv4       6            75             8928         885912         70640          5.3m  2.11  
PROF_DETECT_STATEFUL_CONT    IPv4       1            18             4414           6390          4885         87.9k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             4418           5640          4635         64.9k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv4       6           310             4418          83130         17841          5.5m  2.20  
PROF_DETECT_STATEFUL_CONT    IPv4      17           225             4414          99722          6741          1.5m  0.60  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           283             4462          24640          4785          1.4m  0.54  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            48             4510           7978          4920        236.2k  0.09  
PROF_DETECT_PREFILTER       IPv4       1            18            32378          61412         48491        872.8k  0.35  
PROF_DETECT_PREFILTER       IPv4       2            14            13572          33856         17026        238.4k  0.09  
PROF_DETECT_PREFILTER       IPv4       6           310            13554        1213962        149106         46.2m  18.37 
PROF_DETECT_PREFILTER       IPv4      17           225            41272        8269316         96557         21.7m  8.63  
PROF_DETECT_PF_PAYLOAD      IPv4       1            18            14226          30332         22434        403.8k  0.16  
PROF_DETECT_PF_PAYLOAD      IPv4       6           209            27950         446754         83290         17.4m  6.92  
PROF_DETECT_PF_PAYLOAD      IPv4      17           225            14074        8239286         61425         13.8m  5.49  
PROF_DETECT_PF_TX           IPv4       6           283             4492        1068970         69327         19.6m  7.80  
PROF_DETECT_PF_TX           IPv4      17            24            14208          27162         19157        459.8k  0.18  
PROF_DETECT_PF_SORT1        IPv4       1            12             4536           6732          4972         59.7k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6           172             4460          63064          5946          1.0m  0.41  
PROF_DETECT_PF_SORT1        IPv4      17           225             4506          23652          5547          1.2m  0.50  
PROF_DETECT_PF_SORT2        IPv4       1            18             4468           5952          4932         88.8k  0.04  
PROF_DETECT_PF_SORT2        IPv4       2            14             4426           5890          4707         65.9k  0.03  
PROF_DETECT_PF_SORT2        IPv4       6           310             4428          30394          5128          1.6m  0.63  
PROF_DETECT_PF_SORT2        IPv4      17           225             4460         422826          6990          1.6m  0.62  
PROF_DETECT_NONMPMLIST      IPv4       1            18             4450           6106          4995         89.9k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       2            14             4426          20890          5955         83.4k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       6           310             4420          43880          5365          1.7m  0.66  
PROF_DETECT_NONMPMLIST      IPv4      17           225             4418          24334          5195          1.2m  0.46  
PROF_DETECT_ALERT           IPv4       1            18             4426           7046          4698         84.6k  0.03  
PROF_DETECT_ALERT           IPv4       2            14             4422           5696          4566         63.9k  0.03  
PROF_DETECT_ALERT           IPv4       6           310             4426          27542          5206          1.6m  0.64  
PROF_DETECT_ALERT           IPv4      17           225             4428          26192          4812          1.1m  0.43  
PROF_DETECT_CLEANUP         IPv4       1            18             4522           5664          4683         84.3k  0.03  
PROF_DETECT_CLEANUP         IPv4       2            14             4420           5460          4563         63.9k  0.03  
PROF_DETECT_CLEANUP         IPv4       6           310             4480          37296          5293          1.6m  0.65  
PROF_DETECT_CLEANUP         IPv4      17           225             4418          30650

lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/30e2a20368a92afe1016fbc3e5a7d06756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0857-pcap_2.pcap -vvv -k none
elapsedtime:22.998666
stderr:
stdout:
18/11/2019 -- 08:57:15 - <Info> - Configuration node 'rule-files' redefined.
18/11/2019 -- 08:57:15 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/11/2019 -- 08:57:15 - <Info> - CPUs/cores online: 1
18/11/2019 -- 08:57:15 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33793 and 'request-body-inspect-window' set to 16539 after randomization.
18/11/2019 -- 08:57:15 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31605 and 'response-body-inspect-window' set to 16334 after randomization.
18/11/2019 -- 08:57:15 - <Config> - DNS request flood protection level: 500
18/11/2019 -- 08:57:15 - <Config> - DNS per flow memcap (state-memcap): 524288
18/11/2019 -- 08:57:15 - <Config> - DNS global memcap: 16777216
18/11/2019 -- 08:57:15 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/11/2019 -- 08:57:15 - <Config> - preallocated 1000 hosts of size 136
18/11/2019 -- 08:57:15 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/11/2019 -- 08:57:15 - <Config> - using magic-file /usr/share/file/magic
18/11/2019 -- 08:57:15 - <Config> - Core dump size is unlimited.
