Large diffs are not rendered by default.

Large diffs are not rendered by default.

@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path files
#open 2015-03-14-03-12-24
#open 2015-04-20-16-06-02
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string
1258792736.753765 FDbW5b2iLXrF5THMi2 192.168.1.106 212.227.96.110 CuChlg202P8sUFuXrg HTTP 0 MD5,SHA1 - - 0.000000 - T 984 984 0 0 F - 1a2d4fd8d06069db3244ceec0af05cee 49e76419a90f7c1500da9c223e2a5c3fdff20a4d - -
@@ -549,12 +549,11 @@
1258867301.232371 FcUqzn1VfHKfGuvCF4 65.55.200.139 192.168.1.105 Cc1tVKbtBQWt6Agnk SSL 0 X509,MD5,SHA1 application/pkix-cert - 0.000000 - F 1559 - 0 0 F - 6870daee3f74c44bc11fbd18ba938469 7e8ac29c5a328cc271a2d94f7570f7a91bf69405 - -
1258867301.232371 FOyeM71gr890cI5Vy8 65.55.200.139 192.168.1.105 Cc1tVKbtBQWt6Agnk SSL 0 X509,MD5,SHA1 application/pkix-cert - 0.000000 - F 1294 - 0 0 F - 79cbec59ec938f9a35dc592dd93a8b0d 3d291db8ee22bee1337006f2efc6f9dbdd03bb25 - -
1258867308.731426 FUn5Lj1IPr8Q1WayJ1 198.189.255.75 192.168.1.105 CKp2sX3ghIp9dUVTUd HTTP 0 MD5,SHA1 application/x-dosexec - 15.575801 - F 6282376 6282376 0 0 F - 277cef8653ad64f8ea8251372d7f37ee b8e2580a588ec9c449a161aa57cbe3666cc49d1c - -
1258867326.992482 FVZEJg80IdeQIboJg 192.168.1.105 198.189.255.75 CKp2sX3ghIp9dUVTUd HTTP 0 MD5,SHA1 - - 0.000000 - T 0 - 698 0 F - - - - -
1258867324.891010 FksYt51AfdxG8Q1Xw2 198.189.255.75 192.168.1.105 CKp2sX3ghIp9dUVTUd HTTP 0 MD5,SHA1 application/vnd.ms-cab-compressed - 2.101944 - F 1771978 6367266 4264561 0 T - - - - -
1258867933.107164 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 CZ7AsDwZAFHTIK297,CTwyFi3Ga884VkCsYg,CKkNEr1JLlpQXogOw4,CPYqIJ1YeC14kWeta3,CvXqVt17UO389cVe9,CoGIallnHP9ur5wqi,Cjhird32mdtAp2yD5j,CEuHI1225NvjSY4nL1,C990h31PS49LOq05e6,CxfJIL2ZT6Fn4qGqOj,CzpV6I2T11AC16O3Kj,Cioais3aG0doHhYCma,CWDZR82L3P4qSrRQi1,CELy2B4OyRbKQOMW5b,CVBbX93q9P2H9iBG0j,CFJAXj28tJDGM1fyq,C2xCCt2adUA55NRcM5,CQeJsa2uyprxUa8M31,CMMz043RfAv172kGCh,CkvONVFiiEJWW1Pki,C0hjvaO3DWUsxsyBa,CkWGiq1f1gKL7SDON4,CFvkYi4nF1D557ufsc,CnPb7S1VkdxooDzqr2,C3IzcR1xLaS7240mG2,CKNFyV4DcecyEWbx5,C69Fuv3NUmZP0dCyD7,CmIDoV2DmDE6InmuS7,Cnkmwh1UBzzzDklHa5,CyP3cS2YbmBrmdi4sk,CEZUMz1XzPxAmUUFM3,CRAiT2ZMtaDYWQBU9,C5LGY1DyTDg7g9BD9,C6zDAy1PqKbBEsaW24,CcDzLX3TiQOK3H7IVd,CVT1xz2uI2si8AQgLl,ChzQQstQWPaUkgFY8,CtxzZs45LZPaDLejPb,CdUMc41fBvtLtCb0v6,CVkyS21GcS8aNu3Tf6,Crnc6F3huuwuNI7xif,CGsTmt2XhZ5ZAKj1L5,Cd4aoS3MS2M6LiExye,C91iMO3KcD3aBq6PEe,CTTUDI1Sufm4DH59q3,CM0uRbxgkrj5ZPXIh,CnhGBg1yvCJZMa9Dp5,Cwa5Y04TtuG47AzlRd,C0rvYj8lV5mkrrXw8,CvPTxCEkayx0Ao2S6,C8HpIa4GDNNlPmnidd,CNu9uf4N5wq0IORWxc,COs6YLtOKQypsEgbl,CMRiG03kGJFgEighh8,CEH4da21h7z6rTlV11,COfZBKCZNOlvG9Nlk,C9bWDi2VkW8BdB1qE,CmYvm02UHq399vLn22,CZWLnp4BcQRYVXqAVb,CD9S1j2cORgoEpQyF,CeZco74k1voH5w0fid,Cg7giA3wFdqG41X2Yf HTTP 0 MD5,SHA1 - - 10.503466 - F 21425324 605292323 587847509 338764299 F - - - - -
1258867943.610641 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 Cs3FdU76RrZIXkU4l,CWDZR82L3P4qSrRQi1 HTTP 0 MD5,SHA1 - - 0.791753 - F 2395125 605292323 807218963 779249465 F - - - - -
