Filename: 2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.48259186745 seconds
Hash: 83cb8fec13f79a9284e53b2ea13e7d55
Uploaded: 1542341025

Logfiles


suricata-4.0.0-etopen-all-perf.txt-2018-11-16-T-04-03-54-11162018.0403-2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap.txt - (41047 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/16/2018 -- 04:03:54. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020865      1        3        13282593     6.59   99       0        345612      134167.61   0.00        134167.61  
  2        2018358      1        7        4826637      2.39   57       0        163628      84677.84    0.00        84677.84   
  3        2012520      1        7        154909       0.08   1        1        154909      154909.00   154909.00   0.00       
  4        2024769      1        2        146254       0.07   1        0        146254      146254.00   0.00        146254.00  
  5        2019837      1        3        139609       0.07   2        1        136281      69804.50    136281.00   3328.00    
  6        2019613      1        3        135810       0.07   1        1        135810      135810.00   135810.00   0.00       
  7        2024178      1        2        1441186      0.72   57       0        123911      25283.96    0.00        25283.96   
  8        2019344      1        5        3284500      1.63   57       1        116746      57622.81    53676.00    57693.29   
  9        2014519      1        7        2020026      1.00   105      0        95283       19238.34    0.00        19238.34   
  10       2024606      1        2        136624       0.07   3        0        94592       45541.33    0.00        45541.33   
  11       2022049      1        3        1441427      0.72   57       2        94469       25288.19    85210.50    23109.20   
  12       2017552      1        6        24807095     12.31  1668     0        94293       14872.36    0.00        14872.36   
  13       2016537      1        2        24307433     12.06  1610     2        94070       15097.78    66783.50    15033.50   
  14       2019693      1        5        1772803      0.88   57       0        92157       31101.81    0.00        31101.81   
  15       2023476      1        5        2465465      1.22   46       0        91006       53597.07    0.00        53597.07   
  16       2022132      1        1        3228405      1.60   201      0        90771       16061.72    0.00        16061.72   
  17       2025064      1        5        2203517      1.09   58       0        88427       37991.67    0.00        37991.67   
  18       2008575      1        5        2751245      1.37   309      0        86657       8903.71     0.00        8903.71    
  19       2014473      1        5        1111488      0.55   139      0        85083       7996.32     0.00        7996.32    
  20       2017114      1        5        126268       0.06   2        0        84938       63134.00    0.00        63134.00   
  21       2023671      1        4        111857       0.06   11       0        84209       10168.82    0.00        10168.82   
  22       2022339      1        2        2644108      1.31   57       0        83443       46387.86    0.00        46387.86   
  23       2020388      1        8        2251882      1.12   58       0        83043       38825.55    0.00        38825.55   
  24       2022503      1        2        2091806      1.04   57       0        82852       36698.35    0.00        36698.35   
  25       2001330      1        8        7837253      3.89   2524     0        82172       3105.09     0.00        3105.09    
  26       2022054      1        3        155987       0.08   2        0        80723       77993.50    0.00        77993.50   
  27       2021067      1        2        1279578      0.63   37       0        80229       34583.19    0.00        34583.19   
  28       2024909      1        2        3417275      1.70   157      0        79558       21766.08    0.00        21766.08   
  29       2023315      1        2        2127846      1.06   57       0        78085       37330.63    0.00        37330.63   
  30       2017613      1        9        1882644      0.93   57       0        77877       33028.84    0.00        33028.84   
  31       2023875      1        2        1892475      0.94   57       0        77315       33201.32    0.00        33201.32   
  32       2024272      1        4        1081318      0.54   54       0        76124       20024.41    0.00        20024.41   
  33       2003657      1        18       1324977      0.66   57       0        72668       23245.21    0.00        23245.21   
  34       2018958      1        18       2490974      1.24   57       0        72345       43701.30    0.00        43701.30   
  35       2018982      1        2        233494       0.12   5        0        70075       46698.80    0.00        46698.80   
  36       2019822      1        7        207412       0.10   11       0        69631       18855.64    0.00        18855.64   
  37       2020569      1        1        228578       0.11   5        0        69397       45715.60    0.00        45715.60   
  38       2019881      1        3        2103383      1.04   57       0        69117       36901.46    0.00        36901.46   
  39       2022050      1        3        223827       0.11   5        0        68535       44765.40    0.00        44765.40   
  40       2022627      1        12       1195348      0.59   46       0        68347       25985.83    0.00        25985.83   
  41       2018242      1        5        2055659      1.02   57       0        67507       36064.19    0.00        36064.19   
  42       2020380      1        3        1296267      0.64   57       0        66932       22741.53    0.00        22741.53   
  43       2017693      1        2        106646       0.05   2        0        66362       53323.00    0.00        53323.00   
  44       2020661      1        3        729629       0.36   79       0        65431       9235.81     0.00        9235.81    
  45       2018496      1        9        1653918      0.82   57       0        65151       29016.11    0.00        29016.11   
  46       2022197      1        3        1166857      0.58   37       0        63891       31536.68    0.00        31536.68   
  47       2016858      1        10       1710666      0.85   57       0        63377       30011.68    0.00        30011.68   
  48       2022552      1        2        2105979      1.04   97       0        62567       21711.12    0.00        21711.12   
  49       2019345      1        2        775479       0.38   49       0        61891       15826.10    0.00        15826.10   
  50       2024650      1        1        2642492      1.31   281      0        61876       9403.89     0.00        9403.89    
  51       2021068      1        2        239553       0.12   6        3        61710       39925.50    46215.00    33636.00   
  52       2018241      1        2        90109        0.04   11       0        61575       8191.73     0.00        8191.73    
  53       2008377      1        5        86633        0.04   2        0        59451       43316.50    0.00        43316.50   
  54       2024829      1        2        3668483      1.82   174      0        58736       21083.24    0.00        21083.24   
  55       2017935      1        3        782677       0.39   232      0        58162       3373.61     0.00        3373.61    
  56       2021584      1        4        64666        0.03   3        0        57002       21555.33    0.00        21555.33   
  57       2023670      1        3        2080698      1.03   57       3        56358       36503.47    41143.00    36245.72   
  58       2022220      1        2        2129650      1.06   57       0        55793       37362.28    0.00        37362.28   
  59       2022262      1        3        1702969      0.84   57       0        55610       29876.65    0.00        29876.65   
  60       2011894      1        19       1677732      0.83   57       0        55604       29433.89    0.00        29433.89   
  61       2020963      1        2        89972        0.04   2        0        55331       44986.00    0.00        44986.00   
  62       2022203      1        2        231586       0.11   7        0        54967       33083.71    0.00        33083.71   
  63       2023679      1        3        82363        0.04   11       0        54686       7487.55     0.00        7487.55    
  64       2022535      1        11       1359178      0.67   46       0        54641       29547.35    0.00        29547.35   
  65       2018452      1        15       2080963      1.03   57       0        54501       36508.12    0.00        36508.12   
  66       2024767      1        2        1676733      0.83   57       0        54159       29416.37    0.00        29416.37   
  67       2018981      1        4        1700584      0.84   57       0        54122       29834.81    0.00        29834.81   
  68       2003492      1        30       1279503      0.63   57       0        52884       22447.42    0.00        22447.42   
  69       2012612      1        16       1288235      0.64   57       0        52709       22600.61    0.00        22600.61   
  70       2018959      1        3        80344        0.04   11       1        52308       7304.00     52308.00    2803.60    
  71       2019094      1        5        116353       0.06   3        0        51964       38784.33    0.00        38784.33   
  72       2012707      1        5        673647       0.33   27       0        51691       24949.89    0.00        24949.89   
  73       2018983      1        7        1655028      0.82   57       0        50889       29035.58    0.00        29035.58   
  74       2017454      1        12       70824        0.04   2        0        50081       35412.00    0.00        35412.00   
  75       2022901      1        2        126304       0.06   3        0        49447       42101.33    0.00        42101.33   
  76       2023672      1        4        78013        0.04   11       0        49416       7092.09     0.00        7092.09    
  77       2014442      1        6        87761        0.04   2        0        48046       43880.50    0.00        43880.50   
  78       2008438      1        20       225248       0.11   5        0        47757       45049.60    0.00        45049.60   
  79       2021071      1        2        107550       0.05   3        0        47410       35850.00    0.00        35850.00   
  80       2013352      1        4        75993        0.04   11       0        46942       6908.45     0.00        6908.45    
  81       2014520      1        6        380720       0.19   76       1        46940       5009.47     10674.00    4933.95    
  82       2014353      1        6        80288        0.04   11       0        45803       7298.91     0.00        7298.91    
  83       2009897      1        14       57354        0.03   5        0        45526       11470.80    0.00        11470.80   
  84       2009909      1        10       57183        0.03   5        0        44997       11436.60    0.00        11436.60   
  85       2016143      1        3        869219       0.43   130      0        44994       6686.30     0.00        6686.30    
  86       2017707      1        4        44430        0.02   1        0        44430       44430.00    0.00        44430.00   
  87       2022609      1        2        76878        0.04   2        0        44058       38439.00    0.00        38439.00   
  88       2024775      1        1        179842       0.09   45       0        44000       3996.49     0.00        3996.49    
  89       2022502      1        4        123396       0.06   3        0        43581       41132.00    0.00        41132.00   
  90       2021413      1        2        118581       0.06   3        0        43189       39527.00    0.00        39527.00   
  91       2021073      1        2        245810       0.12   7        2        42887       35115.71    38978.00    33570.80   
  92       2017948      1        2        98027        0.05   3        0        42686       32675.67    0.00        32675.67   
  93       2013441      1        9        53500        0.03   5        0        41971       10700.00    0.00        10700.00   
  94       2017295      1        6        81167        0.04   2        0        41938       40583.50    0.00        40583.50   
  95       2009702      1        5        702109       0.35   48       0        41781       14627.27    0.00        14627.27   
  96       2021418      1        9        112791       0.06   3        0        41512       37597.00    0.00        37597.00   
  97       2103238      1        4        194196       0.10   46       0        41418       4221.65     0.00        4221.65    
  98       2021718      1        4        76382        0.04   2        0        41375       38191.00    0.00        38191.00   
  99       2022198      1        2        185846       0.09   6        0        41370       30974.33    0.00        30974.33   
  100      2022207      1        4        1603886      0.80   57       0        41181       28138.35    0.00        28138.35   
  101      2009028      1        11       69577        0.03   11       0        41025       6325.18     0.00        6325.18    
  102      2021585      1        3        79556        0.04   2        0        40847       39778.00    0.00        39778.00   
  103      2018010      1        5        1260578      0.63   57       0        40814       22115.40    0.00        22115.40   
  104      2016223      1        10       1240828      0.62   57       0        40798       21768.91    0.00        21768.91   
  105      2020964      1        2        67262        0.03   2        0        40380       33631.00    0.00        33631.00   
  106      2024771      1        1        3530346      1.75   594      0        40278       5943.34     0.00        5943.34    
  107      2014471      1        6        40061        0.02   1        0        40061       40061.00    0.00        40061.00   
  108      2023083      1        2        68484        0.03   2        0        38352       34242.00    0.00        34242.00   
  109      2022053      1        2        67432        0.03   11       1        38033       6130.18     38033.00    2939.90    
  110      2017119      1        4        67372        0.03   2        0        37994       33686.00    0.00        33686.00   
  111      2015877      1        6        97639        0.05   3        0        37172       32546.33    0.00        32546.33   
  112      2013827      1        6        101135       0.05   3        0        36484       33711.67    0.00        33711.67   
  113      2020705      1        4        1230378      0.61   57       0        36403       21585.58    0.00        21585.58   
  114      2020369      1        3        36256        0.02   1        0        36256       36256.00    0.00        36256.00   
  115      2024601      1        2        35474        0.02   1        0        35474       35474.00    0.00        35474.00   
  116      2023916      1        2        35151        0.02   1        0        35151       35151.00    0.00        35151.00   
  117      2016503      1        2        606524       0.30   93       0        34242       6521.76     0.00        6521.76    
  118      2008301      1        3        592380       0.29   186      0        34008       3184.84     0.00        3184.84    
  119      2018375      1        3        674772       0.33   44       0        33790       15335.73    0.00        15335.73   
  120      2021976      1        2        183615       0.09   46       0        33686       3991.63     0.00        3991.63    
  121      2021151      1        1        135967       0.07   36       0        33511       3776.86     0.00        3776.86    
  122      2020791      1        3        33272        0.02   1        0        33272       33272.00    0.00        33272.00   
  123      2019165      1        3        172740       0.09   11       0        33194       15703.64    0.00        15703.64   
  124      2020962      1        3        61743        0.03   2        0        33150       30871.50    0.00        30871.50   
  125      2022201      1        2        

This file has been truncated. Go here to download in full.