18/11/2019 -- 08:57:15 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/11/2019 -- 08:57:15 - <Config> - preallocated 1000 defrag trackers of size 168
18/11/2019 -- 08:57:15 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/11/2019 -- 08:57:15 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/11/2019 -- 08:57:15 - <Config> - stream "memcap": 33554432
18/11/2019 -- 08:57:15 - <Config> - stream "midstream" session pickups: disabled
18/11/2019 -- 08:57:15 - <Config> - stream "async-oneside": disabled
18/11/2019 -- 08:57:15 - <Config> - stream "checksum-validation": disabled
18/11/2019 -- 08:57:15 - <Config> - stream."inline": disabled
18/11/2019 -- 08:57:15 - <Config> - stream "bypass": disabled
18/11/2019 -- 08:57:15 - <Config> - stream "max-synack-queued": 5
18/11/2019 -- 08:57:15 - <Config> - stream.reassembly "memcap": 134217728
18/11/2019 -- 08:57:15 - <Config> - stream.reassembly "depth": 0
18/11/2019 -- 08:57:15 - <Config> - stream.reassembly "toserver-chunk-size": 2555
18/11/2019 -- 08:57:15 - <Config> - stream.reassembly "toclient-chunk-size": 2592
18/11/2019 -- 08:57:15 - <Config> - stream.reassembly.raw: enabled
18/11/2019 -- 08:57:15 - <Config> - stream.reassembly "segment-prealloc": 2048
18/11/2019 -- 08:57:15 - <Config> - Delayed detect disabled
18/11/2019 -- 08:57:15 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/11/2019 -- 08:57:15 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/11/2019 -- 08:57:15 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/11/2019 -- 08:57:15 - <Config> - prefilter engines: MPM
18/11/2019 -- 08:57:15 - <Config> - IP reputation disabled
18/11/2019 -- 08:57:15 - <Perf> - Registered 148 keyword profiling counters.
18/11/2019 -- 08:57:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/11/2019 -- 08:57:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/11/2019 -- 08:57:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/11/2019 -- 08:57:20 - <Config> - No rules loaded from ET-icmp.rules.
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/11/2019 -- 08:57:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/11/2019 -- 08:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/11/2019 -- 08:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/11/2019 -- 08:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/11/2019 -- 08:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/11/2019 -- 08:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/11/2019 -- 08:57:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/11/2019 -- 08:57:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/11/2019 -- 08:57:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/11/2019 -- 08:57:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/11/2019 -- 08:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/11/2019 -- 08:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/11/2019 -- 08:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/11/2019 -- 08:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/11/2019 -- 08:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/11/2019 -- 08:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/11/2019 -- 08:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/11/2019 -- 08:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/11/2019 -- 08:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/11/2019 -- 08:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/11/2019 -- 08:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/11/2019 -- 08:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/11/2019 -- 08:57:28 - <Config> - No rules loaded from local.rules.
18/11/2019 -- 08:57:28 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/11/2019 -- 08:57:28 - <Info> - Threshold config parsed: 0 rule(s) found
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for tcp-packet
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for tcp-stream
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for udp-packet
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for other-ip
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_uri
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_client_body
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_accept
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_accept_enc
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_accept_lang
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_referer
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_connection
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_method
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_raw_uri
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_user_agent
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_host
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_raw_host
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_stat_msg
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_stat_code
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for dns_query
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for tls_sni
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 08:57:29 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 08:57:29 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/11/2019 -- 08:57:29 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/11/2019 -- 08:57:29 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/11/2019 -- 08:57:29 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/11/2019 -- 08:57:29 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/11/2019 -- 08:57:29 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/11/2019 -- 08:57:29 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/11/2019 -- 08:57:29 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/11/2019 -- 08:57:33 - <Perf> - Unique rule groups: 104
18/11/2019 -- 08:57:33 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/11/2019 -- 08:57:33 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/11/2019 -- 08:57:33 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/11/2019 -- 08:57:33 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/11/2019 -- 08:57:33 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/11/2019 -- 08:57:33 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/11/2019 -- 08:57:33 - <Perf> - Builtin MPM "other IP packet": 3
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_header": 10
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient http_header": 6
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_start": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_method": 5
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver http_host": 2
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toserver file_data": 1
18/11/2019 -- 08:57:33 - <Perf> - AppLayer MPM "toclient file_data": 7
18/11/2019 -- 08:57:36 - <Perf> - Registered 39590 rule profiling counters.
