Index of /publicDatasets/CTU-Malware-Capture-Botnet-144-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2015-10-23_win5.biargus2016-12-05 22:28 49M 
[   ]2015-10-23_win5.binetflow2016-12-05 22:28 24M 
[   ]2015-10-23_win5.capinfos2015-10-23 12:14 758  
[   ]2015-10-23_win5.dnstop2015-10-23 12:11 18K 
[TXT]2015-10-23_win5.html2015-10-23 13:02 38M 
[   ]2015-10-23_win5.json2015-10-23 13:02 64M 
[   ]2015-10-23_win5.passivedns2015-10-23 12:11 428K 
[   ]2015-10-23_win5.pcap2015-10-23 12:10 283M 
[   ]2015-10-23_win5.rrd2015-10-23 12:10 8.0M 
[   ]2015-10-23_win5.tcpdstat2016-12-05 22:28 2.3K 
[   ]2015-10-23_win5.uniargus2016-12-05 22:28 139M 
[   ]2015-10-23_win5.uninetflow2016-12-05 22:28 86M 
[   ]2015-10-23_win5.weblogng2016-06-15 17:41 13M 
[TXT]README.html2017-01-14 17:01 1.8K 
[TXT]README.md2015-10-23 12:11 1.2K 
[DIR]bro/2017-08-31 09:45 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-14 17:01 95K 
[   ]uTorrent.exe.zip2015-12-16 10:26 1.7M 

Description

Timeline

Wed Sep 23 17:56:41 CEST 2015

started win5

Wed Sep 23 17:57:56 CEST 2015

google.com

Wed Sep 23 17:58:21 CEST 2015

search for "utorrent"

Wed Sep 23 17:59:06 CEST 2015

access www.utorrent.com

Wed Sep 23 17:59:38 CEST 2015

download utorrent for windows

Wed Sep 23 18:01:29 CEST 2015

Executed the file utorrent.exe

Wed Sep 23 18:04:02 CEST 2015

Continue with the install, clicking all yes.

It opened the utorrent program I can see requests in the traffic to api.opencandy.com!

Thu Oct 22 18:50:00 CEST 2015 approx

Vm was stopped