Play interactive tour

Edit tour

Windows Analysis Report Quotation.jar

Overview

General Information

Sample Name:	Quotation.jar
Analysis ID:	492179
MD5:	8eab8f1a928fa55303b7558536079a2a
SHA1:	491e913225a8c8d144c538fe27cf62f5a8465b38
SHA256:	20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
Tags:	jarSTRRAT
Infos:
Most interesting Screenshot:

Detection

STRRAT

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected STRRAT

Multi AV Scanner detection for submitted file

Yara detected AllatoriJARObfuscator

Sample execution stops while process was sleeping (likely an evasion)

Found inlined nop instructions (likely shell or obfuscated code)

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 5680 cmdline: C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

7za.exe (PID: 3312 cmdline: 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar' MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)

cmd.exe (PID: 3068 cmdline: 'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun >> C:\cmdlinestart.log 2>&1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 5292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

java.exe (PID: 5672 cmdline: java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun MD5: 28733BA8C383E865338638DF5196E6FE)

icacls.exe (PID: 2728 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)

conhost.exe (PID: 972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\cmdlinestart.log	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.624987172.000000000A7A5000.00000004.00000001.sdmp	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security
00000004.00000002.624888196.000000000A76A000.00000004.00000001.sdmp	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security
00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	JoeSecurity_STRRAT	Yara detected STRRAT	Joe Security
Process Memory Space: java.exe PID: 5672	JoeSecurity_STRRAT	Yara detected STRRAT	Joe Security
Process Memory Space: java.exe PID: 5672	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Quotation.jar	Virustotal: Detection: 26%			Perma Link
Source: Quotation.jar	ReversingLabs: Detection: 22%

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Code function: 4x nop then cmp eax, dword ptr [ecx+04h]

Source: java.exe, 00000004.00000002.624973788.000000000A79C000.00000004.00000001.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000004.00000002.624997944.000000000A7A7000.00000004.00000001.sdmp	String found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
Source: java.exe, 00000004.00000002.625109003.000000000A841000.00000004.00000001.sdmp, java.exe, 00000004.00000002.626580678.000000001576E000.00000004.00000001.sdmp	String found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: java.exe, 00000004.00000002.624987172.000000000A7A5000.00000004.00000001.sdmp, cmdlinestart.log.4.dr	String found in binary or memory: http://www.allatori.com
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Code function: 4_2_030CC241

Source: Quotation.jar	Virustotal: Detection: 26%
Source: Quotation.jar	ReversingLabs: Detection: 22%

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user

Jump to behavior

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll

Source: C:\Windows\System32\7za.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: classification engine

Classification label: mal60.troj.evad.winJAR@10/67@0/0

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Source: unknown	Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5292:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:972:120:WilError_01

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Data Obfuscation:

Yara detected AllatoriJARObfuscator

Show sources

Source: Yara match	File source: 00000004.00000002.624987172.000000000A7A5000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.624888196.000000000A76A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 5672, type: MEMORYSTR
Source: Yara match	File source: C:\cmdlinestart.log, type: DROPPED

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302BB27 push 00000000h; mov dword ptr [esp], esp
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302B377 push 00000000h; mov dword ptr [esp], esp
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302B907 push 00000000h; mov dword ptr [esp], esp
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302A1CA push ecx; ret
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302A1DB push ecx; ret
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_03032D44 push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302C437 push 00000000h; mov dword ptr [esp], esp
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_030C7FD1 push cs; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_030D1EEC push es; retn 0001h

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: java.exe, 00000004.00000002.621877991.0000000002E25000.00000004.00000001.sdmp	Binary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000004.00000002.621877991.0000000002E25000.00000004.00000001.sdmp	Binary or memory string: \|[Ljava/lang/VirtualMachineError;

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Memory protected: page read and write | page guard

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: &Program Manager
Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Code function: 4_2_03020380 cpuid

Stealing of Sensitive Information:

Yara detected STRRAT

Show sources

Source: Yara match	File source: 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 5672, type: MEMORYSTR

Remote Access Functionality:

Yara detected STRRAT

Show sources

Source: Yara match	File source: 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 5672, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Services File Permissions Weakness1	Services File Permissions Weakness1	Services File Permissions Weakness1	OS Credential Dumping	Security Software Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection12	Disable or Modify Tools1	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection12	Security Account Manager	System Information Discovery11	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Quotation.jar	27%	Virustotal		Browse
Quotation.jar	22%	ReversingLabs	ByteCode-JAVA.Downloader.BanLoad

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://crl.xrampsecurity.com/XGCA.crl	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl	0%	URL Reputation	safe
http://bugreport.sun.com/bugreport/	0%	Virustotal		Browse
http://bugreport.sun.com/bugreport/	0%	Avira URL Cloud	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5	0%	URL Reputation	safe
https://ocsp.quovadisoffshore.com	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl0	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl0	0%	URL Reputation	safe
http://crl.xrampsecurity.com/XGCA.crl0	0%	URL Reputation	safe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl	0%	URL Reputation	safe
http://www.quovadis.bm	0%	URL Reputation	safe
http://www.quovadis.bm0	0%	URL Reputation	safe
https://ocsp.quovadisoffshore.com0	0%	URL Reputation	safe
http://www.allatori.com	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl	0%	URL Reputation	safe
http://www.chambersign.org	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.xrampsecurity.com/XGCA.crl	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar	java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	false		high
http://crl.chambersign.org/chambersroot.crl0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.certplus.com/CRL/class2.crl	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://bugreport.sun.com/bugreport/	java.exe, 00000004.00000002.624973788.000000000A79C000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://cps.chambersign.org/cps/chambersroot.html0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://java.oracle.com/	java.exe, 00000004.00000002.624997944.000000000A7A7000.00000004.00000001.sdmp	false		high
http://null.oracle.com/	java.exe, 00000004.00000002.625109003.000000000A841000.00000004.00000001.sdmp, java.exe, 00000004.00000002.626580678.000000001576E000.00000004.00000001.sdmp	false		high
http://www.chambersign.org1	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://repository.swisssign.com/0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false		high
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar	java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	false		high
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5	java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://policy.camerfirma.com	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false		high
https://ocsp.quovadisoffshore.com	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar	java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	false		high
http://crl.securetrust.com/STCA.crl0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.quovadisglobal.com/cps	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.certplus.com/CRL/class3P.crl	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.certplus.com/CRL/class3P.crl0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://crl.securetrust.com/STCA.crl	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.certplus.com/CRL/class2.crl0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.quovadisglobal.com/cps0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false		high
http://crl.xrampsecurity.com/XGCA.crl0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.quovadis.bm	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.quovadis.bm0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://ocsp.quovadisoffshore.com0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.allatori.com	java.exe, 00000004.00000002.624987172.000000000A7A5000.00000004.00000001.sdmp, cmdlinestart.log.4.dr	false	URL Reputation: safe	unknown
http://crl.chambersign.org/chambersroot.crl	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://repository.swisssign.com/	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false		high
http://www.chambersign.org	java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar	java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	false		high
http://policy.camerfirma.com0	java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	492179
Start date:	28.09.2021
Start time:	13:03:19
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 51s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Quotation.jar
Cookbook file name:	defaultwindowsfilecookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Without Tracing
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.troj.evad.winJAR@10/67@0/0
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 76% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .jar
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.211.4.86 Excluded domains from analysis (whitelisted): fs.microsoft.com, e1723.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp Download File
Process:	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.911322908673849
Encrypted:	false
SSDEEP:	3:oFj4I5vpN6yUaf1bL:oJ5X6y7bL
MD5:	0F266CF7193A3BBCCE1BEDE248FF59CF
SHA1:	B42AF964B6ED1EDBE05AC33DE2842545C901FF36
SHA-256:	69756F90CC0C79595BB98298BE8ED694CC96ED0D928A0BAA0ED6488117769DCC
SHA-512:	92D9C4CAEAAC59614D97AAF698882BAC974BB0100127E5A66A4C2B52FEB5388A6CE26DA48B5FFFD4E798ED47D164555227238F0AD78354230CA6A9629D3542C6
Malicious:	false
Reputation:	low
Preview:	C:\Program Files (x86)\Java\jre1.8.0_211..1632859463930..

C:\cmdlinestart.log Download File
Process:	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	modified
Size (bytes):	683
Entropy (8bit):	2.6174665821196093
Encrypted:	false
SSDEEP:	6:LLpG4/7s3FeFjtG22T0CgUS8F/SANtBomrGb4MEuigyDTeGQhx7aMkLTOIv:nphg3FeFBio8FqANtaXNi1/ZQPaMkvOS
MD5:	37B52246CF0EBFBFF8EF7A9658D7B51F
SHA1:	BFA1DFB7173AE2613F43D0D1D66AB6747B3DB48B
SHA-256:	814D9E3C403422E46F0D863C10DD960586C833458D5F684B55A122CA52167041
SHA-512:	268588BFF36FFEEC28CFB0C53D1815255D22F4064012C8B3E1D34982B377D99FFC0493CD15C91CC59C4AFA2C17F1E0D01D19D3B3F746C419B38D9443A4016595
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: C:\cmdlinestart.log, Author: Joe Security
Preview:	.################################################.# #.# ## # # ## ### ### ## ### #.# # # # # # # # # # # # # #.# ### # # ### # # # ## # #.# # # ### ### # # # ### # # ### #.# #.# Obfuscation by Allatori Obfuscator v7.3 DEMO #.# #.# http://www.allatori.com #.# #.################################################...Inside main method..Inside constructor..Executing else..Inside InitLib..Inside completeJob..

C:\jar\META-INF\MANIFEST.MF Download File
Process:	C:\Windows\System32\7za.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	305
Entropy (8bit):	5.120755883071443
Encrypted:	false
SSDEEP:	6:1KItJtf9FyucqNF2wuoxXbPWMXlUWKgLQAw0ZEDs+sHK8FUs5Rr:1Tt/ffx1TBWMXZCfy59
MD5:	49D087BDC8ACB4DF60649D704C94D2D6
SHA1:	6B32187725F254332B6A67E947E8CAFACA45A0EA
SHA-256:	DB87F882E09217C84F7B9DB915CB4D28CFB17F99C0B4647BF9772D5916053460
SHA-512:	5AA4CBE3AA5884049DB7CF76E915F1C3F75BD478AC7C094FDE8CC9D63E9232F688310DC7EFDCBAA2932ADB43822CBBF5B1644338FF02A024DBF64D8E0D57AB03
Malicious:	false
Preview:	Manifest-Version: 1.0..Ant-Version: Apache Ant 1.7.1..Created-By: 24.80-b11 (Oracle Corporation)..Main-Class: carLambo.FirstRun..Class-Path: lib/system-hook-3.5.jar lib/jna-5.5.0.jar lib/jna-platform-5.. .5.0.jar lib/sqlite-jdbc-3.14.2.1.jar..X-COMMENT: Main-Class will be added automatically by build....