18/11/2019 -- 08:57:36 - <Info> - fast output device (regular) initialized: alert
18/11/2019 -- 08:57:36 - <Info> - eve-log output device (regular) initialized: eve.json
18/11/2019 -- 08:57:36 - <Config> - enabling 'eve-log' module 'alert'
18/11/2019 -- 08:57:36 - <Config> - enabling 'eve-log' module 'http'
18/11/2019 -- 08:57:36 - <Config> - enabling 'eve-log' module 'dns'
18/11/2019 -- 08:57:36 - <Config> - enabling 'eve-log' module 'tls'
18/11/2019 -- 08:57:36 - <Config> - enabling 'eve-log' module 'files'
18/11/2019 -- 08:57:36 - <Config> - enabling 'eve-log' module 'ssh'
18/11/2019 -- 08:57:36 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/11/2019 -- 08:57:36 - <Info> - stats output device (regular) initialized: stats.log
18/11/2019 -- 08:57:36 - <Config> - AutoFP mode using "Hash" flow loa

11/17/2019-00:37:36.301659  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 212.1.211.100:80 -> 192.168.56.105:49178
11/17/2019-00:37:36.301659  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 212.1.211.100:80 -> 192.168.56.105:49178
11/17/2019-00:37:36.301659  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 212.1.211.100:80 -> 192.168.56.105:49178

  --------------------------------------------------------------------------
  Date: 11/18/2019 -- 08:57:38. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2023620      1        3        5512904      8.72   101      0        5052838     54583.21    0.00        54583.21   
  2        2018666      1        4        1260618      1.99   7        0        929416      180088.29   0.00        180088.29  
  3        2022531      1        1        492732       0.78   3        0        444122      164244.00   0.00        164244.00  
  4        2814979      1        2        492042       0.78   2        0        325564      246021.00   0.00        246021.00  
  5        2021749      1        6        588820       0.93   2        0        313930      294410.00   0.00        294410.00  
  6        2822213      1        2        493494       0.78   2        0        310668      246747.00   0.00        246747.00  
  7        2814978      1        2        489414       0.77   2        0        304566      244707.00   0.00        244707.00  
  8        2819664      1        2        594692       0.94   3        0        222864      198230.67   0.00        198230.67  
  9        2016855      1        2        219548       0.35   1        0        219548      219548.00   0.00        219548.00  
  10       2023615      1        3        456980       0.72   53       0        216816      8622.26     0.00        8622.26    
  11       2802987      1        5        1491562      2.36   23       0        211404      64850.52    0.00        64850.52   
  12       2819930      1        2        560290       0.89   3        0        207270      186763.33   0.00        186763.33  
  13       2820158      1        2        550598       0.87   3        0        199088      183532.67   0.00        183532.67  
  14       2016854      1        3        195866       0.31   1        0        195866      195866.00   0.00        195866.00  
  15       2820157      1        2        477026       0.75   3        0        161512      159008.67   0.00        159008.67  
  16       2803027      1        6        868078       1.37   10       0        160308      86807.80    0.00        86807.80   
  17       2805348      1        4        557876       0.88   6        0        147170      92979.33    0.00        92979.33   
  18       2018005      1        6        247968       0.39   2        0        143006      123984.00   0.00        123984.00  
  19       2018342      1        2        271658       0.43   2        0        142768      135829.00   0.00        135829.00  
  20       2014353      1        6        128840       0.20   1        0        128840      128840.00   0.00        128840.00  
  21       2016537      1        2        1418818      2.25   51       1        123168      27819.96    123168.00   25913.00   
  22       2801929      1        7        1047746      1.66   13       0        121486      80595.85    0.00        80595.85   
  23       2827094      1        2        199916       0.32   2        0        108536      99958.00    0.00        99958.00   
  24       2804927      1        2        103446       0.16   1        0        103446      103446.00   0.00        103446.00  
  25       2802991      1        5        314724       0.50   5        0        103230      62944.80    0.00        62944.80   
  26       2023711      1        2        102588       0.16   1        0        102588      102588.00   0.00        102588.00  
  27       2801930      1        7        996240       1.58   13       0        102018      76633.85    0.00        76633.85   
  28       2008575      1        5        1736502      2.75   156      0        100384      11131.42    0.00        11131.42   
  29       2821615      1        2        97570        0.15   1        0        97570       97570.00    0.00        97570.00   
  30       2804906      1        3        96314        0.15   1        0        96314       96314.00    0.00        96314.00   
  31       2018241      1        2        94876        0.15   1        0        94876       94876.00    0.00        94876.00   
  32       2010143      1        3        1219828      1.93   190      0        94236       6420.15     0.00        6420.15    
  33       2804907      1        3        93236        0.15   1        0        93236       93236.00    0.00        93236.00   
  34       2014520      1        6        235668       0.37   25       1        88602       9426.72     19806.00    8994.25    
  35       2018316      1        4        431722       0.68   7        0        88508       61674.57    0.00        61674.57   
  36       2008438      1        20       87740        0.14   1        0        87740       87740.00    0.00        87740.00   
  37       2018959      1        3        85416        0.14   1        1        85416       85416.00    85416.00    0.00       
  38       2009028      1        11       82530        0.13   1        0        82530       82530.00    0.00        82530.00   