packet_stats.log - (12900 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          6557          4220087     1191848751     763892641       5008.8b   99.16
 IPv4      17            48         16497487     1191037361     880668752         42.3b    0.84
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          6557            66035       20705893        217441          1.4b   94.24
TMM_FLOWWORKER              IPv4      17            48           281532       10272205        597001         28.7m    1.89
TMM_RECEIVEPCAPFILE         IPv4       6          6469             2542       14943259          5254         34.0m    2.25
TMM_RECEIVEPCAPFILE         IPv4      17            48             2570          12744          2987        143.4k    0.01
TMM_DECODEPCAPFILE          IPv4       6          6469             2654        4665260          3727         24.1m    1.59
TMM_DECODEPCAPFILE          IPv4      17            48             2771          33259          4036        193.8k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          6469             2806         121464          3680         23.8m  1.82  
flow                    IPv4      17            48             3028          51751          6955        333.9k  0.03  
stream                  IPv4       6          6557             2584        6273247         10978         72.0m  5.51  
app-layer               IPv4      17            48            10630         112021         20825        999.6k  0.08  
detect                  IPv4       6          6557            44756       15870719        176040          1.2b  88.38 
detect                  IPv4      17            48           211799         547144        282007         13.5m  1.04  
tcp-prune               IPv4       6          6557             2547       20566219          6267         41.1m  3.15  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            61             2787          54955          9531        581.4k  46.96 
tls                     IPv4       6            91             2658           5708          3263        297.0k  23.99 
dns                     IPv4      17            48             5207          25188          7490        359.6k  29.04 
Proto detect            IPv4       6            29             2702          20554          4558        132.2k
Proto detect            IPv4      17            48             6362          79629         11139        534.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             4            26575         180440         80948        323.8k  1.03  
LOGGER_UNIFIED2             IPv4       6             4            41951        4304488       1171571          4.7m  14.91 
LOGGER_JSON_ALERT           IPv4       6             4            52851         184250        117980        471.9k  1.50  
LOGGER_JSON_DNS             IPv4      17            48            35992        9530912        269417         12.9m  41.14 
LOGGER_JSON_HTTP            IPv4       6            60            31052         232398        114947          6.9m  21.94 
LOGGER_JSON_TLS             IPv4       6            46             4187         141990         66985          3.1m  9.80  
LOGGER_JSON_FILE            IPv4       6            30            56299         178450        101410          3.0m  9.68  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          3367             2575        5955396         18053        60.8m  17.45 
payload                           IPv4      17            48            18382          53365         24735         1.2m  0.34  
stream                            IPv4       6          3367             2542       15320326         28150        94.8m  27.22 
http_uri                          IPv4       6            60             2949          15155          5316       319.0k  0.09  
http_request_line                 IPv4       6            60             3279          19784          5934       356.1k  0.10  
http_client_body                  IPv4       6            60             2829           7983          3535       212.2k  0.06  
http_header (request)             IPv4       6            60            13796         103112         53737         3.2m  0.93  
http_header (request trailer)     IPv4       6            60             2597          35984          3313       198.8k  0.06  
http_header_names (request)       IPv4       6            60             5783          42690         15856       951.4k  0.27  
http_accept (request)             IPv4       6            60             2981          19928          3886       233.2k  0.07  
http_referer (request)            IPv4       6            60             2766          24003          4124       247.5k  0.07  
http_content_len (request)        IPv4       6            60             2783           5126          3411       204.7k  0.06  
http_content_type (request)       IPv4       6            60             2846          25854          3924       235.5k  0.07  
http_start (request)              IPv4       6            60             6281          33360         13321       799.3k  0.23  
http_raw_header (request)         IPv4       6            60             8667          42479         16096       965.8k  0.28  
http_method                       IPv4       6            60             2833           6253          4138       248.3k  0.07  
http_cookie (request)             IPv4       6            60             2761          32158         11824       709.5k  0.20  
http_raw_uri                      IPv4       6            60             2623           6119          3263       195.8k  0.06  
