Filename: 2017-07-05-Japanese-malspam-traffic.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.2650418282 seconds
Hash: 9858f7452fb3a7b82d5217dfa2253bd9
Uploaded: 1548773712

Logfiles


suricata-report-2019-01-29-T-14-55-35-01292019.1455-2017-07-05-Japanese-malspam-traffic.pcap.txt - (17706 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9858f7452fb3a7b82d5217dfa2253bd956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01292019.1455-2017-07-05-Japanese-malspam-traffic.pcap -vvv -k none
elapsedtime:21.352676
stderr:
stdout:
29/1/2019 -- 14:55:13 - <Info> - Configuration node 'rule-files' redefined.
29/1/2019 -- 14:55:13 - <Notice> - This is Suricata version 4.0.0 RELEASE
29/1/2019 -- 14:55:13 - <Info> - CPUs/cores online: 1
29/1/2019 -- 14:55:13 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34319 and 'request-body-inspect-window' set to 16920 after randomization.
29/1/2019 -- 14:55:13 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32917 and 'response-body-inspect-window' set to 17071 after randomization.
29/1/2019 -- 14:55:13 - <Config> - DNS request flood protection level: 500
29/1/2019 -- 14:55:13 - <Config> - DNS per flow memcap (state-memcap): 524288
29/1/2019 -- 14:55:13 - <Config> - DNS global memcap: 16777216
29/1/2019 -- 14:55:13 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
29/1/2019 -- 14:55:13 - <Config> - preallocated 1000 hosts of size 136
29/1/2019 -- 14:55:13 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
29/1/2019 -- 14:55:13 - <Config> - using magic-file /usr/share/file/magic
29/1/2019 -- 14:55:13 - <Config> - Core dump size is unlimited.
29/1/2019 -- 14:55:13 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
29/1/2019 -- 14:55:13 - <Config> - preallocated 1000 defrag trackers of size 168
29/1/2019 -- 14:55:13 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
29/1/2019 -- 14:55:13 - <Config> - stream "prealloc-sessions": 2048 (per thread)
29/1/2019 -- 14:55:13 - <Config> - stream "memcap": 33554432
29/1/2019 -- 14:55:13 - <Config> - stream "midstream" session pickups: disabled
29/1/2019 -- 14:55:13 - <Config> - stream "async-oneside": disabled
29/1/2019 -- 14:55:13 - <Config> - stream "checksum-validation": disabled
29/1/2019 -- 14:55:13 - <Config> - stream."inline": disabled
29/1/2019 -- 14:55:13 - <Config> - stream "bypass": disabled
29/1/2019 -- 14:55:13 - <Config> - stream "max-synack-queued": 5
29/1/2019 -- 14:55:13 - <Config> - stream.reassembly "memcap": 134217728
29/1/2019 -- 14:55:13 - <Config> - stream.reassembly "depth": 0
29/1/2019 -- 14:55:13 - <Config> - stream.reassembly "toserver-chunk-size": 2486
29/1/2019 -- 14:55:13 - <Config> - stream.reassembly "toclient-chunk-size": 2585
29/1/2019 -- 14:55:13 - <Config> - stream.reassembly.raw: enabled
29/1/2019 -- 14:55:13 - <Config> - stream.reassembly "segment-prealloc": 2048
29/1/2019 -- 14:55:13 - <Config> - Delayed detect disabled
29/1/2019 -- 14:55:13 - <Config> - pattern matchers: MPM: ac, SPM: bm
29/1/2019 -- 14:55:13 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
29/1/2019 -- 14:55:13 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
29/1/2019 -- 14:55:13 - <Config> - prefilter engines: MPM
29/1/2019 -- 14:55:13 - <Config> - IP reputation disabled
29/1/2019 -- 14:55:13 - <Perf> - Registered 148 keyword profiling counters.
29/1/2019 -- 14:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
29/1/2019 -- 14:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
29/1/2019 -- 14:55:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
29/1/2019 -- 14:55:18 - <Config> - No rules loaded from ET-icmp.rules.
29/1/2019 -- 14:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
29/1/2019 -- 14:55:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
29/1/2019 -- 14:55:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
29/1/2019 -- 14:55:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
29/1/2019 -- 14:55:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
29/1/2019 -- 14:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
29/1/2019 -- 14:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
29/1/2019 -- 14:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
29/1/2019 -- 14:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
29/1/2019 -- 14:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
29/1/2019 -- 14:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
29/1/2019 -- 14:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
29/1/2019 -- 14:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
29/1/2019 -- 14:55:26 - <Config> - No rules loaded from local.rules.
29/1/2019 -- 14:55:26 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
29/1/2019 -- 14:55:26 - <Info> - Threshold config parsed: 0 rule(s) found
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for tcp-packet
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for tcp-stream
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for udp-packet
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for other-ip
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_uri
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_request_line
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_client_body
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_response_line
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_header
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_header
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_header_names
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_header_names
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_accept
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_accept_enc
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_accept_lang
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_referer
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_connection
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_content_len
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_content_len
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_content_type
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_content_type
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_protocol
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_protocol
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_start
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_start
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_raw_header
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_raw_header
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_method
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_cookie
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_cookie
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_raw_uri
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_user_agent
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_host
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_raw_host
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_stat_msg
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_stat_code
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for dns_query
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for tls_sni
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for tls_cert_issuer
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for tls_cert_subject
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for tls_cert_serial
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for dce_stub_data
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for dce_stub_data
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for ssh_protocol
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for ssh_protocol
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for ssh_software
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for ssh_software
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for file_data
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for file_data
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_request_line
29/1/2019 -- 14:55:26 - <Perf> - using shared mpm ctx' for http_response_line
29/1/2019 -- 14:55:26 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
29/1/2019 -- 14:55:26 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
29/1/2019 -- 14:55:27 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
29/1/2019 -- 14:55:27 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
29/1/2019 -- 14:55:27 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
29/1/2019 -- 14:55:27 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
29/1/2019 -- 14:55:27 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
29/1/2019 -- 14:55:27 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
29/1/2019 -- 14:55:31 - <Perf> - Unique rule groups: 104
29/1/2019 -- 14:55:31 - <Perf> - Builtin MPM "toserver TCP packet": 35
29/1/2019 -- 14:55:31 - <Perf> - Builtin MPM "toclient TCP packet": 17
29/1/2019 -- 14:55:31 - <Perf> - Builtin MPM "toserver TCP stream": 33
29/1/2019 -- 14:55:31 - <Perf> - Builtin MPM "toclient TCP stream": 19
29/1/2019 -- 14:55:31 - <Perf> - Builtin MPM "toserver UDP packet": 27
29/1/2019 -- 14:55:31 - <Perf> - Builtin MPM "toclient UDP packet": 17
29/1/2019 -- 14:55:31 - <Perf> - Builtin MPM "other IP packet": 3
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_uri": 14
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_request_line": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_client_body": 6
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient http_response_line": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_header": 10
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient http_header": 6
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_header_names": 2
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_accept": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_referer": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_content_len": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_content_type": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient http_content_type": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_protocol": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_start": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_method": 5
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_cookie": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient http_cookie": 2
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver http_host": 2
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver dns_query": 4
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver tls_sni": 2
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toserver file_data": 1
29/1/2019 -- 14:55:31 - <Perf> - AppLayer MPM "toclient file_data": 7
29/1/2019 -- 14:55:33 - <Perf> - Registered 39590 rule profiling counters.
29/1/2019 -- 14:55:33 - <Info> - fast output device (regular) initialized: alert
29/1/2019 -- 14:55:33 - <Info> - eve-log output device (regular) initialized: eve.json
29/1/2019 -- 14:55:33 - <Config> - enabling 'eve-log' module 'alert'
29/1/2019 -- 14:55:33 - <Config> - enabling 'eve-log' module 'http'
29/1/2019 -- 14:55:33 - <Config> - enabling 'eve-log' module 'dns'
29/1/2019 -- 14:55:33 - <Config> - enabling 'eve-log' module 'tls'
29/1/2019 -- 14:55:33 - <Config> - enabling 'eve-log' module 'files'
29/1/2019 -- 14:55:33 - <Config> - enabling 'eve-log' module 'ssh'
29/1/2019 -- 14:55:33 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
29/1/2019 -- 14:55:33 - <Info> - stats output device (regular) initialized: stats.log
29/1/2019 -- 14:55:33 - <Config> - AutoFP mode using "Hash" flow load balancer
29/1/2019 -- 14:55:33 - <Info> - reading pcap file /var/pcap/01292019.1455-2017-07-05-Japanese-malspam-traffic.pcap
29/1/2019 -- 14:55:33 - <Config> - usin

This file has been truncated. Go here to download in full.