  39       2829607      1        1        79666        0.13   1        0        79666       79666.00    0.00        79666.00   
  40       2803657      1        5        258482       0.41   4        0        76902       64620.50    0.00        64620.50   
  41       2013352      1        4        76774        0.12   1        0        76774       76774.00    0.00        76774.00   
  42       2826256      1        2        75868        0.12   1        0        75868       75868.00    0.00        75868.00   
  43       2830124      1        1        75716        0.12   1        0        75716       75716.00    0.00        75716.00   
  44       2022074      1        3        73250        0.12   1        0        73250       73250.00    0.00        73250.00   
  45       2811542      1        1        265724       0.42   8        0        72404       33215.50    0.00        33215.50   
  46       2020741      1        1        402772       0.64   7        0        72138       57538.86    0.00        57538.86   
  47       2809850      1        2        254726       0.40   8        0        70186       31840.75    0.00        31840.75   
  48       2808234      1        1        70180        0.11   1        0        70180       70180.00    0.00        70180.00   
  49       2811577      1        2        214768       0.34   7        0        68592       30681.14    0.00        30681.14   
  50       2811544      1        1        257854       0.41   7        0        67652       36836.29    0.00        36836.29   
  51       2020569      1        1        65938        0.10   1        0        65938       65938.00    0.00        65938.00   
  52       2810481      1        4        132572       0.21   3        0        65588       44190.67    0.00        44190.67   
  53       2018457      1        1        112620       0.18   2        0        64832       56310.00    0.00        56310.00   
  54       2816165      1        5        64804        0.10   1        0        64804       64804.00    0.00        64804.00   
  55       2012981      1        5        64520        0.10   1        0        64520       64520.00    0.00        64520.00   
  56       2829644      1        1        64284        0.10   1        0        64284       64284.00    0.00        64284.00   
  57       2013441      1        9        62648        0.10   1        0        62648       62648.00    0.00        62648.00   
  58       2819680      1        2        121650       0.19   2        0        61790       60825.00    0.00        60825.00   
  59       2022050      1        3        61116        0.10   1        0        61116       61116.00    0.00        61116.00   
  60       2805985      1        2        60998        0.10   1        0        60998       60998.00    0.00        60998.00   
  61       2010140      1        7        1942618      3.07   190      0        60928       10224.31    0.00        10224.31   
  62       2807400      1        3        60858        0.10   1        0        60858       60858.00    0.00        60858.00   
  63       2022552      1        2        331882       0.53   9        0        60472       36875.78    0.00        36875.78   
  64       2018982      1        2        59026        0.09   1        0        59026       59026.00    0.00        59026.00   
  65       2802880      1        3        147148       0.23   3        0        58136       49049.33    0.00        49049.33   
  66       2014701      1        12       984686       1.56   49       0        57778       20095.63    0.00        20095.63   
  67       2016759      1        1        56730        0.09   1        0        56730       56730.00    0.00        56730.00   
  68       2023083      1        2        56426        0.09   1        0        56426       56426.00    0.00        56426.00   
  69       2830035      1        2        56404        0.09   1        0        56404       56404.00    0.00        56404.00   
  70       2016538      1        3        56252        0.09   1        1        56252       56252.00    56252.00    0.00       
  71       2014519      1        7        74728        0.12   5        0        55916       14945.60    0.00        14945.60   
  72       2809267      1        8        55218        0.09   1        0        55218       55218.00    0.00        55218.00   
  73       2019230      1        2        189080       0.30   7        0        53510       27011.43    0.00        27011.43   
  74       2017552      1        6        1292940      2.05   51       0        53204       25351.76    0.00        25351.76   
  75       2020742      1        1        361030       0.57   7        0        52988       51575.71    0.00        51575.71   
  76       2022573      1        2        52616        0.08   1        0        52616       52616.00    0.00        52616.00   
  77       2816538      1        2        52612        0.08   1        0        52612       52612.00    0.00        52612.00   
  78       2807130      1        4        77556        0.12   2        0        51792       38778.00    0.00        38778.00   
  79       2013827      1        6        98638        0.16   2        0        51178       49319.00    0.00        49319.00   
  80       2804508      1        2        51072        0.08   1        0        51072       51072.00    0.00        51072.00   
  81       2806802      1        2        320224       0.51   9        0        48640       35580.44    0.00        35580.44   
  82       2022914      1        1        585950       0.93   36       0        48524       16276.39    0.00        16276.39   
  83       2009909      1        10       47920        0.08   1        0        47920       47920.00    0.00        47920.00   
  84       2018362      1        12       72710        0.12   2        0        47754       36355.00    0.00        36355.00   
  85       2009897      1        14       47638        0.08   1        0        47638       47638.00    0.00        47638.00   
  86       2020202      1        2        93244        0.15   2        0        46890       46622.00    0.00        46622.00   
  87       2025162      1        2        46488        0.07   1        0        46488       46488.00    0.00        46488.00   