http_user_agent                   IPv4       6            60             3209          80054         32391         1.9m  0.56  
http_host                         IPv4       6            60             2995           6959          4505       270.3k  0.08  
dns_query                         IPv4      17            24             6796          23702          8483       203.6k  0.06  
tls_sni                           IPv4       6            46             2849           7705          5708       262.6k  0.08  
http_response_line                IPv4       6            32             3025          20228          9024       288.8k  0.08  
http_header (response)            IPv4       6           777             2621          59369          4316         3.4m  0.96  
http_header (response trailer)    IPv4       6            30             2636          60480          5353       160.6k  0.05  
http_content_type (response)      IPv4       6           777             2744          61092          3563         2.8m  0.80  
http_raw_header (response)        IPv4       6          2145             3468          99270          4809        10.3m  2.96  
http_cookie (response)            IPv4       6           777             2729          74818          3484         2.7m  0.78  
http_stat_code                    IPv4       6           777             2624          78733          3236         2.5m  0.72  
tls_cert_issuer                   IPv4       6            46             2636          22079          3256       149.8k  0.04  
tls_cert_subject                  IPv4       6            46             2842           7953          5109       235.0k  0.07  
tls_cert_serial                   IPv4       6            46             2948           7128          5378       247.4k  0.07  
file_data (http response)         IPv4       6          2145             2569       13633928         73182       157.0m  45.08 
Total                             IPv4                 15470                                         22511       348.3m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           312             3135          86224         21744          6.8m  0.45  
PROF_DETECT_IPONLY          IPv4      17            48            19213          51081         29755          1.4m  0.09  
PROF_DETECT_RULES           IPv4       6          6557             2531        6503799         41595        272.7m  18.10 
PROF_DETECT_RULES           IPv4      17            48            94684         277433        132980          6.4m  0.42  
PROF_DETECT_STATEFUL_START    IPv4       6          2176             5116         993431         33829         73.6m  4.89  
PROF_DETECT_STATEFUL_CONT    IPv4       6          6557             2516        6369775          7848         51.5m  3.42  
PROF_DETECT_STATEFUL_CONT    IPv4      17            48             3808          49690          5868        281.7k  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          5884             2553          67594          2995         17.6m  1.17  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            48             2658           4474          3004        144.2k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          6557             7769       15752747         79916        524.0m  34.78 
PROF_DETECT_PREFILTER       IPv4      17            48            42684         104449         59941          2.9m  0.19  
PROF_DETECT_PF_PAYLOAD      IPv4       6          3367            12849       15345835         55755        187.7m  12.46 
PROF_DETECT_PF_PAYLOAD      IPv4      17            48            23674          58460         30586          1.5m  0.10  
PROF_DETECT_PF_TX           IPv4       6          5884             2551       13649460         40147        236.2m  15.68 
PROF_DETECT_PF_TX           IPv4      17            24            12511          30225         15209        365.0k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6          1698             2529          54735          3395          5.8m  0.38  
PROF_DETECT_PF_SORT1        IPv4      17            48             2912          47775          4745        227.8k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6          6557             2520          86665          3016         19.8m  1.31  
PROF_DETECT_PF_SORT2        IPv4      17            48             2993          20588          3739        179.5k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6          6557             2527          74306          3190         20.9m  1.39  
PROF_DETECT_NONMPMLIST      IPv4      17            48             2889          19291          3689        177.1k  0.01  
PROF_DETECT_ALERT           IPv4       6          6557             2524       13093446          4993         32.7m  2.17  
PROF_DETECT_ALERT           IPv4      17            48             2539          21969          3474        166.8k  0.01  
PROF_DETECT_CLEANUP         IPv4       6          6557             2557          55255          3078         20.2m  1.34  
PROF_DETECT_CLEANUP         IPv4      17            48             2923           5662          3696        177.4k  0.01  
PROF_DETECT_GETSGH          IPv4       6          6557             2522         384688          3511         23.0m  1.53  
PROF_DETECT_GETSGH          IPv4      17            48             5408           7409          6085        292.1k  0.02  


unified2.alert.1542341033 - (65390 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
4[ì[´$wÑýN‡A
ePÀ1Z[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1P½Jݞ<¥ÄØ×­å«ññ_eÍXöCĔp?Jœ²ÓÓ¶Z”¾úA².A•F2Uÿ½_üTK¸'_ê6KAQ”v,!)‹Ð—ºW£±/ìjü:}ZÍÝûëòFNfj¼)´Rµ[OëMçkD§íC¸4­ŠßÃÊLa§Á³ôlã´Sr¡Tq34f{Ù¸·ùžÅ`PÝù2­(W¶üê‹åȯÝÈIbt˅·EO¢
