2016-10-23 01:14:54.600825 IP 192.168.1.102.58864 > 193.238.153.90.80: Flags [P.], seq 0:307, ack 1, win 256, length 307: HTTP: GET /advance_pc_care_1.exe HTTP/1.1 E..[P.@……..f…Z…P …….P….e..GET /advance_pc_care_1.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: ehoshapha.48wwuved42.ru Connection: Keep-Alive — E..(s.@……..f6..a…P….^.9.P…[……… 2016-10-23 01:15:01.535263 IP 192.168.1.102.58867 > 54.214.246.97.80: Flags [P.], seq 0:189, ack 1, win 256, length 189: HTTP: POST /log/AdvancedPCCare_IC/install HTTP/1.1 E…t.@……..f6..a…P….^.9.P…+…POST /log/AdvancedPCCare_IC/install HTTP/1.1 Content-Length: 80 Content-Type: application/x-www-form-urlencoded User-Agent: WinHttpClient Host: 54.214.246.97 Connection: Keep-Alive Please follow and like us: