54.214.246.97 advance_pc_care_1.exe Malware Zusy Trojan Downloader PCAP file download Traffic Sample

2016-10-23 01:14:54.600825 IP 192.168.1.102.58864 > 193.238.153.90.80: Flags [P.], seq 0:307, ack 1, win 256, length 307: HTTP: GET /advance_pc_care_1.exe HTTP/1.1
E..[P.@……..f…Z…P …….P….e..GET /advance_pc_care_1.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: ehoshapha.48wwuved42.ru
Connection: Keep-Alive


E..(s.@……..f6..a…P….^.9.P…[………
2016-10-23 01:15:01.535263 IP 192.168.1.102.58867 > 54.214.246.97.80: Flags [P.], seq 0:189, ack 1, win 256, length 189: HTTP: POST /log/AdvancedPCCare_IC/install HTTP/1.1
E…t.@……..f6..a…P….^.9.P…+…POST /log/AdvancedPCCare_IC/install HTTP/1.1
Content-Length: 80
Content-Type: application/x-www-form-urlencoded
User-Agent: WinHttpClient
Host: 54.214.246.97
Connection: Keep-Alive