packet_stats.log - (12917 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           372           101609      113419738      80795427         30.1b   98.78
 IPv4      17             6         12304217       92411421      62106082        372.6m    1.22
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           372            66970       17157453        336942        125.3m   78.42
TMM_FLOWWORKER              IPv4      17             6           330442       10051300       2048132         12.3m    7.69
TMM_RECEIVEPCAPFILE         IPv4       6           357             2532       19229953         58938         21.0m   13.16
TMM_RECEIVEPCAPFILE         IPv4      17             6             2600          10875          4119         24.7k    0.02
TMM_DECODEPCAPFILE          IPv4       6           357             2647          58543          3067          1.1m    0.69
TMM_DECODEPCAPFILE          IPv4      17             6             2704          32036          7957         47.7k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           357             2816          19839          3295          1.2m  0.98  
flow                    IPv4      17             6             3060          20903          7774         46.6k  0.04  
stream                  IPv4       6           372             2590         633383         13344          5.0m  4.13  
app-layer               IPv4      17             6            10670          56590         23271        139.6k  0.12  
detect                  IPv4       6           372            44654       17115336        296973        110.5m  91.80 
detect                  IPv4      17             6           264853         602647        396705          2.4m  1.98  
tcp-prune               IPv4       6           372             2540          64158          3120          1.2m  0.96  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            12272          22416         17344         34.7k  20.43 
tls                     IPv4       6            22             2630          14606          3804         83.7k  49.31 
dns                     IPv4      17             6             5021          20522          8560         51.4k  30.26 
Proto detect            IPv4      17             5             5073          26306         15805         79.0k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             4            27260          72679         53495        214.0k  1.83  
LOGGER_UNIFIED2             IPv4       6             4            83279         189457        136275        545.1k  4.65  
LOGGER_JSON_ALERT           IPv4       6             4            45701          96546         77341        309.4k  2.64  
LOGGER_JSON_DNS             IPv4      17             6            36612        9336492       1601231          9.6m  82.04 
LOGGER_JSON_HTTP            IPv4       6             1           176832         176832        176832        176.8k  1.51  
LOGGER_JSON_TLS             IPv4       6            12            33439          75773         50469        605.6k  5.17  
LOGGER_JSON_FILE            IPv4       6             1           251930         251930        251930        251.9k  2.15  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           125             2604         264998         45349         5.7m  23.85 
payload                           IPv4      17             6            19811          41461         31003       186.0k  0.78  
stream                            IPv4       6           125             2540         656930         57769         7.2m  30.39 
http_uri                          IPv4       6             1            10625          10625         10625        10.6k  0.04  
http_request_line                 IPv4       6             1            13610          13610         13610        13.6k  0.06  
http_client_body                  IPv4       6             1             3846           3846          3846         3.8k  0.02  
http_header (request)             IPv4       6             1            30778          30778         30778        30.8k  0.13  
http_header (request trailer)     IPv4       6             1             2655           2655          2655         2.7k  0.01  
http_header_names (request)       IPv4       6             1            12807          12807         12807        12.8k  0.05  
http_accept (request)             IPv4       6             1             3892           3892          3892         3.9k  0.02  
http_referer (request)            IPv4       6             1             3230           3230          3230         3.2k  0.01  
http_content_len (request)        IPv4       6             1             3385           3385          3385         3.4k  0.01  
http_content_type (request)       IPv4       6             1             4039           4039          4039         4.0k  0.02  
http_protocol (request)           IPv4       6             1             5496           5496          5496         5.5k  0.02  
http_start (request)              IPv4       6             1            11878          11878         11878        11.9k  0.05  
http_raw_header (request)         IPv4       6             1             9015           9015          9015         9.0k  0.04  
http_method                       IPv4       6             1             6408           6408          6408         6.4k  0.03  
http_cookie (request)             IPv4       6             1             3583           3583          3583         3.6k  0.02  
http_raw_uri                      IPv4       6             1             5248           5248          5248         5.2k  0.02  
http_user_agent                   IPv4       6             1             2938           2938          2938         2.9k  0.01  
http_host                         IPv4       6             1             9411           9411          9411         9.4k  0.04  
dns_query                         IPv4      17             3             7672          11746          9446        28.3k  0.12  
tls_sni                           IPv4       6            34             2713          25960          3834       130.4k  0.55  
http_response_line                IPv4       6             1            10326          10326         10326        10.3k  0.04  
http_header (response)            IPv4       6             1            49626          49626         49626        49.6k  0.21  
http_header (response trailer)    IPv4       6             1             9738           9738          9738         9.7k  0.04  
http_content_type (response)      IPv4       6             1             9149           9149          9149         9.1k  0.04  
http_raw_header (response)        IPv4       6            56             4662          14807          5141       287.9k  1.21  
http_cookie (response)            IPv4       6             1             3432           3432          3432         3.4k  0.01  
http_stat_code                    IPv4       6             1             4825           4825          4825         4.8k  0.02  
tls_cert_issuer                   IPv4       6            12             2554           8417          3488        41.9k  0.18  
tls_cert_subject                  IPv4       6            12             2590          13805          3823        45.9k  0.19  
tls_cert_serial                   IPv4       6            12             2540           4969          2961        35.5k  0.15  
file_data (http response)         IPv4       6            55             2590        1119103        179787         9.9m  41.61 
Total                             IPv4                   464                                         51215        23.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            26             4190          68043         27449        713.7k  0.52  
PROF_DETECT_IPONLY          IPv4      17             6            37707          63860         50079        300.5k  0.22  
PROF_DETECT_RULES           IPv4       6           372             2523       16446781        160286         59.6m  43.47 
PROF_DETECT_RULES           IPv4      17             6           111571         291932        196190          1.2m  0.86  
PROF_DETECT_STATEFUL_START    IPv4       6           100             5103        1372894         59617          6.0m  4.35  
PROF_DETECT_STATEFUL_CONT    IPv4       6           372             2514         170465         10565          3.9m  2.87  
PROF_DETECT_STATEFUL_CONT    IPv4      17             6             5892          73183         18997        114.0k  0.08  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           320             2545          25167          2882        922.5k  0.67  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             6             2724           3351          3017         18.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           372             7708        1641664         84716         31.5m  22.97 
PROF_DETECT_PREFILTER       IPv4      17             6            51975          82499         68741        412.4k  0.30  
PROF_DETECT_PF_PAYLOAD      IPv4       6           125            18617         686652        111197         13.9m  10.13 
PROF_DETECT_PF_PAYLOAD      IPv4      17             6            24882          47861         38900        233.4k  0.17  
PROF_DETECT_PF_TX           IPv4       6           320             2546        1133594         37950         12.1m  8.85  
PROF_DETECT_PF_TX           IPv4      17             3            13342          18504         15603         46.8k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6           124             2562          20333          4026        499.2k  0.36  
PROF_DETECT_PF_SORT1        IPv4      17             6             3476           4804          3978         23.9k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6           372             2520          29131          2927          1.1m  0.79  
PROF_DETECT_PF_SORT2        IPv4      17             6             3071           4419          3669         22.0k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6           372             2556          37976          3071          1.1m  0.83  
PROF_DETECT_NONMPMLIST      IPv4      17             6             2991           3779          3276         19.7k  0.01  
PROF_DETECT_ALERT           IPv4       6           372             2518          32363          2785          1.0m  0.76  
PROF_DETECT_ALERT           IPv4      17             6             2525          10853          4085         24.5k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           372             2565          16981          2967          1.1m  0.80  
PROF_DETECT_CLEANUP         IPv4      17             6             3168           6414          4319         25.9k  0.02  
PROF_DETECT_GETSGH          IPv4       6           372             2516          18443          3061          1.1m  0.83  
PROF_DETECT_GETSGH          IPv4      17             6             5627           6402          6070         36.4k  0.03  


suricata-4.0.0-etpro-all-alert-2019-01-29-T-14-55-35-01292019.1455-2017-07-05-Japanese-malspam-traffic.pcap.txt - (1122 bytes) - download
1
2
3
4
5
07/05/2017-15:25:34.108547  [**] [1:2019714:10] ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.7.5.101:49171 -> 91.239.200.176:80
07/05/2017-15:25:34.452827  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 91.239.200.176:80 -> 10.7.5.101:49171
07/05/2017-15:25:34.452827  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 91.239.200.176:80 -> 10.7.5.101:49171
07/05/2017-15:25:34.456134  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 91.239.200.176:80 -> 10.7.5.101:49171
07/05/2017-15:30:47.777174  [**] [1:2827244:2] ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.22.174.149:443 -> 10.7.5.101:49174


stats.log - (3143 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 1/29/2019 -- 14:55:35 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 363
decoder.bytes                              | Total                     | 310031
decoder.ipv4                               | Total                     | 363
decoder.ethernet                           | Total                     | 363
decoder.tcp                                | Total                     | 357
decoder.udp                                | Total                     | 6
decoder.avg_pkt_size                       | Total                     | 854
decoder.max_pkt_size                       | Total                     | 10274
flow.tcp                                   | Total                     | 13
flow.udp                                   | Total                     | 3
tcp.sessions                               | Total                     | 13
tcp.syn                                    | Total                     | 13
tcp.synack                                 | Total                     | 13
tcp.rst                                    | Total                     | 11
detect.alert                               | Total                     | 5
detect.mpm_list                            | Total                     | 5
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 12
app_layer.flow.dns_udp                     | Total                     | 3
app_layer.tx.dns_udp                       | Total                     | 3
flow_mgr.est_pruned                        | Total                     | 3
flow.spare                                 | Total                     | 10003
flow_mgr.flows_checked                     | Total                     | 16
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 13
flow_mgr.flows_timeout_inuse               | Total                     | 10
flow_mgr.flows_removed                     | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65520
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078912


