What is the name of the executable in the malicious url? Submit the filename as the flag: flag{virus.bad}.
Simply opening it up in wireshark, we can see the flag-
flag{solut.exe}
Remotely Administered Evil 2:
Briefing:
What MYDDNS domain is used for the post-infection traffic in RATPack.pcap?
Use the file from Remotely Administrated Evil.
All you need to do here is filter for dns traffic. Because there weren't too many packets, I spotted the flag almost immediately and didn't have to filter further.