--------------------------------------------------------------------------
  Date: 1/5/2021 -- 21:38:30. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2014819      1        3        565298       0.87   1        1        565298      565298.00   565298.00   0.00       
  2        2816165      1        5        567050       0.87   2        0        514032      283525.00   0.00        283525.00  
  3        2830124      1        1        506136       0.78   1        0        506136      506136.00   0.00        506136.00  
  4        2802991      1        5        932988       1.44   7        0        501314      133284.00   0.00        133284.00  
  5        2020569      1        1        578302       0.89   2        0        499652      289151.00   0.00        289151.00  
  6        2804508      1        2        480480       0.74   1        0        480480      480480.00   0.00        480480.00  
  7        2816330      1        2        479726       0.74   1        0        479726      479726.00   0.00        479726.00  
  8        2011457      1        8        476958       0.73   1        0        476958      476958.00   0.00        476958.00  
  9        2824996      1        1        509390       0.78   4        0        457508      127347.50   0.00        127347.50  
  10       2008297      1        5        679096       1.05   39       0        450058      17412.72    0.00        17412.72   
  11       2014703      1        9        482602       0.74   4        0        443434      120650.50   0.00        120650.50  
  12       2019010      1        3        506634       0.78   14       0        430544      36188.14    0.00        36188.14   
  13       2829169      1        2        548844       0.84   5        0        427146      109768.80   0.00        109768.80  
  14       2802205      1        3        494238       0.76   14       0        422312      35302.71    0.00        35302.71   
  15       2819664      1        2        1369630      2.11   6        0        290022      228271.67   0.00        228271.67  
  16       2016854      1        3        287078       0.44   1        0        287078      287078.00   0.00        287078.00  
  17       2020865      1        3        1166990      1.80   6        0        263216      194498.33   0.00        194498.33  
  18       2016855      1        2        260524       0.40   1        0        260524      260524.00   0.00        260524.00  
  19       2804911      1        3        991504       1.53   9        0        248598      110167.11   0.00        110167.11  
  20       2819930      1        2        1263588      1.95   6        0        242630      210598.00   0.00        210598.00  
  21       2820158      1        2        1216384      1.87   6        0        228422      202730.67   0.00        202730.67  
  22       2820157      1        2        1166832      1.80   6        0        225666      194472.00   0.00        194472.00  
  23       2805348      1        4        1428322      2.20   14       0        187090      102023.00   0.00        102023.00  
  24       2023083      1        2        186700       0.29   1        0        186700      186700.00   0.00        186700.00  
  25       2827094      1        2        1016382      1.56   8        0        157310      127047.75   0.00        127047.75  
  26       2829607      1        1        152568       0.23   1        0        152568      152568.00   0.00        152568.00  
  27       2821615      1        2        205078       0.32   2        0        151360      102539.00   0.00        102539.00  
  28       2803027      1        6        734912       1.13   7        0        150090      104987.43   0.00        104987.43  
  29       2021075      1        2        147778       0.23   1        1        147778      147778.00   147778.00   0.00       
  30       2816909      1        2        136926       0.21   1        0        136926      136926.00   0.00        136926.00  
  31       2016537      1        2        3204714      4.93   99       1        127860      32370.85    127860.00   31396.47   
  32       2023711      1        2        158384       0.24   7        0        125582      22626.29    0.00        22626.29   
  33       2816940      1        2        124836       0.19   1        0        124836      124836.00   0.00        124836.00  
  34       2009028      1        11       154070       0.24   7        0        120104      22010.00    0.00        22010.00   
  35       2816928      1        3        116426       0.18   1        0        116426      116426.00   0.00        116426.00  
  36       2816910      1        2        113558       0.17   1        0        113558      113558.00   0.00        113558.00  
  37       2009897      1        14       116048       0.18   2        0        110608      58024.00    0.00        58024.00   
  38       2816327      1        4        109652       0.17   1        0        109652      109652.00   0.00        109652.00  
  39       2804906      1        3        344616       0.53   4        0        109082      86154.00    0.00        86154.00   
  40       2820851      1        5        108194       0.17   1        0        108194      108194.00   0.00        108194.00  
  41       2008575      1        5        2068934      3.19   153      0        106674      13522.44    0.00        13522.44   
  42       2816930      1        4        105450       0.16   1        0        105450      105450.00   0.00        105450.00  
  43       2816922      1        5        103978       0.16   1        0        103978      103978.00   0.00        103978.00  
  44       2801930      1        7        613276       0.94   7        0        101920      87610.86    0.00        87610.86   
  45       2025064      1        5        100760       0.16   1        0        100760      100760.00   0.00        100760.00  
  46       2823263      1        3        99516        0.15   1        0        99516       99516.00    0.00        99516.00   
  47       2805985      1        2        170094       0.26   2        0        99194       85047.00    0.00        85047.00   
  48       2018959      1        3        132530       0.20   7        1        98884       18932.86    98884.00    5607.67    
  49       2802987      1        5        657858       1.01   9        0        98284       73095.33    0.00        73095.33   
  50       2015744      1        4        131222       0.20   7        1        98132       18746.00    98132.00    5515.00    
  51       2801929      1        7        549172       0.85   7        0        97114       78453.14    0.00        78453.14   
  52       2808234      1        1        164180       0.25   2        0        96852       82090.00    0.00        82090.00   
  53       2018241      1        2        130198       0.20   7        0        94716       18599.71    0.00        18599.71   
  54       2022080      1        1        93758        0.14   1        1        93758       93758.00    93758.00    0.00       
  55       2828122      1        2        91148        0.14   1        0        91148       91148.00    0.00        91148.00   
  56       2826256      1        2        131166       0.20   2        0        89058       65583.00    0.00        65583.00   
  57       2013352      1        4        120384       0.19   7        0        88050       17197.71    0.00        17197.71   
  58       2014353      1        6        140848       0.22   7        0        87138       20121.14    0.00        20121.14   
  59       2011894      1        19       85704        0.13   1        0        85704       85704.00    0.00        85704.00   
  60       2809850      1        2        85690        0.13   1        0        85690       85690.00    0.00        85690.00   
  61       2803657      1        5        85378        0.13   1        0        85378       85378.00    0.00        85378.00   
  62       2008438      1        20       167738       0.26   2        0        84204       83869.00    0.00        83869.00   
  63       2022050      1        3        150426       0.23   2        0        83958       75213.00    0.00        75213.00   
  64       2019881      1        3        83958        0.13   1        0        83958       83958.00    0.00        83958.00   
  65       2816931      1        3        83340        0.13   1        0        83340       83340.00    0.00        83340.00   
  66       2815817      1        5        82560        0.13   1        0        82560       82560.00    0.00        82560.00   
  67       2024909      1        2        781046       1.20   19       0        81862       41107.68    0.00        41107.68   
  68       2816925      1        3        81826        0.13   1        0        81826       81826.00    0.00        81826.00   
  69       2012612      1        16       80968        0.12   1        0        80968       80968.00    0.00        80968.00   
  70       2024565      1        3        80618        0.12   1        0        80618       80618.00    0.00        80618.00   
  71       2023875      1        2        80142        0.12   1        0        80142       80142.00    0.00        80142.00   
  72       2018358      1        7        80062        0.12   1        0        80062       80062.00    0.00        80062.00   
  73       2013441      1        9        86384        0.13   2        0        79730       43192.00    0.00        43192.00   
  74       2009909      1        10       85664        0.13   2        0        79356       42832.00    0.00        42832.00   
  75       2013037      1        7        78470        0.12   1        0        78470       78470.00    0.00        78470.00   
  76       2819673      1        4        78402        0.12   1        0        78402       78402.00    0.00        78402.00   
  77       2018982      1        2        144132       0.22   2        0        78116       72066.00    0.00        72066.00   
  78       2807400      1        3        145246       0.22   2        0        77778       72623.00    0.00        72623.00   
  79       2816929      1        4        75436        0.12   1        0        75436       75436.00    0.00        75436.00   
  80       2828060      1        4        126724       0.20   2        0        74138       63362.00    0.00        63362.00   
  81       2816927      1        3        74052        0.11   1        0        74052       74052.00    0.00        74052.00   
  82       2018452      1        15       73802        0.11   1        0        73802       73802.00    0.00        73802.00   
  83       2022503      1        2        73122        0.11   1        0        73122       73122.00    0.00        73122.00   
  84       2018242      1        5        73088        0.11   1        0        73088       73088.00    0.00        73088.00   
  85       2014471      1        6        72850        0.11   1        0        72850       72850.00    0.00        72850.00   
  86       2816525      1        10       72494        0.11   1        0        72494       72494.00    0.00        72494.00   
  87       2828877      1        1        101342       0.16   6        0        71548       16890.33    0.00        16890.33   
  88       2018386      1        2        68330        0.11   1        0        68330       68330.00    0.00        68330.00   
  89       2821561      1        2        66816        0.10   1        0        66816       66816.00    0.00        66816.00   
  90       2022207      1        4        66406        0.10   1        0        66406       66406.00    0.00        66406.00   
  91       2014519      1        7        202932       0.31   23       0        65982       8823.13     0.00        8823.13    
  92       2022220      1        2        65560        0.10   1        0        65560       65560.00    0.00        65560.00   
  93       2819857      1        1        100764       0.16   2        0        64604       50382.00    0.00        50382.00   
  94       2830035      1        2        64214        0.10   1        0        64214       64214.00    0.00        64214.00   
  95       2016538      1        3        96936        0.15   7        1        63890       13848.00    63890.00    5507.67    
  96       2806802      1        2        1718158      2.65   42       0        63372       40908.52    0.00        40908.52   
  97       2017552      1        6        2892544      4.45   100      0        63352       28925.44    0.00        28925.44   
  98       2018153      1        4        62902        0.10   1        0        62902       62902.00    0.00        62902.00   
  99       2809682      1        5        60264        0.09   1        0        60264       60264.00    0.00        60264.00   
  100      2816669      1        4        59570        0.09   1        0        59570       59570.00    0.00        59570.00   
  101      2815033      1        2        59030        0.09   1        0        59030       59030.00    0.00        59030.00   
  102      2809267      1        8        58924        0.09   1        0        58924       58924.00    0.00        58924.00   
  103      2022552      1        2        323850       0.50   8        0        58630       40481.25    0.00        40481.25   
  104      2014956      1        1        156990       0.24   5        0        57870       31398.00    0.00        31398.00   
  105      2017613      1        9        56296        0.09   1        0        56296       56296.00    0.00        56296.00   
  106      2819694      1        2        689734       1.06   23       0        56158       29988.43    0.00        29988.43   
  107      2804927      1        2        55962        0.09   1        0        55962       55962.00    0.00        55962.00   
  108      2012981      1        5        55708        0.09   1        0        55708       55708.00    0.00        55708.00   
  109      2810481      1        4        473932       0.73   12       0        55612       39494.33    0.00        39494.33   
  110      2815886      1        2        55484        0.09   1        0        55484       55484.00    0.00        55484.00   
  111      2828986      1        2        55190        0.08   1        0        55190       55190.00    0.00        55190.00   
  112      2025162      1        2        55050        0.08   1        0        55050       55050.00    0.00        55050.00   
  113      2014520      1        6        245058       0.38   32       1        54634       7658.06     20884.00    7231.42    
  114      2019344      1        5        54466        0.08   1        0        54466       54466.00    0.00        54466.00   
  115      2812916      1        6        54412        0.08   1        0        54412       54412.00    0.00        54412.00   
  116      2019103      1        4        242878       0.37   7        0        54234       34696.86    0.00        34696.86   
  117      2013672      1        3        54144        0.08   1        0        54144       54144.00    0.00        54144.00   
  118      2016858      1        10       54084        0.08   1        0        54084       54084.00    0.00        54084.00   
  119      2022205      1        2        54020        0.08   1        0        54020       54020.00    0.00        54020.00   
  120      2013036      1        7        53892        0.08   1        0        53892       53892.00    0.00        53892.00   
  121      2018981      1        4        53686        0.08   1        0        53686       53686.00    0.00        53686.00   
  122      2024767      1        2        53502        0.08   1        0        53502       53502.00    0.00        53502.00   
  123      2022339      1        2        53402        0.08   1        0        53402       53402.00    0.00        53402.00   
  124      2829644      1        1        53134        0.08   1        0        53134       53134.00    0.00        53134.00   
  125      2018496      1        9        53