C:\jar\carLambo\AaISogscfReXxeZKUWBlO.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	8158
Entropy (8bit):	6.349377137199189
Encrypted:	false
SSDEEP:	192:ZeCQKtG/b7fclGbnuxotc1pqhaapsW/Z4Fxz5XQ0Fg:K3cMbnuxotc1pqhanayg
MD5:	92F2EEE881D637E2817FFF032A9B051E
SHA1:	8A6B9B6C82A101A99080FEED3C36BEB3CC30378A
SHA-256:	C307E87F4B59ED4EB19787DD7E4D8B047D6DB172CE88E9FC7A8AF9942F74E5BF
SHA-512:	73B10FE1B2E168A884BF8C2CD4405504EC710E4E171627B92B18777162E7D6146E1B590166C2ED72902E1F003A6CAF720B4FC2A6F7AF4728DF77DAA99183B18D
Malicious:	false
Preview:	.......1..........................................................................................................f.........e....{...................d..............]...._....l.........a....o....p....r....v....x....y.........^.........a....l.........~....\|....}....\....b....c....k....m....n....s....u....w.............................\....a....h....i....t.........`.........a....z....q....... .g.. .j.. ....................................................................................................................................................................................................................................................................................()I...()J...()Ljava/io/InputStream;...()Ljava/lang/String;...()Ljava/net/URLConnection;...()V...()Z...()[B...()[C...()[Ljava/io/File;...(I)C...(I)Ljava/lang/String;...(I)Ljava/lang/StringBuilder;...(I)Ljava/nio/ByteBuffer;...(II)Ljava/lang/String;..'(ILjava/lang/String;)Ljava/lang/String;...(ILjava/lang/String;)Ljava/la

C:\jar\carLambo\BvHpAJlEksWthemKshuQp.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.211973210845187
Encrypted:	false
SSDEEP:	6:lG9SW4y1QWWhFjhaaiRPt+Nkql5dl80OloF/llplll:Qsy1QWUFFaaiRlO5dGNlo9/L/
MD5:	96F4089E48A470DEAD9A5424637F038A
SHA1:	358FDFE44DC2695C3181D831F27EA66BF8682D1A
SHA-256:	1DB9F2F59FB52D35E778EF0B76000F5EB95760349070468BA498592529516378
SHA-512:	C6DE230EA6DC68A5D59CFB5A40BD906FF1205B05961653ACD00FAD83AFFD0D8605E57D152016D485ABB093743BBEA926E351263C81C09379B6CEF6CB3F17E2AF
Malicious:	false
Preview:	.......1.....................................()V...<init>...Code.. LcarLambo/hBkzOcczVKCAHBldijzvK;...carLambo/BvHpAJlEksWthemKshuQp...carLambo/hBkzOcczVKCAHBldijzvK...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................*........................................

C:\jar\carLambo\CSvxxbhsMkFgzwSLJPuno.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	120
Entropy (8bit):	5.063228433163973
Encrypted:	false
SSDEEP:	3:Dbll5fhm3phHAlLx/X6jQCK8Pdi0Bd3jLLZGn:xZmZhglJXSRPgyLs
MD5:	9C9C57F70B17F8C47ACF123A1E2AA23C
SHA1:	DCEBACD6FC1F8DF8527817C38241A3D1431C0EA0
SHA-256:	F40CEBAB91ED9B83815256D4EA8A6BC43513EB856AAE15E88E03008532954BA6
SHA-512:	9A917E44884B12AED1CC584281D11A97C1E1F8B6ABF003AA6C8A3AFFCF790EA2BD3B1C88F6AEA0EC1881E0B947C6FB8FD688BEE97033A4E20F4543AD9A79B454
Malicious:	false
Preview:	.......1...........()V...carLambo/CSvxxbhsMkFgzwSLJPuno...java/lang/Object...vPGWlacnCrelHWkRFSJnJ......................

C:\jar\carLambo\DaHdKpqpmbwOJzFdSfJTr.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	4453
Entropy (8bit):	5.976680864508484
Encrypted:	false
SSDEEP:	96:GNXQ0NJiXRN1EPqjWBxcy9zZGVKP59y+8AFL1fpjPP1nS9FQhQPFVPCw:UXQEoKPqjWvBGVKPjnnDSUQPHt
MD5:	93AF80DA1D7C25F5CDDCCB5519BEC8CD
SHA1:	C34CE2905E2CF5A829298D5856D0C0955EED3E59
SHA-256:	CB4F3570BAF63EDFD8DDD4717D5FA0070851E366CF9B4B60E07BF8BA41701394
SHA-512:	5E66F3CBAF97C28FD5CDF306788BBD1D81F9E5F6D1D81DF4209DB5AE8DDA5624B484A3A8F7B83826027D9148BA80E42116E3C1F3228CB8CADB6EEDB4928EC67E
Malicious:	false
Preview:	.......1.q.......p..X..Y..Z..[..\..a..b..c..d..e..f....)....*....9....0....2....:....6....7....8....<....&....(....,....-..../....1....3....4....;....&....+....5....'.......N.@..N.J..N.L..Q.V..U.V..W.I..].C..^.A.._.>..`.?..g.T..h.=..i.P..j.E..k.B..l.?..m.E..m.G..m.H..m.R..m.S..n.D..o.K...()I...()Ljava/io/OutputStream;...()Ljava/lang/String;...()V...()[B...()[C...(I)C...(I)Ljava/lang/String;...(II)Ljava/lang/String;..#(LcarLambo/eauxCIrdjXbTstchfeoOk;)V..T(LcarLambo/eauxCIrdjXbTstchfeoOk;Ljava/net/Socket;LcarLambo/ktqJfqRpauSAGkfJbNchr;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;I)V...([B)V...([C)V...<clinit>...<init>...Code...I...IXoamLVdxZHhnOCKEypnx.. LcarLambo/eauxCIrdjXbTstchfeoOk;.. LcarLambo/ktqJfqRpauSAGkfJbNchr;...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...[Ljava/lang/String;...append...carLambo/DaHdKpqpmbwOJzFdSfJTr...carLambo/bmfvovJGUyUbPgySKkkcq...carLambo/eauxCIrdjXbTstchfeoOk...carLambo/hWdmIbubOgKXDUy

C:\jar\carLambo\FirstRun.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	7515
Entropy (8bit):	6.419250247243968
Encrypted:	false
SSDEEP:	192:NAJFYRSsi8st9vV9hbtju3jcg7rgL+I0zKmmCpYM:NAJfrd9dbtK3jc+LKmm6YM
MD5:	6B03CA9942FCAC3DF1B650382EDB9961
SHA1:	46A809D952AD0C02C81F581B797AD542CC1DC2F8
SHA-256:	62515AFF86C3E5B6BDA71C2E45FB1C69B9A534B40E2D3FE9CB545B52F403648E
SHA-512:	F3CCAD04D185375EDE51131A392C7558C0B3A502B6C9A197CD7C05FC11200437161F835EA734BDC3E3BE109D0697600D6BAF806B02C5601D8DBF4331D258C209
Malicious:	false
Preview:	.......1.............................................................................`....a....f....t..............e.........`....s....{..............g....`..............w....]....^....d........................Z..............[....b..............[....c.........Z....^....d...._..............[....l....n....o....v....z....y....x....k....p....\....i....j....r....u....~.........Z....[....h....q.........m....\|....}.....................................................................................................................................................................................................................................................................................`..K..p9.......Wi[.\|I.1...R.x.mQ.\|K.._O.......%t .x.... pY..4.....$..};...rFX.[.....0...^-...~../.h..e?v..n.@.9...........=...3...>a..#-...s[.m?........cq...7...!......x,....v..2.........e..?..-W}.....y.I....9

C:\jar\carLambo\GDI32.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	254
Entropy (8bit):	5.154915202643433
Encrypted:	false
SSDEEP:	6:/GbUwCvWpsnIUwCvWpYIUwCvWOMh5358UwCmbRPYklKrl:/GAwCvWYwCvWOwCvWz95rwCgR2rl
MD5:	D751B938C1F33787EFCF737E4F7F1F76
SHA1:	F2429206AB8AA53CF704170DE324A931E186DC62
SHA-256:	06B611DD1DA1055F66A2B13097118AF7302BAEAE0B16F60CF063436D1FD0E752
SHA-512:	94E912566A304630BD6710A475734731E20E4043A6B655572CFF6E6D205F13932264E6D20D3886172E0B04F3FDD8EC36AD844088014F9E9D0DF7B30F8A4A2B9B
Malicious:	false
Preview:	.......1..............(Lcom/sun/jna/platform/win32/WinDef$HDC;IIIILcom/sun/jna/platform/win32/WinDef$HDC;IILcom/sun/jna/platform/win32/WinDef$DWORD;)Z...BitBlt...carLambo/GDI32.. com/sun/jna/platform/win32/GDI32...java/lang/Object........................

C:\jar\carLambo\HBrowserNativeApis.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	4697
Entropy (8bit):	5.692725128994913
Encrypted:	false
SSDEEP:	48:m6EcnrCvvCvvCvDCviCv0sY36CvaCviCv0K39LCvaCviCvpCvOCvRYCvJCvxCvY/:9R4rh4iTH6zhO29wFg4ggIILhBj8
MD5:	854D76A936DC8C4A0D1D32499C801207
SHA1:	DCB4433E38B2FE2DAC839C0373B43248AC79D423
SHA-256:	50403441B0B5BBADA6BCA90C0DA0D74302EAA9609E5BE51E955E30FEAEE74F97
SHA-512:	B262E8DC606612268CFE039A0746CD3893A7052621D50193960150D5C942ABB7B6A39E66A3EE0378F1376FCCB855DEF3C1A63FF0AED9DCBB3A46F2116973D3D3
Malicious:	false
Preview:	.......1...................................................<....=....B....4....A....0....M....J....0....1....H....L....I....N....;....K....2....3....5....6....C....7....8....9....:....>....?....@....D....E....F....G..r.Q..r.q..t.U..u.W..v....w.V..x.h..y.j..z.o..{.[..\|.d..}.g..~....~......_....a....`..............Y....^....]....c....\....T....n....P....R....O....k....p...()I...()Ljava/lang/String;...()V...(BBII)V...(BI)V...(I)C..P(Lcom/sun/jna/platform/win32/WinDef$HDC;)Lcom/sun/jna/platform/win32/WinDef$HDC;..*(Lcom/sun/jna/platform/win32/WinDef$HDC;)Z...(Lcom/sun/jna/platform/win32/WinDef$HDC;Lcom/sun/jna/platform/win32/WinGDI$BITMAPINFO;ILcom/sun/jna/ptr/PointerByReference;Lcom/sun/jna/Pointer;I)Lcom/sun/jna/platform/win32/WinDef$HBITMAP;...(Lcom/sun/jna/platform/win32/WinDef$HDC;Lcom/sun/jna/platform/win32/WinGDI$BITMAPINFO;Lcom/sun/jna/ptr/PointerByReference;Lcom/sun/jna/Pointer;)Lcom/sun/jna/platform/win32/WinDef$HBITMAP;..{(Lcom/sun/jna/platform/win32/WinDef$HDC;Lcom/sun/jna/plat