  88       2022543      1        1        123808       0.20   4        0        45446       30952.00    0.00        30952.00   
  89       2819857      1        1        45418        0.07   1        0        45418       45418.00    0.00        45418.00   
  90       2019103      1        4        45058        0.07   1        0        45058       45058.00    0.00        45058.00   
  91       2023464      1        2        44686        0.07   1        0        44686       44686.00    0.00        44686.00   
  92       2824778      1        2        82508        0.13   2        0        44386       41254.00    0.00        41254.00   
  93       2009702      1        5        529774       0.84   49       0        43950       10811.71    0.00        10811.71   
  94       2803760      1        3        619004       0.98   24       0        41940       25791.83    0.00        25791.83   
  95       2019345      1        2        719138       1.14   28       0        41304       25683.50    0.00        25683.50   
  96       2806339      1        4        40668        0.06   1        0        40668       40668.00    0.00        40668.00   
  97       2816444      1        4        40424        0.06   1        0        40424       40424.00    0.00        40424.00   
  98       2824996      1        1        97286        0.15   4        0        39598       24321.50    0.00        24321.50   
  99       2014703      1        9        719488       1.14   49       0        39160       14683.43    0.00        14683.43   
  100      2024650      1        1        196266       0.31   7        0        38792       28038.00    0.00        28038.00   
  101      2822886      1        2        38278        0.06   1        0        38278       38278.00    0.00        38278.00   
  102      2017093      1        2        74316        0.12   2        0        37336       37158.00    0.00        37158.00   
  103      2013739      1        15       830800       1.31   169      0        37198       4915.98     0.00        4915.98    
  104      2019501      1        2        36516        0.06   1        0        36516       36516.00    0.00        36516.00   
  105      2012707      1        5        35842        0.06   1        0        35842       35842.00    0.00        35842.00   
  106      2811041      1        3        68032        0.11   2        0        35780       34016.00    0.00        34016.00   
  107      2008120      1        4        1100862      1.74   217      0        35548       5073.10     0.00        5073.10    
  108      2820079      1        2        35318        0.06   1        0        35318       35318.00    0.00        35318.00   
  109      2024909      1        2        34834        0.06   1        0        34834       34834.00    0.00        34834.00   
  110      2020421      1        2        33916        0.05   1        0        33916       33916.00    0.00        33916.00   
  111      2826281      1        2        588106       0.93   24       0        33764       24504.42    0.00        24504.42   
  112      2814226      1        2        56022        0.09   2        0        32664       28011.00    0.00        28011.00   
  113      2809306      1        4        515890       0.82   21       0        31254       24566.19    0.00        24566.19   
  114      2014702      1        9        705458       1.12   49       0        30862       14397.10    0.00        14397.10   
  115      2819694      1        2        135866       0.22   5        0        30782       27173.20    0.00        27173.20   
  116      2820926      1        2        77110        0.12   3        0        30614       25703.33    0.00        25703.33   
  117      2018464      1        4        30594        0.05   1        0        30594       30594.00    0.00        30594.00   
  118      2017748      1        6        83186        0.13   3        0        30570       27728.67    0.00        27728.67   
  119      2820811      1        2        84274        0.13   3        0        30450       28091.33    0.00        28091.33   
  120      2103158      1        6        68916        0.11   9        0        30314       7657.33     0.00        7657.33    
  121      2807385      1        5        30240        0.05   1        0        30240       30240.00    0.00        30240.00   
  122      2018375      1        3        208548       0.33   9        0        30016       23172.00    0.00        23172.00   
  123      2014473      1        5        83412        0.13   3        0        29920       27804.00    0.00        27804.00   
  124      2014819      1        3        29866        0.05   1        0        29866       29866.00    0.00        29866.00   
  125      2018572      1        2        

------------------------------------------------------------------------------------
Date: 11/18/2019 -- 08:57:38 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 614
decoder.bytes                              | Total                     | 279442
decoder.ipv4                               | Total                     | 564
decoder.ethernet                           | Total                     | 614
decoder.tcp                                | Total                     | 307
decoder.udp                                | Total                     | 225
decoder.icmpv4                             | Total                     | 18
decoder.avg_pkt_size                       | Total                     | 455
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 9
flow.udp                                   | Total                     | 64
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 8
tcp.synack                                 | Total                     | 3
tcp.rst                                    | Total                     | 7
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 8
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 9
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 24
app_layer.tx.dns_udp                       | Total                     | 24
app_layer.flow.failed_udp                  | Total                     | 40
