started already infected
The bot stop sending packets from the malware. There are only packets from the windows.... Don't know what happened. The vm is running perfectly, and there were no errors.
To see what happens I restarted the Windows (not the vm).
The bot started again to do stuff with the Microsoft domain, so it was infected. I wonder what happened.
The bot stop sending packests again. We figure it out that the malware works for 2 days and then stops.
We are restarting it again and keeping the same pcap
poweroff