KillerInstinct
commented
8 years ago @brad-accuvant If you want, update the cuckoomon dll's to make RtlDecompressBuffer use the 'c' log type to utilize large buffers. As-is we may truncate, thus not logging all C2 domains.
Also extract out campaign ID and C2 domains.