eve.json - (7924 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{"timestamp":"2017-07-05T15:25:33.486750+0000","flow_id":1198530033970526,"pcap_cnt":1,"event_type":"dns","src_ip":"10.7.5.101","src_port":50964,"dest_ip":"10.7.5.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12446,"rrname":"litomericka405.cz","rrtype":"A","tx_id":0}}
{"timestamp":"2017-07-05T15:25:33.750673+0000","flow_id":1198530033970526,"pcap_cnt":2,"event_type":"dns","src_ip":"10.7.5.1","src_port":53,"dest_ip":"10.7.5.101","dest_port":50964,"proto":"UDP","dns":{"type":"answer","id":12446,"rcode":"NOERROR","rrname":"litomericka405.cz","rrtype":"A","ttl":20863,"rdata":"91.239.200.176"}}
{"timestamp":"2017-07-05T15:25:34.108547+0000","flow_id":1019593106496635,"pcap_cnt":11,"event_type":"alert","src_ip":"10.7.5.101","src_port":49171,"dest_ip":"91.239.200.176","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019714,"rev":10,"signature":"ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2017-07-05T15:25:34.452827+0000","flow_id":1019593106496635,"pcap_cnt":36,"event_type":"alert","src_ip":"91.239.200.176","src_port":80,"dest_ip":"10.7.5.101","dest_port":49171,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2017-07-05T15:25:34.452827+0000","flow_id":1019593106496635,"pcap_cnt":36,"event_type":"alert","src_ip":"91.239.200.176","src_port":80,"dest_ip":"10.7.5.101","dest_port":49171,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2017-07-05T15:25:34.456134+0000","flow_id":1019593106496635,"pcap_cnt":60,"event_type":"alert","src_ip":"91.239.200.176","src_port":80,"dest_ip":"10.7.5.101","dest_port":49171,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2017-07-05T15:25:34.796977+0000","flow_id":1019593106496635,"pcap_cnt":132,"event_type":"http","src_ip":"10.7.5.101","src_port":49171,"dest_ip":"91.239.200.176","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"litomericka405.cz","url":"\/tr.exe","http_content_type":"application\/x-msdownload"}}
{"timestamp":"2017-07-05T15:30:46.148256+0000","flow_id":1239675841168160,"pcap_cnt":137,"event_type":"dns","src_ip":"10.7.5.101","src_port":61891,"dest_ip":"10.7.5.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1675,"rrname":"www.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2017-07-05T15:30:46.168345+0000","flow_id":1239675841168160,"pcap_cnt":138,"event_type":"dns","src_ip":"10.7.5.1","src_port":53,"dest_ip":"10.7.5.101","dest_port":61891,"proto":"UDP","dns":{"type":"answer","id":1675,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":102,"rdata":"172.217.2.228"}}
{"timestamp":"2017-07-05T15:30:46.249615+0000","flow_id":90542308758642,"pcap_cnt":146,"event_type":"tls","src_ip":"10.7.5.101","src_port":49172,"dest_ip":"172.217.2.228","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com","issuerdn":"C=US, O=Google Inc, CN=Google Internet Authority G2"}}
{"timestamp":"2017-07-05T15:30:46.922235+0000","flow_id":2177363838689454,"pcap_cnt":195,"event_type":"tls","src_ip":"10.7.5.101","src_port":49173,"dest_ip":"172.217.2.228","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T15:30:47.021515+0000","flow_id":1173872647296011,"pcap_cnt":209,"event_type":"dns","src_ip":"10.7.5.101","src_port":63415,"dest_ip":"10.7.5.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34806,"rrname":"centler.at","rrtype":"A","tx_id":0}}
{"timestamp":"2017-07-05T15:30:47.224652+0000","flow_id":1173872647296011,"pcap_cnt":212,"event_type":"dns","src_ip":"10.7.5.1","src_port":53,"dest_ip":"10.7.5.101","dest_port":63415,"proto":"UDP","dns":{"type":"answer","id":34806,"rcode":"NOERROR","rrname":"centler.at","rrtype":"A","ttl":599,"rdata":"185.22.174.149"}}
{"timestamp":"2017-07-05T15:30:47.583089+0000","flow_id":1716140185711045,"pcap_cnt":220,"event_type":"tls","src_ip":"10.7.5.101","src_port":49174,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, OU=PositiveSSL, CN=centler.at","issuerdn":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA"}}
{"timestamp":"2017-07-05T15:30:47.777174+0000","flow_id":1716140185711045,"pcap_cnt":222,"event_type":"alert","src_ip":"185.22.174.149","src_port":443,"dest_ip":"10.7.5.101","dest_port":49174,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2827244,"rev":2,"signature":"ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2017-07-05T15:30:48.551787+0000","flow_id":1821008254757118,"pcap_cnt":235,"event_type":"tls","src_ip":"10.7.5.101","src_port":49175,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T15:35:53.316154+0000","flow_id":250293637404550,"pcap_cnt":253,"event_type":"tls","src_ip":"10.7.5.101","src_port":49179,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T15:40:58.149883+0000","flow_id":351792324515025,"pcap_cnt":268,"event_type":"tls","src_ip":"10.7.5.101","src_port":49180,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T15:46:02.372700+0000","flow_id":1077401299315512,"pcap_cnt":283,"event_type":"tls","src_ip":"10.7.5.101","src_port":49181,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T15:51:07.178383+0000","flow_id":935164887361206,"pcap_cnt":298,"event_type":"tls","src_ip":"10.7.5.101","src_port":49182,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T15:56:12.021012+0000","flow_id":88744964879689,"pcap_cnt":313,"event_type":"tls","src_ip":"10.7.5.101","src_port":49183,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T16:01:16.844116+0000","flow_id":245807643936867,"pcap_cnt":328,"event_type":"tls","src_ip":"10.7.5.101","src_port":49184,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T16:06:21.655318+0000","flow_id":2028161109716487,"pcap_cnt":343,"event_type":"tls","src_ip":"10.7.5.101","src_port":49185,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T16:11:26.527218+0000","flow_id":1808716218108591,"pcap_cnt":358,"event_type":"tls","src_ip":"10.7.5.101","src_port":49186,"dest_ip":"185.22.174.149","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}
{"timestamp":"2017-07-05T16:11:36.601201+0000","flow_id":1019593106496635,"event_type":"fileinfo","src_ip":"91.239.200.176","src_port":80,"dest_ip":"10.7.5.101","dest_port":49171,"proto":"TCP","http":{"hostname":"litomericka405.cz","url":"\/tr.exe","http_content_type":"application\/x-msdownload","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":202240},"app_proto":"http","fileinfo":{"filename":"\/tr.exe","gaps":false,"state":"CLOSED","stored":false,"size":202240,"tx_id":0}}


suricata-4.0.0-etpro-all-perf.txt-2019-01-29-T-14-55-35-01292019.1455-2017-07-05-Japanese-malspam-traffic.pcap.txt - (42838 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/29/2019 -- 14:55:35. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2804906      1        3        8962191      23.78  1        0        8962191     8962191.00  0.00        8962191.00 
  2        2021749      1        6        492521       1.31   2        0        270759      246260.50   0.00        246260.50  
  3        2820157      1        2        1202347      3.19   7        0        256339      171763.86   0.00        171763.86  
  4        2016855      1        2        250964       0.67   1        0        250964      250964.00   0.00        250964.00  
  5        2820158      1        2        1145185      3.04   7        0        249139      163597.86   0.00        163597.86  
  6        2803027      1        6        1491695      3.96   16       0        210890      93230.94    0.00        93230.94   
  7        2016854      1        3        185683       0.49   1        0        185683      185683.00   0.00        185683.00  
  8        2801929      1        7        967246       2.57   9        0        180982      107471.78   0.00        107471.78  
  9        2801930      1        7        882408       2.34   9        0        169660      98045.33    0.00        98045.33   
  10       2802987      1        5        1107421      2.94   15       0        168160      73828.07    0.00        73828.07   
  11       2804911      1        3        192429       0.51   2        0        152921      96214.50    0.00        96214.50   
  12       2804907      1        3        151970       0.40   1        0        151970      151970.00   0.00        151970.00  
  13       2014819      1        3        144565       0.38   1        0        144565      144565.00   0.00        144565.00  
  14       2020569      1        1        230553       0.61   3        0        138935      76851.00    0.00        76851.00   
  15       2804927      1        2        235817       0.63   4        0        138650      58954.25    0.00        58954.25   
  16       2805985      1        2        246787       0.65   3        0        138348      82262.33    0.00        82262.33   
  17       2018982      1        2        230569       0.61   3        0        138278      76856.33    0.00        76856.33   
  18       2808234      1        1        228895       0.61   3        0        137421      76298.33    0.00        76298.33   
  19       2022050      1        3        228290       0.61   3        0        137320      76096.67    0.00        76096.67   
  20       2807400      1        3        256532       0.68   3        0        137108      85510.67    0.00        85510.67   
  21       2809145      1        2        329884       0.88   3        0        125713      109961.33   0.00        109961.33  
  22       2814978      1        2        220940       0.59   2        0        117700      110470.00   0.00        110470.00  
  23       2814979      1        2        230192       0.61   2        0        115724      115096.00   0.00        115096.00  
  24       2018005      1        6        191378       0.51   2        0        100847      95689.00    0.00        95689.00   
  25       2017190      1        6        99079        0.26   1        0        99079       99079.00    0.00        99079.00   
  26       2827094      1        2        276797       0.73   3        0        94640       92265.67    0.00        92265.67   
  27       2822213      1        2        171885       0.46   2        0        92411       85942.50    0.00        85942.50   
  28       2008575      1        5        844552       2.24   48       0        90501       17594.83    0.00        17594.83   
  29       2802880      1        3        120144       0.32   3        0        80908       40048.00    0.00        40048.00   
  30       2009897      1        14       79493        0.21   3        0        73926       26497.67    0.00        26497.67   
  31       2019714      1        10       73464        0.19   1        1        73464       73464.00    73464.00    0.00       
  32       2024771      1        1        502843       1.33   56       0        72916       8979.34     0.00        8979.34    
  33       2015744      1        4        75883        0.20   3        1        70215       25294.33    70215.00    2834.00    
  34       2023711      1        2        73245        0.19   2        0        69999       36622.50    0.00        36622.50   
  35       2021245      1        6        67432        0.18   1        0        67432       67432.00    0.00        67432.00   
  36       2016537      1        2        1095357      2.91   71       1        62374       15427.56    62374.00    14756.90   
  37       2803657      1        5        61937        0.16   1        0        61937       61937.00    0.00        61937.00   
  38       2804858      1        2        61139        0.16   1        0        61139       61139.00    0.00        61139.00   
  39       2012981      1        5        60606        0.16   1        0        60606       60606.00    0.00        60606.00   
  40       2802991      1        5        94949        0.25   2        0        58734       47474.50    0.00        47474.50   
  41       2018556      1        2        58718        0.16   1        0        58718       58718.00    0.00        58718.00   
  42       2821615      1        2        58191        0.15   1        0        58191       58191.00    0.00        58191.00   
  43       2022482      1        3        57412        0.15   1        0        57412       57412.00    0.00        57412.00   
  44       2804508      1        2        55492        0.15   1        0        55492       55492.00    0.00        55492.00   
  45       2018959      1        3        57063        0.15   2        1        54026       28531.50    54026.00    3037.00    
  46       2018121      1        4        53910        0.14   1        0        53910       53910.00    0.00        53910.00   
  47       2009028      1        11       56718        0.15   2        0        53863       28359.00    0.00        28359.00   
  48       2830124      1        1        52575        0.14   1        0        52575       52575.00    0.00        52575.00   
  49       2803139      1        3        52374        0.14   1        0        52374       52374.00    0.00        52374.00   
  50       2819857      1        1        108363       0.29   3        0        50825       36121.00    0.00        36121.00   
  51       2018241      1        2        52807        0.14   2        0        49998       26403.50    0.00        26403.50   
  52       2018403      1        10       49996        0.13   1        0        49996       49996.00    0.00        49996.00   
  53       2018457      1        1        76934        0.20   2        0        48191       38467.00    0.00        38467.00   
  54       2826256      1        2        47331        0.13   1        0        47331       47331.00    0.00        47331.00   
  55       2014353      1        6        49907        0.13   2        0        46889       24953.50    0.00        24953.50   
  56       2013352      1        4        49812        0.13   2        0        46677       24906.00    0.00        24906.00   
  57       2819680      1        2        129853       0.34   3        0        44834       43284.33    0.00        43284.33   
  58       2013441      1        9        51087        0.14   3        0        44506       17029.00    0.00        17029.00   
  59       2009909      1        10       49721        0.13   3        0        43552       16573.67    0.00        16573.67   
  60       2016141      1        5        43078        0.11   1        0        43078       43078.00    0.00        43078.00   
  61       2008438      1        20       127213       0.34   3        0        43034       42404.33    0.00        42404.33   
  62       2022896      1        5        42841        0.11   1        0        42841       42841.00    0.00        42841.00   
  63       2828675      1        2        80664        0.21   4        2        40276       20166.00    37444.50    2887.50    
  64       2816165      1        5        40214        0.11   1        0        40214       40214.00    0.00        40214.00   
  65       2810412      1        4        52337        0.14   2        0        39133       26168.50    0.00        26168.50   
  66       2014471      1        6        37961        0.10   1        0        37961       37961.00    0.00        37961.00   
  67       2829607      1        1        37178        0.10   1        0        37178       37178.00    0.00        37178.00   
  68       2022270      1        2        36247        0.10   1        0        36247       36247.00    0.00        36247.00   
  69       2021076      1        2        50186        0.13   2        0        36176       25093.00    0.00        25093.00   
  70       2016029      1        3        35899        0.10   1        0        35899       35899.00    0.00        35899.00   
  71       2023083      1        2        35414        0.09   1        0        35414       35414.00    0.00        35414.00   
  72       2020941      1        2        35357        0.09   1        0        35357       35357.00    0.00        35357.00   
  73       2015547      1        4        35274        0.09   1        0        35274       35274.00    0.00        35274.00   
  74       2009702      1        5        89972        0.24   6        0        35191       14995.33    0.00        14995.33   
  75       2016097      1        4        35075        0.09   1        0        35075       35075.00    0.00        35075.00   
  76       2020573      1        2        34893        0.09   1        1        34893       34893.00    34893.00    0.00       
  77       2830035      1        2        34828        0.09   1        0        34828       34828.00    0.00        34828.00   
  78       2016578      1        5        34653        0.09   1        0        34653       34653.00    0.00        34653.00   
  79       2020826      1        7        34646        0.09   1        0        34646       34646.00    0.00        34646.00   
  80       2018382      1        8        86649        0.23   13       0        34193       6665.31     0.00        6665.31    
  81       2018928      1        3        33974        0.09   1        0        33974       33974.00    0.00        33974.00   
  82       2016538      1        3        36463        0.10   2        1        33588       18231.50    33588.00    2875.00    
  83       2022942      1        2        33323        0.09   1        0        33323       33323.00    0.00        33323.00   
  84       2022658      1        4        33266        0.09   1        0        33266       33266.00    0.00        33266.00   
  85       2820926      1        2        112096       0.30   7        0        32992       16013.71    0.00        16013.71   
  86       2022550      1        16       32811        0.09   1        0        32811       32811.00    0.00        32811.00   
  87       2020800      1        2        32786        0.09   1        0        32786       32786.00    0.00        32786.00   
  88       2022830      1        2        32555        0.09   1        0        32555       32555.00    0.00        32555.00   
  89       2827244      1        2        32268        0.09   1        1        32268       32268.00    32268.00    0.00       
  90       2025162      1        2        30345        0.08   1        0        30345       30345.00    0.00        30345.00   
  91       2811544      1        1        34378        0.09   2        0        30020       17189.00    0.00        17189.00   
  92       2810045      1        4        29467        0.08   1        0        29467       29467.00    0.00        29467.00   
  93       2011457      1        8        29378        0.08   1        0        29378       29378.00    0.00        29378.00   
  94       2018421      1        2        29287        0.08   1        0        29287       29287.00    0.00        29287.00   
  95       2806802      1        2        279754       0.74   14       0        28938       19982.43    0.00        19982.43   
  96       2024909      1        2        49783        0.13   2        0        28831       24891.50    0.00        24891.50   
  97       2018254      1        4        28829        0.08   1        0        28829       28829.00    0.00        28829.00   
  98       2018581      1        3        28627        0.08   1        0        28627       28627.00    0.00        28627.00   
  99       2013036      1        7        28447        0.08   1        0        28447       28447.00    0.00        28447.00   
  100      2020991      1        2        28416        0.08   1        0        28416       28416.00    0.00        28416.00   
  101      2017552      1        6        993104       2.64   71       0        28200       13987.38    0.00        13987.38   
  102      2016499      1        14       28148        0.07   1        0        28148       28148.00    0.00        28148.00   
  103      2829644      1        1        28129        0.07   1        0        28129       28129.00    0.00        28129.00   
  104      2809753      1        2        28115        0.07   1        0        28115       28115.00    0.00        28115.00   
  105      2014519      1        7        30864        0.08   2        0        28028       15432.00    0.00        15432.00   
  106      2018385      1        3        27648        0.07   1        0        27648       27648.00    0.00        27648.00   
  107      2020960      1        2        27555        0.07   1        0        27555       27555.00    0.00        27555.00   
  108      2023611      1        3        27269        0.07   1        0        27269       27269.00    0.00        27269.00   
  109      2809267      1        8        27215        0.07   1        0        27215       27215.00    0.00        27215.00   
  110      2022940      1        2        27115        0.07   1        0        27115       27115.00    0.00        27115.00   
  111      2013037      1        7        27055        0.07   1        0        27055       27055.00    0.00        27055.00   
  112      2821646      1        2        69050        0.18   4        0        26978       17262.50    0.00        17262.50   
  113      2809132      1        1        57662        0.15   12       0        26645       4805.17     0.00        4805.17    
  114      2820855      1        3        105732       0.28   7        0        26628       15104.57    0.00        15104.57   
  115      2809850      1        2        26558        0.07   1        0        26558       26558.00    0.00        26558.00   
  116      2805941      1        2        26549        0.07   1        0        26549       26549.00    0.00        26549.00   
  117      2020297      1        2        68522        0.18   4        0        26230       17130.50    0.00        17130.50   
  118      2821562      1        3        52917        0.14   3        0        25681       17639.00    0.00        17639.00   
  119      2018373      1        3        61447        0.16   13       0        25680       4726.69     0.00        4726.69    
  120      2020421      1        2        39777        0.11   2        0        25678       19888.50    0.00        19888.50   
  121      2804096      1        9        39227        0.10   2        0        25350       19613.50    0.00        19613.50   
  122      2822367      1        2        64605        0.17   4        0        24689       16151.25    0.00        16151.25   
  123      2022552      1        2        122349       0.32   6        0        24674       20391.50    0.00        20391.50   
  124      2022653      1        2        39984        0.11   2        0        24383       19992.00    0.00        19992.00   
  125      2012707      1        5        2

