started win3
infected
We copied some fake documents in C:/Users/Administrator/Documents/ of the Administrator user to see if the malware is doing something with them. We copied using the shared folders, so no traffic was generated.
Up to now, nothing new happened
I rebooted the vm to see if something new would happen.
This is the time of the last communication with the CC. From this moment there were no packets send.
I will reboot the machine now to see what happens.
Rebooted the vm.
After the reboot it started working again. Not sure what happened.
Vm stopped