ÉE>Z9$uãK~~‰ˆ-¦!°ýÀ&øÆ*‚çs–n¡­±~hHksÞÉã–R¬6±bCÝ<y¶µeÄZ+	6ì>SžyT!&´(ZÖb•ë-±äVUcŸ­Ã•‡E]ÿ9%}”ÊL=ÜÝÅg„ð¥5’aªwº½dúäÃòøéÙ¨ÁVØt-,‘è*Dÿ§¢½„ícëš-ފ̃ÂϒÞ>Э]jŸº,=kÖ.Õï×µ\u"3	°Z6ŠÍu™8î5øŸ=úcÌIoøêÙ½|—ß²AâÖg>ô£àtÅ
rJ΃›u%)_°¯N/zAw¶åÇg¦>–etïOC¹tÀê¼Ão
þ,ùà’0­˜?hwÈóHtU¿¶uô“°-ádz—5µ[m”a£{j³b“ñ‚væ&"^Åü¬U÷Ú·ïÖû¯ÝšDˆŽ‹wů$g†OQ>õnÌøýÃmœpà}J%*G‡ªåüË6þëàõדÈ^ËMò7G¯Üq!¡ÚëÓo¿c¾Y#W`ÓÝÜ",âÃ|ÜøѦ..©‹ÌBxFÈ:Wz-Æ1¾Ù®z3ì–¥ö»q™§Ÿ½
ƒHlQXEhriq°éq	}p"âԈJü¤ÿóE‘dz¸Á"Kz–â׺ïjG®>Ÿ	Ðv¶†'×½GšØ{ñeg’´ï¬™(ÍÎuÇý±¹Ò:¾Í±&äÝÅê6©­m›þ¨Žq…øç'óOÿàœþW=ªþÝÄøw׿vüëÑï߈æÊ~ü+§¿žÃþFÿ'¡Äã¯Aðo”„÷_‰{šØWÑ]°Q?f(F.
"«€ªgv³tr¶Ø˱	Üda¶´·€<µ±·’cy ¯Â/ÉÂììòØþéãç{K9OKgyB<ÙÇÒϝ´;0£Ø;K?–c±vqqt¶@
ÿØYâ`iª{q²{삺u²|êôØÅØî¹ ð͛â‚vmìY˜ŸX	ɱ<wbavñ@垂…ÐeÂè2at™0º•{laò6ªÅï̟á?%k#ò§DäO‰èŸÑ?%bJÄþ”ˆÿ)ga¶~ncFi„NX˜ŸAž«ý*ø“c”G[¯ât €ñ7‡\ è
Ö¿åÿšûEè~Õ×þ­ÏŸšéï8¹ìƒò	\6ýGyõÈÀ^ö¸
G¿&ÄÄB?€ÿÆo _\³øpôcy@3ºmûåõ:@‹¸°h¸0"®ÿM‚àŋÀº	1p>‰ƒÎáÂq3F«E`qÐ)œër kðëÀ¤+Þe?p¿ÚË ú¥ü*¿4Jg”€hK¾¸äՄVhÂÀH€Œ>”f¸(½_´’£jšP±€àڀ ‰Ê=»T“Qƒ
îÜÖ«—í^¯þò4ôZ2ò•ƒZ[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1Pä‰aüÓgüèÅßÏøSÍ»”ìÚu—Ïø嚷rè=Õ!
~úÜó®5$<êÿjïKà£(Ö}«{z–L¶IØ&¬M$@³eCÐY2“…„ì+¨™ld²ÌL’Éâ2@€¨G	ŠˆÊÑ\îQQ#‚à†qGW"âr.ˆÅåWUݝšl*žûÞ}¿÷æKª»æ«íÿUU×úuõÞII›‹>Ñö¿ù§“_5¤+/xøôœù»ôï+úzÎONTç8*á`ÚÔÍ_<xàÅÙ?&oŠÎ¹gßí«þr9{ö‡‹nëyîûۻϫŒéGzgÿ,Z÷͎}…Ÿd'Ý\¼ýªŠkãŽüRqø‡ÎÇ3gQÒ­§¾Ú“ðô¿Ï‚Léք¿îö¿úݐsÕ§KßnM5=|½ß÷§ôm_‘š9æQÃwòéW¿²M·ÅïQç?&þíû—®ªzm³ö£½åŸ1ŸÅ<tË{ÏØ??ÕwñąY‡?s>¿ç‘/Ö}í#õ:	ÿšÞÿ!´m>ÅßÕù2šâo8·MñîyE¹sÉü½µ_Mí9~sùÄ¥ÍÇ?ÿ ]÷²Æý÷ì—z¼iõêK鷔lž™×ý;k۔Ÿ¶­[óãß}%ޒwï‹×Fí\3I>ùÕ#ÿ6aéß7¿ùdG͖hə’7ùðTUzÁ‚9Ûþ^¾dïÞÍëb>¼¶^¿è⿞>s"@ŸÞ|Aré´4뮥¶3×|;vʽyW%§¾§3·nzxѪÓÚÇo-K,í+>`zõ™Ú·×8÷ŸÿzoÒñ­‰ÏGü½ÝqzwW^ã~ñ«Æ_G\áH±V-‚.Í°–ANEcÓüJ#ÉQŽƒò2cԊ#¾›}⫘ÖýúƒòÇÖ*òKÞÙqóÎϟ¹wÜu›žüë·{_ºo¹ãvËú1§Nýuӗ߽¹ÿî¿.»ø˜uÒ&ÓÞSG’#Žm¹3/þ‡'O8÷幫ãwt?£ªÈ?|^߄÷žuÌúëܶTÔ|¶öxVËã§Q^[<ÖðxÞ܃!‰•'ß?½4䁟ìøa‡éâ‡c?çì£g~t쎼é=î؄ŸtG>*y­mgsÖæ»oŽxv[æýoW.¸å«¤-›®Û—ñ¬­cõÑãn=¼ó—¬ÂpùÞޚöÀ'·|×ç›wíe›ôPcàî3m¾ç…;s>Z{†y֑{iµõ‹²¦oŠs×]uìÑjÃf×Û׌?qàêoÞß~l}趫¤yß^“}¿gé
úƒOkO<8ÿaëùoeþòáÃWkõídgJ›$D}ó]Ûx©8ûÛ³‚?k¼ê𙇨ç×íº+ú­Iå¥þãÉG¹ôñ/ïePÕ57κþùFÛ¿˺_Ò/§?ôùÇ¢±ºrkúú ñÌÙ?¼1µwFÌC7¿»oÃÇ~KŽM:ôâøéŸÉ7Y
ÅEž¶u¦IF͞;–n^}ùÞE'_ž¾{³òÀͯ¯=9nù™[Ä/L۔¹äÝ=U_œ¾¸2àð4÷֍S_°Ï÷·ÖPq×áöMU‘5™ÿýP±õºõ‹‹nzvîÔÖS•“è³>¨Ûjؖyê™›4ë?ûç÷V+>«¿áæ®VÃêq_Ì}^ò­þxݔÔø»ß¸ëqû/·}|lOݏªyo?p_öüÕ·|5òsV”|­©5nÓqE«pZ[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1P1$´Ú+[PMKßdȄÏÚús)¿n<šòéފ÷<éþª(“Îh?¤¯;²'6Ã|jˬoä/MuLØ·jïý÷x£pgkYÏÕ{×èÞ|PÎäŒûzëÄ@Çß¼š”¾¡æsú
Ž¿tÏ9övãœÔÏO¨Ë‰8Þ^V¥;¾åùô׋Š/ÎZbÚxèÙM½+îhûvRñgzÎ|öÚs9½{ïÖKëb§|¶ôÑ«ãW<qò«U¿ü³ûÆÏš·õñ'~zëª_g?s`¿òœÝ0cò{÷+oû.qÁØí¬xx§s⬧¯}cט·î.z先;#sä›ßè_tóõ`äñÞÐVz0ýñÞÐv‹Ðüßï
}â	ÅÐCŸÿ¡a‡"¡»˜aE*ŒÂø÷=¼ïs^çɞ@¶scŠ@žOá.4 ñׅRÈb-‡]èh]C¡ý%J;í7pà~´9=\#¢pŒ$ndÐxuÅ¥?÷÷»xӁî^9'•€0h¦ ¸ 1ASC7B³š»¡¹šÐü
šG¡9Í?$«¢G7¢A)y‡Bnrœ[xø¾ðBõìuü;KžjV,ÀÛ'ó¯'íׁ›Ò>­ãς´nh…â
áÃR8gе <<2Ãe‡p8	´›ԀJ˜Ñ.G Ž;À3!ޛ!ß2ḤØa„!(V02ӀzËク€ùŸ	ÿ² Ÿ%01=ðPƒ€P€Š
Ð
ނʮÐôèaB¥0F;¨…Æ!Ú1Wæ”óōöhaÌçe‡ã3<µz¢i‰ḦiÓ?ôÚ@0X壀Èm 
܄·”*az,”ׁ7–ìÐ=ÆC±˜¢)©„K…¬õ‚ãA—\pSC¢í(mNÝ_ÂЈpê¦R7ÀB±ñ[Xñ\˜`1
 ‚ahp²ÿQ ÂÜχ1aÿ6˜
ÎàMœ•ábÀÉ¥¥ gö@Z/©Tó’ÁXb¢qj">µs4èZÁ¢2ø­Ô¸²å0ôdÆcČ&,qˆ†±Pè(Žz>+Œ#^]04f€ZÖ¡çÑær5ð¦ÚåȐPB5b€%šá%S†¸è©žŠé"€òÃ+œ~ŸºÄ]â=`X³&T5Øu&Õ÷OM¬KN† r’_ÿ5jIɎf¡›ßùþ` ›í§<›\=šA-&ª{GŒnú›ÕŠÉh¢&Poê‚}Ú;Gÿ‘*ôÀŸò÷þþÐßö–.ÆPBÑÃø(³ûÖßá§ÌjÅ#›e`näÓ«÷è…ð+*¤'†é]€ë¸žêå»—iû×Ô\§†²Ր³€ëf/n’?–âô	XŠ{ŒQêS?ÎÐS\{šÂ–²(.}TÜSù´ýQ;Jk	Z¬©‹©p¸êGô«æíhÑ!ÃVÞèhrT¹Ø̪*[y%[èh¬@¸¼ò
Ûí>™°ò}ÊÛ.d‘‚WÓÀ2
M!JåYze‹mXaøÈG>ò‘|ä#ùÈG>ò‘|ôoÒoÍÿéÞú`{Ì$ÅwÁùôO«7gàÝÑš—;7w]	¸ù~;àÖþÍh¶nsb;àæïhÍßÜÎÿÀͅ÷óq¿Fž×{Ï¡…{æЊ
Z[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1PˆÑîSd#¿Ò€™ÊƒÎ³¹ê*¢ö‘|ä#ùÈG>ò‘|ä#ùèÿ)Âó|øS_¸y<š£ýz´WöéÑÞ<šC_îïïGót4çFó~àæùhÍç‘Îú8ÀÍéѼí™#º‰ÐLÜ{%HM¹§î‚é)÷ vRßLhfî­¤o”“æ@3šhhæAÍ|hT€ÛŸ×@£…FM,4qÐÄC“M"4 ¹
š…Ð,‚éß#•>=@ŠU§Þ—ÄËh÷dhòa*Àç €ÅФC“
R]˄&šl€N@j]Hq
€|€Ôì(äãú=B*Ve)5€t	*¡AþËùðÿ‚¦Úk¡¹ç!u3¤^넦ôÞ4HÕj-4(L+àTTn€Æ
Í
À­Ï¬‚æFhVN-Ÿ&€Î0ã3qˆ?NじdAuHâÇ­%õpÎo¿¥×¯û
éB wŒ<üÉ
IXÅËzEiz“Дw~þ‘0hé•ήö:+âÏP|z°‚å¤o†fãLÎ^ˆO§¨€ùà€u «
g[üšåGÏ«éæ·èoü«YbXsQªõøüˆ`}·Ãú'œ˜á6|ÖÄèõ'ò=»Û(!ý¡’_ž˜>®,ÿKÑEÁّŠa9Öxmú#A‡Q ðêi¬ëéM=ßÞ܇ê}÷.|÷v+€­áO¥Ì‘+ôr4šÖ¾3|xúƒµ{¯œü9(èqþ£ùßÍöxÎ~=ü˅­P¼kþ\úê§äW>¢:jxúÚ?™>J×ÿ
ÒGÏëf ¤ÏՀ뇨OÿQšˆ•™¯ìù»š`þuƒ‘úÔÇý?²ý¿PÎÞý?rÿïêÿQ\3ù;2#õÿˆÃßU`äþÿô»>âHC?
ËΖˣ –îlã/ÍÂâÜe¼-Ž°þÒÁ_1<w2¾aHøJدõ÷³¸¤QlZp©…|T»úÁ\‘{$H ¯'¬’˜|íÂ×}ðz¦ÿ̙30.#=	Æ°æ~#ÞH §ûaèËméÛüë!¾È»Þ'ñ8ש§‘?ä†åD6Ӏœ(üDžÁ‡¿Xx$g–CO#¿‚K-/?’SÉ»G‚$,g/–í,¾¢GðƒÎTË¥s/aÁ,g
¿1ÇəŽå´șBßÎ?Ñ,tCøY†ñr87™NÞ=ˉlKäDágó\5¾hHø­r$'ÒºEþ‘_Áɉ´t‘œ*Þ=da9UX¶|-Å×6xÝ*w.Þ*gA	–3oœEXΜ9󠜜J?Ý…m
à}
óÎA8‹°œÈ=ˉlKäDáçóÜ >ücCÃ{œÕ|zȯà‚äÌâË3…wËè½Ø^JûÃk¾VÁpÕІ$@¿k0·^g€
š‚힝žœ˜Ûˆ¯.x×Ñu°üQ¾uâ¼Ú¯=øz|`›–7â|k”o+q¾µä[›WýXÉËí†w9/wù ¹Wâ|Cî‘8ߐ-} ßVâüæ¸óøð뇅Gù†NCþ‘_Áå›RÄ囂w\?ÎcÙd"teñ5oèê1œíôã%DÎ,çÚ9Û½äì€øÆÂû\O8œ„³˹·[2Þv̀œüs°×4[ì[´$wÑ!N‡A
ePÀ1Z[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1P½Jݞ<¥ÄØ×­å«ññ_eÍXöCĔp?Jœ²ÓÓ¶Z”¾úA².A•F2Uÿ½_üTK¸'_ê6KAQ”v,!)‹Ð—ºW£±/ìjü:}ZÍÝûëòFNfj¼)´Rµ[OëMçkD§íC¸4­ŠßÃÊLa§Á³ôlã´Sr¡Tq34f{Ù¸·ùžÅ`PÝù2­(W¶üê‹åȯÝÈIbt˅·EO¢
ÉE>Z9$uãK~~‰ˆ-¦!°ýÀ&øÆ*‚çs–n¡­±~hHksÞÉã–R¬6±bCÝ<y¶µeÄZ+	6ì>SžyT!&´(ZÖb•ë-±äVUcŸ­Ã•‡E]ÿ9%}”ÊL=ÜÝÅg„ð¥5’aªwº½dúäÃòøéÙ¨ÁVØt-,‘è*Dÿ§¢½„ícëš-ފ̃ÂϒÞ>Э]jŸº,=kÖ.Õï×µ\u"3	°Z6ŠÍu™8î5øŸ=úcÌIoøêÙ½|—ß²AâÖg>ô£àtÅ
rJ΃›u%)_°¯N/zAw¶åÇg¦>–etïOC¹tÀê¼Ão
þ,ùà’0­˜?hwÈóHtU¿¶uô“°-ádz—5µ[m”a£{j³b“ñ‚væ&"^Åü¬U÷Ú·ïÖû¯ÝšDˆŽ‹wů$g†OQ>õnÌøýÃmœpà}J%*G‡ªåüË6þëàõדÈ^ËMò7G¯Üq!¡ÚëÓo¿c¾Y#W`ÓÝÜ",âÃ|ÜøѦ..©‹ÌBxFÈ:Wz-Æ1¾Ù®z3ì–¥ö»q™§Ÿ½
ƒHlQXEhriq°éq	}p"âԈJü¤ÿóE‘dz¸Á"Kz–â׺ïjG®>Ÿ	Ðv¶†'×½GšØ{ñeg’´ï¬™(ÍÎuÇý±¹Ò:¾Í±&äÝÅê6©­m›þ¨Žq…øç'óOÿàœþW=ªþÝÄøw׿vüëÑï߈æÊ~ü+§¿žÃþFÿ'¡Äã¯Aðo”„÷_‰{šØWÑ]°Q?f(F.
"«€ªgv³tr¶Ø˱	Üda¶´·€<µ±·’cy ¯Â/ÉÂììòØþéãç{K9OKgyB<ÙÇÒϝ´;0£Ø;K?–c±vqqt¶@
ÿØYâ`iª{q²{삺u²|êôØÅØî¹ ð͛â‚vmìY˜ŸX	ɱ<wbavñ@垂…ÐeÂè2at™0º•{laò6ªÅï̟á?%k#ò§DäO‰èŸÑ?%bJÄþ”ˆÿ)ga¶~ncFi„NX˜ŸAž«ý*ø“c”G[¯ât €ñ7‡\ è
Ö¿åÿšûEè~Õ×þ­ÏŸšéï8¹ìƒò	\6ýGyõÈÀ^ö¸
G¿&ÄÄB?€ÿÆo _\³øpôcy@3ºmûåõ:@‹¸°h¸0"®ÿM‚àŋÀº	1p>‰ƒÎáÂq3F«E`qÐ)œër kðëÀ¤+Þe?p¿ÚË ú¥ü*¿4Jg”€hK¾¸äՄVhÂÀH€Œ>”f¸(½_´’£jšP±€àڀ ‰Ê=»T“Qƒ
îÜÖ«—í^¯þò4ôZ2ò•ƒZ[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1Pä‰aüÓgüèÅßÏøSÍ»”ìÚu—Ïø嚷rè=Õ!