This file has been truncated. Go here to download in full.


keyword_perf.log - (14518 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/29/2019 -- 14:55:35
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1671978         524             524             29564           3190.00         3190.00         0.00           
  content          17487138        739             301             8933489         23663.00        43094.00        10309.00       
  pcre             317006          43              5               44262           7372.00         6396.00         7500.00        
  byte_test        458099          145             44              18892           3159.00         3219.00         3133.00        
  byte_jump        140064          48              21              3835            2918.00         2943.00         2898.00        
  isdataat         11387           4               1               2898            2846.00         2831.00         2852.00        
  flowbits         764962          270             28              10865           2833.00         3232.00         2786.00        
  urilen           47107           14              9               4246            3364.00         3381.00         3334.00        
  byte_extract     59547           22              22              3875            2706.00         2706.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1671978         524             524             29564           3190.00         3190.00         0.00           
  flowbits         740911          265             23              10865           2795.00         2889.00         2786.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13824480        486             179             8933489         28445.00        65768.00        6683.00        
  pcre             85063           18              1               16710           4725.00         7178.00         4581.00        
  byte_test        458099          145             44              18892           3159.00         3219.00         3133.00        
  byte_jump        119925          41              14              3835            2925.00         2976.00         2898.00        
  isdataat         11387           4               1               2898            2846.00         2831.00         2852.00        
  byte_extract     59547           22              22              3875            2706.00         2706.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         24051           5               5               5997            4810.00         4810.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          240909          54              34              33790           4461.00         4764.00         3946.00        
  pcre             165340          17              4               44262           9725.00         6201.00         10810.00       
  urilen           47107           14              9               4246            3364.00         3381.00         3334.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7068            2               2               4421            3534.00         3534.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3857            1               0               3857            3857.00         0.00            3857.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3099750         124             36              220209          24997.00        23545.00        25591.00       
  pcre             19515           4               0               9243            4878.00         0.00            4878.00        
  byte_jump        20139           7               7               3011            2877.00         2877.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          190213          38              25              47644           5005.00         3703.00         7509.00        
  pcre             35219           2               0               22829           17609.00        0.00            17609.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          57932           16              15              4326            3620.00         3665.00         2945.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3440            1               0               3440            3440.00         0.00            3440.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4851            1               0               4851            4851.00         0.00            4851.00        
  pcre             5571            1               0               5571            5571.00         0.00            5571.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          24179           7               4               3964            3454.00         3677.00         3157.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16944           5               4               4334            3388.00         3152.00         4334.00        
  pcre             6298            1               0               6298            6298.00         0.00            6298.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3226            1               0               3226            3226.00         0.00            3226.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7226            2               2               3787            3613.00         3613.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3063            1               0               3063            3063.00         0.00            3063.00        


unified2.alert.1548773733 - (47277 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
4Y]î¨т

e[ïÈ°ÀP›Y]îY]î¨Eq†|
e[ïÈ°ÀPPyGET /tr.exe HTTP/1.1
Host: litomericka405.cz
Connection: Keep-Alive