4
_ôÛ
O¾c
ÊC
£À¨d§PõY
_ôÛ_ôÛ
O
ìEÞ¸äÊC
£À¨d§PõYPß~HTTP/1.1 200 OK
set-cookie: 5ff4db18513ee=1609882392; expires=Tue, 05-Jan-2021 21:34:12 GMT; Max-Age=60; path=/
cache-control: no-cache, must-revalidate
pragma: no-cache
last-modified: Tue, 05 Jan 2021 21:33:12 GMT
expires: Tue, 05 Jan 2021 21:33:12 GMT
content-type: application/octet-stream
content-disposition: attachment; filename="4ZWy9PUOLOYjnq.dll"
content-transfer-encoding: binary
content-length: 195072
date: Tue, 05 Jan 2021 21:33:12 GMT
server: LiteSpeed
connection: Keep-Alive

MZÿÿ¸@
º´	Í!¸
LÍ!This program cannot be run in DOS mode.

$•:»ÑwTèÑwTèÑwTè²™èÜwT貚èŽwTè²›èøwTè-ëèÐwTè-èèÓwTèÑwUèSwTè-íèÀwTèö±›èÕwTèö±žèÐwTèö±èÐwTèÑwÃèÐwTèö±˜èÐwTèRichÑwTèPEL
Ý¡ó_à!
¾VÜEÐ0
ð
ˌ
´P
 ¾
 Ò8
@ÐÈ
.text½¾ `.rdata»JÐLÂ@@.dataœ- 

