![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| fast-flux-dga-first-analysis.txt | 2017-01-15 13:04 | 196 | |
| bro/ | 2017-04-25 09:29 | - | |
| README.md | 2015-06-12 15:04 | 860 | |
| README.html | 2017-04-25 09:29 | 1.0K | |
| 43671d11ed11b2764a660c5bfbb83067.exe.zip | 2015-12-16 10:26 | 181K | |
| 2015-04-09_capture-win3.weblogng | 2016-06-15 18:04 | 232 | |
| 2015-04-09_capture-win3.tcpdstat | 2016-12-05 22:30 | 1.3K | |
| 2015-04-09_capture-win3.rrd | 2015-04-08 22:04 | 8.0M | |
| 2015-04-09_capture-win3.pcap | 2017-04-25 09:29 | 47M | |
| 2015-04-09_capture-win3.passivedns | 2016-12-05 22:30 | 8.4K | |
| 2015-04-09_capture-win3.dnstop | 2016-12-05 22:30 | 1.9K | |
| 2015-04-09_capture-win3.capinfos | 2016-12-05 22:30 | 1.1K | |
| 2015-04-09_capture-win3.binetflow | 2016-12-05 22:30 | 11M | |
| 2015-04-09_capture-win3.biargus | 2016-12-05 22:30 | 16M | |
start win3
Probably Volatile Cedar
It worked! It seems it is doing some DNS request to www.microsoft.com! 01:04:44.956138 udp 10.0.2.103 52522 <-> 8.8.8.8 53 CON 2 345 s[35]=.............www.microsoft.com..... d[120]=.............www.microsoft.com.................toggle.www.ms.akadns.net../...........www.microsoft.com-c.edgekey.D.U... s[35]=.............www.microsoft.com..... d[226]=.............www.microsoft.com.................toggle.www.ms.akadns.net../...........www.microsoft.com-c.edgekey.D.U......!....www.microsoft.com-c.edgekey.net.globalredir.=.............e10088.dspb.akamaiedge.D.............?O.
The computer froze yesterday around 22hs. I'm starting