~úÜó®5$<êÿjïKà£(Ö}«{z–L¶IØ&¬M$@³eCÐY2“…„ì+¨™ld²ÌL’Éâ2@€¨G	ŠˆÊÑ\îQQ#‚à†qGW"âr.ˆÅåWUݝšl*žûÞ}¿÷æKª»æ«íÿUU×úuõÞII›‹>Ñö¿ù§“_5¤+/xøôœù»ôï+úzÎONTç8*á`ÚÔÍ_<xàÅÙ?&oŠÎ¹gßí«þr9{ö‡‹nëyîûۻϫŒéGzgÿ,Z÷͎}…Ÿd'Ý\¼ýªŠkãŽüRqø‡ÎÇ3gQÒ­§¾Ú“ðô¿Ï‚Léք¿îö¿úݐsÕ§KßnM5=|½ß÷§ôm_‘š9æQÃwòéW¿²M·ÅïQç?&þíû—®ªzm³ö£½åŸ1ŸÅ<tË{ÏØ??ÕwñąY‡?s>¿ç‘/Ö}í#õ:	ÿšÞÿ!´m>ÅßÕù2šâo8·MñîyE¹sÉü½µ_Mí9~sùÄ¥ÍÇ?ÿ ]÷²Æý÷ì—z¼iõêK鷔lž™×ý;k۔Ÿ¶­[óãß}%ޒwï‹×Fí\3I>ùÕ#ÿ6aéß7¿ùdG͖hə’7ùðTUzÁ‚9Ûþ^¾dïÞÍëb>¼¶^¿è⿞>s"@ŸÞ|Aré´4뮥¶3×|;vʽyW%§¾§3·nzxѪÓÚÇo-K,í+>`zõ™Ú·×8÷ŸÿzoÒñ­‰ÏGü½ÝqzwW^ã~ñ«Æ_G\áH±V-‚.Í°–ANEcÓüJ#ÉQŽƒò2cԊ#¾›}⫘ÖýúƒòÇÖ*òKÞÙqóÎϟ¹wÜu›žüë·{_ºo¹ãvËú1§Nýuӗ߽¹ÿî¿.»ø˜uÒ&ÓÞSG’#Žm¹3/þ‡'O8÷幫ãwt?£ªÈ?|^߄÷žuÌúëܶTÔ|¶öxVËã§Q^[<ÖðxÞ܃!‰•'ß?½4䁟ìøa‡éâ‡c?çì£g~t쎼é=î؄ŸtG>*y­mgsÖæ»oŽxv[æýoW.¸å«¤-›®Û—ñ¬­cõÑãn=¼ó—¬ÂpùÞޚöÀ'·|×ç›wíe›ôPcàî3m¾ç…;s>Z{†y֑{iµõ‹²¦oŠs×]uìÑjÃf×Û׌?qàêoÞß~l}趫¤yß^“}¿gé
úƒOkO<8ÿaëùoeþòáÃWkõídgJ›$D}ó]Ûx©8ûÛ³‚?k¼ê𙇨ç×íº+ú­Iå¥þãÉG¹ôñ/ïePÕ57κþùFÛ¿˺_Ò/§?ôùÇ¢±ºrkúú ñÌÙ?¼1µwFÌC7¿»oÃÇ~KŽM:ôâøéŸÉ7Y
ÅEž¶u¦IF͞;–n^}ùÞE'_ž¾{³òÀͯ¯=9nù™[Ä/L۔¹äÝ=U_œ¾¸2àð4÷֍S_°Ï÷·ÖPq×áöMU‘5™ÿýP±õºõ‹‹nzvîÔÖS•“è³>¨Ûjؖyê™›4ë?ûç÷V+>«¿áæ®VÃêq_Ì}^ò­þxݔÔø»ß¸ëqû/·}|lOݏªyo?p_öüÕ·|5òsV”|­©5nÓqE«pZ[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1P1$´Ú+[PMKßdȄÏÚús)¿n<šòéފ÷<éþª(“Îh?¤¯;²'6Ã|jˬoä/MuLØ·jïý÷x£pgkYÏÕ{×èÞ|PÎäŒûzëÄ@Çß¼š”¾¡æsú
Ž¿tÏ9övãœÔÏO¨Ë‰8Þ^V¥;¾åùô׋Š/ÎZbÚxèÙM½+îhûvRñgzÎ|öÚs9½{ïÖKëb§|¶ôÑ«ãW<qò«U¿ü³ûÆÏš·õñ'~zëª_g?s`¿òœÝ0cò{÷+oû.qÁØí¬xx§s⬧¯}cט·î.z先;#sä›ßè_tóõ`äñÞÐVz0ýñÞÐv‹Ðüßï
}â	ÅÐCŸÿ¡a‡"¡»˜aE*ŒÂø÷=¼ïs^çɞ@¶scŠ@žOá.4 ñׅRÈb-‡]èh]C¡ý%J;í7pà~´9=\#¢pŒ$ndÐxuÅ¥?÷÷»xӁî^9'•€0h¦ ¸ 1ASC7B³š»¡¹šÐü
šG¡9Í?$«¢G7¢A)y‡Bnrœ[xø¾ðBõìuü;KžjV,ÀÛ'ó¯'íׁ›Ò>­ãς´nh…â
áÃR8gе <<2Ãe‡p8	´›ԀJ˜Ñ.G Ž;À3!ޛ!ß2ḤØa„!(V02ӀzËク€ùŸ	ÿ² Ÿ%01=ðPƒ€P€Š
Ð
ނʮÐôèaB¥0F;¨…Æ!Ú1Wæ”óōöhaÌçe‡ã3<µz¢i‰ḦiÓ?ôÚ@0X壀Èm 
܄·”*az,”ׁ7–ìÐ=ÆC±˜¢)©„K…¬õ‚ãA—\pSC¢í(mNÝ_ÂЈpê¦R7ÀB±ñ[Xñ\˜`1
 ‚ahp²ÿQ ÂÜχ1aÿ6˜
ÎàMœ•ábÀÉ¥¥ gö@Z/©Tó’ÁXb¢qj">µs4èZÁ¢2ø­Ô¸²å0ôdÆcČ&,qˆ†±Pè(Žz>+Œ#^]04f€ZÖ¡çÑær5ð¦ÚåȐPB5b€%šá%S†¸è©žŠé"€òÃ+œ~ŸºÄ]â=`X³&T5Øu&Õ÷OM¬KN† r’_ÿ5jIɎf¡›ßùþ` ›í§<›\=šA-&ª{GŒnú›ÕŠÉh¢&Poê‚}Ú;Gÿ‘*ôÀŸò÷þþÐßö–.ÆPBÑÃø(³ûÖßá§ÌjÅ#›e`näÓ«÷è…ð+*¤'†é]€ë¸žêå»—iû×Ô\§†²Ր³€ëf/n’?–âô	XŠ{ŒQêS?ÎÐS\{šÂ–²(.}TÜSù´ýQ;Jk	Z¬©‹©p¸êGô«æíhÑ!ÃVÞèhrT¹Ø̪*[y%[èh¬@¸¼ò
Ûí>™°ò}ÊÛ.d‘‚WÓÀ2
M!JåYze‹mXaøÈG>ò‘|ä#ùÈG>ò‘|ôoÒoÍÿéÞú`{Ì$ÅwÁùôO«7gàÝÑš—;7w]	¸ù~;àÖþÍh¶nsb;àæïhÍßÜÎÿÀͅ÷óq¿Fž×{Ï¡…{æЊ
Z[ì[´[ì[´$w>E0
ÃN‡A
ePÀ1PˆÑîSd#¿Ò€™ÊƒÎ³¹ê*¢ö‘|ä#ùÈG>ò‘|ä#ùèÿ)Âó|øS_¸y<š£ýz´WöéÑÞ<šC_îïïGót4çFó~àæùhÍç‘Îú8ÀÍéѼí™#º‰ÐLÜ{%HM¹§î‚é)÷ vRßLhfî­¤o”“æ@3šhhæAÍ|hT€ÛŸ×@£…FM,4qÐÄC“M"4 ¹
š…Ð,‚éß#•>=@ŠU§Þ—ÄËh÷dhòa*Àç €ÅФC“
R]˄&šl€N@j]Hq
€|€Ôì(äãú=B*Ve)5€t	*¡AþËùðÿ‚¦Úk¡¹ç!u3¤^넦ôÞ4HÕj-4(L+àTTn€Æ
Í
À­Ï¬‚æFhVN-Ÿ&€Î0ã3qˆ?NじdAuHâÇ­%õpÎo¿¥×¯û
éB wŒ<üÉ
IXÅËzEiz“Дw~þ‘0hé•ήö:+âÏP|z°‚å¤o†fãLÎ^ˆO§¨€ùà€u «
g[üšåGÏ«éæ·èoü«YbXsQªõøüˆ`}·Ãú'œ˜á6|ÖÄèõ'ò=»Û(!ý¡’_ž˜>®,ÿKÑEÁّŠa9Öxmú#A‡Q ðêi¬ëéM=ßÞ܇ê}÷.|÷v+€­áO¥Ì‘+ôr4šÖ¾3|xúƒµ{¯œü9(èqþ£ùßÍöxÎ~=ü˅­P¼kþ\úê§äW>¢:jxúÚ?™>J×ÿ
ÒGÏëf ¤ÏՀ뇨OÿQšˆ•™¯ìù»š`þuƒ‘úÔÇý?²ý¿PÎÞý?rÿïêÿQ\3ù;2#õÿˆÃßU`äþÿô»>âHC?
