2016-10-26 00:38:49.205338 IP 192.168.1.102.62152 > 219.84.168.195.80: Flags [P.], seq 0:290, ack 1, win 256, length 290: HTTP: GET /176Win.exe HTTP/1.1 E..J..@……..f.T…..P…..Ii.P….I..GET /176Win.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: sqiuba.176win.com Connection: Keep-Alive 2016-10-26 00:38:49.441803 IP 192.168.1.102.62152 > 219.84.168.195.80: Flags [.], ack 2921, win 256, length 0 E..(..@……..f.T…..P…..It.P… /…….. — E..(.U@….T…f.T…..P#]…B.hP…………. 2016-10-26 00:39:00.214544 IP 192.168.1.102.62155 > 219.84.168.195.80: Flags [P.], seq 0:218, ack 1, win 256, length 218: HTTP: GET /load.swf HTTP/1.1 E….V@….y…f.T…..P#]…B.hP…….GET /load.swf HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; […]