C:\jar\carLambo\HhGNtKoTftxMhSSBMJnzt.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	4553
Entropy (8bit):	6.003103487761753
Encrypted:	false
SSDEEP:	96:aDhnFR/mN1JGh4ZhYcfwjZuo/xowAURX2dWxnDpBqny7C22jBdNS6AgMVPCd:aJT/aBI84Do4RX2dAuTxhS6A1g
MD5:	4ABF2B3B209572768141F175D3B9B578
SHA1:	B88B614DB594D23EAC572F0707704781D99EB0DD
SHA-256:	87DBEA61653D0DCE7F92580A0198B939AEC1761D1E3703840BE4802B9A788B1B
SHA-512:	4F1956EC8800B76C4B4E0C0B3C205089D0DAD2E9C0D9DB5B78B0873B35A1F50AB7FF7FFED81D8C89C8B64A0A3F72C3C3724F7016E2EA3D4F7E0D2E23782F384E
Malicious:	false
Preview:	.......1.y.......x.._..`..a..b..c..d..i..j..k..l..m..n.........1....?....0....@....7....9....=....>..../....>....B........-....3....4....6....8....:....;....A........+....2....<....,....5..U.F..U.P..U.Q..U.S..X.]..\.M..\.Z..\.]..^.O..e.I..f.G..g.D..h.E..o.[..p.C..q.W..r.K..s.H..t.E..u.K..u.N..u.Y..u.[..v.J..w.R...()I...()Ljava/io/OutputStream;...()Ljava/lang/String;...()V...()[B...()[C...(I)C...(I)Ljava/lang/String;...(II)Ljava/lang/String;..#(LcarLambo/TlNoUrOpQFTDEOhhEkJkV;)V..T(LcarLambo/TlNoUrOpQFTDEOhhEkJkV;Ljava/net/Socket;LcarLambo/ktqJfqRpauSAGkfJbNchr;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...(Ljava/lang/String;I)V...([B)V...([C)V...<clinit>...<init>...Code...I...IXoamLVdxZHhnOCKEypnx.. LcarLambo/TlNoUrOpQFTDEOhhEkJkV;.. LcarLambo/ktqJfqRpauSAGkfJbNchr;...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...[Ljava/lang/String;...append...carLambo/HhGNtKoTftxMhSSBMJnzt...carLambo/KFplBMCKgMdHvcMkaAGZa...carLa

C:\jar\carLambo\IXoamLVdxZHhnOCKEypnx.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	6630
Entropy (8bit):	6.027372844129898
Encrypted:	false
SSDEEP:	192:1ZbiCeiMI9fdj1fFA2UGW7+0ewDZzd7Zb1zpVqQ/u0sJq+In:vRD9fdj1fFA2UGI+0ewDZzd7Zb1zIhJC
MD5:	AC2FC30A63592A1CAEE3195BDB018C2C
SHA1:	E44D5E20250DD50AD9C512BD1F7BF8A73D410715
SHA-256:	D529488A95042436BDFB6EC7DC716A763FF097B462DE6EE0C1B24224E3A8B15F
SHA-512:	C1B213E138D654ED1A3EF1D09A77CDCB562CD8EA58F918B16B6D92D65A3F8D42A0618FECB0086C0AB9D933BF048D30B7A789A4D48DCFA699EBE44E2F6CF0D896
Malicious:	false
Preview:	.......1.[.......>..Z..F..G..H..I..P..S..T.... ...."..../....!....,....-..............#....&....)....*....+....0.........$....%....'....(..@.4..@.=..B.E..C.:..C.E..J.8..K.1..L.2..M.3..N.5..O.5..U.2..V.9..W.6..X.9..X.:..X.;..X.D..Y.7...()C...()I...()Ljava/lang/String;...()V...()Z...()[C...(C)Ljava/lang/String;...(I)C...(II)Ljava/lang/String;..&(Ljava/lang/String;)Ljava/lang/String;...(Ljava/lang/String;)V..0(Llc/kra/system/keyboard/event/GlobalKeyEvent;)V...([C)V..w,.."...y..yY...lS..nJ........iO......r^....D..j...X..[.....B....=F..P.`b.R.....!....q....yG..6.{...M+Q...Xz..Y.....C..Q.4.~"!...>lZuk@.E#7z{.S....f.6T.....)&....`'.6d..\|..!.:......hO.t.........B.f.....r.z.m...m=W..P.H`........ZfUQR...]..k.JG...Z....0A..%k.O...2y.....<clinit>...<init>...Code...IXoamLVdxZHhnOCKEypnx...ONjFQMbZKhXUIvJECkqdG...Z...[Ljava/lang/String;...carLambo/HBrowserNativeApis...carLambo/IXoamLVdxZHhn

C:\jar\carLambo\IjxLOzQLUDkaXnjBGOAoG.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	401
Entropy (8bit):	5.487471940321466
Encrypted:	false
SSDEEP:	12:YaEFty1jEF6U5XjpEFtQRlO5dSJkM5f/sj:YPFty14F6URqFKzO5dPM5fEj
MD5:	1F23400846ACCAD55499541F7F4ECFDC
SHA1:	FAD20DC616C465B016F6AF11C34B7DA75347A22A
SHA-256:	0FC63AD17488FD0B3720B0FE1AE9367455378128A138781AE5A772C7C1B2B5B9
SHA-512:	46AC6E8347DFD336878C32F2304F2C6AED639346FF02AB0527070C2018ABF7A41A4B932BED658088658119719AE3E32413DBB2C81926E574AA2B9AE9F35EBAE0
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/bblLjaykILRsJuIgHpxpV;)V...<init>...Code.. LcarLambo/bblLjaykILRsJuIgHpxpV;...ONjFQMbZKhXUIvJECkqdG...carLambo/IjxLOzQLUDkaXnjBGOAoG...carLambo/bblLjaykILRsJuIgHpxpV...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0...........................................................................Y+.............

C:\jar\carLambo\IsPDtEuhSpLxTtNBFQXAi.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	4972
Entropy (8bit):	6.063792216753162
Encrypted:	false
SSDEEP:	96:XnzgVOzKhnTjMEGqPOSnuH5saljbnHkdY1HnHmD0VPCK:DgVjMELPH7aVEdkt/
MD5:	5AE35DE6803F6F4577828999E11DD4A4
SHA1:	3C79A1B3715577F535216BA1CF6E530528546077
SHA-256:	A112DAC393A1E367F81B79F3AAD7C8D94DF9DB635446B7F1E92E1C349F0A27FF
SHA-512:	9B8137CB155156E15BD99284D672FEF742A389FD0A68866F98B98063E646DA4713618B56C18A7589E1760E8522AA9046644579623A6FAB108E6565E8B4AC267B
Malicious:	false
Preview:	.......1.}.......{..\|..\..]..^..d..e..f..g..h..i..j..k..l..m..n....1....E....;....0....8....9....C....D....-....=....4....<........./....3....7....:....>....?....@....B....-.........2....6....A....5..V.H..V.R..V.T..Y.O..Y.Z..[.P.._.J..`.Q..a.N..b.M..c.G..o.K..p.K..q.F..r.X..s.H..t.R..u.S..v.L..w.I..x.G..y.G..z.L..z.O..z.Z...()I...()Ljava/lang/String;...()V...()[C...(I)C...(I)V...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/Object;)I..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;..-(Ljava/lang/String;)Ljava/lang/reflect/Field;...(Ljava/lang/String;)V..'(Ljava/lang/String;)[Ljava/lang/String;...([C)V...<clinit>...<init>...Code...Ljava/io/PrintStream;...ONjFQMbZKhXUIvJECkqdG...[Ljava/lang/String;...append...carLambo/HBrowserNativeApis...carLambo/IsPDtEuhSpLxTtNBFQXAi...carLambo/bzlBSuuREhLCmheoxRLoe...charAt...getField...getInt...insert...intern...java/awt/Robot...java/awt/event/KeyEvent...java/io/PrintStre

C:\jar\carLambo\JJNChPaoaJuTageKFIyUf.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	584
Entropy (8bit):	5.653005182900167
Encrypted:	false
SSDEEP:	12:ulP/6cBG6jfzy14H66lZm/mSfRlO5d7vZudaO:ulP/6cnzy1Cc/mqzO5dNuj
MD5:	6DCB92C214D224344358FC325273488E
SHA1:	08854EE1E23B891BF4F51E4096FB456BCD1FA282
SHA-256:	E974BCB1491DE6A6AA353E2C979672F0AB6A31CBC713ED3D6D9DF6AAE869CD2A
SHA-512:	75E0F56F3627BB530D19FEC3DE187B196DD76ECC13E3CF157937ED2DE92B46005AA881F11EB4EFED13D72BCCB43634187FEE542023D8168FE51DBB22A763CC57
Malicious:	false
Preview:	.......1...................................................................()V..T(LcarLambo/eauxCIrdjXbTstchfeoOk;Ljava/net/Socket;LcarLambo/ktqJfqRpauSAGkfJbNchr;)V...<init>...Code...IXoamLVdxZHhnOCKEypnx.. LcarLambo/eauxCIrdjXbTstchfeoOk;.. LcarLambo/ktqJfqRpauSAGkfJbNchr;...Ljava/net/Socket;...ONjFQMbZKhXUIvJECkqdG...carLambo/JJNChPaoaJuTageKFIyUf...carLambo/eauxCIrdjXbTstchfeoOk...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0................................................. ........-Z[,+.......................................Y..._................