ËΖˣ –îlã/ÍÂâÜe¼-Ž°þÒÁ_1<w2¾aHøJدõ÷³¸¤QlZp©…|T»úÁ\‘{$H ¯'¬’˜|íÂ×}ðz¦ÿ̙30.#=	Æ°æ~#ÞH §ûaèËméÛüë!¾È»Þ'ñ8ש§‘?ä†åD6Ӏœ(üDžÁ‡¿Xx$g–CO#¿‚K-/?’SÉ»G‚$,g/–í,¾¢GðƒÎTË¥s/aÁ,g
¿1ÇəŽå´șBßÎ?Ñ,tCøY†ñr87™NÞ=ˉlKäDágó\5¾hHø­r$'ÒºEþ‘_Áɉ´t‘œ*Þ=da9UX¶|-Å×6xÝ*w.Þ*gA	–3oœEXΜ9󠜜J?Ý…m
à}
óÎA8‹°œÈ=ˉlKäDáçóÜ >ücCÃ{œÕ|zȯà‚äÌâË3…wËè½Ø^JûÃk¾VÁpÕІ$@¿k0·^g€
š‚힝žœ˜Ûˆ¯.x×Ñu°üQ¾uâ¼Ú¯=øz|`›–7â|k”o+q¾µä[›WýXÉËí†w9/wù ¹Wâ|Cî‘8ߐ-} ßVâüæ¸óøð뇅Gù†NCþ‘_Áå›RÄ囂w\?ÎcÙd"teñ5oèê1œíôã%DÎ,çÚ9Û½äì€øÆÂû\O8œ„³˹·[2Þv̀œüs°×4[ì[Ê(üΏ!2>Â
ePÀ2Z[ì[Ê[ì[Ê(ü>E0¨ü2>Â
ePÀ2P9ne1e1e1enrrrneenrrrnr1e1eeeenrrer111nrrrreen1nnr1er1r1nenrrrernn11er1rrr1nrnr1ene1ererrnrrn1nreenre1nrnrn1rn1rnrnrennerrer1er1enee1reerrrreeygrttrrebrrrwhrrrgbhwrtebwrwrrjtjreteerbbjjtthrhhbrtrjrrrrrr#reetwjwerthrrye#wjerbrrjbbwrehrrrrrhrbjtrjerrre#bhrrgjb#ytwtrjretyr1ern1nerrrre1nneeerrr1nr1rrrrrerrrrenen1rr1rn11r1rnrre1rr1r1rrrrnenerner1e1er11rnrrrn1rnnenr1rrrrr1retrtrehrer#jbyrjyrrerrtjrrrhtrgrwrrrrejeyetyerjgeerrggtjrhryethrbttrjrejrrjjeeergrrjreehththtjreejeetrrjgje#r#yrttjjwtretejjjrrtrerrrrne1rrn1rrrnrnner1nrrrnr1rrrnnenerr1rrrr1111nrrrrnerrren1nerenrrrnnernrnrnr1ennrn1renee11err11nr1ne11reen11ern1nrr1rrr1ee1r11r1ner11nren1nbrthrjwejwrrrwrgetbjrtejetetrhrretttbyryttethjbjrr#eerrrerrrrrryrerrjeerthy#rrewrjethrrtbrjjeyjtweerretb#rrrrerby#ryjtrergjjrr#yrr1ernnZ[ì[Ê[ì[Ê(ü>E0¨ü2>Â
ePÀ2PŒeerernnrnnnn1rnnrernnrn1ne1rrnrrrneer1nrreerrrnenn1eee1rnr1eerr111rrrnrre1rrr1rn1rrr11ererr1ree1rrrnrr1rrt#rrrrtger#rtrrjjrgetjeejerjt##tbrgr#gbbebbejeyrrtttrte#bjterrtjrtjeerwjjh#rhgrjjggrteywewrrwjjgrrrreeerrytewrtjjeeerebjhwrrtjrerrnrrrnrrere1rrnrrr1r1e11rrr1r1nernrrer111er1rnre1ennnrnn1eeeennrrrrrrerreenrreenr11rnr1r1e11nr1r11reererrr11enern1rrrrernr1rnr1rrren1rrr1rerrerr1rrnr1ernre1e1rrrrrnrr1n1rnnnnre1n1ryrreewejwtgtrrtretheerrj#tjeerrtwweerr#yreryr#rrtjetrrtjrjtrr#hjteerjrejrrwrj#ewerrrbereertrrerbjehjrrjr#hrjjgtreerhgrgjyreyjrtr1rr11nrrrrn1n1nrnrn1n1reer1rernr1errrrrre1reer1rr1nnrnrrrneer1r1n1rrrerr1rrre1rrern1eeeerenr1eeee1rrrnnnene11rrn11rnrr11nnn1nnr1rnenrnne1ereereerrnnreeerrrr1nnrt#trjtjejjbbbrZ[ì[Ê[ì[Ê(ü>E0¨ü2>Â
ePÀ2PÕpegejererjrertetjej#r#jbrrhrrt#rregrryt#jwbrgrerbteeghtrjerweweryjtre#brgjrtgtrrbjrtwtrbyjtryrjrtrejrrw#ttrtrrhrrtree1ereeeerrererrrr1n1r111er11rrer1rn1rn1rrnennen1r11errenn1rrnnnnereerrrnr1eer1nerre1nenenererr11r1rern11nrrernrerere1ee11ne1err1erne1eeeeejeertteerrtrtwettergtjerrjtrtttwyrergerrtrtretjrrrtgrertyreweeyhrjrhrewehrewtterjr#ttjrrrejrjjjeerewgrrtrtrrrer##rertrjttgtjrerrnne1eeeerrreee1rrrne1eerennrenee1rr11rerenr11eenereee1nrrrn1renee1rrerrnn1rree1rrr1nneernre1ernrenr111nrrrr1nrr11n1r11nreernernhe#tjrrrretrrrrwyerrertjr#ybjjwtjterghtr#rrjtrrbtrrrr#ejegrtrwrrtgrgjretetw#bhhyjegretgeejgt#tywrryhjrgeertgjrtbhjreb#r#berrejjjne1en1ern11nnr11neeerrnre1reerrrrrneee1nr11erer1rree1re1r1nenrrererr1rrnnrrrnneee11eerrn11n1rerenrnereheyrrregwrrerr#hwjrehtetrrbreeteryerrrjrrhjterj[ì[Ê[ì[Ê(üêEܨP2>Â
ePÀ2P¾êjrjjweberbetjrhjbeehteeehrery#eeryrrrgtrree#rrherwebewrrhrbherrwgrejjthrrejrrrjttrernrenrnerere1reen1n1rrrenrn1nnr1rrrnrr1rrnrrrrre1rr1rnrrrnnr1e1errrnrrrrr11rnrreennnnnnrr11nrnnrrrrrrnn1nnrr1nr1re1en1r1rrrnenrr1enn111rrn1rnn1eerrrnrrrrr1nerernrnrbggetjyyeerter#eerwryerrergjtterrgbehrrberrre#rhbrytrrrerbb#tererjryywrjjtrj#ebrr#rrrrrerrrhrrbtr#berrtjtrrhr#rrrjjeyrthreenr1nrrreeene11er1re1ennee11nrrrner1errr1nnern1rerr1r11nneerreeeerenren1er1nrrrree1nererenr1rrrrnen1ne1e1rnre1nnrnrere1n1nnrr1rerrrernrrren1rerrrer1ntewhejwrrjehjrrrwrrrjrw#bejreerytre#

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2018-11-16-T-04-03-54-11162018.0403-2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap.txt - (1513 bytes) - download
1
2
3
4
5
6
7
11/14/2018-17:30:28.074871  [**] [1:2019837:3] ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 78.135.65.15:80 -> 10.11.14.101:49201
11/14/2018-17:30:28.074871  [**] [1:2019613:3] ET POLICY Office Document Download Containing AutoOpen Macro [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 78.135.65.15:80 -> 10.11.14.101:49201
11/14/2018-17:30:50.796924  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 50.62.194.30:80 -> 10.11.14.101:49202
11/14/2018-17:30:50.796924  [**] [1:2022053:2] ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 50.62.194.30:80 -> 10.11.14.101:49202
11/14/2018-17:30:50.796924  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 50.62.194.30:80 -> 10.11.14.101:49202
11/14/2018-17:42:55.489863  [**] [1:2404312:4989] ET CNC Feodo Tracker Reported CnC Server group 13 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.11.14.101:49237 -> 210.2.86.72:8080
11/14/2018-17:46:20.058091  [**] [1:2404315:4989] ET CNC Feodo Tracker Reported CnC Server group 16 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.11.14.101:49248 -> 49.212.135.76:443


stats.log - (3232 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
------------------------------------------------------------------------------------
Date: 11/16/2018 -- 04:03:54 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 6517
decoder.bytes                              | Total                     | 3613086
decoder.ipv4                               | Total                     | 6517
decoder.ethernet                           | Total                     | 6517
decoder.tcp                                | Total                     | 6469
decoder.udp                                | Total                     | 48
decoder.avg_pkt_size                       | Total                     | 554
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 156
flow.udp                                   | Total                     | 24
tcp.sessions                               | Total                     | 156
tcp.syn                                    | Total                     | 274
tcp.synack                                 | Total                     | 97
tcp.rst                                    | Total                     | 181
tcp.overlap                                | Total                     | 186
detect.alert                               | Total                     | 7
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 25
app_layer.tx.http                          | Total                     | 60
app_layer.flow.tls                         | Total                     | 46
app_layer.flow.dns_udp                     | Total                     | 24
app_layer.tx.dns_udp                       | Total                     | 24
flow_mgr.new_pruned                        | Total                     | 5
flow_mgr.est_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 3
flow_mgr.flows_timeout_inuse               | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65532
flow_mgr.rows_empty                        | Total                     | 1
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078048


eve.json - (78311 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{"timestamp":"2018-11-14T17:30:26.616910+0000","flow_id":955906639686094,"pcap_cnt":1,"event_type":"dns","src_ip":"10.11.14.101","src_port":54132,"dest_ip":"10.11.14.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55762,"rrname":"bysound.com.tr","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-14T17:30:26.696835+0000","flow_id":955906639686094,"pcap_cnt":2,"event_type":"dns","src_ip":"10.11.14.1","src_port":53,"dest_ip":"10.11.14.101","dest_port":54132,"proto":"UDP","dns":{"type":"answer","id":55762,"rcode":"NOERROR","rrname":"bysound.com.tr","rrtype":"A","ttl":13436,"rdata":"78.135.65.15"}}
{"timestamp":"2018-11-14T17:30:28.074871+0000","flow_id":92989727903550,"pcap_cnt":59,"event_type":"alert","src_ip":"78.135.65.15","src_port":80,"dest_ip":"10.11.14.101","dest_port":49201,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019837,"rev":3,"signature":"ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide)","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2018-11-14T17:30:28.074871+0000","flow_id":92989727903550,"pcap_cnt":59,"event_type":"alert","src_ip":"78.135.65.15","src_port":80,"dest_ip":"10.11.14.101","dest_port":49201,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019613,"rev":3,"signature":"ET POLICY Office Document Download Containing AutoOpen Macro","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2018-11-14T17:30:28.084163+0000","flow_id":92989727903550,"pcap_cnt":72,"event_type":"http","src_ip":"10.11.14.101","src_port":49201,"dest_ip":"78.135.65.15","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"bysound.com.tr","url":"\/En_us\/Documents\/11_18\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/msword"}}
{"timestamp":"2018-11-14T17:30:50.248400+0000","flow_id":652123604437584,"pcap_cnt":74,"event_type":"dns","src_ip":"10.11.14.101","src_port":62308,"dest_ip":"10.11.14.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54925,"rrname":"c-t.com.au","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-14T17:30:50.327406+0000","flow_id":652123604437584,"pcap_cnt":75,"event_type":"dns","src_ip":"10.11.14.1","src_port":53,"dest_ip":"10.11.14.101","dest_port":62308,"proto":"UDP","dns":{"type":"answer","id":54925,"rcode":"NOERROR","rrname":"c-t.com.au","rrtype":"A","ttl":2930,"rdata":"50.62.194.30"}}