1258867944.402417 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 Cs3FdU76RrZIXkU4l,CdTaJI33AuRjJDuacf,CtcW9D2YOmP2XWxyPl HTTP 0 MD5,SHA1 - - 2.265287 - F 7876600 605292323 1003841976 952053964 F - - - - -
1258867946.667717 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 Cw2R6x32txrHbakk2g,CtcW9D2YOmP2XWxyPl HTTP 0 MD5,SHA1 - - 1.135232 - F 3921483 605292323 531202759 531202759 T - - - - -
1258867933.107164 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 CZ7AsDwZAFHTIK297,CTwyFi3Ga884VkCsYg,CKkNEr1JLlpQXogOw4,CPYqIJ1YeC14kWeta3,CvXqVt17UO389cVe9,CoGIallnHP9ur5wqi,Cjhird32mdtAp2yD5j,CEuHI1225NvjSY4nL1,C990h31PS49LOq05e6,CxfJIL2ZT6Fn4qGqOj,CzpV6I2T11AC16O3Kj,Cioais3aG0doHhYCma,CWDZR82L3P4qSrRQi1,CELy2B4OyRbKQOMW5b,CVBbX93q9P2H9iBG0j,CFJAXj28tJDGM1fyq,C2xCCt2adUA55NRcM5,CQeJsa2uyprxUa8M31,CMMz043RfAv172kGCh,CkvONVFiiEJWW1Pki,C0hjvaO3DWUsxsyBa,CkWGiq1f1gKL7SDON4,CFvkYi4nF1D557ufsc,CnPb7S1VkdxooDzqr2,C3IzcR1xLaS7240mG2,CKNFyV4DcecyEWbx5,C69Fuv3NUmZP0dCyD7,CmIDoV2DmDE6InmuS7,Cnkmwh1UBzzzDklHa5,CyP3cS2YbmBrmdi4sk,CEZUMz1XzPxAmUUFM3,CRAiT2ZMtaDYWQBU9,C5LGY1DyTDg7g9BD9,C6zDAy1PqKbBEsaW24,CcDzLX3TiQOK3H7IVd,CVT1xz2uI2si8AQgLl,ChzQQstQWPaUkgFY8,CtxzZs45LZPaDLejPb,CdUMc41fBvtLtCb0v6,CVkyS21GcS8aNu3Tf6,Crnc6F3huuwuNI7xif,CGsTmt2XhZ5ZAKj1L5,Cd4aoS3MS2M6LiExye,C91iMO3KcD3aBq6PEe,CTTUDI1Sufm4DH59q3,CM0uRbxgkrj5ZPXIh,CnhGBg1yvCJZMa9Dp5,Cwa5Y04TtuG47AzlRd,C0rvYj8lV5mkrrXw8,CvPTxCEkayx0Ao2S6,C8HpIa4GDNNlPmnidd,CNu9uf4N5wq0IORWxc,COs6YLtOKQypsEgbl,CMRiG03kGJFgEighh8,CEH4da21h7z6rTlV11,COfZBKCZNOlvG9Nlk,C9bWDi2VkW8BdB1qE,CmYvm02UHq399vLn22,CZWLnp4BcQRYVXqAVb,CD9S1j2cORgoEpQyF,CeZco74k1voH5w0fid,Cg7giA3wFdqG41X2Yf HTTP 0 MD5,SHA1 - - 10.549889 - F 21673724 605292323 598055505 346805777 F - - - - -
1258867943.657324 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 Cs3FdU76RrZIXkU4l,CWDZR82L3P4qSrRQi1 HTTP 0 MD5,SHA1 - - 0.605379 - F 1623705 605292323 807467363 779497865 F - - - - -
1258867944.262711 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 Cs3FdU76RrZIXkU4l,CdTaJI33AuRjJDuacf,CtcW9D2YOmP2XWxyPl HTTP 0 MD5,SHA1 - - 2.281879 - F 7875156 605292323 954833487 954797607 F - - - - -
1258867946.544599 F2xow8TIkvHG4Zz41 198.189.255.75 192.168.1.105 Cw2R6x32txrHbakk2g,CtcW9D2YOmP2XWxyPl HTTP 0 MD5,SHA1 - - 1.258350 - F 4445947 605292323 530678295 482192826 T - - - - -
1258867947.946351 F8NT363EZJkx2RuWW5 198.189.255.75 192.168.1.105 CW69rq2pfRcupeD6v8,Cw2R6x32txrHbakk2g,CT9cBs04gVwEf3OZ8,CWbnbA1caLNM2isRN3,CyMEyls9nZC6muksi,CLAMoI1ZDDNJbY1lo3 HTTP 0 MD5,SHA1 - - 0.294078 - F 233405 9373101 4405611 0 T - - - - -
1258869363.009284 Fl448417eBFTCRraz4 192.168.1.103 87.106.1.47 CIbp703RYNkFeCrCHi HTTP 0 MD5,SHA1 - - 0.000000 - T 984 984 0 0 F - 097cbea0e9c47249bfcccf39292d1af6 3d98623ff0276fa5bdecaa9bfac1f195a98c973d - -
1258869363.181165 Fkvse131ppP9uIYXQ2 87.106.1.47 192.168.1.103 CIbp703RYNkFeCrCHi HTTP 0 MD5,SHA1 - - 0.000000 - F 96 96 0 0 F - 87ce674424412d142e8f91a7d0a31543 0d37ea982113bceb6cc8a9def8397c6a23192e7d - -