4Y]îèÛΏ![ïÈ°
ePÀÖY]îY]îèÛºE¬jA[ïÈ°
ePÀPð‚Òu÷€„‚‹‹}…ÉxƒÇú‰]ü‹u„ÉyOötJ¡´¤A…ÀtAÿЉEjPèø9YY…À„)jWèæ9YY…À„‹M‰FPQè·þÿÿYY‰éj‹EÿpöÁt)è²9YY…À„ãjWè 9YY…À„Ñ‹E‹HëµötQè„9YY…À„µjWèr9YY…À„£ÿv‹EÿpWèÅÿÿƒÄƒ~…Œƒ?„ƒFPÿ7éfÿÿÿ9^u9è.9YY…ÀtcjWè 9YY…ÀtUÿvFP‹EÿpèòýÿÿYYPWè¨ÄÿÿƒÄë:èõ8YY…Àt*jWèç8YY…ÀtÿvèÙ8Y…Àtöj[•ÃC‰]äëè5ôÿÿÇEüþÿÿÿ‹Ãë3À@ËeèèVôÿÿ3Àè0àÿÿÃU‹ì‹E‹8RCCàt!8MOCàt8csmàu*èØñÿÿƒ éôÿÿèÇñÿÿƒ¸~è¹ñÿÿÿˆ3À]Ãjh8`Aèßÿÿ‹Ex€‹E¾pë‹p‰uäèƒñÿÿÿ€ƒeü;ut_ƒþÿ~‹E;p|è{óÿÿ‹M‹A‹ð‰UàÇEüƒ|ðt'‹E‰PhP‹Aÿtðèýòÿÿë
ÿuìè)ÿÿÿYËeèƒeü‹uà‰uäëœÇEüþÿÿÿè;utèóÿÿ‹E‰pè&ßÿÿËuäèëðÿÿƒ¸~èÝðÿÿÿˆÃU‹ìSVWèËðÿÿ‹M3ö‹U»csmà¿"“9°¬u!9t:&€t‹%ÿÿÿ;Çr
öA …“öBft!9q„„9uujÿQÿuÿuè¿þÿÿƒÄël9qu‹%ÿÿÿ=!“rY9qtT9u4ƒzr.9zv)‹B‹p…öt‹E$¶ÀPÿu ÿuQÿuÿuÿuRÿÖƒÄ ëÿu ÿuÿu$QÿuÿuÿuRèMöÿÿƒÄ 3À@_^[]ÃU‹ìV‹uW‹F…ÀtQH€9tIö€‹}töu<‹W;ÂtBPQèýYY…Àt3Àë$ötötò‹EötötåötötÛ3À@_^]ÅÀufïÀëfnÀf`ÀfaÀfpÀSQ‹Ùƒã…Ûux‹ÚƒâÁët0ffAfA fA0fA@fAPfA`fAp‰€KuЅÒt7‹ÚÁëtëIfIKuöƒât‹ÚÁêt
f~IJuöƒãtˆAKuúX[Ã÷ۃÃ+ÓR‹ÓƒâtˆAJuúÁët
f~IKuöZé^ÿÿÿÌÌ̋T$‹L$÷Âu@‹:u2„Àt&:au)„ätÁè:Au„Àt:auƒÁƒÂ„äuҋÿ3ÀÃëÌÌÌÀƒÈËÿ÷ÂtŠƒÂ:uçƒÁ„ÀtØ÷Ât f‹ƒÂ:u΄ÀtÂ:auńät¹ƒÁë„jhxaAèÜÿÿjèœYƒeü‹u‹F…Àt0‹
¼¤Aº¸¤A‰Mä…Ét9u,‹A‰BQè×ÿÿYÿvè‡×ÿÿYƒfÇEüþÿÿÿè
èÜÿÿËÑëÅjèªYÃU‹ìV‹ñ‹MÆF…ÉufWè¯íÿÿ‹ø‰~‹Wl‰‹Oh‰N;ĐAt¡‘A…Gpuè#2‰‹F_;\ŽAt‹N¡‘A…Apuèj!‰F‹N‹Ap¨uƒÈ‰ApÆFë
‹‰‹A‰F‹Æ^]ÂU‹ìjÿuÿuÿuÿuÿuÿuèƒÄ]ÃU‹ì‹Eƒøet_ƒøEtZƒøfuÿu ÿuÿuÿuÿuèâƒÄ]ÃøatƒøAtÿu ÿuÿuÿuÿuÿuè}ë0ÿu ÿuÿuÿuÿuÿuèëÿu ÿuÿuÿuÿuÿuèЃÄ]ÃU‹ìƒì,SVWj0Xÿu‹ÈÇEøÿ‰Mü3ۍMÔè¬þÿÿ‹}…ÿy‹û‹u…öt‹M…Éu	èÞÿÿjëGˆ;ÈwèñÝÿÿj"_‰8èxÝÿÿéä‹U‹‹Z‰Eì‹ÃÁè%ÿ=ÿuy3À;ÀuuƒÈÿ;ÈtAþjWP^SRèÀ‹øƒÄ…ÿtÆ陀;-uÆ-F‹}…ÿj0Xˆ”ÀþÈ$àxˆFFjePèm4YY…Àt…ÿ”Áþɀáà€ÁpˆÆ@3ÿéO3Àã€ÃtÆ-Fƒ}‹]j0Xˆ”ÀþÈ$àx÷ۈF‹JۃãàáðƒÃ'3ÀÁ‰]ðu'j0XˆFƒÆ‹B‹
%ÿÿÈu3À‰EøëÇEøþëÆF1ƒÆ‹ÎF‰Mô…ÿuÆë‹Eԋ€„‹Šˆ‹B%ÿÿ‰Eèw	ƒ:†Âƒe¹‹Eü‰M…ÿ~S‹‹R#E#ыMüâÿÿ¿Éèé8j0YfÁ·Àƒø9vËM‹UˆF‹E¬È‰E‹EüÁéƒèO‰M‰Eüf…Ày©f…ÀxW‹‹R#E#ыMüâÿÿ¿Éè‘8fƒøv6j0Fÿ[Š€ùft€ùFuˆHëï‹]ð;EôtŠ€ù9u€Ã:ˆë	þÁˆëþ@ÿ…ÿ~Wj0XPVèVÎÿÿƒÄ÷‹Eô€8u‹ðƒ}±4‹U”ÀþÈ$àpˆ‹‹Rè8‹È‹Ú3Àáÿ#Ø+MøØx;Èr	ÆF+ƒÆë
ÆF-ƒÆ÷ÙØ÷ÛÆ0‹þ;Ø|Aºè;ÊrPRSQèë60‰UèˆF3À;÷u;Ø|ƒùdrPjdSQèÈ60‰UèˆF3À;÷u;Ø|ƒù
rPj
SQè¥60‰UèˆF‰]è3À€Á0‹øˆˆF€}àt‹M܃apý‹Ç_^[‹å]ÃU‹ìjÿuÿuÿuÿuÿuèVƒÄ]ÃU‹ìƒìMðSWÿu èDûÿÿ‹]…Ûtƒ}w	è¥Úÿÿjë‹U3ÿ‹Â…ҋǃÀ	9Ewè‡Úÿÿj"_‰8èÚÿÿé߀}t ‹M3À…ÒŸÀP3Àƒ9-”ÀÃPèâ‹UYY‹EV‹óƒ8-uÆ-s…Ò~ŠFˆF‹Eð‹€„‹Šˆ3À8E”ÀÂðƒÈÿ9Et‹Ã+ÆEhÄAPVèæ¹ÿÿƒÄ…ÀuvN9}tÆE‹U‹B€80t-‹RJy÷ÚÆF-jd[;Ó|‹Â™÷ûFj
[;Ó|‹Â™÷ûFVö°¨A^t€90ujAPQè<ºÿÿƒÄ€}üt‹Møƒapý‹Ç_[‹å]ÃWWWWWèÙÿÿÌU‹ìƒì,¡À…A3ʼnEü‹EMäS‹]VW‹}j^VQMÔQÿpÿ0è@4ƒÄ…ÿuè;Ùÿÿ‰0èÅØÿÿ‹Æët‹u…öu
è$Ùÿÿj^ëäƒÉÿ;ñt3À‹Îƒ}Ô-”À+È3À…ÛŸÀ+ȍEÔPCPQ3Ƀ}Ô-”Á3À…ÛŸÀÏÁPè1ƒÄ…ÀtÆëÿuEÔjPÿuSVWèõýÿÿƒÄ‹Mü_^3Í[èwÀÿÿ‹å]ÃU‹ìƒì‹EMìSVÿu‹@H‰Eüèùÿÿ‹u…ötƒ}wè|Øÿÿj[‰èØÿÿé™3ÛW‹}8]t‹Mü;Ïu‹U3Àƒ:-”ÀÁfÇ00‹Eƒ8-uÆ-F‹@…ÀjVè¸YÆ0FYëð…ÿ~JjV袋EìYY‹€„‹ŠˆF‹E‹@…Ày&8]t‹ø÷ßë÷Ø;ø|‹øWVèlWj0VèXÊÿÿƒÄ_€}øt‹Môƒapý^‹Ã[‹å]ÃU‹ìƒì,¡À…A3ʼnEü‹EMäSW‹}j[SQMÔQÿpÿ0èŠ2ƒÄ…ÿuè…×ÿÿ‰è×ÿÿ‹ÃëlV‹u…öuèm×ÿÿ‰è÷Öÿÿ‹ÃëSƒÉÿ;ñt
3À‹Îƒ}Ô-”À+ȋ]EÔP‹EØÃP3Àƒ}Ô-Q”ÀÇPèf/ƒÄ…ÀtÆëÿuEÔjPSVWègþÿÿƒÄ^‹Mü_3Í[èʾÿÿ‹å]ÃU‹ìƒì0¡À…A3ʼnEü‹EMäSW‹}j[SQMÐQÿpÿ0èÉ1ƒÄ…ÿuèÄÖÿÿ‰èNÖÿÿ‹Ãé§V‹u…öuè©Öÿÿ‰è3Öÿÿ‹Ã鋋EÔ3ÉHƒ}Ð-‰Eà”ÁƒÈÿ9;ðt‹Æ+ÁMÐQÿuPSè¦.ƒÄ…ÀtÆëS‹EÔH9EàœÁƒøü|+;E}&„Ét
ŠC„ÀuùˆCþÿuEÐjPÿuVWèƒýÿÿƒÄëÿuEÐjPÿuÿuVWèIûÿÿƒÄ^‹Mü_3Í[è˽ÿÿ‹å]ÃU‹ìjÿuèYY]ÃU‹ìƒìWÿuMðèiöÿÿ‹U‹}ðŠ
„Ét‹‡„‹Š:ÈtBŠ
„ÉuõŠB„Àt4ë	<et<EtBŠ„ÀuñV‹òJ€:0tú‹‡„‹Š:uJŠBFˆ„Àuö^€}ü_t‹Eøƒ`pý‹å]ÃU‹ìjÿuÿuÿuèƒÄ]ÃU‹ìQQƒ}ÿuÿutEøPèÇ.‹M‹Eø‰‹Eü‰AëEPè</‹M‹E‰ƒÄ‹å]ÃU‹ìjÿuèYY]ÃU‹ìƒìMðVÿuè~õÿÿ‹u¾Pè«+ƒøeëF¶Pè.*…ÀYuñ¾PèŽ+YƒøxuƒÆ‹EðŠ‹€„‹ŠˆFŠˆŠÈŠF„Àuó^8Eüt‹Eøƒ`pý‹å]ÃU‹ì‹EÙîÜßàöÄAz3À@]Ã3À]ÃU‹ìW‹}…ÿtV‹uVèÀÉÿÿ@P>VPèô´ÿÿƒÄ^_]ÃVhh3öVèÉ0ƒÄ…Àu^ÃVVVVVèÈÓÿÿÌV3öÿ¶ ˆAÿðA‰† ˆAƒÆƒþ(ræ^ÃU‹ì‹E‹8csmàu%ƒxu‹@= “t=!“t="“t
=@™t3À]ÂèkäÿÿÌhy‚@èsY3ÀÃU‹ìVèâÿÿ‹ð…ö„E‹V\‹ÊW‹}99t
ƒÁ‚;Èr;Ès99t3ɅÉ„‹Q…Ò„ƒúuƒa3À@éöƒúuƒÈÿéé‹ES‹^`‰F`ƒy…Àj$_‹F\ƒdƒÇÿ|í9ŽÀ‹~duÇFdƒé†9Àu	ÇFdëu9‘Àu	ÇFd„ëd9“Àu	ÇFd…ëS9Àu	ÇFd‚ëB9Àu	ÇFd†ë19’Àu	ÇFdŠë 9µÀu	ÇFdë9´ÀuÇFdŽÿvdjÿÒY‰~dë	ÿqƒaÿÒY‰^`ƒÈÿ[ë3À_^]Ãjdh˜aAè‘ÎÿÿjèY3ۉ]üj@j _Wè“ÍÿÿYY‹È‰M܅ÉujþEðPhÀ…AèÞƒÄƒÈÿé[£À¤A‰=„¹A;Ès1fÇA
ƒ	ÿ‰Y€a$€ŠA$$ˆA$fÇA%

