#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	http
#open	2022-07-14-15-17-50
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types	label	detailedlabel
#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	string	string
17.617096	CsbZaTu3TzWCN1GMi	192.168.1.113	49159	195.113.232.73	80	1	GET	www.msftncsi.com	/ncsi.txt	-	1.1	Microsoft NCSI	-	0	14	200	OK	-	-	(empty)	-	-	-	-	-	-	FJ2X7WTEPmlwWz94l	-	text/plain	Benign	Windows
1903.494523	CE7fw52I2h0LUSYp3b	192.168.1.113	49160	184.73.220.206	80	1	GET	api.ipify.org	/	-	1.1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3165.0 Safari/537.36	-	0	12	200	OK	-	-	(empty)	-	-	-	-	-	-	FFYcCD2U6I11kfbUvf	-	text/plain	Malicious	CC
2101.408142	CP6ddN1vui5RkhZ6db	192.168.1.113	49168	192.35.177.64	80	1	GET	apps.identrust.com	/roots/dstrootcax3.p7c	-	1.1	Microsoft-CryptoAPI/6.1	-	0	893	200	OK	-	-	(empty)	-	-	-	-	-	-	FgdLHe1oW8oT2nsi2d	-	-	Malicious	(empty)
2102.207169	C3BnLNh9IUYPJt4zc	192.168.1.113	49169	195.113.232.72	80	1	GET	www.download.windowsupdate.com	/msdownload/update/v3/static/trustedr/en/authrootstl.cab	-	1.1	Microsoft-CryptoAPI/6.1	-	0	53978	200	OK	-	-	(empty)	-	-	-	-	-	-	FMfGzR15ykmRpnbdSh	-	application/vnd.ms-cab-compressed	Malicious	(empty)
609142.560937	Co9Tls2JBQi1KD1mZ6	192.168.1.113	49512	68.232.34.240	80	1	GET	www.download.windowsupdate.com	/msdownload/update/v3/static/trustedr/en/authrootstl.cab	-	1.1	Microsoft-CryptoAPI/6.1	-	0	54018	200	OK	-	-	(empty)	-	-	-	-	-	-	FA6cqP1awCgkHEXrdb	-	application/vnd.ms-cab-compressed	Malicious	(empty)
1215046.465780	CCpV0C2IIXMU6NGcW3	192.168.1.113	49369	68.232.34.240	80	1	GET	www.download.windowsupdate.com	/msdownload/update/v3/static/trustedr/en/authrootstl.cab	-	1.1	Microsoft-CryptoAPI/6.1	-	0	0	304	Not Modified	-	-	(empty)	-	-	-	-	-	-	-	-	-	Malicious	(empty)
1821744.585999	CmA2PlmRmO7RmLtG1	192.168.1.113	49682	195.113.232.73	80	1	GET	www.download.windowsupdate.com	/msdownload/update/v3/static/trustedr/en/authrootstl.cab	-	1.1	Microsoft-CryptoAPI/6.1	-	0	0	304	Not Modified	-	-	(empty)	-	-	-	-	-	-	-	-	-	Benign	Windows
2429249.638353	CGyUbo4nwKm2k4wNrk	192.168.1.113	49779	93.184.221.240	80	1	GET	www.download.windowsupdate.com	/msdownload/update/v3/static/trustedr/en/authrootstl.cab	-	1.1	Microsoft-CryptoAPI/6.1	-	0	54018	200	OK	-	-	(empty)	-	-	-	-	-	-	Fu9roM2rsJSCzQT1X5	-	application/vnd.ms-cab-compressed	Malicious	(empty)
#close	2022-07-14-15-18-20