flow_mgr.new_pruned                        | Total                     | 34
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 66
flow_mgr.flows_notimeout                   | Total                     | 32
flow_mgr.flows_timeout                     | Total                     | 34
flow_mgr.flows_removed                     | Total                     | 34
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65470
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7095328

{"timestamp":"2019-11-17T00:37:18.739146+0000","flow_id":1636479549720394,"pcap_cnt":41,"event_type":"dns","src_ip":"192.168.56.105","src_port":61595,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34018,"rrname":"7.3.f.a.1.6.1.d.7.6.0.1.9.2.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:18.741708+0000","flow_id":983193549164876,"pcap_cnt":42,"event_type":"dns","src_ip":"192.168.56.105","src_port":55748,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26346,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:18.742032+0000","flow_id":1417135569916560,"pcap_cnt":43,"event_type":"dns","src_ip":"192.168.56.105","src_port":59201,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3648,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:18.743886+0000","flow_id":411627891349966,"pcap_cnt":44,"event_type":"dns","src_ip":"192.168.56.105","src_port":57913,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36911,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.245571+0000","flow_id":1686949710511939,"pcap_cnt":51,"event_type":"dns","src_ip":"192.168.56.105","src_port":65314,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45384,"rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.719250+0000","flow_id":170104700533138,"pcap_cnt":79,"event_type":"dns","src_ip":"192.168.56.105","src_port":51567,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22510,"rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.722158+0000","flow_id":617270925526254,"pcap_cnt":80,"event_type":"dns","src_ip":"192.168.56.105","src_port":64434,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59349,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.733568+0000","flow_id":379600320278912,"pcap_cnt":81,"event_type":"dns","src_ip":"192.168.56.105","src_port":57913,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36911,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.733658+0000","flow_id":537689476510170,"pcap_cnt":82,"event_type":"dns","src_ip":"192.168.56.105","src_port":59201,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3648,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.733740+0000","flow_id":1502197397271084,"pcap_cnt":83,"event_type":"dns","src_ip":"192.168.56.105","src_port":55748,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26346,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.733810+0000","flow_id":1380190261293682,"pcap_cnt":84,"event_type":"dns","src_ip":"192.168.56.105","src_port":61595,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34018,"rrname":"7.3.f.a.1.6.1.d.7.6.0.1.9.2.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:19.788664+0000","flow_id":379600320278912,"pcap_cnt":87,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":57913,"proto":"UDP","dns":{"type":"answer","id":36911,"rcode":"NXDOMAIN","rrname":"103.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-11-17T00:37:19.788844+0000","flow_id":1502197397271084,"pcap_cnt":88,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":55748,"proto":"UDP","dns":{"type":"answer","id":26346,"rcode":"NXDOMAIN","rrname":"104.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-11-17T00:37:19.793627+0000","flow_id":537689476510170,"pcap_cnt":96,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":59201,"proto":"UDP","dns":{"type":"answer","id":3648,"rcode":"NXDOMAIN","rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-11-17T00:37:19.793627+0000","flow_id":537689476510170,"pcap_cnt":96,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":59201,"proto":"UDP","dns":{"type":"answer","id":3648,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":934}}
{"timestamp":"2019-11-17T00:37:19.793648+0000","flow_id":1380190261293682,"pcap_cnt":97,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":61595,"proto":"UDP","dns":{"type":"answer","id":34018,"rcode":"NXDOMAIN","rrname":"7.3.f.a.1.6.1.d.7.6.0.1.9.2.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-11-17T00:37:19.793648+0000","flow_id":1380190261293682,"pcap_cnt":97,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":61595,"proto":"UDP","dns":{"type":"answer","id":34018,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":934}}
{"timestamp":"2019-11-17T00:37:19.800419+0000","flow_id":2250805901997731,"pcap_cnt":104,"event_type":"dns","src_ip":"192.168.56.105","src_port":60866,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63450,"rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:20.233763+0000","flow_id":1428134981308707,"pcap_cnt":109,"event_type":"dns","src_ip":"192.168.56.105","src_port":65314,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45384,"rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:20.293280+0000","flow_id":1428134981308707,"pcap_cnt":110,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":65314,"proto":"UDP","dns":{"type":"answer","id":45384,"rcode":"NXDOMAIN","rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-11-17T00:37:20.293280+0000","flow_id":1428134981308707,"pcap_cnt":110,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":65314,"proto":"UDP","dns":{"type":"answer","id":45384,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3296}}