C:\jar\carLambo\JXeuHETDDBNayfsmagXfz.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	7571
Entropy (8bit):	6.231176793527127
Encrypted:	false
SSDEEP:	192:Cx7mGg8+XFUrLg+9yfYDO0QeHFW5DrqfMuyYG5MUU:C1mGh+iYBAp/oyyYG5MUU
MD5:	68FE8F1583E1AC4D64E975617E5FD423
SHA1:	037C5D976D6427F77C52F3D86954300FE5E58CC7
SHA-256:	CF3D717F53BA2670858E96378F3F7B16C54CC917747C33D8188BCAA91A16B452
SHA-512:	49E9FEE30ACE0D9847417DF9293F4F07CBDABA443AF2BBE3C7EC656CED6A94C1DB093C43E7A3FC7B12219DE6CA4459AA57B429D0B9808342CAA9E4BF5EDBA8A4
Malicious:	false
Preview:	.......1..........................?.......................................................H....I....J....M....R....T....Z....\....]...._....g....m....N....K....L....h....j....k....i....V....^....E....D....W....l....U....F....G....S....X....[....a....c....e....E....P....Q....d....Y....`....C....b....f....O....r....w......................................................\|....v..............t.........o.........n....p....}.........n..............r..............x....q....s....p....p....q.........x....~..............u........()I...()Ljava/lang/Class;...()Ljava/lang/String;...()Ljava/util/prefs/Preferences;...()V...()[C...(I)C...(I)Ljava/lang/Integer;...(I)Ljava/lang/StringBuilder;...(I)V...(II)Ljava/lang/String;..9(ILjava/lang/String;Ljava/lang/String;)Ljava/lang/String;..((ILjava/lang/String;Ljava/lang/String;)V..:(ILjava/lang/String;Ljava/lang/String;Ljava/lang/String;)V...(Ljava/lang/Object;)Z..9(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;..&(Ljava/lang/String;)Ljava/lang/Stri

C:\jar\carLambo\JZxxYGNZPNJezbPxNUZCd.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	6674
Entropy (8bit):	6.162532647318604
Encrypted:	false
SSDEEP:	192:fnMciaS03gYiV6JO+K3NOlCdk7yFopw92X:/MciaS034Vh3Y0mpwMX
MD5:	09CB47A644292E90EF256BF5FDA1A02C
SHA1:	CE5287D01FE1EF91398E5FD7D82E72CD0434BB43
SHA-256:	05729A8E66761033B2FD5093E124A5D413886C445CCD3747AD70017476AF977A
SHA-512:	43DE0C54A9834186494C97F458C2D720E5056D9A3FE01A95D2E10E1854B394CE6C1FC886DEBA1C92E818C49D0E73BB0F680533E1EA465EF5E9CD15289A84744A
Malicious:	false
Preview:	.......1.........}.........................................................................T....U....]....s....{....V....W....u....v....w....x....y....R....t....z....R....^....b....P....[....l....P....b....O....S....Z....f....h....m....o....p....q....O....Y....e....r....c....O....a....i....R....Q....[....\...._....k....\|....d....j....X....`....g....n.................................................................................................................................~.............................~.............................................................................()I...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()Ljava/util/List;...()V...()Z...()[C...(I)C...(I)Ljava/lang/Object;...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/io/File;)V..>(Ljava/io/File;Ljava/io/File;Ljava/io/File;)Ljava/lang/String;..;(Ljava/io/FileInputStream;Ljava/util/zip/ZipOutputStream;)V...(Ljava/io/OutputStream;)V..D(Ljava/lang/Ch

C:\jar\carLambo\KFplBMCKgMdHvcMkaAGZa.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	725
Entropy (8bit):	5.66806737301001
Encrypted:	false
SSDEEP:	12:jS00OIlN10iMBMOgyty1Cm/onmtwQ0iRF7MW+zGsy5C/cAJ9yOgv16lo44mnk6Ow:G0DYN10y1D/omtwQ0izFcy5CpVoOBrkk
MD5:	5DB1F62D21EF9B20D4EE81F992FE4C65
SHA1:	AFDC830C8756BA9D98AFA15B1751A2216151CC79
SHA-256:	2DF33F6B640CE3D7CF701BEDEEBD8C80DE9FD0E547CE535232AA20773ADC882C
SHA-512:	24B4883B717AADED45C78671A092401ED789271B7CB9DBDD2815CA559A85ACCEF9B2D32AEE327E7605B0B10F02750B505445F4E450FC3CD6B36AB152FF7C4F29
Malicious:	false
Preview:	.......1.,..#..$..&..'..(...................................................................".!..%....)........+.!...()I...()V...(I)C...(Ljava/lang/Runnable;)V..&(Ljava/lang/String;)Ljava/lang/String;..%(Ljava/net/Socket;Ljava/net/Socket;)V...([C)V...<init>...Code...Ljava/net/Socket;...ONjFQMbZKhXUIvJECkqdG...carLambo/KFplBMCKgMdHvcMkaAGZa...carLambo/SLINEyhIcNChZpywErVgS...charAt...java/lang/Object...java/lang/String...java/lang/Thread...length...start...vPGWlacnCrelHWkRFSJnJ.1...........+.!.....".!.......+..... ...K.......?,Z+.........Y...YY..._...............Y...YY..._.......................... .......................+..... ...O.......C...YK...Y.._.dZ=L..(+.Z.........U....+....Z....p..U......Y+..........

C:\jar\carLambo\Kernel32.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	240
Entropy (8bit):	5.29101145091102
Encrypted:	false
SSDEEP:	6:5iUwCvUB2JjGaS+Xz8XfpEf2UwCjvRPYklQbl:rwCvK2JSaS+Xz8XfE9wCjvRGl
MD5:	EA93BAE3D1D40BD5C124D732766A5C43
SHA1:	1F349335D92DA0BA658498DD4F50B57B41CBA7DC
SHA-256:	B6EE166AB0AD29523562952A0AEC58BD95B07263F19261D5AB6F39E890EF4ACD
SHA-512:	2EE78C40240F00F85E1374E7162BA78A5B336CC69A32691233CC65DABE014F8A5B31DC4A976D1B509789649A2525B500B9F2533B2158CCCD445367F3CF95FDAE
Malicious:	false
Preview:	.......1.............,(Lcom/sun/jna/platform/win32/WinNT$HANDLE;)Z...Wow64DisableWow64FsRedirection...Wow64RevertWow64FsRedirection...carLambo/Kernel32..#com/sun/jna/platform/win32/Kernel32...java/lang/Object................................

C:\jar\carLambo\KosQXPANrWiAsLTBDYIav.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	401
Entropy (8bit):	5.544937386672788
Encrypted:	false
SSDEEP:	6:hjitU3ljzsNk0O4y1wk0yvR20U5horDM6Nhik003RPt+Nkql5dlRul2mlknM5UK8:YxFy1yrofM6Pg03RlO5dSJkM5f/sj
MD5:	BC5B8A816819E0F7A236F34FD4FE3CD8
SHA1:	C1D74A1604C6ADD6BB35568A0CD51DD172C004DD
SHA-256:	9369D1269623FAF524E957CA247F45BD32AE10F4DA298EC2D9EE4680D99BFA5F
SHA-512:	BA51C8825E958C6AAAE871237D50368110403DEF2280BFC3107E8DBA0FAB602BF019AE7316F9F3B1CCB36441F2C56A00EDD5DB9C8F0FD1D673911F29CDC3E67D
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/TwJpMYXWnMJHKsRderDDT;)V...<init>...Code.. LcarLambo/TwJpMYXWnMJHKsRderDDT;...ONjFQMbZKhXUIvJECkqdG...carLambo/KosQXPANrWiAsLTBDYIav...carLambo/TwJpMYXWnMJHKsRderDDT...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0...........................................................................Y+.............

C:\jar\carLambo\LTsbSrnXqNHTzSCadLztL.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	306
Entropy (8bit):	5.406722190676143
Encrypted:	false
SSDEEP:	6:xMq7zsW4y1dhbPhR20U52XMOH5hb5pRP53zXMu5v5T1etOv0lm+lgmonQX:iy1buwMOjbrRF7MO5T1eq0da7QX
MD5:	059572B6047AC1B4F5D99BD59EB8E26C
SHA1:	7C125DF71B9043F687D06876080918FF5C12FD83
SHA-256:	3131ECEF2318202F2AE54B3202EFD816978A5274F9459B583C2563286E3F3E76
SHA-512:	988E26E162E16DC6E470DC1252728681740BFC869930407E38D020482DD8DD20ABBE12F046994FBB3888F7973C08CA83ED540B4C83F8827A29F79749AB1961C3
Malicious:	false
Preview:	.......1..................................()V...<init>...Code.. LcarLambo/bzlBSuuREhLCmheoxRLoe;...ONjFQMbZKhXUIvJECkqdG...[Ljava/lang/String;...carLambo/LTsbSrnXqNHTzSCadLztL...java/lang/Object...java/lang/String...vPGWlacnCrelHWkRFSJnJ.0.................................................*Z................

C:\jar\carLambo\ONjFQMbZKhXUIvJECkqdG.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	8059
Entropy (8bit):	6.378698830199488
Encrypted:	false
SSDEEP:	192:cqRd/D6UOmE2azkNYRFbmPGlK+biW9Ud5T+fp3wo:c0/+RmAzkNMFbmPXw9ksfKo
MD5:	49B6B6238AD7E786906C55998274FC58
SHA1:	0E43376474F440732D0CF20F5A7FB86A8E2959F0
SHA-256:	442C5EF4EC01354464ABE8B8C1C2FAC819F589309F8B8DB7F93A7A12F31F0D16
SHA-512:	34401CA1C1912E2F9DBAB5A45633CC50C980709413344296F28CF951C3D00149275EC20532C80F99E38D321F090DC3B4397CA9F8309C8C9A57F57687970070AD
Malicious:	false
Preview:	.......1.....................................................................................................i....l.........k.........h....j.......................................t....d....u....}.........c..............z.........a....e....g....o....r....w....{........................a....d....m....n..............\|...................y.........q.........v...................b....f.........p....s.........p....~..............p....x............................................................................................................................................................................................................................................................................................................3$........Uo...D.......\%P.O.H...F..&.:(0.Qk1$.y......./7.y......G.g.....J....\|......%.!.8........\|.....L..?..F2..$J....r..Aytc..G..:!...AYc..f.{~nW.Io..k3K.....>3..........X.......

