Chinese Clickfraud Malware Sample   2016-10-23 01:01:43.503345 IP 192.168.1.102.58777 > 203.130.54.225.80: Flags [P.], seq 0:313, ack 1, win 256, length 313: HTTP: GET /xunyou2014/uninstall_20160329.exe HTTP/1.1 E..a|.@….$…f..6….P…….KP…0…GET /xunyou2014/uninstall_20160329.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: update.xunyou.com Connection: Keep-Alive 2016-10-23 01:03:18.297533 IP 192.168.1.102.58788 > 203.130.54.225.80: Flags [P.], seq 0:98, ack 1, win 256, length 98: HTTP: GET /xunyouclient/xunyou_2014.exe HTTP/1.1 E…|.@……..f..6….P.HQD….P….F..GET /xunyouclient/xunyou_2014.exe HTTP/1.1 Host: download.xunyou.com Cache-Control: no-cache 2016-10-23 01:03:18.773535 IP 192.168.1.102.58788 > 203.130.54.225.80: Flags [.], ack 1183, win 252, length 0 E..(|.@….u…f..6….P.HQ….[P…:……… 2016-10-23 01:03:18.812841 IP 192.168.1.102.58788 > 203.130.54.225.80: […]