@À.rsrc ¾
P
À

@@.relocHÞ@
_ôÛ_ôÛ
O
ìEÞ¸äÊC
£À¨d§PõYPèBU‹ì‹EƒÀ‰E]ÿ%TÐÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ì‹ESW‹}3ÛDžÿ„šVd$‹E‹U‹ؾ‹ÿ‹
;uDƒÂƒÀƒîsïh€/
jèµ'‹øƒÄ…ÿt3‹Ehx/
‹DØÇðÒÇG
‰GÿTÐëC;ßr¡¸
€^_[]Ã3ÿ3Ʌÿ¸€EÁ…Àxéÿu‹ÿuWÿ‹ð‹WÿP‹Æ^_[]Ã_¸
€[]ÃÌÌU‹ìƒ}t	¸
€]Âÿu‹Eÿu‹@ÿЃÄ]ÂÌÌÌÌÌÌÌÌÌhx/
ÿTÐÃÌÌÌÌhx/
ÿXÐÃÌÌÌÌU‹ìƒ}hx/
tÿTÐ3À]ÂÿXÐ3À]ÂÌÌÌÌÌÌÌÌÌÌU‹ìÿuÿuhÓÿuèx&]ÂÌÌÌÌÌÌU‹ìVW‹}GPÿXЋð…öu …ÿthx/
ÇðÒÿXÐWèM&ƒÄ‹Æ_^]ÂÌÌU‹ìƒì0¡X!
3ʼnEüVW‹=\Ðjh0j	jÇEØÇEèÇEðÇEôáÇEø	ÇEàÿ×ó~ Òf֊
¨ÒˆHMàQPjèÄ%…Àt|jh0jjÿ×ó~¬Ò‹5hÐfÖó~´ÒfÖ@¶
¼ÒPˆHÿuàÿÖjh0jj£l/
ÿ×ó~ÀÒfÖó~ÈÒfÖ@¶
ÐÒPˆHÿuàÿÖ£p/
EÐPhÔÒèG%ƒÄPEðPhÿl/
…ÀxEèPEØPÿuÐhÿp/
‹5Ðjj
jjEäPÿօÀu'jj
PPEäPÿօÀuhðj
PPEäPÿօÀ„±EÜPjjh€ÿuäÿÐ…À„“j
j*h 
ÿuÜÿÐ…Àt}EÔPj
ÿuÜh
hÿuäÿÐ6
_ôÛ_ôÛ
O
E»¶ÊC
£À¨d§PõYP^ô…ÀtbhØÒè‚$ƒÄPhÿuèjÿ×ÿuè‹ðÿuØVè¿$ƒÄEèÿuèPVjj
jÿuÔÿÐ…ÀtÿuèMïVè5hÜÒPMïè7ÿЋMü_3Í3À^èg$‹å]ÃÌÌÌ3À9x/
•ÀÃÌÌÌÌU‹ìÿuÿuj
hXÒÿuèüÿÿƒÄ]ÂÌU‹ìƒ}
u‹EP£|/
ÿ`и
]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌéËÌÌÌÌÌÌÌÌÌÌÌéÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìSVW‹}‹‹wƒ»„‰u„H
‹›€ÞjS‰]øÿ”Ð…À…,
I‹C…À„
ÿw(ÆP‹GÿЋðƒÄ‰uü…ö„ð‹G…Pÿwèç‹ÈƒÄ…É„±‹G‰O‹Ö‰ÿG‹…Ét
‹E4
‹KÈë‹su‹Î‹…ÀtE+ΉMô›ÿw(1…Ày·Àë‹MƒÁÁP‹G RÿЃÄ‰…Àt.
_ôÛ_ôÛ
O
ìEÞ¸äÊC
£À¨d§PõYPÿ‹F‹Mô‹UüƒÆ…Àuɋ]øƒÃjS‰]øÿ”Ð…Àu\‹ué+ÿÿÿÿw(‹uü‹G$VÿЃÄjÿlÐ_^3À[‹å]Âÿw(‹G$VÿЃÄjÿlÐ_^3À[‹å]Âj~ÿlÐ_^3À[‹å]Â_^¸
[‹å]ÂÌÌÌÌÌÌÌÌÌU‹ì‹E;Esj
ÿlÐ3À]¸
]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì‹ES‹VW‹x·A3҉}üÇEøf;Qƒ½‹\Ѝq(ð‹…ÉuG‹E‹X8…ÛŽƒ‹FüjhSÇPÿ҅À„œ‹~ü}ü‰~ø…ÛtU‹Ë‹ÑÁé3Àó«‹ÊƒáóªëA‹FÁ9Eri‹FüjhQÇPÿ҅Àt]‹^ü‹ߋ~}…Òt‹Ã+ûŠˆ@
Juõ‰^ø‹}ü‹\ЋE‹]ø‹C·@ƒÆ(‰]ø;ØŒNÿÿÿ_^¸
[‹å]Âj
ÿlÐ_^3À[‹å]ÂÌÌÌÌÌÌÌU‹ì‹EVW‹x‹‹°À…öt‹t>…öt‹…Àtjj
WÿЋFv…Àuï_¸
^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ì‹UV‹r…öuF
^]ÂW‹z÷Çt<‹
;Ju*ƒzu‹E‹x0‹9x8t
3ҋÆ÷÷…Òu
h@VQÿ€Ð_¸
^]‹ÏÁé‹ÇÁèƒà
ć
H‹ÇÁèH‹…€ 
ւt
MQPVÿ2ÿ„Ð÷ØÀ_÷Ø^]ÂÌÌÌÌÌÌÌÌÌU‹ìƒì,SV‹uW‹>‹F0·_ßH‰Mè‹K ÷Ð#Á‰Mü‰MԋK(‰Eð‰E؅Éu‹C<¨@t‹O ë„Ày‹O$‹S<¸
‰M܉UàÇEäÇEø
f;Gƒ­ƒÃd‹v0‹CäN÷Ö#ð‰Eì‹Cì‰Eô…Àu‹¨@t‹ ë„Ày‹$ë‹}ô9uðt3‹EüÁ;Æw*‹MèEÔPÿuè“þÿÿ…Àt}‹E싉Eü‰EԋƉEð‰E؋Ïë%‹©t÷ÂtÐëЁâÿÿÿý‹Ï+MüMì‹uÿEø‹>ƒÃ(·G‰Uà‰MÜ9EøŒVÿÿÿ‹MèEÔPVÇEä
è!þÿÿ÷Ø_À^÷Ø[‹å]Â_^3À[‹å]ÂÌÌÌÌÌÌÌU‹ìV‹u…öt|ƒ~t‹‹N‹@(jjQÁÿЃ~t:W3ÿ9~~‹F‹¸…Àtÿv(P‹F$ÿЃÄG;~|ä‹F_…Àth€jPÿ€Ð‹F…Àth€jPÿ€ÐVjÿxÐPÿtÐ^]ÂÌ
_ôÛ_ôÛ
O
ìEÞ¸äÊC
£À¨d§PõYPVÌÌÌU‹ìƒì‹E‹H‹‰Müƒx|ujÿlÐ3À‹å]‹Px‹D
щUô‰Eø…Àt݃zt×SV‹u‹ÆÁèW…Àu‹B·Î;Èr]+Èër‹r ‹Z$3ÿñÙ9zvH‹EŠˆU‹Ð‹ÁŠM„Ét
:u	ŠJ
B@„ÉuóŠ
Š:ÁÒ÷Ú:ÈÀ÷Ø+Ðt%‹Mü‹EGƒÆƒÃ;}ørÀjÿlÐ_^3À[‹å]·‹Uô;Jwâ‹B_ˆ‹Mü^‹Á[‹å]ÂÌÌÌÌÌU‹ìjhPh`h€ÿuÿuè]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì,S‹]V3ö‰Müƒû@sj
ÿlÐ^3À[‹å]‹U¸MZf9thÁÿlÐ^3À[‹å]‹J<ø;Ør¿<PEuÒ¸L
f9CuÇöC8
uÁ·CW·{…ÿt K$ȋQ‹
…ÒuC8ëÂ;ÆGðƒÁ(OuåEÔPè!‹M؍yÿ{PQÿAÿ÷ÒÆ#ú#Â;øthÁÿlÐ_^3À[‹å]Âjh0Wÿs4ÿ\Ћð‰uø…öujh0WPÿ\Ћð‰Eø…öt$j4jÿxÐPÿpЋø…ÿu h€PVÿ€ÐjÿlÐ_^3À[‹å]‰w·C‹MüÁè
Ĉ
‰G‹E‰G‹E‰G ‹E‰G$‹E‰G(‹E؉G0ÿsTÿuèAùÿÿ…À„
jhÿsTVÿ\ÐÿsT‹ðÿuVèj‹U‹Mü‹B<ƒÄƋuøWSÿu‰R‰p4è)ùÿÿ…À„º‹‹@4+C4‹]ütPW‹Ëè{
‰GëÇG
W‹ËèG÷ÿÿ…À„‹W‹Ëè÷úÿÿ…ÀtW‹Ëèëùÿÿ…Àts‹‹@(…ÀtUƃt?jj
hÿЅÀuhZÿlÐW‹Ëèüÿÿ_^3À[‹å]ÂÇG
‹Ç_^[‹å]‰G,‹Ç_^[‹å]ÂÇG,‹Ç_^[‹å]‹]üW‹Ëè¼ûÿÿ_^3À[‹å]ÂÌU‹ìƒìS‹]VW‹}…ÿtjEäPWÿˆÐ‹uð;ór‹Ç_^[‹å]Ëujh0Sjÿ\Ћ؅ÿt'…Ût#…öt‹×‹Ë+ӊ
ˆ
I
Nuõh€jWÿ€Ð_^‹Ã[‹å]ÃÌÌÌÌÌÌÌU‹ìÿuÿŒÐ]ÃÌÌU‹ìÿuÿuÿhÐ]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìÿuÿÐ]ÃÌÌU‹ìƒì‹ES‹‹Hƒ»¤‰Møu3À9E[”À‹å]‹› ى4_ôÛtÒΏ
!
ÊC
£À¨d§PõY_ôÛ_ôÛtÒ
ìEÞ¸äÊC
£À¨d§PõYP5…@…üüÿÿSÿvWPW…üþÿÿPhÿ¶Sèü3ƒÄ$‹Ë·„Müúÿÿ¨
t€LŠ„
üýÿÿë¨t€L Š„
üüÿÿˆ„
눜
A;ÏrÁëWjŸ–
X+‹ˉ…àúÿÿщ…äúÿÿƒÀ ƒøw
€LA 냽äúÿÿw€L Aàˆëˆ‹…àúÿÿA–
;Ïr¼‹Mü_^3Í[è°ÿÿÉÃjh¨

èø÷ÿÿè:Øÿÿ‹ø‹
ä*
…Optƒlt‹wh…öuj èÐëÿÿY‹ÆèøÿÿÃj
è-	Yƒeü‹wh‰uä;5”#
t6…ötVÿXÐ…Àuþ&
tV脾ÿÿY¡”#
‰Gh‹5”#
‰uäVÿTÐÇEüþÿÿÿè뎋uäj
è0
YÃjhÈ

èS÷ÿÿƒÏÿè’×ÿÿ‹Ø‰]äè=ÿÿÿ‹shÿuèÏüÿÿY‰E;F„n
h èFöÿÿY‹Ø…Û„[
¹ˆ‹Eä‹ph‹ûó¥3ö‰3SÿuèG
YY‹ø‰}…ÿ…

‹EäÿphÿXÐ…À‹Eäu‹Hhù&
t
Qè·½ÿÿY‹Eä‰XhSÿTЋEäö@p…ñöä*

…äj
è
Y‰uü‹C£4
‹C£4
‹ƒ£4
‹Î‰Màƒù}f‹DKf‰M 4
Aëè‹Î‰Màù

}
ŠDˆˆ$
Aëè‰uàþ
}Š„
ˆ†%
Fëåÿ5”#
ÿXÐ…Àu¡”#
=&
tPèø¼ÿÿY‰”#
SÿTÐÇEüþÿÿÿèë1‹}j
è¯YÃë#ƒÿÿuû&
tS軼ÿÿYèIÔÿÿÇë3ÿ‹Çè÷õÿÿÃU‹ìƒì ¡X!
3ʼnEüSVÿu‹uè-ûÿÿ‹ØY‰]à…ÛuVè‰ûÿÿY3Àé²
W3ÿ‹Ï‰Mä‹Ç9˜˜#
„òAƒÀ0‰Mä=ðræûèý„Ёûéý„Ä·ÃPÿÐÐ…À„²EèPSÿXÑ…À„Œh

FWP謸ÿÿ‰^3ÛCƒÄ‰¾9]èvO€}îEît!ŠP
„Òt¶¶Òë€LA;ÊvöƒÀ€8uߍF¹þ€@IuùÿvèúÿÿƒÄ‰†‰^ë‰~3À·È‹ÁÁáÁ~«««é»9=,4
tVè†úÿÿ鮃Èÿé©h

FWPè¸ÿÿ‹UäƒÄkÒ0‚¨#
‰Eä€8‹Èt5ŠA
„Àt+¶¶Àëû
sŠ‡#
D¶A
C;ØvåƒÁ_ôÛ_ôÛtÒ
ìEÞ¸äÊC
£À¨d§PõYPݺ€9u΋EäGƒÀ‰Eäƒÿr¸‹]àS‰^ÇF
èWùÿÿƒÄ‰†jN’œ#
_f‹f‰
RIOuñVè<úÿÿY3À_‹Mü^3Í[èΫÿÿÉÃU‹ìƒìMèSÿuèÔºÿÿ‹]C
=
w‹E苀·Xën‹ÃÁø‰EMè¶ÀQPè²YY…Àt‹EjˆEøˆ]ùÆEúYë
3Ɉ]øÆEùA‹Eèj
ÿpEüPQEøPEèj
PèÕ/ƒÄ…Àu8Eôt‹Eðƒ`pý3Àë·Eü#E€}ôt‹Mðƒapý[ÉÃÌÌÌÌÌÌÌÌÌÌÌÌ̋D$‹L$ȋL$u	‹D$÷áÂS÷á‹Ø‹D$÷d$؋D$÷áÓ[ÂÌÌÌÌÌÌÌÌÌÌÌÌV‹D$Àu(‹L$‹D$3Ò÷ñ‹Ø‹D$÷ñ‹ð‹Ã÷d$‹È‹Æ÷d$ÑëG‹È‹\$‹T$‹D$ÑéÑÛÑêÑØÉuô÷ó‹ð÷d$‹È‹D$÷æÑr;T$wr;D$v	N+D$T$3Û+D$T$÷Ú÷؃ڋʋӋًȋÆ^Âjhè