{"timestamp":"2018-11-14T17:30:50.522828+0000","flow_id":217281787992543,"pcap_cnt":82,"event_type":"http","src_ip":"10.11.14.101","src_port":49202,"dest_ip":"50.62.194.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"c-t.com.au","url":"\/PspAMbuSd2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-14T17:30:50.525236+0000","flow_id":217281787992543,"pcap_cnt":84,"event_type":"fileinfo","src_ip":"50.62.194.30","src_port":80,"dest_ip":"10.11.14.101","dest_port":49202,"proto":"TCP","http":{"hostname":"c-t.com.au","url":"\/PspAMbuSd2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":301,"redirect":"http:\/\/c-t.com.au\/PspAMbuSd2\/","length":196},"app_proto":"http","fileinfo":{"filename":"\/PspAMbuSd2","gaps":false,"state":"CLOSED","stored":false,"size":237,"tx_id":0}}
{"timestamp":"2018-11-14T17:30:50.796924+0000","flow_id":217281787992543,"pcap_cnt":137,"event_type":"alert","src_ip":"50.62.194.30","src_port":80,"dest_ip":"10.11.14.101","dest_port":49202,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2018-11-14T17:30:50.796924+0000","flow_id":217281787992543,"pcap_cnt":137,"event_type":"alert","src_ip":"50.62.194.30","src_port":80,"dest_ip":"10.11.14.101","dest_port":49202,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2022053,"rev":2,"signature":"ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-14T17:30:50.796924+0000","flow_id":217281787992543,"pcap_cnt":137,"event_type":"alert","src_ip":"50.62.194.30","src_port":80,"dest_ip":"10.11.14.101","dest_port":49202,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2014520,"rev":6,"signature":"ET INFO EXE - Served Attached HTTP","category":"Misc activity","severity":3}}
{"timestamp":"2018-11-14T17:30:51.321773+0000","flow_id":217281787992543,"pcap_cnt":590,"event_type":"http","src_ip":"10.11.14.101","src_port":49202,"dest_ip":"50.62.194.30","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"c-t.com.au","url":"\/PspAMbuSd2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-11-14T17:32:06.120216+0000","flow_id":2164503998659297,"pcap_cnt":602,"event_type":"http","src_ip":"10.11.14.101","src_port":49210,"dest_ip":"50.78.167.65","dest_port":7080,"proto":"TCP","tx_id":0,"http":{"hostname":"50.78.167.65","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:32:58.246127+0000","flow_id":1123296556908743,"pcap_cnt":617,"event_type":"http","src_ip":"10.11.14.101","src_port":49213,"dest_ip":"189.244.86.184","dest_port":990,"proto":"TCP","tx_id":0,"http":{"hostname":"189.244.86.184","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-14T17:33:49.171882+0000","flow_id":1123296556908743,"pcap_cnt":619,"event_type":"fileinfo","src_ip":"189.244.86.184","src_port":990,"dest_ip":"10.11.14.101","dest_port":49213,"proto":"TCP","http":{"hostname":"189.244.86.184","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":132},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":132,"tx_id":0}}
{"timestamp":"2018-11-14T17:34:19.213202+0000","flow_id":1123296556908743,"pcap_cnt":620,"event_type":"http","src_ip":"10.11.14.101","src_port":49213,"dest_ip":"189.244.86.184","dest_port":990,"proto":"TCP","tx_id":1,"http":{"hostname":"189.244.86.184","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:35:31.790154+0000","flow_id":371552734770682,"pcap_cnt":637,"event_type":"http","src_ip":"10.11.14.101","src_port":49216,"dest_ip":"173.11.47.169","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"173.11.47.169","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:36:45.737161+0000","flow_id":937850617171927,"pcap_cnt":833,"event_type":"http","src_ip":"10.11.14.101","src_port":49217,"dest_ip":"186.18.236.83","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"186.18.236.83","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-14T17:40:08.355521+0000","flow_id":583176529003754,"pcap_cnt":874,"event_type":"http","src_ip":"10.11.14.101","src_port":49228,"dest_ip":"173.11.47.169","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"173.11.47.169","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:40:59.832518+0000","flow_id":1935376118557547,"pcap_cnt":884,"event_type":"http","src_ip":"10.11.14.101","src_port":49230,"dest_ip":"186.18.236.83","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"186.18.236.83","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:41:29.196648+0000","flow_id":62920703341776,"pcap_cnt":890,"event_type":"http","src_ip":"10.11.14.101","src_port":49231,"dest_ip":"200.127.55.5","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"200.127.55.5","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:42:02.730337+0000","flow_id":1107864773535868,"pcap_cnt":896,"event_type":"http","src_ip":"10.11.14.101","src_port":49232,"dest_ip":"76.65.158.121","dest_port":50000,"proto":"TCP","tx_id":0,"http":{"hostname":"76.65.158.121","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:42:55.489863+0000","flow_id":459758509193607,"pcap_cnt":917,"event_type":"alert","src_ip":"10.11.14.101","src_port":49237,"dest_ip":"210.2.86.72","dest_port":8080,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2404312,"rev":4989,"signature":"ET CNC Feodo Tracker Reported CnC Server group 13","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-14T17:43:25.801073+0000","flow_id":459758509193607,"pcap_cnt":922,"event_type":"http","src_ip":"10.11.14.101","src_port":49237,"dest_ip":"210.2.86.72","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"210.2.86.72","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:44:49.198947+0000","flow_id":2123611665284052,"pcap_cnt":948,"event_type":"http","src_ip":"10.11.14.101","src_port":49243,"dest_ip":"173.160.205.161","dest_port":990,"proto":"TCP","tx_id":0,"http":{"hostname":"173.160.205.161","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:45:19.386309+0000","flow_id":874218565748607,"pcap_cnt":954,"event_type":"http","src_ip":"10.11.14.101","src_port":49244,"dest_ip":"160.36.66.221","dest_port":990,"proto":"TCP","tx_id":0,"http":{"hostname":"160.36.66.221","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:45:39.749186+0000","flow_id":935591502879918,"pcap_cnt":1336,"event_type":"http","src_ip":"10.11.14.101","src_port":49245,"dest_ip":"71.163.171.106","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"71.163.171.106","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-14T17:45:39.796835+0000","flow_id":935591502879918,"pcap_cnt":1338,"event_type":"fileinfo","src_ip":"71.163.171.106","src_port":80,"dest_ip":"10.11.14.101","dest_port":49245,"proto":"TCP","http":{"hostname":"71.163.171.106","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":296228},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":296228,"tx_id":0}}
{"timestamp":"2018-11-14T17:46:07.807682+0000","flow_id":935591502879918,"pcap_cnt":1339,"event_type":"http","src_ip":"10.11.14.101","src_port":49245,"dest_ip":"71.163.171.106","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"71.163.171.106","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:46:20.058091+0000","flow_id":339860215620331,"pcap_cnt":1352,"event_type":"alert","src_ip":"10.11.14.101","src_port":49248,"dest_ip":"49.212.135.76","dest_port":443,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2404315,"rev":4989,"signature":"ET CNC Feodo Tracker Reported CnC Server group 16","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-14T17:46:50.260703+0000","flow_id":339860215620331,"pcap_cnt":1357,"event_type":"http","src_ip":"10.11.14.101","src_port":49248,"dest_ip":"49.212.135.76","dest_port":443,"proto":"TCP","tx_id":0,"http":{"hostname":"49.212.135.76","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:47:20.026082+0000","flow_id":681696664640429,"pcap_cnt":1363,"event_type":"http","src_ip":"10.11.14.101","src_port":49249,"dest_ip":"109.170.209.165","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"109.170.209.165","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:47:23.941313+0000","flow_id":1637187303564167,"pcap_cnt":1372,"event_type":"http","src_ip":"10.11.14.101","src_port":49250,"dest_ip":"205.185.187.190","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"205.185.187.190","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2018-11-14T17:47:35.173197+0000","flow_id":1131562279533253,"pcap_cnt":1391,"event_type":"http","src_ip":"10.11.14.101","src_port":49253,"dest_ip":"24.201.79.34","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"24.201.79.34","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-14T17:48:40.181427+0000","flow_id":1131562279533253,"pcap_cnt":1425,"event_type":"fileinfo","src_ip":"24.201.79.34","src_port":8080,"dest_ip":"10.11.14.101","

This file has been truncated. Go here to download in full.