{"timestamp":"2019-11-17T00:37:20.719107+0000","flow_id":1761557587491075,"pcap_cnt":124,"event_type":"dns","src_ip":"192.168.56.105","src_port":64434,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59349,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:20.719220+0000","flow_id":780166150289780,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.56.105","src_port":51567,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22510,"rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:20.774928+0000","flow_id":1761557587491075,"pcap_cnt":128,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":64434,"proto":"UDP","dns":{"type":"answer","id":59349,"rcode":"NXDOMAIN","rrname":"102.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-11-17T00:37:20.778327+0000","flow_id":780166150289780,"pcap_cnt":133,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":51567,"proto":"UDP","dns":{"type":"answer","id":22510,"rcode":"NXDOMAIN","rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-11-17T00:37:20.778327+0000","flow_id":780166150289780,"pcap_cnt":133,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":51567,"proto":"UDP","dns":{"type":"answer","id":22510,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":315}}
{"timestamp":"2019-11-17T00:37:20.796904+0000","flow_id":1435638289148136,"pcap_cnt":137,"event_type":"dns","src_ip":"192.168.56.105","src_port":60866,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63450,"rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:20.856248+0000","flow_id":1435638289148136,"pcap_cnt":140,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":60866,"proto":"UDP","dns":{"type":"answer","id":63450,"rcode":"NOERROR","rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","ttl":21447,"rdata":"dns.google"}}
{"timestamp":"2019-11-17T00:37:21.565152+0000","flow_id":411627891349966,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":57913,"proto":"UDP","dns":{"type":"answer","id":36911,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:25.867868+0000","flow_id":1636479549720394,"pcap_cnt":190,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":61595,"proto":"UDP","dns":{"type":"answer","id":34018,"rcode":"NOERROR","rrname":"7.3.f.a.1.6.1.d.7.6.0.1.9.2.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:26.861093+0000","flow_id":2250805901997731,"pcap_cnt":198,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":60866,"proto":"UDP","dns":{"type":"answer","id":63450,"rcode":"NOERROR","rrname":"8.8.8.8.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:28.965422+0000","flow_id":983193549164876,"pcap_cnt":204,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":55748,"proto":"UDP","dns":{"type":"answer","id":26346,"rcode":"NOERROR","rrname":"104.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:29.245506+0000","flow_id":617270925526254,"pcap_cnt":206,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":64434,"proto":"UDP","dns":{"type":"answer","id":59349,"rcode":"NOERROR","rrname":"102.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:32.883436+0000","flow_id":1417135569916560,"pcap_cnt":213,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":59201,"proto":"UDP","dns":{"type":"answer","id":3648,"rcode":"NOERROR","rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:34.611793+0000","flow_id":139120807400913,"pcap_cnt":219,"event_type":"dns","src_ip":"192.168.56.105","src_port":63714,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28062,"rrname":"termoedilsrl.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-17T00:37:35.608527+0000","flow_id":2089894953306383,"pcap_cnt":220,"event_type":"dns","src_ip":"192.168.56.105","src_port":63714,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28062,"rrname":"termoedilsrl.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-17T00:37:35.668420+0000","flow_id":2089894953306383,"pcap_cnt":221,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":63714,"proto":"UDP","dns":{"type":"answer","id":28062,"rcode":"NOERROR","rrname":"termoedilsrl.net","rrtype":"A","ttl":9557,"rdata":"212.1.211.100"}}
{"timestamp":"2019-11-17T00:37:35.771788+0000","flow_id":170104700533138,"pcap_cnt":223,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":51567,"proto":"UDP","dns":{"type":"answer","id":22510,"rcode":"NOERROR","rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:36.301659+0000","flow_id":1861260959240115,"pcap_cnt":269,"event_type":"alert","src_ip":"212.1.211.100","src_port":80,"dest_ip":"192.168.56.105","dest_port":49178,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-17T00:37:36.301659+0000","flow_id":1861260959240115,"pcap_cnt":269,"event_type":"alert","src_ip":"212.1.211.100","src_port":80,"dest_ip":"192.168.56.105","dest_port":49178,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-11-17T00:37:36.301659+0000","flow_id":1861260959240115,"pcap_cnt":269,"event_type":"alert","src_ip":"212.1.211.100","src_port":80,"dest_ip":"192.168.56.105","dest_port":49178,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014520,"rev":6,"signature":"ET INFO EXE - Served Attached HTTP","category":"Misc activity","severity":3}}
{"timestamp":"2019-11-17T00:37:36.612071+0000","flow_id":1861260959240115,"pcap_cnt":463,"event_type":"http","src_ip":"192.168.56.105","src_port":49178,"dest_ip":"212.1.211.100","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"termoedilsrl.net","url":"\/view-report-invoice-00001646\/gNbChXvVU\/","http_content_type":"application\/x-dosexec"}}
{"timestamp":"2019-11-17T00:37:36.846224+0000","flow_id":685827194677648,"pcap_cnt":464,"event_type":"dns","src_ip":"192.168.56.105","src_port":56969,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20307,"rrname":"100.211.1.212.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-11-17T00:37:36.906090+0000","flow_id":685827194677648,"pcap_cnt":465,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":56969,"proto":"UDP","dns":{"type":"answer","id":20307,"rcode":"NOERROR","rrname":"100.211.1.212.in-addr.arpa","rrtype":"PTR","ttl":10469,"rdata":"cpl80.hosting24.com"}}
{"timestamp":"2019-11-17T00:37:39.186853+0000","flow_id":1686949710511939,"pcap_cnt":467,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":65314,"proto":"UDP","dns":{"type":"answer","id":45384,"rcode":"NOERROR","rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-11-17T00:37:52.385718+0000","flow_id":139120807400913,"pcap_cnt":469,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.105","dest_port":63714,"proto":"UDP","dns":{"type":"answer","id":28062,"rcode":"NOERROR","rrname":"termoedilsrl.net","rrtype":"A","ttl":0,"rdata":"212.1.211.100"}}