‰Y8ˆY4ƒÁ@‰MÜ¡À¤AëƍEŒPÿDAfƒ}¾„/‹EÀ…À„$‹‰MäƒÀ‰EØÁ‰Eà¸;È|‹È‰Mä3öF‰uÐ9
„¹A} j@WèÔÌÿÿYY‹È‰M܅É…”‹
„¹A‰Mä‹û‰}Ôjþ[‹E؋Uà;ùÅ‹2ƒþÿt[;ótWŠ¨tQ¨uVÿ<A‹Uà…Àt<‹ÇÁø‹÷ƒæÁæ4…À¤A‰u܋‰‹E؊ˆFjh FPè´ƒÄÿF‹Uà‹MäG‰}ԋEØ@‰E؃‰Uà냉µÀ¤A=„¹A‹µÀ¤A;Ès$fÇA
ƒ	ÿ‰Y€a$€fÇA%

‰Y8ˆY4ƒÁ@‰MÜëÌF‰uЋMäéÿÿÿjþ[3ÿ‰}ԃÿ·‹÷Áæ5À¤A‰u܃>ÿt9t¾F€ˆFéŒÆF…ÿujöXë
Gÿ÷ØÀƒÀõPÿ$A‰EäƒøÿtL…ÀtHPÿ<A…Àt=‹Mä‰%ÿƒøu¾F@ëƒøu	¾FˆFjh FP訃ÄÿFë¾F@ˆF‰¡à¸A…Àt‹¸‰XGé=ÿÿÿ‰]üè3Àè8ÌÿÿÃjèà
YÃU‹ìQQƒ=”¹Auè4SVWh¿À¥A3ÛWSˆĦAÿHA‹5œ¹A‰=(›A…öt8u‹÷EøPEüPSSVè]‹]üƒÄûÿÿÿ?sE‹Møƒùÿs=™;Ñr6RèÒÊÿÿ‹øY…ÿt)EøPEüPŸPWVè ‹EüƒÄH‰=›A£›A3ÀëƒÈÿ_^[‹å]ÃU‹ì‹ES‹]V‹uWƒ#‹}Ç‹E…Àt‰8ƒÀ‰E3ɉM€>"u3À…É”ÀF‹È°"‰Më5ÿ…ÿtŠˆGŠFˆE¶ÀPèV-Y…Àtÿ…ÿtŠˆGFŠE„Àt‹M…Éu±< t<	u©…ÿtÆGÿëNƒe€>„ÊŠ< t<	uFëó€>„´‹U…Òt‰:ƒÂ‰U‹Eÿ3ÒB3ÉëFA€>\tù€>"u3öÁuƒ}tF€8"u‹ðë
3À3Ò9E”À‰EÑéëI…ÿtÆ\Gÿ…ÉuñŠ„ÀtA9Mu< t8<	t4…Òt*¾ÀPèƒ,Y…ÿt…ÀtŠˆGFÿŠˆGë…ÀtFÿÿFéoÿÿÿ…ÿtÆGÿé-ÿÿÿ‹U_^[…Òtƒ"‹Eÿ]Ã=”¹Auè