@@ -620,4 +619,4 @@
1258876547.358007 FTUD6fSvXF9wm0H2g 87.106.13.62 192.168.1.103 CbjVZK1QIIqHBq1eQf HTTP 0 MD5,SHA1 - - 0.000000 - F 96 96 0 0 F - 87ce674424412d142e8f91a7d0a31543 0d37ea982113bceb6cc8a9def8397c6a23192e7d - -
1258876548.112539 FgMkAt13zRtPlxEXB2 192.168.1.103 87.106.66.233 C4iBns2WTb7piBfsDl HTTP 0 MD5,SHA1 - - 0.000000 - T 992 992 0 0 F - fffdfca329f781cb77c49f02a5fcf18c fc2e881140751f2fdf2f770ebe6650b3a364c2db - -
1258876548.285417 FyhXjQ1GQxgYjS3Rgk 87.106.66.233 192.168.1.103 C4iBns2WTb7piBfsDl HTTP 0 MD5,SHA1 - - 0.000000 - F 96 96 0 0 F - 87ce674424412d142e8f91a7d0a31543 0d37ea982113bceb6cc8a9def8397c6a23192e7d - -
#close 2015-03-14-03-12-32
#close 2015-04-20-16-06-10
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path http
#open 2015-01-21-20-06-54
#open 2015-04-20-16-06-02
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types client_header_names server_header_names cookie_vars uri_vars
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
1258792736.753765 CuChlg202P8sUFuXrg 192.168.1.106 1214 212.227.96.110 80 1 POST 212.227.96.110 /rpc.html?e=bl - SCSDK-6.0.0 984 96 200 OK - - - (empty) - - - FDbW5b2iLXrF5THMi2 - FxOzz31q8CFeyuy9p3 - USER-AGENT,HOST,ACCEPT,CONTENT-TYPE,CONTENT-LENGTH - - /rpc.html?e
@@ -381,7 +381,7 @@
1258867323.032182 CKp2sX3ghIp9dUVTUd 192.168.1.105 49186 198.189.255.75 80 13 GET au.download.windowsupdate.com /msdownload/update/software/svpk/2009/05/prereqtool_b8e2580a588ec9c449a161aa57cbe3666cc49d1c.exe - Microsoft BITS/7.0 0 2287473 206 Partial Content - - - (empty) - - - - - - - ACCEPT,ACCEPT-ENCODING,RANGE,IF-UNMODIFIED-SINCE,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/05/prereqtool_b8e2580a588ec9c449a161aa57cbe3666cc49d1c.exe
1258867324.047792 CKp2sX3ghIp9dUVTUd 192.168.1.105 49186 198.189.255.75 80 14 GET au.download.windowsupdate.com /msdownload/update/software/svpk/2009/05/prereqtool_b8e2580a588ec9c449a161aa57cbe3666cc49d1c.exe - Microsoft BITS/7.0 0 1178498 206 Partial Content - - - (empty) - - - - - - - ACCEPT,ACCEPT-ENCODING,RANGE,IF-UNMODIFIED-SINCE,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/05/prereqtool_b8e2580a588ec9c449a161aa57cbe3666cc49d1c.exe
1258867324.781580 CKp2sX3ghIp9dUVTUd 192.168.1.105 49186 198.189.255.75 80 15 HEAD au.download.windowsupdate.com /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-express_86249295ace3385ebcf677ba643f5e64891e44aa.cab - Microsoft BITS/7.0 0 0 200 OK - - - (empty) - - - - - - - ACCEPT,ACCEPT-ENCODING,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-express_86249295ace3385ebcf677ba643f5e64891e44aa.cab
1258867324.863031 CKp2sX3ghIp9dUVTUd 192.168.1.105 49186 198.189.255.75 80 16 GET au.download.windowsupdate.com /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-express_86249295ace3385ebcf677ba643f5e64891e44aa.cab - Microsoft BITS/7.0 0 1811998 206 Partial Content - - - (empty) - - - FVZEJg80IdeQIboJg - FksYt51AfdxG8Q1Xw2 application/vnd.ms-cab-compressed ACCEPT,ACCEPT-ENCODING,RANGE,IF-UNMODIFIED-SINCE,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-express_86249295ace3385ebcf677ba643f5e64891e44aa.cab