èòÿÿ¾ *
95*
t*jèvYƒeüVh*
èñöÿÿYY£*
ÇEüþÿÿÿèè(òÿÿÃjèªYÃU‹ìV‹uƒþàwoSW¡ü2
…Àuèàjè6hÿèäÿÿ¡ü2
YY…öt‹Îë3ÉAQjPÿpЋø…ÿu&j[9,<
t
Vè_
Y…Àu©ëèóÏÿÿ‰èìÏÿÿ‰‹Ç_[ëVè>
YèØÏÿÿÇ3À^]ÃU‹ì‹EV‹ñƒfǼéÆFÿ0訋Æ^]ÂU‹ì‹EÇ
¼é‹‰AÆA‹Á]ÂU‹ìVÿu‹ñƒfǼéÆFè‹Æ^]ÂÇ
¼éé–U‹ìVW‹}‹ñ;÷t胀tÿw‹Îè5ë‹G‰F_‹Æ^]ÂU‹ìV‹ñǼéèRöE
tVèI¨ÿÿY‹Æ^]ÂU‹ìƒ}S‹Ùt-WÿuèL
x
WèŠþÿÿYY‰C…ÀtÿuWPè̃ÄÆC
_[]ÂV‹ñ€~t	ÿvè$·ÿÿYƒfÆF^ËA…Àu¸ÄéÃU‹ìÿ544
ÿôÐ…ÀtÿuÿÐY…Àt3À@]Ã3À]ÃU‹ì‹E£44
]ÃU‹ì‹Eƒì VWjY¾Øé}àó¥‹M_^…Àt
öt‹
‹@ü‹@‰Mø‰Eü…ÀtötÇEô@™
EôPÿuðÿuäÿuàÿÀÐɃ%`L
ÃU‹ìV‹u…öt‹U…Òt	‹M…Éuˆ4_ôÛtÒÅ
ÊC
£À¨d§PõY_ôÛ_ôÛtÒ
ìEÞ¸äÊC
£À¨d§PõYP5…@…üüÿÿSÿvWPW…üþÿÿPhÿ¶Sèü3ƒÄ$‹Ë·„Müúÿÿ¨
t€LŠ„
üýÿÿë¨t€L Š„
üüÿÿˆ„
눜
A;ÏrÁëWjŸ–
X+‹ˉ…àúÿÿщ…äúÿÿƒÀ ƒøw
€LA 냽äúÿÿw€L Aàˆëˆ‹…àúÿÿA–
;Ïr¼‹Mü_^3Í[è°ÿÿÉÃjh¨

èø÷ÿÿè:Øÿÿ‹ø‹
ä*
…Optƒlt‹wh…öuj èÐëÿÿY‹ÆèøÿÿÃj
è-	Yƒeü‹wh‰uä;5”#
t6…ötVÿXÐ…Àuþ&
tV脾ÿÿY¡”#
‰Gh‹5”#
‰uäVÿTÐÇEüþÿÿÿè뎋uäj
è0
YÃjhÈ

èS÷ÿÿƒÏÿè’×ÿÿ‹Ø‰]äè=ÿÿÿ‹shÿuèÏüÿÿY‰E;F„n
h èFöÿÿY‹Ø…Û„[
¹ˆ‹Eä‹ph‹ûó¥3ö‰3SÿuèG
YY‹ø‰}…ÿ…

‹EäÿphÿXÐ…À‹Eäu‹Hhù&
t
Qè·½ÿÿY‹Eä‰XhSÿTЋEäö@p…ñöä*

…äj
è
Y‰uü‹C£4
‹C£4
‹ƒ£4
‹Î‰Màƒù}f‹DKf‰M 4
Aëè‹Î‰Màù

}
ŠDˆˆ$
Aëè‰uàþ
}Š„
ˆ†%
Fëåÿ5”#
ÿXÐ…Àu¡”#
=&
tPèø¼ÿÿY‰”#
SÿTÐÇEüþÿÿÿèë1‹}j
è¯YÃë#ƒÿÿuû&
tS軼ÿÿYèIÔÿÿÇë3ÿ‹Çè÷õÿÿÃU‹ìƒì ¡X!
3ʼnEüSVÿu‹uè-ûÿÿ‹ØY‰]à…ÛuVè‰ûÿÿY3Àé²
W3ÿ‹Ï‰Mä‹Ç9˜˜#
„òAƒÀ0‰Mä=ðræûèý„Ёûéý„Ä·ÃPÿÐÐ…À„²EèPSÿXÑ…À„Œh

FWP謸ÿÿ‰^3ÛCƒÄ‰¾9]èvO€}îEît!ŠP
„Òt¶¶Òë€LA;ÊvöƒÀ€8uߍF¹þ€@IuùÿvèúÿÿƒÄ‰†‰^ë‰~3À·È‹ÁÁáÁ~«««é»9=,4
tVè†úÿÿ鮃Èÿé©h

FWPè¸ÿÿ‹UäƒÄkÒ0‚¨#
‰Eä€8‹Èt5ŠA
„Àt+¶¶Àëû
sŠ‡#
D¶A
C;ØvåƒÁ_ôÛ_ôÛtÒ
ìEÞ¸äÊC
£À¨d§PõYPݺ€9u΋EäGƒÀ‰Eäƒÿr¸‹]àS‰^ÇF
èWùÿÿƒÄ‰†jN’œ#
_f‹f‰
RIOuñVè<úÿÿY3À_‹Mü^3Í[èΫÿÿÉÃU‹ìƒìMèSÿuèÔºÿÿ‹]C
=
w‹E苀·Xën‹ÃÁø‰EMè¶ÀQPè²YY…Àt‹EjˆEøˆ]ùÆEúYë
3Ɉ]øÆEùA‹Eèj
ÿpEüPQEøPEèj
PèÕ/ƒÄ…Àu8Eôt‹Eðƒ`pý3Àë·Eü#E€}ôt‹Mðƒapý[ÉÃÌÌÌÌÌÌÌÌÌÌÌÌ̋D$‹L$ȋL$u	‹D$÷áÂS÷á‹Ø‹D$÷d$؋D$÷áÓ[ÂÌÌÌÌÌÌÌÌÌÌÌÌV‹D$Àu(‹L$‹D$3Ò÷ñ‹Ø‹D$÷ñ‹ð‹Ã÷d$‹È‹Æ÷d$ÑëG‹È‹\$‹T$‹D$ÑéÑÛÑêÑØÉuô÷ó‹ð÷d$‹È‹D$÷æÑr;T$wr;D$v	N+D$T$3Û+D$T$÷Ú÷؃ڋʋӋًȋÆ^Âjhè

èòÿÿ¾ *
95*
t*jèvYƒeüVh*
èñöÿÿYY£*
ÇEüþÿÿÿèè(òÿÿÃjèªYÃU‹ìV‹uƒþàwoSW¡ü2
…Àuèàjè6hÿèäÿÿ¡ü2
YY…öt‹Îë3ÉAQjPÿpЋø…ÿu&j[9,<
t
Vè_
Y…Àu©ëèóÏÿÿ‰èìÏÿÿ‰‹Ç_[ëVè>
YèØÏÿÿÇ3À^]ÃU‹ì‹EV‹ñƒfǼéÆFÿ0訋Æ^]ÂU‹ì‹EÇ
¼é‹‰AÆA‹Á]ÂU‹ìVÿu‹ñƒfǼéÆFè‹Æ^]ÂÇ
¼éé–U‹ìVW‹}‹ñ;÷t胀tÿw‹Îè5ë‹G‰F_‹Æ^]ÂU‹ìV‹ñǼéèRöE
tVèI¨ÿÿY‹Æ^]ÂU‹ìƒ}S‹Ùt-WÿuèL
x
WèŠþÿÿYY‰C…ÀtÿuWPè̃ÄÆC
_[]ÂV‹ñ€~t	ÿvè$·ÿÿYƒfÆF^ËA…Àu¸ÄéÃU‹ìÿ544
ÿôÐ…ÀtÿuÿÐY…Àt3À@]Ã3À]ÃU‹ì‹E£44
]ÃU‹ì‹Eƒì VWjY¾Øé}àó¥‹M_^…Àt
öt‹
‹@ü‹@‰Mø‰Eü…ÀtötÇEô@™
EôPÿuðÿuäÿuàÿÀÐɃ%`L
ÃU‹ìV‹u…öt‹U…Òt	‹M…Éuˆ4_ôÛtÒ½8
ÊC
£À¨d§PõY_ôÛ_ôÛtÒ
ìEÞ¸äÊC
£À¨d§PõYP5…@…üüÿÿSÿvWPW…üþÿÿPhÿ¶Sèü3ƒÄ$‹Ë·„Müúÿÿ¨
t€LŠ„
üýÿÿë¨t€L Š„
üüÿÿˆ„
눜
A;ÏrÁëWjŸ–
X+‹ˉ…àúÿÿщ…äúÿÿƒÀ ƒøw
€LA 냽äúÿÿw€L Aàˆëˆ‹…àúÿÿA–
;Ïr¼‹Mü_^3Í[è°ÿÿÉÃjh¨