C:\jar\carLambo\RdldwsORcdxmkhJVwhbLi.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	5242
Entropy (8bit):	6.126649117768192
Encrypted:	false
SSDEEP:	96:BON12ptfN10uCJLbyofvTqhz7wPDZo4zP9brpwsoG9RU4rPCR:oEpP1+Jvyuv+huDZP9hwsoIG0s
MD5:	0ADC099832F3748A1397EC738F01562D
SHA1:	A7A11EB37FD282FA9D0FF5F3A3C3E6C269BAAB3F
SHA-256:	DE4DAB7AA1245D892F5BA00E4C8B675774E13D2B0FAABD9DA890120AEDEA0974
SHA-512:	70934FD13933D268955228FD46F66F33A271B5B30ECF39451CE43024F1E707B941A499CB9DF3B7ACD659AF7418F642CE445275F97A9D4DB8A98A24D3315FE653
Malicious:	false
Preview:	.......1...................v...........x..y..z..{..\|..}..~...........................................F....[....E....E....Q....A....D....X....Z....W....B....C....Z....V....Y....?....I....J....P....P....>....@....H....M....N....O....S....T....>....?....G....L....U....K....R..o.^..o.l..o.m..q.]..q.^..s.^..s.e..s.t..s.u..w.k....a...._....]....j....d....]....i....\....^....r....g....c....`....]....b....c....f....h....j....u...()I...()Ljava/lang/String;...()V...()Z...()[C...(I)C...(I)Ljava/lang/String;...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;..9(ILjava/lang/String;Ljava/lang/String;)Ljava/lang/String;..:(ILjava/lang/String;Ljava/lang/String;Ljava/lang/String;)V...(J)V...(Ljava/io/File;Ljava/io/File;)V...(Ljava/lang/String;)I..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...([C)V...<clinit>...<init>...Code...IXoamLVdxZHhnOCKEypnx...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...Z...[Ljava/lang/Str

C:\jar\carLambo\SLINEyhIcNChZpywErVgS.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	1140
Entropy (8bit):	5.706884628346161
Encrypted:	false
SSDEEP:	24:ogEjMGy1SNZwCxzuKLvTg1LJlNtJd+AJDtl:i5fNbzTAJHtJ5Jr
MD5:	CC3FEB972007A22E9696137A57E34ACE
SHA1:	1F056D624C76C9FAF28DC92ECDAEA269611AFB20
SHA-256:	9D81CF0D87A2F2E438BFD4727DCBDD5E7F9581D4A2F98B3867939E080777E22B
SHA-512:	9E30AA9C660BD44BC268B5A20965688093A7E64DD4F757042FEC089FD4C9AD523BA88B4B134F981C6432EEA872FF03F9D3C19CB1D1386087F026A5F6104B54A2
Malicious:	false
Preview:	.......1.G..4..:..;..<..=..>..?..@...................#....$....!........."..............%....!................... ..,.(....1..2./..5.(..6.0..7.(..8.&..9.'..A.(..B...D.3..E.1..F.+...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()V..%(Ljava/net/Socket;Ljava/net/Socket;)V...([BII)I...([BII)V...<init>...Code...IXoamLVdxZHhnOCKEypnx...Ljava/io/InputStream;...Ljava/io/OutputStream;...Ljava/net/Socket;...ONjFQMbZKhXUIvJECkqdG...Z...carLambo/SLINEyhIcNChZpywErVgS...close...dYjHcUTAJpBUzZmyvwxcg...flush...getInputStream...getOutputStream...java/io/IOException...java/io/InputStream...java/io/OutputStream...java/lang/Exception...java/lang/Object...java/lang/Runnable...java/net/Socket...printStackTrace...read...run...vISXLMxulVKJDJdBSbyBW...vPGWlacnCrelHWkRFSJnJ...write.1.............E.1.....2./.......1.....D.3.....6.0.......,.)...-...?.......+.Z......,+Z,+...................W..........#.$.......C.(...-.............`...M.....I...,..`....Y<...#YZ\............................Y...,.

C:\jar\carLambo\TlNoUrOpQFTDEOhhEkJkV.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	7738
Entropy (8bit):	6.292055235369389
Encrypted:	false
SSDEEP:	192:k+ovhI0HSo9efQ7ltw2QrtSpHB4wixQKW:kNhI0HS48Qg/5eWuKW
MD5:	AC75388D5FEB3BFBABB194F36F20D67F
SHA1:	E263DF230C9DD84F2D992970D4CD8280400D5481
SHA-256:	4CB070AA0C1B4CBD3B571729334847EB54536EEE042D90264816D6797820F44B
SHA-512:	317AF75FE80882012DA0C4BDD4CB222D664985D30A505CD5588E3EE5A4F7EBC060BAB17E48CC900151549D9034AAF2F69B9EE007DDCCC4D5034BC6EC17387FCD
Malicious:	false
Preview:	.......1..............................................................................................................g....i....p..............\|.........j....k....`...._..............h........................a....n.........s..............w...._.............._....e....f....m....o....q....r....t....y....{....}............................................_....c....l....z.........b.........d....n....u....x....v....~............................................................................................................................................................................................................................................................................................................R.....{....K...C.,CS..p......W.....z.MJv.).Pl..l..5..A-D..?o.BH.....;w.f.........UA.^.....;...H.X.ok...n....9..9.......6*K./Z..x.4....y...#.h..>....._.>......V1........u.... ....#...$...()I...(

C:\jar\carLambo\TwJpMYXWnMJHKsRderDDT.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	3120
Entropy (8bit):	5.985417277380883
Encrypted:	false
SSDEEP:	48:jnx9wA1EZx+hshrbVfdaoZXGUqNM5DVB5HNXfkkXkqJ:LTwZzdZX55x5
MD5:	CACB446F3041873AD360C09BD5B06241
SHA1:	271915B5BB16DEC1981264DCFD561DABCF40A2BF
SHA-256:	C9630D9D5CEB5CD6C933B6ECCA54B4B91710EFBB50DB381C9DD8500B374932ED
SHA-512:	814D19531F1C0DE04302A537B30D8317EBE91A01E2A4B0F9A932BA50077D79AB074BC33DCA3102EEA833BCBA25A7E08FB9AF1E43360866875B95462B71B72696
Malicious:	false
Preview:	.......1....v..w......................................................................V....W....X....\....e....q....s....g....r....M....r....M....P....[....j....Q....[....^....t....[....i....N....[....^....u....O....h....a....L....`....b....U....k....l....S....T....Z....]...._....d....f....n....p....L....Y....c....o....R....m....`....b....}..........................................................................}..............}....~....y....\|....z.........\|.........x...................\|.........{....}.........\|....\|...................................()I...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...()[B...()[C...(I)C...(ILjava/lang/String;)Ljava/lang/StringBuilder;..#(LcarLambo/TwJpMYXWnMJHKsRderDDT;)V...(Ljava/io/InputStream;)V...(Ljava/io/OutputStream;)V...(Ljava/io/Reader;)V...(Ljava/io/Writer;)V...(Ljava/lang/Object;)Z...(Ljava/lang/Runnable;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/St

C:\jar\carLambo\UWPKqDtrtuRkfgJqVaIfH.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	6938
Entropy (8bit):	6.244262434314913
Encrypted:	false
SSDEEP:	192:X2fyYh6D6n58Db9m2rhd3m8CvGcN07PjK:mr6N7rz3mPvGnTjK
MD5:	2D007F99D1B43E5CCACFF38529111EB5
SHA1:	C090E0D3A84BA0D6C2324B52AB11B35211F2E459
SHA-256:	7420CE5CE15C9D335D315458D1AC1CBDBAA2DF1FB86A25E9350245726E965957
SHA-512:	26D74A073077751BAB9538BAD67838C54BB9D068A694F46A4A1427A48ACAEDAE9CC6DA20667BAFC3C2C8425C2BD0712D48E7ED07F09B65FA387A273B4BAD12AA
Malicious:	false
Preview:	.......1...................................................................................W....Y....^....w....\|....X....x....y....z....{....O....Q....n....l....m....P....b....~....N....k....N....d....V....o....q....a....f....T....U....\....]...._....`....c....g....i....j....p....s....t....u....}....N....S....Z....[....h....v....R....r....d....e...........................................................................................................................................................................................................................................................()I...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Process;...()Ljava/lang/Runtime;...()Ljava/lang/String;...()V...()[B...()[C...(I)C...(I)Ljava/lang/String;...(I)Ljava/lang/StringBuilder;...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;..#(LcarLambo/UWPKqDtrtuRkfgJqVaIfH;)V...(Ljava/io/InputStream;)V...(Ljava/io/Reader;)V...(Ljava/lang/CharSequence;)Z..

C:\jar\carLambo\User32.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.376457698926428
Encrypted:	false
SSDEEP:	6:7BCLTKbUwCvWqdUwCvWiUwCvWqtGi1BoUwCFRPfAKmkl39lt:7BoT/wCvWfwCvWhwCvW6p1xwCFRHlTX
MD5:	74E3267A0A8A18C211B6A36A40D8D9C9
SHA1:	EA99375E085467B362EC1E3A2DA3854241BC37D5
SHA-256:	10D41BB5B9F1036663687723237F595050A98433AA129544490AF45E29150A70
SHA-512:	6F387D069E88AF484A007E60E9C5B85F4248C346C09BFBBB24B2662B0DD7C3972CAAF18753D658CA711914A9BECBFE5537DE3F71F1CDC58105936CE950A0CB56
Malicious:	false
Preview:	.......1..............(BBII)V..Q(Lcom/sun/jna/platform/win32/WinDef$HWND;)Lcom/sun/jna/platform/win32/WinDef$HDC;...(Lcom/sun/jna/platform/win32/WinDef$HWND;[BI)I...GetWindowDC...GetWindowTextA...carLambo/User32..!com/sun/jna/platform/win32/User32...java/lang/Object...keybd_event........................................

C:\jar\carLambo\WinGDI.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.260373383168725
Encrypted:	false
SSDEEP:	6:7eNVjnY+kaGZXy1eUwCvWOMh5nWDA3bUwCvWOMhc8UwCvDRPU3sz+wl85//l:yNVjnvkZy1lwCvWz0DxwCvWzcrwCvDRy
MD5:	7E7159FABF64B2A99614D43805EDD16C
SHA1:	8EEAC5BF0D2DC109B6F48164ED20A6470636E5CA
SHA-256:	D07BAA1E2E821904345458D0F8D4813FC079B73B101419EB2544C952D7C7BCC2
SHA-512:	4CD7CD7DB9FBCC804521641918006FB2100A41139592E1B604B3986CF9AEE82A8BF548A04BBF22B65995AFDFCBB4FDF5E972D02113C2FA41476D9BD93287FA21
Malicious:	false
Preview:	.......1...................... .......................()V...(J)V...<clinit>...<init>...Code..)Lcom/sun/jna/platform/win32/WinDef$DWORD;...SRCCOPY...carLambo/WinGDI..'com/sun/jna/platform/win32/WinDef$DWORD..!com/sun/jna/platform/win32/WinGDI...java/lang/Object...............................................Y................