1258867324.863031 CKp2sX3ghIp9dUVTUd 192.168.1.105 49186 198.189.255.75 80 16 GET au.download.windowsupdate.com /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-express_86249295ace3385ebcf677ba643f5e64891e44aa.cab - Microsoft BITS/7.0 0 1811998 206 Partial Content - - - (empty) - - - - - FksYt51AfdxG8Q1Xw2 application/vnd.ms-cab-compressed ACCEPT,ACCEPT-ENCODING,RANGE,IF-UNMODIFIED-SINCE,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-express_86249295ace3385ebcf677ba643f5e64891e44aa.cab
1258867931.630106 CGsTmt2XhZ5ZAKj1L5 192.168.1.105 49187 198.189.255.75 80 1 HEAD au.download.windowsupdate.com /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-neutral_18cf4afec572b84deb9078578e6fe61696f60050.psf - Microsoft BITS/7.0 0 0 200 OK - - - (empty) - - - - - - - ACCEPT,ACCEPT-ENCODING,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-neutral_18cf4afec572b84deb9078578e6fe61696f60050.psf
1258867932.998755 CGsTmt2XhZ5ZAKj1L5 192.168.1.105 49187 198.189.255.75 80 2 HEAD au.download.windowsupdate.com /msdownload/update/software/svpk/2009/04/windows6.0-kb948465-x86-en-us_d9350bcd366f82e06ff54436c90e07b56a207655.psf - Microsoft BITS/7.0 0 0 200 OK - - - (empty) - - - - - - - ACCEPT,ACCEPT-ENCODING,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/04/windows6.0-kb948465-x86-en-us_d9350bcd366f82e06ff54436c90e07b56a207655.psf
1258867933.084461 CGsTmt2XhZ5ZAKj1L5 192.168.1.105 49187 198.189.255.75 80 3 GET au.download.windowsupdate.com /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-neutral_18cf4afec572b84deb9078578e6fe61696f60050.psf - Microsoft BITS/7.0 0 4346 206 Partial Content - - - (empty) - - - - - F2xow8TIkvHG4Zz41 - ACCEPT,ACCEPT-ENCODING,RANGE,IF-UNMODIFIED-SINCE,USER-AGENT,HOST,CONNECTION - - /msdownload/update/software/svpk/2009/05/windows6.0-kb948465-x86-neutral_18cf4afec572b84deb9078578e6fe61696f60050.psf
@@ -488,4 +488,4 @@
1258876546.658954 CJ3lcvtDwr5J3MUl8 192.168.1.103 1721 87.106.13.61 80 1 POST 87.106.13.61 /rpc.html?e=bl - SCSDK-6.0.0 1064 96 200 OK 100 Continue - (empty) - - - FQu18R2OC4WXq1id1d - F8Adc523yoxkB1AXt1 - USER-AGENT,HOST,ACCEPT,CONTENT-TYPE,CONTENT-LENGTH,EXPECT - - /rpc.html?e
1258876547.184622 CbjVZK1QIIqHBq1eQf 192.168.1.103 1722 87.106.13.62 80 1 POST 87.106.13.62 /rpc.html?e=bl - SCSDK-6.0.0 992 96 200 OK - - - (empty) - - - FKXzTuoDORVKNAYe7 - FTUD6fSvXF9wm0H2g - USER-AGENT,HOST,ACCEPT,CONTENT-TYPE,CONTENT-LENGTH - - /rpc.html?e
1258876548.112539 C4iBns2WTb7piBfsDl 192.168.1.103 1723 87.106.66.233 80 1 POST 87.106.66.233 /rpc.html?e=bl - SCSDK-6.0.0 992 96 200 OK - - - (empty) - - - FgMkAt13zRtPlxEXB2 - FyhXjQ1GQxgYjS3Rgk - USER-AGENT,HOST,ACCEPT,CONTENT-TYPE,CONTENT-LENGTH - - /rpc.html?e
#close 2015-01-21-20-07-24
#close 2015-04-20-16-06-10