èø÷ÿÿè:Øÿÿ‹ø‹
ä*
…Optƒlt‹wh…öuj èÐëÿÿY‹ÆèøÿÿÃj
è-	Yƒeü‹wh‰uä;5”#
t6…ötVÿXÐ…Àuþ&
tV脾ÿÿY¡”#
‰Gh‹5”#
‰uäVÿTÐÇEüþÿÿÿè뎋uäj
è0
YÃjhÈ

èS÷ÿÿƒÏÿè’×ÿÿ‹Ø‰]äè=ÿÿÿ‹shÿuèÏüÿÿY‰E;F„n
h èFöÿÿY‹Ø…Û„[
¹ˆ‹Eä‹ph‹ûó¥3ö‰3SÿuèG
YY‹ø‰}…ÿ…

‹EäÿphÿXÐ…À‹Eäu‹Hhù&
t
Qè·½ÿÿY‹Eä‰XhSÿTЋEäö@p…ñöä*

…äj
è
Y‰uü‹C£4
‹C£4
‹ƒ£4
‹Î‰Màƒù}f‹DKf‰M 4
Aëè‹Î‰Màù

}
ŠDˆˆ$
Aëè‰uàþ
}Š„
ˆ†%
Fëåÿ5”#
ÿXÐ…Àu¡”#
=&
tPèø¼ÿÿY‰”#
SÿTÐÇEüþÿÿÿèë1‹}j
è¯YÃë#ƒÿÿuû&
tS軼ÿÿYèIÔÿÿÇë3ÿ‹Çè÷õÿÿÃU‹ìƒì ¡X!
3ʼnEüSVÿu‹uè-ûÿÿ‹ØY‰]à…ÛuVè‰ûÿÿY3Àé²
W3ÿ‹Ï‰Mä‹Ç9˜˜#
„òAƒÀ0‰Mä=ðræûèý„Ёûéý„Ä·ÃPÿÐÐ…À„²EèPSÿXÑ…À„Œh

FWP謸ÿÿ‰^3ÛCƒÄ‰¾9]èvO€}îEît!ŠP
„Òt¶¶Òë€LA;ÊvöƒÀ€8uߍF¹þ€@IuùÿvèúÿÿƒÄ‰†‰^ë‰~3À·È‹ÁÁáÁ~«««é»9=,4
tVè†úÿÿ鮃Èÿé©h

FWPè¸ÿÿ‹UäƒÄkÒ0‚¨#
‰Eä€8‹Èt5ŠA
„Àt+¶¶Àëû
sŠ‡#
D¶A
C;ØvåƒÁ_ôÛ_ôÛtÒ
ìEÞ¸äÊC
£À¨d§PõYPݺ€9u΋EäGƒÀ‰Eäƒÿr¸‹]àS‰^ÇF
èWùÿÿƒÄ‰†jN’œ#
_f‹f‰
RIOuñVè<úÿÿY3À_‹Mü^3Í[èΫÿÿÉÃU‹ìƒìMèSÿuèÔºÿÿ‹]C
=
w‹E苀·Xën‹ÃÁø‰EMè¶ÀQPè²YY…Àt‹EjˆEøˆ]ùÆEúYë
3Ɉ]øÆEùA‹Eèj
ÿpEüPQEøPEèj
PèÕ/ƒÄ…Àu8Eôt‹Eðƒ`pý3Àë·Eü#E€}ôt‹Mðƒapý[ÉÃÌÌÌÌÌÌÌÌÌÌÌÌ̋D$‹L$ȋL$u	‹D$÷áÂS÷á‹Ø‹D$÷d$؋D$÷áÓ[ÂÌÌÌÌÌÌÌÌÌÌÌÌV‹D$Àu(‹L$‹D$3Ò÷ñ‹Ø‹D$÷ñ‹ð‹Ã÷d$‹È‹Æ÷d$ÑëG‹È‹\$‹T$‹D$ÑéÑÛÑêÑØÉuô÷ó‹ð÷d$‹È‹D$÷æÑr;T$wr;D$v	N+D$T$3Û+D$T$÷Ú÷؃ڋʋӋًȋÆ^Âjhè

èòÿÿ¾ *
95*
t*jèvYƒeüVh*
èñöÿÿYY£*
ÇEüþÿÿÿèè(òÿÿÃjèªYÃU‹ìV‹uƒþàwoSW¡ü2
…Àuèàjè6hÿèäÿÿ¡ü2
YY…öt‹Îë3ÉAQjPÿpЋø…ÿu&j[9,<
t
Vè_
Y…Àu©ëèóÏÿÿ‰èìÏÿÿ‰‹Ç_[ëVè>
YèØÏÿÿÇ3À^]ÃU‹ì‹EV‹ñƒfǼéÆFÿ0訋Æ^]ÂU‹ì‹EÇ
¼é‹‰AÆA‹Á]ÂU‹ìVÿu‹ñƒfǼéÆFè‹Æ^]ÂÇ
¼éé–U‹ìVW‹}‹ñ;÷t胀tÿw‹Îè5ë‹G‰F_‹Æ^]ÂU‹ìV‹ñǼéèRöE
tVèI¨ÿÿY‹Æ^]ÂU‹ìƒ}S‹Ùt-WÿuèL
x
WèŠþÿÿYY‰C…ÀtÿuWPè̃ÄÆC
_[]ÂV‹ñ€~t	ÿvè$·ÿÿYƒfÆF^ËA…Àu¸ÄéÃU‹ìÿ544
ÿôÐ…ÀtÿuÿÐY…Àt3À@]Ã3À]ÃU‹ì‹E£44
]ÃU‹ì‹Eƒì VWjY¾Øé}àó¥‹M_^…Àt
öt‹
‹@ü‹@‰Mø‰Eü…ÀtötÇEô@™
EôPÿuðÿuäÿuàÿÀÐɃ%`L
ÃU‹ìV‹u…öt‹U…Òt	‹M…Éuˆ4_ôÛ
’±Â
ÊC
£À¨d§PõY_ôÛ_ôÛ
’±
ìEÞ¸äÊC
£À¨d§PõYPK"

l

"“|


Œ


þÿÿÿØÿÿÿþÿÿÿIEþÿÿÿÔÿÿÿþÿÿÿáFûF[J
 
<
`!
ÿÿÿÿ@J|!
ÿÿÿÿ9þÿÿÿÔÿÿÿþÿÿÿ”NþÿÿÿØÿÿÿþÿÿÿ9`þÿÿÿE`þÿÿÿØÿÿÿþÿÿÿ¢aþÿÿÿ±aþÿÿÿØÿÿÿþÿÿÿôbøbþÿÿÿØÿÿÿþÿÿÿÀbÄbþÿÿÿÐÿÿÿþÿÿÿUoo$oþÿÿÿ°ÿÿÿþÿÿÿKe—d¡dþÿÿÿØÿÿÿþÿÿÿ¹l½lþÿÿÿØÿÿÿþÿÿÿŒc•c@øeÿÿÿÿÿÿÿÿ

”
"“¤

´

þÿÿÿÔÿÿÿþÿÿÿ7n;nÒc

(

<
 #
ÿÿÿÿ·cþÿÿÿÄÿÿÿþÿÿÿ¬vþÿÿÿ|ÿÿÿþÿÿÿÝyþÿÿÿÔÿÿÿþÿÿÿ*…þÿÿÿÔÿÿÿþÿÿÿՈþÿÿÿÐÿÿÿþÿÿÿVŠþÿÿÿØÿÿÿþÿÿÿ^ŽþÿÿÿØÿÿÿþÿÿÿђþÿÿÿÐÿÿÿþÿÿÿ@—þÿÿÿÈÿÿÿþÿÿÿ þÿÿÿØÿÿÿþÿÿÿY¯l¯þÿÿÿÔÿÿÿþÿÿÿ'°þÿÿÿ¼ÿÿÿþÿÿÿ°²þÿÿÿÐÿÿÿþÿÿÿj¿þÿÿÿÌÿÿÿþÿÿÿþÀÈÀþÿÿÿØÿÿÿþÿÿÿÁþÿÿÿÔÿÿÿþÿÿÿ_ôÛ_ôÛ
’±
ìEÞ¸äÊC
£À¨d§PõYP™éAÉþÿÿÿÌÿÿÿþÿÿÿÊþÿÿÿÐÿÿÿþÿÿÿ$ËÜ
 