keyword_perf.log - (16427 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/16/2018 -- 04:03:54
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             21192315        6683            6683            53951           3171.00         3171.00         0.00           
  threshold        35806           3               2               19979           11935.00        13513.00        8780.00        
  content          36537708        6407            3432            239949          5702.00         5915.00         5457.00        
  pcre             4112704         725             240             37050           5672.00         5524.00         5746.00        
  byte_test        792375          219             120             22337           3618.00         4023.00         3126.00        
  byte_jump        166542          50              23              4820            3330.00         3028.00         3588.00        
  isdataat         70940           24              0               3598            2955.00         0.00            2955.00        
  flowbits         2182053         699             100             74674           3121.00         3335.00         3085.00        
  urilen           1851612         565             138             49909           3277.00         3251.00         3285.00        
  byte_extract     4415            1               1               4415            4415.00         4415.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             21192315        6683            6683            53951           3171.00         3171.00         0.00           
  flowbits         2072755         676             77              74674           3066.00         2912.00         3085.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7254712         1425            666             61100           5091.00         4317.00         5769.00        
  pcre             863788          189             2               29905           4570.00         11300.00        4498.00        
  byte_test        792375          219             120             22337           3618.00         4023.00         3126.00        
  byte_jump        135970          40              13              4800            3399.00         3005.00         3588.00        
  isdataat         70940           24              0               3598            2955.00         0.00            2955.00        
  byte_extract     4415            1               1               4415            4415.00         4415.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         109298          23              23              7009            4752.00         4752.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        35806           3               2               19979           11935.00        13513.00        8780.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1254642         358             52              31111           3504.00         4013.00         3418.00        
  pcre             1269135         251             64              34983           5056.00         4908.00         5106.00        
  urilen           1851612         565             138             49909           3277.00         3251.00         3285.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          90090           27              0               4017            3336.00         0.00            3336.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14118207        1068            146             239949          13219.00        47103.00        7853.00        
  byte_jump        30572           10              10              4820            3057.00         3057.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8473128         2089            1713            63078           4056.00         4086.00         3918.00        
  pcre             1955218         282             174             37050           6933.00         5684.00         8945.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          457225          132             22              15669           3463.00         3601.00         3436.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7330            2               2               4072            3665.00         3665.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6063            2               2               3085            3031.00         3031.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4337            1               0               4337            4337.00         0.00            4337.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6159            2               2               3081            3079.00         3079.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3840            1               0               3840            3840.00         0.00            3840.00        
  pcre             17835           1               0               17835           17835.00        0.00            17835.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          681627          211             81              20285           3230.00         3300.00         3186.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4167060         1085            743             26793           3840.00         3989.00         3517.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             6728            2               0               3483            3364.00         0.00            3364.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3118            1               0               3118            3118.00         0.00            3118.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10170           3               3               3738            3390.0

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1197 bytes) - download
1
2
3
4
5
6
7
8
2018-11-16 04:03:45,339 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-16 04:03:46,183 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-16 04:03:46,183 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-11-16 04:03:46,184 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-16 04:03:46,184 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-16 04:03:46,184 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/83cb8fec13f79a9284e53b2ea13e7d55d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.0403-2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap -vvv -k none
2018-11-16 04:03:54,590 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-16 04:03:54,591 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.25977706909


suricata-report-2018-11-16-T-04-03-54-11162018.0403-2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap.txt - (18378 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/83cb8fec13f79a9284e53b2ea13e7d55d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.0403-2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap -vvv -k none
elapsedtime:8.402954
stderr:
stdout:
16/11/2018 -- 04:03:46 - <Info> - Configuration node 'rule-files' redefined.
16/11/2018 -- 04:03:46 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/11/2018 -- 04:03:46 - <Info> - CPUs/cores online: 1
16/11/2018 -- 04:03:46 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33574 and 'request-body-inspect-window' set to 16827 after randomization.
16/11/2018 -- 04:03:46 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32539 and 'response-body-inspect-window' set to 15612 after randomization.
16/11/2018 -- 04:03:46 - <Config> - DNS request flood protection level: 500
16/11/2018 -- 04:03:46 - <Config> - DNS per flow memcap (state-memcap): 524288
16/11/2018 -- 04:03:46 - <Config> - DNS global memcap: 16777216
16/11/2018 -- 04:03:46 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/11/2018 -- 04:03:46 - <Config> - preallocated 1000 hosts of size 136
16/11/2018 -- 04:03:46 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/11/2018 -- 04:03:46 - <Config> - using magic-file /usr/share/file/magic
16/11/2018 -- 04:03:46 - <Config> - Core dump size is unlimited.
16/11/2018 -- 04:03:46 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/11/2018 -- 04:03:46 - <Config> - preallocated 1000 defrag trackers of size 168
16/11/2018 -- 04:03:46 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/11/2018 -- 04:03:46 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/11/2018 -- 04:03:46 - <Config> - stream "memcap": 33554432
16/11/2018 -- 04:03:46 - <Config> - stream "midstream" session pickups: disabled
16/11/2018 -- 04:03:46 - <Config> - stream "async-oneside": disabled
16/11/2018 -- 04:03:46 - <Config> - stream "checksum-validation": disabled
16/11/2018 -- 04:03:46 - <Config> - stream."inline": disabled
16/11/2018 -- 04:03:46 - <Config> - stream "bypass": disabled
16/11/2018 -- 04:03:46 - <Config> - stream "max-synack-queued": 5
16/11/2018 -- 04:03:46 - <Config> - stream.reassembly "memcap": 134217728
16/11/2018 -- 04:03:46 - <Config> - stream.reassembly "depth": 0
16/11/2018 -- 04:03:46 - <Config> - stream.reassembly "toserver-chunk-size": 2640
16/11/2018 -- 04:03:46 - <Config> - stream.reassembly "toclient-chunk-size": 2546
16/11/2018 -- 04:03:46 - <Config> - stream.reassembly.raw: enabled
16/11/2018 -- 04:03:46 - <Config> - stream.reassembly "segment-prealloc": 2048
16/11/2018 -- 04:03:46 - <Config> - Delayed detect disabled
16/11/2018 -- 04:03:46 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/11/2018 -- 04:03:46 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/11/2018 -- 04:03:46 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/11/2018 -- 04:03:46 - <Config> - prefilter engines: MPM
16/11/2018 -- 04:03:46 - <Config> - IP reputation disabled
16/11/2018 -- 04:03:46 - <Perf> - Registered 148 keyword profiling counters.
16/11/2018 -- 04:03:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
16/11/2018 -- 04:03:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
16/11/2018 -- 04:03:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
16/11/2018 -- 04:03:47 - <Config> - No rules loaded from ET-emerging-icmp.rules.
16/11/2018 -- 04:03:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
16/11/2018 -- 04:03:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
16/11/2018 -- 04:03:49 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
16/11/2018 -- 04:03:49 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
16/11/2018 -- 04:03:49 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
16/11/2018 -- 04:03:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
16/11/2018 -- 04:03:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
16/11/2018 -- 04:03:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
16/11/2018 -- 04:03:51 - <Config> - No rules loaded from local.rules.
16/11/2018 -- 04:03:51 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
16/11/2018 -- 04:03:51 - <Info> - Threshold config parsed: 0 rule(s) found
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for tcp-packet
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for tcp-stream
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for udp-packet
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for other-ip
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_uri
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_client_body
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_accept
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_accept_enc
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_accept_lang
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_referer
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_connection
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_method
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_raw_uri
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_user_agent
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_host
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_raw_host
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_stat_msg
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_stat_code
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for dns_query
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for tls_sni
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 04:03:51 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 04:03:51 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
16/11/2018 -- 04:03:51 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/11/2018 -- 04:03:51 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
16/11/2018 -- 04:03:51 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
16/11/2018 -- 04:03:51 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
16/11/2018 -- 04:03:51 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
16/11/2018 -- 04:03:51 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
16/11/2018 -- 04:03:51 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/11/2018 -- 04:03:52 - <Perf> - Unique rule groups: 111
16/11/2018 -- 04:03:52 - <Perf> - Builtin MPM "toserver TCP packet": 31
16/11/2018 -- 04:03:52 - <Perf> - Builtin MPM "toclient TCP packet": 20
16/11/2018 -- 04:03:52 - <Perf> - Builtin MPM "toserver TCP stream": 31
16/11/2018 -- 04:03:52 - <Perf> - Builtin MPM "toclient TCP stream": 21
16/11/2018 -- 04:03:52 - <Perf> - Builtin MPM "toserver UDP packet": 33
16/11/2018 -- 04:03:52 - <Perf> - Builtin MPM "toclient UDP packet": 15
16/11/2018 -- 04:03:52 - <Perf> - Builtin MPM "other IP packet": 2
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_uri": 8
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_header": 6
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient http_header": 3
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_header_names": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_start": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_method": 3
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver http_host": 2
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver tls_sni": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toserver file_data": 1
16/11/2018 -- 04:03:52 - <Perf> - AppLayer MPM "toclient file_data": 5
16/11/2018 -- 04:03:53 - <Perf> - Registered 18241 rule profiling counters.
16/11/2018 -- 04:03:53 - <Info> - fast output device (regular) initialized: alert
16/11/2018 -- 04:03:53 - <Info> - eve-log output device (regular) initialized: eve.json
16/11/2018 -- 04:03:53 - <Config> - enabling 'eve-log' module 'alert'
16/11/2018 -- 04:03:53 - <Config> - enabling 'eve-log' module 'http'
16/11/2018 -- 04:03:53 - <Config> - enabling 'eve-log' module 'dns'
16/11/2018 -- 04:03:53 - <Config> - enabling 'eve-log' module 'tls'
16/11/2018 -- 04:03:53 - <Config> - e

This file has been truncated. Go here to download in full.