{"timestamp":"2019-11-17T00:38:22.442199+0000","flow_id":290161925472087,"pcap_cnt":502,"event_type":"dns","src_ip":"192.168.56.105","src_port":49770,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8640,"rrname":"officeclient.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-17T00:38:22.517949+0000","flow_id":290161925472087,"pcap_cnt":505,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":49770,"proto":"UDP","dns":{"type":"answer","id":8640,"rcode":"NOERROR","rrname":"officeclient.microsoft.com","rrtype":"CNAME","ttl":3599,"rdata":"config.officeapps.live.com"}}
{"timestamp":"2019-11-17T00:38:22.517949+0000","flow_id":290161925472087,"pcap_cnt":505,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.105","dest_port":49770,"proto":"UDP","dns":{"type":"answer","id":8640,"rcode":"NOERROR","rrname":"config.officeapps.live.com","rrtype":"CNAME","ttl":3599,"rdata":"prod.configsvc1.live.com.akadns.net"}}
{"timestamp":"2019-11-17T00:38:2

  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/18/2019 -- 08:57:38
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1848040         340             340             21770           5435.00         5435.00         0.00           
  content          9252934         921             408             170676          10046.00        9709.00         10314.00       
  pcre             599690          48              0               49254           12493.00        0.00            12493.00       
  byte_test        2214186         428             201             24146           5173.00         5380.00         4989.00        
  byte_jump        98224           19              19              6208            5169.00         5169.00         0.00           
  isdataat         465256          10              0               422702          46525.00        0.00            46525.00       
  flowbits         965356          170             14              30446           5678.00         6071.00         5643.00        
  urilen           10282           2               0               5544            5141.00         0.00            5141.00        
  byte_extract     20258           4               4               6690            5064.00         5064.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1848040         340             340             21770           5435.00         5435.00         0.00           
  flowbits         940776          168             12              30446           5599.00         5034.00         5643.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6808502         787             336             83530           8651.00         9193.00         8246.00        
  pcre             415446          37              0               49254           11228.00        0.00            11228.00       
  byte_test        2214186         428             201             24146           5173.00         5380.00         4989.00        
  byte_jump        61316           12              12              6128            5109.00         5109.00         0.00           
  isdataat         465256          10              0               422702          46525.00        0.00            46525.00       
  byte_extract     20258           4               4               6690            5064.00         5064.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         24580           2               2               18550           12290.00        12290.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          64738           11              2               7076            5885.00         5774.00         5910.00        
  pcre             45112           2               0               33614           22556.00        0.00            22556.00       
  urilen           10282           2               0               5544            5141.00         0.00            5141.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4978            1               0               4978            4978.00         0.00            4978.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2056992         71              32              170676          28971.00        19711.00        36569.00       
  pcre             68786           6               0               29688           11464.00        0.00            11464.00       
  byte_jump        36908           7               7               6208            5272.00         5272.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          227280          36              26              9110            6313.00         6134.00         6779.00        
  pcre             46366           2               0               27582           23183.00        0.00            23183.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          57888           10              10              7462            5788.00         5788.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7258            1               0               7258            7258.00         0.00            7258.00        
  pcre             23980           1               0               23980           23980.00        0.00            23980.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11680           2               1               6706            5840.00         6706.00         4974.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7612            1               0               7612            7612.00         0.00            7612.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6006            1               1               6006            6006.00         6006.00         0.00           

2019-11-18 08:57:14,514 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-11-18 08:57:15,296 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-11-18 08:57:15,296 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-11-18 08:57:15,297 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-11-18 08:57:15,297 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-11-18 08:57:15,297 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/30e2a20368a92afe1016fbc3e5a7d06756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0857-pcap_2.pcap -vvv -k none
2019-11-18 08:57:38,298 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-11-18 08:57:38,299 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.7931640148