œÑÔ
>
ӄ`
z
 д
L
tÑð
´
°Ñl
"
,Ð@
°
Р
¾
`ь
|
j
Z
H
0
ž
b
J
P
>
0



ø
è
Ü
Ä
¬
¾
Ö
î
þ

0
B
R
^
j
|
’
 
²
Â
Ð
à
ð


`
p
€
–
¦
²
Æ
š
Ô
‚
x
f
^
J
Ì
Ø
ê


0
@
P
^
t
Š
š
¨
Ð
è
þ

&
@
Z
l
†
 
¶
Ò
ð
ü



"
6
Ž
€€€	€º
†
 
Ø
ô
0

,


ۀš€l
€
’
¢
X

SHStrDupWN
StrStrIWSHLWAPI.dll‚SHChangeNotifySHELL32.dllâCryptStringToBinaryW~CryptBinaryToStringWCRYPT32.dlliPSStringFromPropertyKeyePSPropertyKeyFromString-PSCreateMemoryPropertyStore*PSCoerceToCanonicalValueInitPropVariantFromStringVector¦StgSerializePropVariant¥StgDeserializePropVariantPROPSYS.dllCoCreateInstance
PropVariantClearxCoTaskMemAllocyCoTaskMemFreeµ
StringFromGUID2ole32.dllqInterlockedIncreme

Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           333           218694      264905240     157913691         52.6b   93.43
 IPv4      17            42          5476750      263105420      85436328          3.6b    6.38
 IPv6      17             6          4886656       40521138      18459332        110.8m    0.20
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           333           134572       11502052        689302        229.5m   78.89
TMM_FLOWWORKER              IPv4      17            42           236678       23413786       1309314         55.0m   18.90
TMM_RECEIVEPCAPFILE         IPv4       6           328             5156          12494          5777          1.9m    0.65
TMM_RECEIVEPCAPFILE         IPv4      17            42             5206           7398          5687        238.9k    0.08
TMM_DECODEPCAPFILE          IPv4       6           328             5284          53240          6014          2.0m    0.68
TMM_DECODEPCAPFILE          IPv4      17            42             5332           8304          5702        239.5k    0.08
TMM_FLOWWORKER              IPv6      17             6           218490         680966        330777          2.0m    0.68
TMM_RECEIVEPCAPFILE         IPv6      17             6             5574          13774          7165         43.0k    0.01
TMM_DECODEPCAPFILE          IPv6      17             6             5408          44946         12383         74.3k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           328             5626          26680          6481          2.1m  0.85  
flow                    IPv4      17            42             5414          37462          8688        364.9k  0.15  
stream                  IPv4       6           333             5788        1479774         23229          7.7m  3.11  
app-layer               IPv4      17            42             5128          62432         10542        442.8k  0.18  
detect                  IPv4       6           333            89994       11256354        614027        204.5m  82.08 
detect                  IPv4      17            42           204324        9492038        715343         30.0m  12.06 
tcp-prune               IPv4       6           333             5168          44612          6286          2.1m  0.84  
flow                    IPv6      17             6             5784          46784         16997        102.0k  0.04  
app-layer               IPv6      17             6             5244          54184         17619        105.7k  0.04  
detect                  IPv6      17             6           185306         543736        272287          1.6m  0.66  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4             5920          79204         33671        134.7k  59.62 
tls                     IPv4       6             4             5512          18516          9315         37.3k  16.49 
dns                     IPv4      17             4             9080          23292         13489         54.0k  23.88 
Proto detect            IPv4      17             9             5408          22502         10090         90.8k
Proto detect            IPv6      17             3             6146          41082         18038         54.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             3            88026         143870        120126        360.4k  1.40  
LOGGER_UNIFIED2             IPv4       6             3            99290         273244        178452        535.4k  2.08  
LOGGER_JSON_ALERT           IPv4       6             3           125246         549846        274868        824.6k  3.21  
LOGGER_JSON_DNS             IPv4      17             4            80290       22379914       5776489         23.1m  89.90 
LOGGER_JSON_HTTP            IPv4       6             2           122320         201762        162041        324.1k  1.26  
LOGGER_JSON_TLS             IPv4       6             2             5884           5890          5887         11.8k  0.05  
LOGGER_JSON_FILE            IPv4       6             3           144980         211332        179748        539.2k  2.10  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           205             5200         754472         49409        10.1m  17.63 
payload                           IPv4      17            42             6116         499038         45991         1.9m  3.36  
stream                            IPv4       6           205             5138        2890390         85145        17.5m  30.39 
http_uri                          IPv4       6             2            23786          45108         34447        68.9k  0.12  
http_request_line                 IPv4       6             2            10132          11072         10602        21.2k  0.04  
http_client_body                  IPv4       6             7             5244         336704         53029       371.2k  0.65  
http_header (request)             IPv4       6             2            50852         179554        115203       230.4k  0.40  
http_header (request trailer)     IPv4       6             2             5278           5350          5314        10.6k  0.02  
http_header_names (request)       IPv4       6             2            18092          58116         38104        76.2k  0.13  
http_accept (request)             IPv4       6             2             6520           6648          6584        13.2k  0.02  
http_referer (request)            IPv4       6             2             5976          10444          8210        16.4k  0.03  
http_content_len (request)        IPv4       6             2             5984           9412          7698        15.4k  0.03  
http_content_type (request)       IPv4       6             2             6082          17188         11635        23.3k  0.04  
http_protocol (request)           IPv4       6             2             9438          10874         10156        20.3k  0.04  
http_start (request)              IPv4       6             2            18512          25012         21762        43.5k  0.08  
http_raw_header (request)         IPv4       6             7             8696          18680         13113        91.8k  0.16  
http_method                       IPv4       6             2            10324          10964         10644        21.3k  0.04  
http_cookie (request)             IPv4       6             2             5942           7084          6513        13.0k  0.02  
http_raw_uri                      IPv4       6             2             9572          10844         10208        20.4k  0.04  
http_user_agent                   IPv4       6             2             5588         112416         59002       118.0k  0.21  
http_host                         IPv4       6             2             8190          93432         50811       101.6k  0.18  
dns_query                         IPv4      17             2            22144          45918         34031        68.1k  0.12  
tls_sni                           IPv4       6             6             5748          18400         11438        68.6k  0.12  
http_response_line                IPv4       6             2            13632          15452         14542        29.1k  0.05  
http_header (response)            IPv4       6             2            46198          95118         70658       141.3k  0.25  
http_header (response trailer)    IPv4       6             2             6236          55694         30965        61.9k  0.11  
http_content_type (response)      IPv4       6             2            15698          20978         18338        36.7k  0.06  
http_raw_header (response)        IPv4       6           181             6568          39162         10362         1.9m  3.27  
http_cookie (response)            IPv4       6             2             6054           9682          7868        15.7k  0.03  
http_stat_code                    IPv4       6             2             7440           8322          7881        15.8k  0.03  
tls_cert_issuer                   IPv4       6             2             5482           5618          5550        11.1k  0.02  
tls_cert_subject                  IPv4       6             2             5244           5252          5248        10.5k  0.02  
tls_cert_serial                   IPv4       6             2             5186           5222          5204        10.4k  0.02  
file_data (http response)         IPv4       6           179             5194        1283328        135203        24.2m  42.13 
Total                             IPv4                   884                                         64862        57.3m
payload                           IPv6      17             6             6616          51682         17739       106.4k  0.19  
Total                             IPv6                     6                                         17739       106.4k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             8            11242         160198         93510        748.1k  0.25  
PROF_DETECT_IPONLY          IPv4      17             9            47950         493854        131540          1.2m  0.40  
PROF_DETECT_RULES           IPv4       6           333             5154       10598144        240363         80.0m  26.99 
PROF_DETECT_RULES           IPv4      17            42            89294        9361886        513585         21.6m  7.27  
PROF_DETECT_STATEFUL_START    IPv4       6           167            10340        2843398         90920         15.2m  5.12  
PROF_DETECT_STATEFUL_CONT    IPv4       6           333             5124         122172         19893          6.6m  2.23  
PROF_DETECT_STATEFUL_CONT    IPv4      17            42             5108         104500          8935        375.3k  0.13  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           310             5158         438996          7016          2.2m  0.73  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             5808           6950          6304         25.2k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           333            15850        3189088        225729         75.2m  25.34 
PROF_DETECT_PREFILTER       IPv4      17            42            47754         548032         94361          4.0m  1.34  
PROF_DETECT_PF_PAYLOAD      IPv4       6           205            28080        2917126        151046         31.0m  10.44 
PROF_DETECT_PF_PAYLOAD      IPv4      17            42            16636         510936         56641          2.4m  0.80  
PROF_DETECT_PF_TX           IPv4       6           310             5174        1308296        103218         32.0m  10.79 
PROF_DETECT_PF_TX           IPv4      17             2            33252          58822         46037         92.1k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6           153             5178          23854          6508        995.7k  0.34  
PROF_DETECT_PF_SORT1        IPv4      17            42             5178          14630          6666        280.0k  0.09  
PROF_DETECT_PF_SORT2        IPv4       6           333             5136         427016          7162          2.4m  0.80  
PROF_DETECT_PF_SORT2        IPv4      17            42             5158           9114          5799        243.6k  0.08  
PROF_DETECT_NONMPMLIST      IPv4       6           333             5148          46650          6131          2.0m  0.69  
PROF_DETECT_NONMPMLIST      IPv4      17            42             5142           8116          5670        238.1k  0.08  
PROF_DETECT_ALERT           IPv4       6           333             5128        3688866         17968          6.0m  2.02  
PROF_DETECT_ALERT           IPv4      17            42             5130           7490          5368        225.5k  0.08  
PROF_DETECT_CLEANUP         IPv4       6           333             5210          25940          5715          1.9m  0.64  
PROF_DETECT_CLEANUP         IPv4      17            42             5122           9530          5541        232.8k  0.08  
PROF_DETECT_GETSGH          IPv4       6           333             5132        5682484         23151          7.7m  2.60  
PROF_DETECT_GETSGH          IPv4      17            42             5118          12330          6803        285.7k  0.10  
PROF_DETECT_IPONLY          IPv6      17             3             7512          78986         32020         96.1k  0.03  
PROF_DETECT_RULES           IPv6      17             6            68092         188192         96476        578.9k  0.20  
PROF_DETECT_STATEFUL_CONT    IPv6      17             6             5114           5548          5328         32.0k  0.01  
PROF_DETECT_PREFILTER       IPv6      17             6            48560          99220         64178        385.1k  0.13  
PROF_DETECT_PF_PAYLOAD      IPv6      17             6            17228          62362         28222        169.3k  0.06  
PROF_DETECT_PF_SORT1        IPv6      17             6             5182           6632          5599         33.6k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             6             5150           6826          5573         33.4k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             6             5134           6442          5698         34.2k  0.01  
PROF_DETECT_ALERT           IPv6      17             6             5152          18938          7477         44.9k  0.02  
PROF_DETECT_CLEANUP         IPv6      17             6             5190           8358          6015         36.1k  0.01  
PROF_DETECT_GETSGH          IPv6      17             6             5136          66368         20812        124.9k  0.04  