V‹5›AW3ÿ…öuƒÈÿé–<=tGVè«ÂÿÿFYðŠ„ÀuëGjPèÈÿÿ‹ø‰= ›AYY…ÿtʋ5›AS€>t>VèvÂÿÿ€>=YXt"jSè_Èÿÿ‰YY…Àt@VSPèÚ¬ÿÿƒÄ…ÀuHƒÇó€>uȋ5›AVèÈÄÿÿƒ%›Aƒ'3Àǘ¹AY[_^Ãÿ5 ›Aè¢Äÿÿƒ% ›AƒÈÿëä3ÀPPPPPè;ÌÿÿÌU‹ì‹E£X›A]ÃU‹ì‹E…Àx!ƒø~
ƒøu‹
ȦAë‹
ȦA£È¦A‹Á]Ãè\ÌÿÿÇèâËÿÿƒÈÿ]ÃU‹ìƒìƒeôƒeø¡À…AVW¿Næ@»¾ÿÿ;Çt
…Æt	÷УąAëfEôPÿTA‹Eø3Eô‰Eüÿ8A1EüÿPA1EüEìPÿLA‹MðEü3Mì3Mü3È;Ïu¹Oæ@»ë…Îu‹Á
GÁàȉ
À…A÷щ
ąA_^‹å]ÃVW¾@\A¿@\Aë‹…ÀtÿЃÆ;÷rñ_^ÃVW¾H\A¿H\Aë‹…ÀtÿЃÆ;÷rñ_^ÃU‹ìQWÿXA‹ø3À…ÿtuV‹÷f9tƒÆf9uøƒÆf9uðSPPP+÷PÑþFVWPPÿA‰Eü…Àt7PèÆÆÿÿ‹ØY…Ût*3ÀPPÿuüSVWPPÿA…Àu	SèñÂÿÿY3ÛWÿ\A‹Ãë	Wÿ\A3À[^_‹å]ÃU‹ì¡¹A3À…AtÿuÿÐ]Ã]ÿ%ÌAU‹ì¡¹A3À…AÿutÿÐ]ÃÿpA]ÃU‹ì¡¹A3À…AÿutÿÐ]ÃÿÈA]ÃU‹ì¡¹A3À…AÿuÿutÿÐ]ÃÿÄA]ÃU‹ìƒìDE¼PÿDAöEèt·Eìëj
X‹å]ÃU‹ì¡¹A3À…At
ÿuÿuÿuÿÐ]ÃÿuÿuÿÜA3À@]ÃU‹ìQV‹5‰A…öy%¡t¹A3ö3À…A‰uüt
VMüQÿЃøzuF‰5‰A3À…ö^ŸÀ‹å]ÃVWhp AÿlA‹5hA‹øhŒ AWÿÖ3À…Ah˜ AW£¹AÿÖ3À…Ah  AW£¹AÿÖ3À…Ah¬ AW£¹AÿÖ3À…Ah¸ AW£¹AÿÖ3À…AhÔ AW£¹AÿÖ3À…Ahä AW£¹AÿÖ3À…Ahø AW£¹AÿÖ3À…Ah!AW£¹AÿÖ3À…Ah(!AW£ ¹AÿÖ3À…Ah<!AW£$¹AÿÖ3À…Ah\!AW£(¹AÿÖ3À…Aht!AW£,¹AÿÖ3À…AhŒ!AW£0¹AÿÖ3ºY]îY]îèÛžE{][ïÈ°
ePÀPNÀ…Ah !AW£4¹AÿÖ3À…A£8¹Ah´!AWÿÖ3À…AhÐ!AW£<¹AÿÖ3À…Ahð!AW£@¹AÿÖ3À…Ah"AW£D¹AÿÖ3À…Ah,"AW£H¹AÿÖ3À…Ah@"AW£L¹AÿÖ3À…Ah\"AW£P¹AÿÖ3À…Ahp"AW£X¹AÿÖ3À…Ah€"AW£T¹AÿÖ3À…Ah"AW£\¹AÿÖ3À…Ah "AW£`¹AÿÖ3À…Ah°"AW£d¹AÿÖ3À…AhÌ"AW£h¹AÿÖ3À…Ahà"AW£l¹AÿÖ3À…Ahð"AW£p¹AÿÖ3À…Ah#AW£t¹AÿÖ3À…A£x¹Ah#AWÿÖ3À…Ah4#AW£|¹AÿÖ3À…A_£€¹A^ÃU‹ìÿuÿäA]ÃU‹ìÿuÿØA]ÃU‹ìÿuÿÔAPÿÐA]ÃU‹ìjÿäAÿuÿèA]ÃVW3ÿ9=”¹Au菋5œ¹A…öu¾P#AŠ€ù w„Ét/…ÿt%€ù"u	3À…ÿ”À‹ø¶ÁPè{%Y…ÀtFFëÑ< wFŠ„Àuõ_‹Æ^Ãÿ5Ô¦AÿôAÃU‹ì‹E£Ì¦A£Ð¦A£Ô¦A£Ø¦A]Ãj$h¸aAè®ÂÿÿƒeԃeÐ3ۉ]à3ÿ‰}؋uƒþPt‹ÆjY+Át"+Át+Át^+ÁuHè£Ôÿÿ‹ø‰}؅ÿuƒÈÿébÇEä̦A¡Ì¦Aë^ÿw\VèQYYƒÀ‰Eä‹ëV‹Æƒèt6ƒèt#HtèðÅÿÿÇèvÅÿÿë´ÇEäÔ¦A¡Ô¦AëÇEäЦA¡Ð¦AëÇEäئA¡Ø¦A3ÛC‰]àPÿôA‰E܃ø„Û…ÀujèǾÿÿ…ÛtjèWYƒeüƒþt
ƒþtƒþu‹G`‰Eԃg`ƒþu?‹Gd‰EÐÇGdŒƒþu-‹
h A‹Ñ‰UÌ¡l AÁ;Ð}$kÊ‹G\ƒdB‰Ű
h AëÞjÿðA‹Mä‰ÇEüþÿÿÿèƒþu ÿwdVÿUÜYë‹u‹]à‹}؅Ûtjè#YÃVÿUÜYƒþt
ƒþtƒþu‹EԉG`ƒþu‹EЉGd3ÀèEÁÿÿÃU‹ì‹U‹
` AV‹u9rt
kÁƒÂE;ÐrîkÉM;Ñs	9ru‹Âë3À^]ÃU‹ì‹E…Àtƒè8ÝÝuPèZ¼ÿÿY]ÃU‹ìSVW3ÿ»ã;™+‹ðÑþjUÿ4õx*Aÿu蜃Ä…Àty^ÿë~;û~ЃÈÿë‹õ|*A_^[]ÃU‹ìƒ}tÿuè¡ÿÿÿY…Àx=äs	‹ÅX#A]Ã3À]ÃU‹ì¡p¹A3À…At3ÉQQQÿuÿuÿuÿuÿuÿuÿÐ]Ãÿuÿuÿuÿuÿuÿuè”ÿÿÿYPÿ¼A]ÃU‹ìV‹u3À…öt^‹MSW‹}jA[jZZ+ù‰UëjZZ·f;Ãr
f;ÂwƒÀ ·Ðë‹Ð·f;Ãrf;EwƒÀ ·ÀƒÁNt
f…Òtf;ÐtÁ·È·Â_+Á[^]ÃU‹ìV‹uƒ<õ‰AuVèqY…Àuj脻ÿÿYÿ4õ‰Aÿ`A^]ÃVW¾‰A‹þS‹…ÛtƒtSÿ@ASèκÿÿƒ'YƒÇÿ0ŠA|Ø[ƒ>tƒ~uÿ6ÿ@AƒÆþ0ŠA|â_^ÃjhØaAèá¾ÿÿƒ=Œ¡Auè`Äÿÿjè¶ÄÿÿhÿèÞºÿÿYY‹}3Û9ý‰Au\jè
¾ÿÿY‹ð…öuè_ÂÿÿÇ3ÀëBj
èÿÿÿY‰]ü9ý‰AuSh Vèó÷ÿÿƒÄ‰4ý‰AëVèºÿÿYÇEüþÿÿÿè	3À@蓾ÿÿÃj
è;YÃVW¾‰A¿è¦Aƒ~uj‰>ƒÇh ÿ6è÷ÿÿƒÄƒÆþ0ŠA|Ù3À_@^ÃU‹ì‹Eÿ4ʼnAÿ\A]ÃÌÌÌÌÌÌU‹ì‹E3ÒSVW‹H<È·A·YƒÀÁ…Ût‹}‹p;þr	‹HÎ;ùr
BƒÀ(;Órè3À_^[]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjþhøaAh S@d¡PƒìSVW¡À…A1Eø3ÅPEðd£‰eèÇEüh@è|ƒÄ…ÀtT‹E-@Ph@èRÿÿÿƒÄ…Àt:‹@$Áè÷ЃàÇEüþÿÿÿ‹Mðd‰
Y_^[‹å]ËEì‹3Ɂ8À”Á‹ÁËeèÇEüþÿÿÿ3À‹Mðd‰
Y_^[‹å]ÃÌÌÌÌÌÌU‹ì‹E¹MZf9t3À]ËH<È3À9PEuºf9Q”À]ÃU‹ì‹E£8¨A]Ã=”¹AujýèMYÇ”¹A3ÀÃU‹ì‹E-¤t&ƒètƒè
tHt3À]áDA]áDA]áDA]áDA]ÃU‹ìƒìMðjè‡àÿÿƒ%T¨A‹EƒøþuÇT¨Aÿ|Aë,ƒøýuÇT¨AÿxAëƒøüu‹EðÇT¨A‹@€}üt‹Møƒapý‹å]ÃU‹ìS‹]VWh3ÿsWVè²ÿÿ‰{3À‰{ƒÄ‰»¹{«««¿8ŒA+ûŠ7ˆFIu÷‹ºŠ9ˆAJu÷_^[]ÃU‹ìì ¡À…A3ʼnEüSV‹u…èúÿÿWPÿvÿ€A3Û¿…À„ð‹Ãˆ„üþÿÿ@;ÇrôŠ…îúÿÿîúÿÿƅüþÿÿ ë¶Q¶Àë
;Çs
Ƅüþÿÿ @;ÂvïƒÁŠ„ÀuÝSÿv…üúÿÿPW…üþÿÿPjSèò Sÿv…üýÿÿWPW…üþÿÿPWÿ¶S蓃Ä@…üüÿÿSÿvWPW…üþÿÿPhÿ¶SèkƒÄ$‹Ë·„Müúÿÿ¨t€LŠ„
üýÿÿë¨t€L Š„
üüÿÿˆ„눜A;ÏrÁëYjŸ–‹ËX+‰…àúÿÿщ…äúÿÿƒÀ ƒøw
€LA 냽äúÿÿw€H Aàˆëˆ‹…àúÿÿ–A;Ïrº‹Mü_^3Í[èw¥ÿÿ‹å]ÃjhbAèß¹ÿÿ3ö‰uäèèËÿÿ‹ø‹
‘A…Opt9wlt‹wh…öuj èçµÿÿY‹Æèò¹ÿÿÃj
è0úÿÿY‰uü‹wh‰uä;5\ŽºY]îY]îèÛžE{][ïÈ°
ePÀP¸‰At4…ötƒÈÿðÁuþ8ŒAtVè(µÿÿY¡\ŽA‰Gh‹5\ŽA‰uä3À@ðÁÇEüþÿÿÿè둋uäj
è<ûÿÿYÃjh8bAè9¹ÿÿƒÏÿèDËÿÿ‹Ø‰]àè<ÿÿÿ‹shÿuèÒüÿÿY‰E;F„hh èg¸ÿÿY‹Ø…Û„U¹ˆ‹Eà‹ph‹ûó¥3ö‰3SÿuèAYY‹ø‰}…ÿ…‹Eà‹HhƒÊÿðÁu‹Hhù8ŒAt
Qè_´ÿÿY‹Eà‰Xh3À@ðÁ‹Eàö@p…ïö‘A…âj
èùÿÿY‰uü‹C£<¨A‹C£@¨A‹ƒ£P¨A‹Î‰Mäƒù}f‹DKf‰MD¨AAëè‹Î‰Mäù}
ŠDˆ0ŠAAëè‰uäþ}Š„ˆ†8‹AFëå¡\ŽAƒÉÿðÁu¡\ŽA=8ŒAtP袳ÿÿY‰\ŽA3À@ðÁÇEüþÿÿÿèë1‹}j
èÁùÿÿYÃë#ƒÿÿuû8ŒAtSèe³ÿÿYèo»ÿÿÇë3ÿ‹Çèã·ÿÿÃU‹ìƒì ¡À…A3ʼnEüSVÿu‹uè6ûÿÿ‹ØY…ÛuVè—ûÿÿY3Àé©W3ÿ‹Ï‹Ç‰Mä9˜`ŽA„èAƒÀ0‰Mä=ðræûèý„Ɓûéý„º·ÃPÿtA…À„¨EèPSÿ€A…À„‚hFWPè;­ÿÿ‰^ƒÄ3ۉ¾C9]èvO€}îEît!ŠH„Ét¶Ñ¶ë€LA;ÊvöƒÀ€8uߍF¹þ€@Iuùÿvè"úÿÿƒÄ‰†‰^ë‰~3À~«««é¼9=T¨AtVèžúÿÿ鯃ÈÿéªhFWP螬ÿÿƒÄkEä0‰Eà€pŽA‰Eä€8‹Èt5ŠA„Àt+¶¶ÀëúsŠ‡XŽADB¶A;ÐvåƒÁ€9u΋EäGƒÀ‰Eäƒÿr¸S‰^ÇFèoùÿÿƒÄ‰†‹EàNjdŽA_f‹Rf‰IOuñVèIúÿÿY3À_‹Mü^3Í[è>¡ÿÿ‹å]ÃU‹ìƒ}uÿu藠ÿÿY]ÃV‹u…öu
ÿuè>±ÿÿY3ÀëMSë0…öuFVÿujÿ5Œ¡Aÿ„A‹Ø…Ûu^9ˆ¡At@VèØ°ÿÿY…ÀtƒþàvËVèÈ°ÿÿYè¹ÿÿÇ3À[^]Ãèô¸ÿÿ‹ðÿ¸APèù¸ÿÿY‰ëâèܸÿÿ‹ðÿ¸APèá¸ÿÿY‰‹ÃëÊU‹ìV‹u…ötjà3ÒX÷ö;Es諸ÿÿÇ3ÀëQ¯u…öuF3ɃþàwVjÿ5Œ¡AÿÀA‹È…Éu*ƒ=ˆ¡AtVè*°ÿÿY…ÀuЋE…Àt¼ë´‹E…ÀtÇ‹Á^]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌSVW‹T$‹D$‹L$URPQQhО@dÿ5¡À…A3ĉD$d‰%‹D$0‹X‹L$,3‹pƒþþt;‹T$4ƒúþt;òv.4v\³‹‰Hƒ{uÌh‹Cè¢¹‹Cè´ë°dƒÄ_^[ËL$÷A¸t3‹D$‹H3ÈèXŸÿÿU‹hÿpÿpÿpè>ÿÿÿƒÄ]‹D$‹T$‰¸ÃU‹L$‹)ÿqÿqÿq(èÿÿÿƒÄ]ÂUVWS‹ê3À3Û3Ò3ö3ÿÿÑ[_^]Ëê‹ñ‹Ájèÿ3À3Û3É3Ò3ÿÿæU‹ìSVWjRhvŸ@QèjW_^[]ÃU‹l$RQÿt$èµþÿÿƒÄ]ƒ%è¸AÃU‹ìVW‹}…ÿt‹M…Ét‹U…Òu3Àf‰è¶ÿÿj^‰0èI¶ÿÿ‹Æ_^]Ë÷fƒ>tƒÆIuô…ÉtÔ+ò·f‰Rf…ÀtIuî3À…ÉuÐf‰è~¶ÿÿj"ëºU‹ìV‹u…öt‹U…Òt‹M…Éu3Àf‰èW¶ÿÿj^‰0èÞµÿÿ‹Æ^]ÃW‹þ+ù·f‰If…ÀtJuî3À_…Òußf‰è"¶ÿÿj"ëÉU‹ì‹Ef‹ƒÀf…Éuõ+EÑøH]ÃU‹ì‹U‹MV…Òu
…Éu
9Mu&3Àë3…Ét‹E…Àt…Òu3Àf‰ëæ‹u…öu3Àf‰èõÿÿj^‰0èJµÿÿ‹Æ^]ÃS‹ÙW‹øƒúÿu+Þ·f‰3vf…Àt%Ouîë +ñ·f‰[f…ÀtOtJuë…Òu3Àf‰…ÿ_[…{ÿÿÿƒúÿu‹E3ÒjPf‰TAþXëž3Àf‰èKµÿÿj"ë†U‹ìƒì$¡À…A3ʼnEü‹ES‹ðAVW‰Eä3ö‹EV‰EàÿӋø‰}èèÿêÿÿ‰Eì95`¨A…°hVhDAÿdA‹ø…ÿu&ÿ¸AƒøW…jVVhDAÿdA‹ø…ÿ„Sh4DAWÿhA…À„?PÿÓh@DAW£`¨AÿhAPÿÓhPDAW£d¨AÿhAPÿÓhdDAW£h¨AÿhAPÿÓ£p¨A…Àth€DAWÿhAPÿÓ£l¨A‹}èÿ A…Àt‹Eä…ÀtPÿˆA9uìtjXé½9uìtÿ5`¨AÿôAjëå¡l¨A‹ôA;ÇtO9=p¨AtGPÿÓÿ5p¨A‰EìÿӋMì‰Eè…Ét/…Àt+ÿхÀtMÜQjMðQjPÿUè…ÀtöEøu‹}Ï ë0¡d¨A;Çt$PÿӅÀtÿЋð…öt¡h¨A;ÇtPÿӅÀtVÿЋð‹}ÿ5`¨AÿӅÀtWÿuàÿuäVÿÐë3À‹Mü_^3Í[è-›ÿÿ‹å]Ã̀zuf‹\ÿÿÿ€Ï€çþ³?ëf»?f‰^ÿÿÿÙ­^ÿÿÿ»¼DAÙ剕lÿÿÿ›Ý½`ÿÿÿƅpÿÿÿ›ŠaÿÿÿÐáÐùÐÁŠÁ$×¾Àá‹Ú؃Ãÿ#€zuf‹\ÿÿÿ€Ï€çþ³?ëf»?f‰^ÿÿÿÙ­^ÿÿÿ»¼DAÙ剕lÿÿÿ›Ý½`ÿÿÿƅpÿÿÿÙɊaÿÿÿÙå›Ý½`ÿÿÿÙɊ­aÿÿÿÐåÐýÐŊÅ$׊àÐáÐùÐÁŠÁ$×ÐäÐä
ľÀá‹Ú؃Ãÿ#èÁÙÉÝØÃè·ëöÝØÝØÙîÃÝØÝØÙèÃÛ½bÿÿÿÛ­bÿÿÿö…iÿÿÿ@tƅpÿÿÿÃƅpÿÿÿÜ´DAÃÙÉÛ½bÿÿÿÛ­bÿÿÿö…iÿÿÿ@t	ƅpÿÿÿëƅpÿÿÿÞÁÃÛ½bÿÿÿÛ­bÿºY]îY]îèÛžE{][ïÈ°
ePÀP»áÿÿö…iÿÿÿ@t ÙÉÛ½bÿÿÿÛ­bÿÿÿö…iÿÿÿ@t	ƅpÿÿÿëƅpÿÿÿÞÁÃÝØÝØÛ- DA€½pÿÿÿƅpÿÿÿ
ÉÃ
ÉtÙàÃÌÌÌÌÌÌU‹ìƒÄà‰Eà‹E‰Eð‹E‰Eôë	U‹ìƒÄà‰EàÝ]ø‰Mä‹E‹M‰Eè‰MìEMàPQRèíƒÄÝEøf}tÙmÉÃÌÌÌÌÌÌÌÌÌÌÌÌÌÙÀÙüÜáÙÉÙàÙðÙèÞÁÙýÝÙËT$âƒÊf‰T$Ùl$ét¸ÃÜÐDA¸ËB%ð=ðtÝËBƒì