C:\jar\carLambo\XmcgWVirDwLliVZTBfoxa.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.344953079239064
Encrypted:	false
SSDEEP:	6:ObxAU3tsChEFKP4y1lhEFKhH5hMTLKbhPhEFKsQRPt+Nkql5dl6K/sxAfclknM50:ObxnEFty1jEF6HDMTipEFtQRlO5dD/se
MD5:	2E17A65DE7CD8AE3E87D88A44108565D
SHA1:	88CDC413E8192B611AA7D3EC74B8AA00CE7ACBC8
SHA-256:	6763B877ADE04CFBEFC5CC86F761C8A95CBFBFDE73CC2E6C6541937FEB77405A
SHA-512:	8E6823512DD11739F78A98C9719F9887D13F13F84BFF54D599A39A064473C9C1492D68E01A2ABEDFD2F11AA3468FD46CAF88CAEF146ACA055BB7FC6DAD052074
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/bblLjaykILRsJuIgHpxpV;)V...<init>...Code.. LcarLambo/bblLjaykILRsJuIgHpxpV;...carLambo/XmcgWVirDwLliVZTBfoxa...carLambo/bblLjaykILRsJuIgHpxpV...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................Y+..............................................

C:\jar\carLambo\XtGDgqPPFsffwvuGLMVrE.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	996
Entropy (8bit):	5.992176636771367
Encrypted:	false
SSDEEP:	12:o2vKoRs0UlHYDMOW6V3iMBMOXMIy1Q6F/MOUonmt4cSre0uRlT7M4oiYnJQ/QhKP:F6npcy1J4omtDnzTSPJQneE7OdhAXyri
MD5:	04AA6EB570DC8409062392BD472C4FAE
SHA1:	082C2EC47347B2BD67DB0B9A506E36CCDB65971D
SHA-256:	ECB1F3F1F96727FD18AA24DA085DD7965559012D0CA718598F42DCE424072568
SHA-512:	927B43BA64A853BE65CFB8944D3C28F8C6B2A47AB10423FC4A50230FB377EED023C1B4AA75B7FCECD404B8ED5A94D6707D8AF9D8D3F6B56771422084047DE7A8
Malicious:	false
Preview:	.......1.3.....(..)....-...../...............................................#....#.!..'....'.&..+. ..,....1....2....2.%..l..o@@.\|.v.04u.!Qc[\.gUbT03}.;.d..<fRvT4.p.o.a\VHo.i.- <.&.e.G..Xj.3+y._.n\..Ll./g~.o.oCZ.g^aT4/y.o.oZC.kO`Z...()Ljava/lang/String;...()V...()[C..#(LcarLambo/eauxCIrdjXbTstchfeoOk;)V..&(Ljava/lang/String;)Ljava/lang/String;...(Ljava/lang/String;)V...([C)V...<clinit>...<init>...Code.. LcarLambo/eauxCIrdjXbTstchfeoOk;...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...carLambo/KFplBMCKgMdHvcMkaAGZa...carLambo/XtGDgqPPFsffwvuGLMVrE...carLambo/eauxCIrdjXbTstchfeoOk...dYjHcUTAJpBUzZmyvwxcg...intern...java/lang/Object...java/lang/Runnable...java/lang/String...run...toCharArray...vPGWlacnCrelHWkRFSJnJ.0.............2.%.....'.&.......#.....$............Y+..............0.....$...................................".....$........................Y._.;_Z...`Y.\4...p....C...........%...*.../...4...9...>.?....u....p....3....C....l....~..U..._Z...\_..._Z.......Z_......_W..~......

C:\jar\carLambo\YAscrrsjSCEINprDrLpVw.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	7654
Entropy (8bit):	6.173770514664877
Encrypted:	false
SSDEEP:	192:9TsWxXbAOkQWSGsJKum4TjM5hQ5jbcJvp644FO:9pBAjItvT0oSvp644FO
MD5:	07C18201EB1AABFCBE43C296A6846E65
SHA1:	0F40916D129B8B7D89E42060AD46683437BD4429
SHA-256:	572253C0BC952549049392DB810F27B87E3D39837590F7B5B60618CE4B6334AC
SHA-512:	4B0DAD3B111DD62AA28FE3F74CFC5BB1BCBCF5EA434810B1ED2E37162555CD1F4D8E4AC9080A5C6D914A56A5A99346C49B6C74DF40EAEDD2C7A4C397176CB124
Malicious:	false
Preview:	.......1........D...............................................................................f....j....r..............q....k....e....g....h....i........................_....b....s....{.............................`....p.........b....p..............w..............^.........^....v....~....c....d....o....t....u....y.......................................^....b....l....m....n..............}....a.........p....z....\|....b....x.............................................................................................................................................................................................................................................................................................................()I...()J...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Runtime;...()Ljava/lang/String;...()V...()Z...()[B...()[C...()[Ljava/io/File;...(D)Ljava/lang/String;...(I)C...(I)Ljava/lang/StringBuilder;...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/

C:\jar\carLambo\ZYEcYXbRzHYFyZblHqtZQ.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	280
Entropy (8bit):	5.139565168570956
Encrypted:	false
SSDEEP:	6:V7Yf44y1Lg6DR20U5hqcnRPgy5/DOlorlbHU/:Vkzy1LKnnR4y5/DOlorlbH0
MD5:	DBBCC18CB226544342340B4DDA2D69CB
SHA1:	596AB417E4823DBEFBE5F2B861B66C5CEC5F69B0
SHA-256:	2E242793BAEBCD16B2AD3AC494D69716B3907F2169B6808965C4F527C3D1D692
SHA-512:	F2A016F19B513A01EA9B5E3F58F34AC2E1EAEF7DBD85A207B628E0E50DF8EB0463AF454445E017F33C72D696CBED310E224E88A47FE8BA3587E630435D15A065
Malicious:	false
Preview:	.......1..........................()V...(B)V...<init>...Code...I...Ljava/io/InputStream;...ONjFQMbZKhXUIvJECkqdG...carLambo/ZYEcYXbRzHYFyZblHqtZQ...java/lang/Object...vPGWlacnCrelHWkRFSJnJ.0........................................................................................

C:\jar\carLambo\bblLjaykILRsJuIgHpxpV.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	8418
Entropy (8bit):	6.23018779872544
Encrypted:	false
SSDEEP:	192:PK4a16EA8jtUBq/kA5/dss63vxRQtjnom:PKn6UMqd5lsdT4nom
MD5:	010C23B999F0FD48BC42AA86157977EB
SHA1:	F6CB4D95A92B5100E3F8F69ECB1FA26A3B659A0C
SHA-256:	2CFD4910F1AE48BBC8BE5C820BD2432083819CD26423151F48DAF326318B7FAB
SHA-512:	CE5D2AA8C8D522BD4184BEE3EBBCC76968B4F41FA1DD855BBA0328E5708CADF87001B45FDD80288AFF6D60570540FF6635E38A836DCD619E17878781855B6EBB
Malicious:	false
Preview:	.......1.\......>.....Z..[.......................(..)..*..+..,..-...../..0..1..2..3..4..5..6..7..8..9..:..;..<..=..>..?..@...................?.ffffff................................................................~..............................................................................................~............................................~.............................~..............~.....................................................................~..........................................!...."...."....#....#....$....$....$....$.... .... ................................................................................................................................................................................... ....!...."...."....#....$....%....&....'....A....B....C....D....E....F....G....H....I....J....K....L....M....N....O....P....Q....R....S....T....U....V....V....V....V....V....V....V....W....X....Y....Y.....()I...()Ljava/awt/Dimension;...()Ljava/awt/Graphics2D

C:\jar\carLambo\bmfvovJGUyUbPgySKkkcq.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	18925
Entropy (8bit):	6.559742660144422
Encrypted:	false
SSDEEP:	384:IACb9AIWjggSsTzubGqZzMMohZHczJSHokuSyAR5dRmb5HQYHzbsepvJ8dcelPpm:5Cyn/SgzuyPnYJ/kuS9R5dRA5HQYHzbL
MD5:	FCD751CB662065B181D5834CD2A93FD9
SHA1:	D3B37A2BE97EE520B4CAB59054E0E7C8F821314E
SHA-256:	AB3A876015F1657778D26FE6292E1445C33D23DE9609D50417FF0DAC6A38BE1D
SHA-512:	4A5AD2B92A1DC866B855E8F5CBE291CFFFDD7290870B727D401CF0FC322AED22533BFEAEABA903CD243DD1C4ED6A0BCD46C63F8ADED358299E12D72DE9FF3F87
Malicious:	false
Preview:	.......1.T.......\|..}..............E..L..Q..R..S................................................................................................................................... ..!.."..#..$..%..&..'..(..)..........d.............................................p.........q............................................#....7....=....?....E....I....S....U....X....d....o....{.........p.......$.o..'....).x..).y..-.Y..;.L..@...........e..............e...................j.........e.........e............................................"....<....>....D....H....R....T....c....h....i....k....l....m....n....z.........f....j...................e..............e.........e.. ....!...."....".g..#....#.e..$....%....&.b..(.4.../..+....+.G..,....,.!..,.V..-....-.$..-.)..-.,..-.2..-.B..-.F.........!....V../..../.!../.w..0....0.!..0.u..1.!..1.V..2.!..2.+..2.v..2.w..3.P..3.Q..4.2..5....5.1..5.O..6.M..8.'..8.(..8.6..9....9....9. ..9.%..9.&..9.-..9.8..9.:..9.@..9.A..9.W..9.[..9.]..9.^..9._..9.`..9.r..9.s..9.t

C:\jar\carLambo\bzlBSuuREhLCmheoxRLoe.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	4884
Entropy (8bit):	5.987478005253224
Encrypted:	false
SSDEEP:	96:3ZgjUs5fYYs6dpYOqnxvoOj3Ibs20ue1T5xlOGoYfVPCv:3ejPyV6MOqxw1Cue1oGo6S
MD5:	000832A1C14E57C5AAEE5A350F0723D0
SHA1:	8C6941CA2FB56632739083B0A99F68CBAB195821
SHA-256:	C4E40E8A53CC96BA2EF2CD91855789FA3073FEAC74320EE153C12FF36B50B6ED
SHA-512:	3809AC5F862B9D0E02D1EC5ED3605188E845E6FD0E064C04FF1CA5879E244953DE947D77F17917578BE2FE0CA898F004E576ACD9F75A4E6737A3F24070C3E8BC
Malicious:	false
Preview:	.......1............g..h..i..j..k..l..t..u..v..w..x..y..z..{..\|....4....6....<....H....K....;....D....5....J....I....2....7....2....1....:....=....0....3....9....@....A....E....F....0....8....?....G....>....B....C..[.P..[.U..[.X..[.Y..]._..c.V..c.`..d.M..f.W..m.R..n.P..o.^..o.e..p.N..q.V..r.T..s.M..}.L..~.O....P....a....S....Q....M....e....S....V....b...()I...()Ljava/lang/String;..!()Ljava/nio/channels/FileChannel;...()Ljava/nio/channels/FileLock;...()V...()[C...(I)C...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/io/File;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...([C)V...<clinit>...<init>...Code...IXoamLVdxZHhnOCKEypnx.. LcarLambo/hWdmIbubOgKXDUyGkTEEB;...Ljava/io/File;...Ljava/io/FileOutputStream;...Ljava/lang/String;...Ljava/nio/channels/FileLock;...ONjFQMbZKhXUIvJECkqdG...ZYEcYXbRzHYFyZblHqtZQ...[Ljava/lang/String;...append...carLambo/HBrowserNativeApis...carLambo/KFplBMCKg