01/05/2021-21:33:12.526927  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 202.67.13.163:80 -> 192.168.100.167:62809
01/05/2021-21:33:12.816338  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 202.67.13.163:80 -> 192.168.100.167:62809
01/05/2021-21:33:12.816338  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 202.67.13.163:80 -> 192.168.100.167:62809
01/05/2021-21:33:12.816338  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 202.67.13.163:80 -> 192.168.100.167:62809
01/05/2021-21:33:13.103089  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 202.67.13.163:80 -> 192.168.100.167:62809

lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/68b16fc7ef7fbce03675b1fed0b8a3d756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01052021.2138-e52621ae-498e-4328-bfb4-d00ef2db1fe5.pcap -vvv -k none
elapsedtime:24.231658
stderr:
stdout:
5/1/2021 -- 21:38:06 - <Info> - Configuration node 'rule-files' redefined.
5/1/2021 -- 21:38:06 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/1/2021 -- 21:38:06 - <Info> - CPUs/cores online: 1
5/1/2021 -- 21:38:06 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34056 and 'request-body-inspect-window' set to 16409 after randomization.
5/1/2021 -- 21:38:06 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31937 and 'response-body-inspect-window' set to 16486 after randomization.
5/1/2021 -- 21:38:06 - <Config> - DNS request flood protection level: 500
5/1/2021 -- 21:38:06 - <Config> - DNS per flow memcap (state-memcap): 524288
5/1/2021 -- 21:38:06 - <Config> - DNS global memcap: 16777216
5/1/2021 -- 21:38:06 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/1/2021 -- 21:38:06 - <Config> - preallocated 1000 hosts of size 136
5/1/2021 -- 21:38:06 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/1/2021 -- 21:38:06 - <Config> - using magic-file /usr/share/file/magic
5/1/2021 -- 21:38:06 - <Config> - Core dump size is unlimited.
5/1/2021 -- 21:38:06 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/1/2021 -- 21:38:06 - <Config> - preallocated 1000 defrag trackers of size 168
5/1/2021 -- 21:38:06 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/1/2021 -- 21:38:06 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/1/2021 -- 21:38:06 - <Config> - stream "memcap": 33554432
5/1/2021 -- 21:38:06 - <Config> - stream "midstream" session pickups: disabled
5/1/2021 -- 21:38:06 - <Config> - stream "async-oneside": disabled
5/1/2021 -- 21:38:06 - <Config> - stream "checksum-validation": disabled
5/1/2021 -- 21:38:06 - <Config> - stream."inline": disabled
5/1/2021 -- 21:38:06 - <Config> - stream "bypass": disabled
5/1/2021 -- 21:38:06 - <Config> - stream "max-synack-queued": 5
5/1/2021 -- 21:38:06 - <Config> - stream.reassembly "memcap": 134217728
5/1/2021 -- 21:38:06 - <Config> - stream.reassembly "depth": 0
5/1/2021 -- 21:38:06 - <Config> - stream.reassembly "toserver-chunk-size": 2448
5/1/2021 -- 21:38:06 - <Config> - stream.reassembly "toclient-chunk-size": 2663
5/1/2021 -- 21:38:06 - <Config> - stream.reassembly.raw: enabled
5/1/2021 -- 21:38:06 - <Config> - stream.reassembly "segment-prealloc": 2048
5/1/2021 -- 21:38:06 - <Config> - Delayed detect disabled
5/1/2021 -- 21:38:06 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/1/2021 -- 21:38:06 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/1/2021 -- 21:38:06 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/1/2021 -- 21:38:06 - <Config> - prefilter engines: MPM
5/1/2021 -- 21:38:06 - <Config> - IP reputation disabled
5/1/2021 -- 21:38:06 - <Perf> - Registered 148 keyword profiling counters.
5/1/2021 -- 21:38:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/1/2021 -- 21:38:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/1/2021 -- 21:38:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/1/2021 -- 21:38:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/1/2021 -- 21:38:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/1/2021 -- 21:38:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/1/2021 -- 21:38:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/1/2021 -- 21:38:12 - <Config> - No rules loaded from ET-icmp.rules.
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/1/2021 -- 21:38:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/1/2021 -- 21:38:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/1/2021 -- 21:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/1/2021 -- 21:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/1/2021 -- 21:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/1/2021 -- 21:38:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/1/2021 -- 21:38:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/1/2021 -- 21:38:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/1/2021 -- 21:38:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/1/2021 -- 21:38:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/1/2021 -- 21:38:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/1/2021 -- 21:38:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/1/2021 -- 21:38:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/1/2021 -- 21:38:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/1/2021 -- 21:38:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/1/2021 -- 21:38:20 - <Config> - No rules loaded from local.rules.
5/1/2021 -- 21:38:20 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/1/2021 -- 21:38:20 - <Info> - Threshold config parsed: 0 rule(s) found
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for tcp-packet
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for tcp-stream
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for udp-packet
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for other-ip
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_uri
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_request_line
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_client_body
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_response_line
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_header
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_header
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_header_names
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_header_names
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_accept
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_accept_enc
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_accept_lang
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_referer
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_connection
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_content_len
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_content_len
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_content_type
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_content_type
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_protocol
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_protocol
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_start
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_start
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_raw_header
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_raw_header
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_method
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_cookie
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_cookie
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_raw_uri
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_user_agent
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_host
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_raw_host
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_stat_msg
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_stat_code
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for dns_query
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for tls_sni
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for dce_stub_data
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for dce_stub_data
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for ssh_protocol
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for ssh_protocol
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for ssh_software
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for ssh_software
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for file_data
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for file_data
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_request_line
5/1/2021 -- 21:38:21 - <Perf> - using shared mpm ctx' for http_response_line
5/1/2021 -- 21:38:21 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/1/2021 -- 21:38:21 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/1/2021 -- 21:38:21 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/1/2021 -- 21:38:21 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/1/2021 -- 21:38:21 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/1/2021 -- 21:38:21 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/1/2021 -- 21:38:21 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/1/2021 -- 21:38:21 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/1/2021 -- 21:38:26 - <Perf> - Unique rule groups: 104
5/1/2021 -- 21:38:26 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/1/2021 -- 21:38:26 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/1/2021 -- 21:38:26 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/1/2021 -- 21:38:26 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/1/2021 -- 21:38:26 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/1/2021 -- 21:38:26 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/1/2021 -- 21:38:26 - <Perf> - Builtin MPM "other IP packet": 3
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_header": 10
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient http_header": 6
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_start": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_method": 5
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver http_host": 2
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toserver file_data": 1
5/1/2021 -- 21:38:26 - <Perf> - AppLayer MPM "toclient file_data": 7
5/1/2021 -- 21:38:28 - <Perf> - Registered 39590 rule profiling counters.
5/1/2021 -- 21:38:28 - <Info> - fast output device (regular) initialized: alert
5/1/2021 -- 21:38:28 - <Info> - eve-log output device (regular) initialized: eve.json
5/1/2021 -- 21:38:28 - <Config> - enabling 'eve-log' module 'alert'
5/1/2021 -- 21:38:28 - <Config> - enabling 'eve-log' module 'http'
5/1/2021 -- 21:38:28 - <Config> - enabling 'eve-log' module 'dns'
5/1/2021 -- 21:38:28 - <Config> - enabling 'eve-log' module 'tls'
5/1/2021 -- 21:38:28 - <Config> - enabling 'eve-log' module 'files'
5/1/2021 -- 21:38:28 - <Config> - enabling 'eve-log' module 'ssh'
5/1/2021 -- 21:38:28 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/1/2021 -- 21:38:28 - <Info> - stats output device (regular) initialized: stats.log
5/1/2021 -- 21:38:28 - <Config> - AutoFP mode using "Hash" flow load balancer
5/1/2021 -- 21:38:28 - <Info> - reading pcap file /var/pcap/01052021.2138-e52621ae-498e-4328-bfb4-d00ef2db1fe5.pcap
5/1/2021 -- 21:38:28 - <Config> - using 1 flow manager threads
5/1/2021 -- 21:38:28 - <Config> - using 1 flow recycler threads
5/1/2021 -- 21:38:28 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

