2016-10-23 01:06:22.123126 IP 192.168.1.102.58823 > 61.160.210.226.80: Flags [P.], seq 0:314, ack 1, win 256, length 314: HTTP: GET /cx/160624/6/@19_424481.exe HTTP/1.1 E..bb.@….`…f=……P……..P…G…GET /cx/160624/6/@19_424481.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: 1476976839.xiazaidown.com Connection: Keep-Alive 2016-10-23 01:06:35.377330 IP 192.168.1.102.58827 > 123.103.57.66.80: Flags [P.], seq 0:157, ack 1, win 64240, length 157: HTTP: GET /corp/test/soft.php?id=424481 HTTP/1.1 E…]$@…&W…f{g9B…P.&9.d.7.P….”..GET /corp/test/soft.php?id=424481 HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: installer.zol.com.cn Connection: Keep-Alive Cache-Control: no-cache 2016-10-23 01:06:35.635663 IP 192.168.1.102.58827 > 123.103.57.66.80: Flags [.], ack 2491, win 64240, length 0 E..(]%@…&….f{g9B…P.&:.d.A.P…………. 2016-10-23 01:06:35.845879 IP 192.168.1.102.58826 > 121.41.10.159.80: […]