![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| bro/ | 2017-08-31 09:45 | - | |
| 2015-05-01_capture-win8.weblogng | 2016-06-15 17:43 | 232 | |
| 2015-05-01_capture-win8.capinfos | 2016-05-01 17:59 | 762 | |
| README.md | 2016-05-01 18:08 | 839 | |
| README.html | 2017-01-13 22:11 | 1.2K | |
| 2015-05-01_capture-win8.passivedns | 2016-05-01 17:58 | 1.3K | |
| 2015-05-01_capture-win8.tcpdstat | 2016-09-03 16:52 | 1.3K | |
| 2015-05-01_capture-win8.dnstop | 2016-05-01 17:58 | 15K | |
| 14010ce6f03e0a978693424d60e34ba9.exe.zip | 2016-05-01 17:57 | 30K | |
| fast-flux-dga-first-analysis.txt | 2017-01-13 22:11 | 59K | |
| 2015-05-01_capture-win8.rrd | 2016-05-01 17:57 | 8.0M | |
| 2015-05-01_capture-win8.binetflow | 2016-12-05 22:26 | 20M | |
| 2015-05-01_capture-win8.biargus | 2016-12-05 22:25 | 28M | |
| 2015-05-01_capture-win8.pcap | 2016-04-30 15:23 | 54M | |
Zip password: infected
RobotHash
started win4
Infected
It is using DGA, and is the fasted DGA I ever saw. After some days it stopped working
power off