------------------------------------------------------------------------------------
Date: 1/5/2021 -- 21:38:30 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 447
decoder.bytes                              | Total                     | 232733
decoder.ipv4                               | Total                     | 370
decoder.ipv6                               | Total                     | 6
decoder.ethernet                           | Total                     | 447
decoder.tcp                                | Total                     | 328
decoder.udp                                | Total                     | 48
decoder.avg_pkt_size                       | Total                     | 520
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 4
flow.udp                                   | Total                     | 10
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 4
tcp.rst                                    | Total                     | 3
detect.alert                               | Total                     | 5
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 6
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 8
flow_mgr.new_pruned                        | Total                     | 8
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 10
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.flows_timeout                     | Total                     | 8
flow_mgr.flows_removed                     | Total                     | 8
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65526
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078336

{"timestamp":"2021-01-05T21:33:05.520398+0000","flow_id":1237564141990094,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.167","src_port":61397,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54034,"rrname":"astrologiaexistencial.com","rrtype":"A","tx_id":0}}
{"timestamp":"2021-01-05T21:33:05.549021+0000","flow_id":1237564141990094,"pcap_cnt":30,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.167","dest_port":61397,"proto":"UDP","dns":{"type":"answer","id":54034,"rcode":"NOERROR","rrname":"astrologiaexistencial.com","rrtype":"A","ttl":199,"rdata":"31.22.4.141"}}
{"timestamp":"2021-01-05T21:33:08.896400+0000","flow_id":1039965581782416,"pcap_cnt":63,"event_type":"dns","src_ip":"192.168.100.167","src_port":56446,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60619,"rrname":"www.dirgantaratuba.com","rrtype":"A","tx_id":0}}
{"timestamp":"2021-01-05T21:33:08.896636+0000","flow_id":1039965581782416,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.167","dest_port":56446,"proto":"UDP","dns":{"type":"answer","id":60619,"rcode":"NOERROR","rrname":"www.dirgantaratuba.com","rrtype":"A","ttl":1499,"rdata":"202.67.13.163"}}
{"timestamp":"2021-01-05T21:33:12.526927+0000","flow_id":655299720818990,"pcap_cnt":87,"event_type":"alert","src_ip":"202.67.13.163","src_port":80,"dest_ip":"192.168.100.167","dest_port":62809,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2014819,"rev":3,"signature":"ET INFO Packed Executable Download","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2021-01-05T21:33:12.816338+0000","flow_id":655299720818990,"pcap_cnt":136,"event_type":"alert","src_ip":"202.67.13.163","src_port":80,"dest_ip":"192.168.100.167","dest_port":62809,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2021-01-05T21:33:12.816338+0000","flow_id":655299720818990,"pcap_cnt":136,"event_type":"alert","src_ip":"202.67.13.163","src_port":80,"dest_ip":"192.168.100.167","dest_port":62809,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2021-01-05T21:33:12.816338+0000","flow_id":655299720818990,"pcap_cnt":136,"event_type":"alert","src_ip":"202.67.13.163","src_port":80,"dest_ip":"192.168.100.167","dest_port":62809,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014520,"rev":6,"signature":"ET INFO EXE - Served Attached HTTP","category":"Misc activity","severity":3}}
{"timestamp":"2021-01-05T21:33:13.103089+0000","flow_id":655299720818990,"pcap_cnt":187,"event_type":"alert","src_ip":"202.67.13.163","src_port":80,"dest_ip":"192.168.100.167","dest_port":62809,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2021-01-05T21:33:14.502932+0000","flow_id":655299720818990,"pcap_cnt":355,"event_type":"http","src_ip":"192.168.100.167","src_port":62809,"dest_ip":"202.67.13.163","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.dirgantaratuba.com","url":"\/cgi-bin\/PX4K\/","http_content_type":"application\/octet-stream"}}
{"timestamp":"2021-01-05T21:33:26.572903+0000","flow_id":1805711007172358,"pcap_cnt":384,"event_type":"fileinfo","src_ip":"192.168.100.167","src_port":63063,"dest_ip":"90.160.138.175","dest_port":80,"proto":"TCP","http":{"hostname":"90.160.138.175","url":"\/anhw0njq1d020y4\/sqlxe0vty8\/jzjwe6jf\/thee4dn7y\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"90.160.138.175\/anhw0njq1d020y4\/sqlxe0vty8\/jzjwe6jf\/thee4dn7y\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"vZYvNn","gaps":false,"state":"CLOSED","stored":false,"size":1700,"tx_id":0}}
{"timestamp":"2021-01-05T21:33:27.351687+0000","flow_id":1805711007172358,"pcap_cnt":392,"event_type":"http","src_ip":"192.168.100.167","src_port":63063,"dest_ip":"90.160.138.175","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"90.160.138.175","url":"\/anhw0njq1d020y4\/sqlxe0vty8\/jzjwe6jf\/thee4dn7y\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2021-01-05T21:34:32.275924+0000","flow_id":1805711007172358,"pcap_cnt":427,"event_type":"fileinfo","src_ip":"90.160.138.175","src_port":80,"dest_ip":"192.168.100.167","dest_port":63063,"proto":"TCP","http":{"hostname":"90.160.138.175","url":"\/anhw0njq1d020y4\/sqlxe0vty8\/jzjwe6jf\/thee4dn7y\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_refer":"90.160.138.175\/anhw0njq1d020y4\/sqlxe0vty8\/jzjwe6jf\/thee4dn7y\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2478},"app_proto":"http","fileinfo":{"filename":"\/anhw0njq1d020y4\/sqlxe0vty8\/jzjwe6jf\/thee4dn7y\/","gaps":false,"state":"CLOSED","stored":false,"size":2468,"tx_id":0}}
{"timestamp":"2021-01-05T21:35:01.078870+0000","flow_id":655299720818990,"event_type":"fileinfo","src_ip":"202.67.13.163","src_port":80,"dest_ip":"192.168.100.167","dest_port":62809,"proto":"TCP","http":{"hostname":"www.dirgantaratuba.com","url":"\/cgi-bin\/PX4K\/","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":195072},"app_proto":"http","fileinfo":{"filename":"4ZWy9PUOLOYjnq.dll","gaps":false,"state":"CLOSED","stored":false,"size":195072,"tx_id":0}}

  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/5/2021 -- 21:38:30
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            16522           1               1               16522           16522.00        16522.00        0.00           
  flow             5254684         884             884             48026           5944.00         5944.00         0.00           
  content          12361276        660             318             455246          18729.00        18186.00        19233.00       
  pcre             1059864         42              8               116648          25234.00        29287.00        24281.00       
  byte_test        900978          152             80              25642           5927.00         6036.00         5806.00        
  byte_jump        315292          45              35              24592           7006.00         6781.00         7793.00        
  isdataat         17690           3               1               6894            5896.00         5298.00         6196.00        
  flowbits         2657928         468             22              27298           5679.00         6700.00         5628.00        
  urilen           173080          26              13              28810           6656.00         7501.00         5812.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            16522           1               1               16522           16522.00        16522.00        0.00           
  flow             5254684         884             884             48026           5944.00         5944.00         0.00           
  flowbits         2610860         464             18              27298           5626.00         5574.00         5628.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5248406         297             152             455246          17671.00        18928.00        16354.00       
  pcre             309882          5               1               116648          61976.00        49430.00        65113.00       
  byte_test        900978          152             80              25642           5927.00         6036.00         5806.00        
  byte_jump        255516          38              28              24592           6724.00         6342.00         7793.00        
  isdataat         17690           3               1               6894            5896.00         5298.00         6196.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         47068           4               4               21916           11767.00        11767.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          173118          28              8               8574            6182.00         5858.00         6312.00        
  pcre             293726          12              1               48260           24477.00        15538.00        25289.00       
  urilen           173080          26              13              28810           6656.00         7501.00         5812.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          120202          10              3               32210           12020.00        8205.00         13655.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11938           2               0               5982            5969.00         0.00            5969.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5635876         158             48              227890          35670.00        42719.00        32594.00       
  pcre             114058          12              0               32076           9504.00         0.00            9504.00        
  byte_jump        59776           7               7               24532           8539.00         8539.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          829656          113             74              27352           7342.00         7593.00         6864.00        
  pcre             274608          11              4               39102           24964.00        25434.00        24695.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          78114           12              10              7936            6509.00         6357.00         7272.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12276           2               2               6296            6138.00         6138.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7070            1               0               7070            7070.00         0.00            7070.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33096           5               2               7264            6619.00         6762.00         6524.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          187158          28              18              9434            6684.00         7021.00         6077.00        
  pcre             67590           2               2               51792           33795.00        33795.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5894            1               0               5894            5894.00         0.00            5894.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18472           3               1               6644            6157.00         6644.00         5914.00        

2021-01-05 21:38:05,224 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2021-01-05 21:38:06,139 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2021-01-05 21:38:06,139 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2021-01-05 21:38:06,140 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2021-01-05 21:38:06,140 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2021-01-05 21:38:06,140 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/68b16fc7ef7fbce03675b1fed0b8a3d756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01052021.2138-e52621ae-498e-4328-bfb4-d00ef2db1fe5.pcap -vvv -k none
2021-01-05 21:38:30,375 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2021-01-05 21:38:30,375 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.1695051193