C:\jar\carLambo\cNhfmljIASGhxQnqNJuWx.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	381
Entropy (8bit):	5.33445587473929
Encrypted:	false
SSDEEP:	6:rnimb29U0I/bks4y1hR20U5hYHNhaan13RPt+M+8k6OlcxvloJlHxNEtoCklfvlt:rniy29UNbk3y1acaa13RlT+8MCvlorrb
MD5:	800510F826E5E863BA64BFD594C8686F
SHA1:	54B91C2A6F9CF7F43F4C7B65A1615958CDFCF1D6
SHA-256:	C2FEEC9238C5334F9AA2FA5EEF13A2AC2A029759F52C62E561F661EB31A903C7
SHA-512:	6823DD23C44A711310F0C86CDE1C1AE9ECBA6F871FB05DC8632D699F81CE4CBBC14F33AA635CC54E3477717436EF29DAAA3818B459ACA42B07075D21F4899BBA
Malicious:	false
Preview:	.......1...........................u0.................................()V...()Z...(J)V...<init>...Code...ONjFQMbZKhXUIvJECkqdG...carLambo/cNhfmljIASGhxQnqNJuWx...carLambo/hBkzOcczVKCAHBldijzvK...java/lang/Exception...java/lang/Object...java/lang/Runnable...java/lang/Thread...run...sleep.0..................................*.....................!.................W.W...............

C:\jar\carLambo\dYjHcUTAJpBUzZmyvwxcg.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	939
Entropy (8bit):	5.872436473034216
Encrypted:	false
SSDEEP:	24:oAFP8x8CvWL9/CvWty1BCvWFby1u46YKCvW+z0vz8FzhDhQ4:XFPZCvg9/CvCWCvQcdKCvW+ztz44
MD5:	FA9F03930520048815883C5B57D574F6
SHA1:	DCD9191AFC3DEDA3FA9A0AB641C3DC3CE7607ECD
SHA-256:	359DCACA4566CAA721921CC36BA3E10C8F671EF59B5FDC9EB7A00D4C2786935C
SHA-512:	69B033E04CD01428D0462F42721B3F5960F6BC6F409F9C9AA9A8CD79B2A2AAE83BF89FAB1B383B31DBC20AD8D6B8B8F6AD72A6F86A5CA33270FA7E341A8D713F
Malicious:	false
Preview:	.......1.2..&..'..(..)....-..................................................$.!..+....,..../....0."..1....1.#...()V...()Z..5(LcarLambo/jsGSSBxDsfgZgmNRCCRge;Ljava/lang/String;)V..@(Lcom/sun/jna/platform/win32/WinDef$HWND;Lcom/sun/jna/Pointer;)Z..-(Lcom/sun/jna/platform/win32/WinDef$HWND;[B)I...(Ljava/lang/CharSequence;)Z...([B)Ljava/lang/String;...<init>...Code.. LcarLambo/jsGSSBxDsfgZgmNRCCRge;..(Lcom/sun/jna/platform/win32/WinDef$HWND;...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...callback...carLambo/HBrowserNativeApis...carLambo/dYjHcUTAJpBUzZmyvwxcg...carLambo/jsGSSBxDsfgZgmNRCCRge...com/sun/jna/Native...com/sun/jna/platform/win32/WinUser$WNDENUMPROC...contains...isEmpty...java/lang/Object...java/lang/String...toString...vISXLMxulVKJDJdBSbyBW...vPGWlacnCrelHWkRFSJnJ.0.............1.#.....$.!.......%..... ...E.......9.....M+,Z...W...YM........,.....................+.................. ............,*Z[+................

C:\jar\carLambo\eauxCIrdjXbTstchfeoOk.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	11140
Entropy (8bit):	6.465519592815925
Encrypted:	false
SSDEEP:	192:mPHoaIEkS6oJy9P5sQA5gLj66wxKdy/7E+WYgFWzX0ZCAImYYPlkX:SoaIEkShJy9P3AIPwxbpWBo70ZoBYPlU
MD5:	87B46B7381B4B39BF21BB7AEC5F089C1
SHA1:	903E12E553E2786E41EBDA5D7693AF447370A2EA
SHA-256:	769D41B75E885CA68F0C60A356F0EE381B9FBB4067AFC6B47EB99CE1E18DB7CA
SHA-512:	6021977227E74AB378F18620F4B6378078445B3E5A39546F46A8BE41C1A551D28452D36D11C9C4DE1656BF1C8F05C8A60DE3B7EE8EB815D8FF4550DF207B9785
Malicious:	false
Preview:	.......1...............3..K..m..y.....6..7..8..9..:..;..<..=..>..?..@..A..B..C..Y..Z..[..\..]..^.._..`..a..b..c..d..e..f..g..h..i..j..k..l.......H...................................................................................)....................................................................................................................................................................................................................................................................................... ....!....!....!....!....!....!....!....!....!....!....!....!....!....!....!....!...."...."...."...."...."....#....#....$....$....$....$....%....%....&.................'....'....(....(....(....(....&....&....&....&....&....&....&....&....&."..&.#..)....)....).-..*.2../..../..../.,../.-../.1..0....4....5....D....E....F....G....G.-..H....I....J....L....M....N....O....P....Q....R....S....T....U....V....W....X....n....n....n.-..n.2..o....o....p....q....r....s....t....u....v....v.(..w.!..x

C:\jar\carLambo\hBkzOcczVKCAHBldijzvK.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	8157
Entropy (8bit):	6.437891726727298
Encrypted:	false
SSDEEP:	192:B3IgcOzlnfO1fbhahYlVKsFkR5nYnmDW/9oSO:hzlnfSc6bKsFiWmDWloSO
MD5:	6075EB85A73E8B1B8D862E81E47F873C
SHA1:	CF08C6C91B5C93FD32FF321DFEB212D9DE94C2D9
SHA-256:	BFF28245611B43BB62A1A23DF4F8C59CD33BF74D6E3CADB0214C40352FDCE6F9
SHA-512:	D01CFC3AC3829000F8D1AE9066C86FF5DBB3D07225606920068BACB6442F0DBA630F98FA99707AD222E4D12B83601A3324A98DDCECD88F4E4C60EE114CA060FA
Malicious:	false
Preview:	.......1...............................................................................................c....d....f....g....l....s....t....v....z...................f....w....Z....e....Z..............Z....b....e..............\....k....{....]....k....n.........k....n.........y....Z...._....`....a....j....m....o....r....u....\|..............Z....\....i....q.........[....~.........k....p....x....^....h....}................................................................................................................................................................................................................................................................()I...()Ljava/io/OutputStream;...()Ljava/lang/String;...()V...()Z...()[B...()[C...(I)C...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;...(J)V..D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;...(Ljava/lang/Object;)Z...(Ljava/lang/Runnable;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/l

C:\jar\carLambo\hWdmIbubOgKXDUyGkTEEB.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	5404
Entropy (8bit):	6.233139384973806
Encrypted:	false
SSDEEP:	96:M+AJQCHUeayFAfRTk22gwtEEZTEGllu91pwt87VPCp:DSX7ayFAfxkMWTER91pwCho
MD5:	26B28B12032D16A20EBDA610A90FF216
SHA1:	9EDCC3EB36264C9E279D584A9E24E75B003F48FE
SHA-256:	63465AF4C804B2E8EAF0C6FE033E304103D686E3711956165C65ACD97FC7C797
SHA-512:	4796BEA7710A5DF42B7B79D1D2767304B9F1B0E2903B76B2BE959569D3AF097EC385A1E23D698F967B9F95C1BDD8421AD866BE9BFE700DE5833726DDFD5804BE
Malicious:	false
Preview:	.......1.l.......K..k..V..W..X..Y..Z..a..b..c..d....).............7....;....+....(....:....8....9....&..../....0....%....'....-....2....3....4....5....%....,....1....6..M.>..M.H..M.I..M.J..O.T..P.Q..R.Q..U.G..[.A..\.T..].?..^.=.._.C..`.=..e.<..f.B..g.@..h.=..i.T..j.B..j.E..j.F..j.S...()I...()Ljava/lang/String;...()V...()Z...()[C...(I)C...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;..#(LcarLambo/hWdmIbubOgKXDUyGkTEEB;)V...(Ljava/io/File;Ljava/io/File;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...([C)V...([Ljava/lang/String;)V...-..........Q.U./......".Q.>R.1I..N.....Z-.......1..w.....2l{R..{b.....!.&`...Z.e....^Mc..&.t..)..[...,.&aYY..x.twe.N.M........y..O....^....L...'...4.~..B].Ka.0......y...I~.Pa......C&......7=<..&......)...w.\M.=..Wb......Su.....F6.._I..n...<V.

