![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| README.html | 2015-08-28 22:19 | 1.0K | |
| README.md | 2015-08-28 21:55 | 793 | |
| Win2-test.rrd | 2014-01-31 17:38 | 181K | |
| b42b0ba6257f247fcedfaf9f89437615.exe.zip | 2015-12-16 10:26 | 101K | |
| bro/ | 2017-08-31 09:45 | - | |
| capture-win2.biargus | 2014-01-21 12:28 | 16M | |
| capture-win2.dnstop | 2015-08-28 21:47 | 18K | |
| capture-win2.passivedns | 2014-09-17 15:03 | 68K | |
| capture-win2.pcap | 2014-01-31 17:38 | 347M | |
| capture-win2.weblogng | 2016-06-15 17:43 | 1.1M | |
started
infected
Accessing the C&C channel http://i1.ajk123.com/GetVersion.html , we get [def]E126F519FD54EC6F9266B29380869EBC9AA1A077926CF41BF4050B0407025FB45DA6[def] [setup]A562B95DB99FA1A379C69B8F8D94AAAF96A863A17BC655C94AC55DBF53ED39DE38[setup] [inst]5CA8729572C080DC320859C940C797BA99AB60BC5EE13AEC1518EB28FB46C145C6[inst]
stopped win2