ÿ‰D$‹B‹
¤ÈÁá‰D$‰$Û,$ƒÄ
©‹BËD$%ð=ðtËD$Ãf<$tÙ,$ZÃf‹$f=tfƒà t›ßàfƒà t¸èéþÿÿZÃÙ,$ZÃìÝ$‹D$ƒÄ%ðëƒìÝ$‹D$ƒÄ%ðt==ðt_f‹$f=t*fƒà u!›ßàfƒà t¸ƒútè‹þÿÿZÃèmþÿÿZÃÙ,$ZÃÝüDAÙÉÙýÝÙÙÀÙáÜìDA›ßàž¸sÇÜ
EAë¿ÝôDAÙÉÙýÝÙÙÀÙáÜäDA›ßàž¸vžÜ
EAë–3ÀÃU‹ì‹U3ÉSVAW‹ÁðÁ‹rx…öt‹ÁðÁ‹²€…öt‹ÁðÁ‹r|…öt‹ÁðÁ‹²ˆ…öt‹ÁðÁjr[~øXAt‹>…ÿt‹ÁðÁƒ~ôt
‹~ü…ÿt‹ÁðÁƒÆKuҋ‚œ°ðÁA_^[]ÃU‹ìSV‹u3ÛW‹†„…Àtf=(”At_‹Fx…ÀtX9uT‹†€…Àt9uPèÁ¦ÿÿÿ¶„èlYY‹F|…Àt9uP裦ÿÿÿ¶„èJYYÿvx莦ÿÿÿ¶„胦ÿÿYY‹†ˆ…ÀtD9u@‹†Œ-þPèb¦ÿÿ‹†”¿€+ÇPèO¦ÿÿ‹†˜+ÇPèA¦ÿÿÿ¶ˆè6¦ÿÿƒÄ‹†œ=`At9˜°uPè1ÿ¶œè
¦ÿÿYYjXž ‰E~øXAt‹…Àtƒ8uPèâ¥ÿÿÿ3èÛ¥ÿÿYY‹Eƒôt‹Gü…Àtƒ8uPè¾¥ÿÿY‹EƒÃƒÇH‰Eu²V訥ÿÿY_^[]ÃU‹ì‹U…Ò„ŽSVƒÎÿW‹ÆðÁ‹Jx…Ét‹ÆðÁ‹Š€…Ét‹ÆðÁ‹J|…Ét‹ÆðÁ‹Šˆ…Ét‹ÆðÁjJ[yøXAt‹9…ÿt‹ÆðÁƒyôt
‹yü…ÿt‹ÆðÁƒÁKuҋŠœÁ°ðÁ1N_^[‹Â]ÃjhXbAèF©ÿÿƒeäèP»ÿÿ‹ð‹
‘A…Npt"ƒ~ltè8»ÿÿ‹pl…öuj èI¥ÿÿY‹ÆèT©ÿÿÃjè’éÿÿYƒeüÿ5ĐAFlPè!YY‹ð‰uäÇEüþÿÿÿè뼋uäjèÉêÿÿYÃU‹ìW‹}…ÿt;‹E…Àt4V‹0;÷t(W‰8èÐüÿÿY…ötVè´þÿÿƒ>YuþȐAtVèFýÿÿY‹Ç^ë3À_]ÃÌÌÌÌÌÌÌU‹ìSVWUjjhXª@ÿuèˆL]_^[‹å]ËL$÷A¸t2‹D$‹Hü3ÈèȓÿÿU‹h‹P(R‹P$RèƒÄ]‹D$‹T$‰¸ÃSVW‹D$UPjþh`ª@dÿ5¡À…A3ÄPD$d£‹D$(‹X‹pƒþÿt:ƒ|$,ÿt;t$,v-4v‹³‰L$‰Hƒ|³uh‹D³èI‹D³è_뷋L$d‰
ƒÄ_^[Ã3Àd‹
y`ª@u‹Q‹R9Qu¸ÃSQ»€‘AëSQ»€‘A‹L$‰K‰C‰kUQPXY]Y[ÂÿÐÃU‹ì‹E÷ØÀƒà]ÃU‹ìƒìÿuMðèvËÿÿ‹Mðƒyt~EðPjÿuè÷ƒÄ‹È닉‹E·Aƒá€}üt‹Eøƒ`pý‹Á‹å]ÃU‹ìƒ=À¨Au‹M¡X‘A·Hƒà]Ãjÿuè‡ÿÿÿYY]ÃU‹ìƒìMèSWÿuè÷Êÿÿ‹]¿;ßs`‹Mèƒyt~EèPjSèn‹MèƒÄë
‹·Xƒà…Àt€}ô‹”¶t‹Eðƒ`pý‹ÁéҀ}ôt‹Mðƒapý‹Ã龋Eèƒxt~-‹ÃMèÁø‰EQ¶ÀPèYY…Àt‹EjˆEüˆ]ýÆEþYëèéÿÿ3ÉAÇ*ˆ]üÆEý‹EèUøjÿpjRQMüQWÿ°¨EèPè 
ƒÄ$…Àu8Eô„{ÿÿÿ‹Eðƒ`pýéoÿÿÿƒøu€}ô¶Eøt%‹Mðƒapýë¶Uø¶EùÁâЀ}ôt‹Mðƒapý‹Â_[‹å]ÃU‹ìƒ=À¨Au‹MA¿ƒøwƒÁ ‹Á]Ãjÿuè•þÿÿYY]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìWƒ=L›A‚ý‹}ww¶U‹ÂÁâÐfnÚòpÛÛ¹#σÈÿÓà+ù3ÒóofïÒftÑftËf×Ê#Èuf×É#ȽÁDžÉEЃÈÿƒÇëÐSf×Ù#ØÑá3À+Á#ÈI#Ë[½ÁDžÉDÂ_ÉöU…Òt93À÷Çt¶;ÊDDžÉt G÷ÇuëfnƒÇf:cGð@LðBÁuí_Éøðÿÿÿ#ÇfïÀft¹#ϺÿÿÿÿÓâf×ø#úufïÀft@ƒÀf×ø…ÿtì¼×Â뽋}3ÀƒÉÿò®ƒÁ÷كïŠEýò®ƒÇ8t3Àë‹Çü_ÉÃU‹ì

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1175 bytes) - download
1
2
3
4
5
6
7
8
2019-01-29 14:55:13,222 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-29 14:55:13,930 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-29 14:55:13,930 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-29 14:55:13,931 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-29 14:55:13,931 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-29 14:55:13,931 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9858f7452fb3a7b82d5217dfa2253bd956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01292019.1455-2017-07-05-Japanese-malspam-traffic.pcap -vvv -k none
2019-01-29 14:55:35,286 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-29 14:55:35,286 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.0721480846