C:\jar\carLambo\hYsqcGfbELOwxudanKXov.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	4781
Entropy (8bit):	5.994743895737391
Encrypted:	false
SSDEEP:	96:apij5gv6LqV+iwkJpGwn978uKAF86KVQh5haNAC4rgVPCT:apiiUqVR4s8uKAF85yh5hBTSu
MD5:	4D82201B1A061BD2DFA7B2A5694A8116
SHA1:	78A64EF593997D3D2CC370A97ABAFD5F58176BC1
SHA-256:	33F877545131ECEEE824A8C37C1A7EA358922342D5B8534DD9C823DA9B7AB910
SHA-512:	CA6E076BB27E1DC9331E3C0D7B5E5BB8B5EC54F9406304FCBEB938D28DB25E157F8598097879DCA3CA39C287FC4681F6BACAF6115D6F1F9DF6683CA2FDD17F65
Malicious:	false
Preview:	.......1.t.......r..s.._..`..b..c..h..i..j..k..........................;........<.............2....4....A....1....9....3....@............../....7....;....<....=....>....B....C.........5....6....:....?....8....0..T.G..T.R..V.N..X.[..Y.]..\.P..\.]..^.M..^.Q..a.I..d.E..e.W..f.K..g.F..l.D..m.J..n.H..o.F..p.J..p.Z..q.L..q.O...()I...()J...()Ljava/lang/String;...()V...()[C...(I)C...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;...(J)Ljava/lang/String;...(J)Ljava/lang/StringBuilder;..5(Lcom/sun/jna/platform/win32/WinUser$LASTINPUTINFO;)Z..&(Ljava/lang/Object;)Ljava/lang/String;..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...([C)V...<clinit>...<init>...Code...GetLastInputInfo...I...INSTANCE...IXoamLVdxZHhnOCKEypnx...J..#Lcom/sun/jna/platform/win32/User32;...ONjFQMbZKhXUIvJECkqdG...[Ljava/lang/String;...append...carLambo/HBrowserNativeApis...carLambo/hYsqcGfbELOwxudanKXov...charAt..!com/sun/jna/platform/win32/User32..0com/sun/j

C:\jar\carLambo\hccNzYOZzwIxSugKtwNFq.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.40398429045814
Encrypted:	false
SSDEEP:	6:ObSs3tsTf3pvW4y1wf3pbWh6f3pPhVXk2UqRPt+NkqlJlbK/sxAfclknM50:ObA3pFy1w3pbUu3pZVCqRlOJl2/stkM6
MD5:	A7F7C47D0F75E833E7FA864D13B18B30
SHA1:	468C954ED241DEFE017B7762C28FB624690CD394
SHA-256:	720D2E0D3BA7113E73FA47843374DEA8361E2CD03EF1C983AD9B2BC681883FF7
SHA-512:	76D80E4433258E53DFE0211375483929399EBE3995E28746986BFC3508F0A2DD0795EF515A94179FB0CDD28256DF7D3210B596FD9CE306099395D0FC43A823AA
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/YAscrrsjSCEINprDrLpVw;)V...<init>...Code.. LcarLambo/YAscrrsjSCEINprDrLpVw;...carLambo/YAscrrsjSCEINprDrLpVw...carLambo/hccNzYOZzwIxSugKtwNFq...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................Y+..............................................

C:\jar\carLambo\iUmCoRfIFAQoefdxTBoVc.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.399565456364279
Encrypted:	false
SSDEEP:	6:ObxAU3tsaH8tPy4y1/H8t0Nhci+htH8tZQRPt+Nkql5dl7ljclknM5UK/sxl:Obx7HmPhy1/Hm0P+tHm2RlO5dxWkM5f8
MD5:	9AD95C77E0906C9DF398280D74198BD4
SHA1:	53E24BA15CEAF438B823044660463912A0D2ADD0
SHA-256:	2FA211FA453147066FC917548B5D24D045538C13A8536F88C4862D5018FC1F96
SHA-512:	1DA638ACF978A2644DC8F167FFDCEE584411A67A59A6CC432617BBE96356AD8410513FEAE77119B7C91DAC9B025E1CF3ED6941854A39627A099CF1A983FAAF73
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/sbsQDGLLzqONvAeirLUFR;)V...<init>...Code.. LcarLambo/sbsQDGLLzqONvAeirLUFR;...carLambo/iUmCoRfIFAQoefdxTBoVc...carLambo/sbsQDGLLzqONvAeirLUFR...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0...........................................................................Y+.............

C:\jar\carLambo\jsGSSBxDsfgZgmNRCCRge.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	13927
Entropy (8bit):	6.478743483503772
Encrypted:	false
SSDEEP:	192:ujICjMtB09h7kU19I4TkxprV4U4+fCcWud0dK5Yrxp3k87VDzjZq+VId41Ky:4Mtsh71e/x5V4K4I88YfkcBx7F1Ky
MD5:	296F17D521783C2BC011A8A7FA1254C5
SHA1:	A87157E156C9F9401E02DD8018D52B3EC9B4DEC0
SHA-256:	50F47E6143BBE0F3386811ECDD2B36280A977271BCBE14207EAF05D770A48311
SHA-512:	C545FD0282B39E6FCBC7E1A2575480D4F7CCCC55667C34E2D328DE19583994E77907019FA1A615D8910D9C122860EA1437AA27E179BAE87B82BD27A9235108B3
Malicious:	false
Preview:	.......1..................@.....D..E..F..G..................................................................................................................................................................................?.ffffff.@ 333333.........:......................................................&....:....C...................$.....................................!.@..!.A.."....".=..4....8..........................'....)........+....,....-........./....0....1....2....3....4....5....6....7.......................................%....(....8....9....B............................................... .... ....!...."....#....#....$....$....%....%. ..&....&....(....)....).?......+....,....-....-.........0....1....1....2....2....2....2....2....2....2....2....2....2....2....2....2....2.!..2."..2.;..2.<..3....3....3....3....3....3.#..5....5....5....6....7....7....7....7....7....7....9....9....:.>....S...._....`....c....e....f....g....w....{.............................T.........L.........U...

C:\jar\carLambo\kKDEXLppEHnYcckGnnxxg.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	6467
Entropy (8bit):	6.166684684091065
Encrypted:	false
SSDEEP:	192:gqNOM6s67g8SCRebiMNiF1k1Si6KeWans:g3Ml0jRhHF1k1Si3ons
MD5:	97DB65F6CC29CEBE9BEEA98EEE562B13
SHA1:	0A3CFA4B59B4EF676953CAC12AE24488546EDA01
SHA-256:	C052DA15C914025D055DB903CE9866F0720FAC314609204EEBD1145E3CF97BAF
SHA-512:	A6973C6A349482A36B72FE0D089D4EA6EAFA6B4356EBC43C5D8301AB8BD8F8868752FB533E6877870A03F2FA00BDCA1868EB8D1BB78BDB3FF2A88B72D07A088B
Malicious:	false
Preview:	.......1.................................................................................................X....Y....^....d....r.........y....t....\.........Z....S....[..............W...._....c....].........S....g....j....b....x....w....m....n....v....R....e....o....T....U....V....a....q....s....z....{....\|....R....`....p....}....f....l....k....~....i....h....u.................................................................................................................................................................................................................................................................n.mJ..S...K...+....&..D...'....l....`..q.o;^...x..I...F....PaR.E........~.p#...()I...()Ljava/lang/Runtime;...()Ljava/lang/String;...()Ljava/net/URI;...()Ljava/net/URL;...()Ljava/security/CodeSource;.."()Ljava/security/ProtectionDomain;...()V...()Z...()[C...()[Ljava/lang/String;...(I)C...(I)V...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/

C:\jar\carLambo\kqfTtOdPWqoSaOdKfHjPr.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	25136
Entropy (8bit):	6.684118165008644
Encrypted:	false
SSDEEP:	768:6cogQ/E1wkMlaRwYCdxN30dxDwf2n5x0iwB0sSlI7LG:6cogQ/EgwuYCdTCtyKx0p08LG
MD5:	12044C0549AC97D208F50CA1A995A5D2
SHA1:	91AD034B827143B4FF1E15F72CB42FE46871CEF0
SHA-256:	ED291CE034B8719205055EB9B253AD31E8CE095414253A0E233E8996E1C2641F
SHA-512:	2A2D6AAC40A3179B0B75B8E2625F21947FE3BA9FF3C7EED2A28BA2C900CA212582F213210D2E38D406627B760E00766FBAFD67535D1D2685857E5ED203E08112
Malicious:	false
Preview:	.......1...........O.....................................................................................................................m....n....q....s....w....z.............................r....r....r....r....r....r....r.. .r....l....o....p.............................\|...................g..!.k..!.x..!....!....!....!....!....!....!....!....!....".g..".h..".u..".v.."....$.i..$.j..%.{..%....%....%....&.g..&.t..&.}..&....'.g..'.h..'.y..'.~..'................................................................................................................................................................................................................................................................................()I...()Ljava/lang/Class;...()Ljava/lang/String;...()V...()[B...()[C...()[Ljava/lang/Class;...(C)Ljava/lang/StringBuilder;...(CC)Ljava/lang/String;...(I)C...(I)I...(I)Ljava/lang/Object;...(I)Ljava/lang/String;...(I)V...(II)Ljava/lang/String;..%(Ljava/lang/Class;)Ljava/lang/String;.

C:\jar\carLambo\ktqJfqRpauSAGkfJbNchr.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	120
Entropy (8bit):	5.035004916931367
Encrypted:	false
SSDEEP:	3:Dbll5fhm3phHVbuuYtDBlFE3QCK8Pdi0Bd3jLLZGn:xZmZhZu7xTFE3RPgyLs
MD5:	0645B28A1CE1EB255ADAD83007542DEA
SHA1:	097DF1A2CBFECA86F949EDBBE8759CE89374F425
SHA-256:	A68F0AB709DBAD57103CC22FC4550298F011C296FA8C3031ABEB95510FF7F143
SHA-512:	7347984D380BAA66ACC9CE1F56C8E5A09BD148E3B406234D7D1002977549F7CF375F1C4EEDE82266AB482139CF95BF90B2754F244809A31D1EA547625D576E34
Malicious:	false
Preview:	.......1...........()V...carLambo/ktqJfqRpauSAGkfJbNchr...java/lang/Object...vPGWlacnCrelHWkRFSJnJ......................

C:\jar\carLambo\lXiQWxbivgQpkaqCCfVKY.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	6848
Entropy (8bit):	6.3259423011372835
Encrypted:	false
SSDEEP:	96:5Kl62zBQ0dXGLbynQ3E7MFx82RSJv5hCEpB+1WUVi7ccPRYexEGDkkeu/EziF3yE:5K0qXcHKq6Aea+E5k7ccPiokTuwi5Q+
MD5:	1132FC8AD53D49B5C0FE9835A5CB066F
SHA1:	825025812BA0904D12C0E97E0770A9B688899884
SHA-256:	334DFAEB4D74B7186B29BD285B1BDAD2089C4D33E0D3EF8805FF0BEA33063335
SHA-512:	0DEB8BFD3BFE34D5F85EA80CD6DC59A40163521EFFCDF556A13109258BD799A9D5D83D9713E41BAEDF76BA28955B8B6352DE20CF99AD1A54F72E3D955BD8AA2E
Malicious:	false
Preview:	.......1.........f..g.........................................................................G....H....e....E....F....b....a....`....c....d....Y....M....X....B....C....D....K....L....N....P....S....V....Z....\....]....^....B....J....R...._....B....Q....W....I....T....[....O....U....T....m....~..............y..............x....z....q....u.........\|....w....o....n....s....j....k....l....h....i....m....t....v....h....r....p....j....j....r....y....{....}....................()I...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()Ljava/util/Set;...()V...()Z...()[B...()[C...(I)C...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;..O(Lcom/sun/jna/platform/win32/WinReg$HKEY;Ljava/lang/String;)Ljava/util/TreeMap;...(Ljava/lang/CharSequence;)Z..D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;..&(Ljava/lang/Object;)Ljava/lang/Object;...(Ljava/lang/Object;)Z..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/S

C:\jar\carLambo\mdNVabGLtSgHprawsRQOv.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	468
Entropy (8bit):	5.558997517612954
Encrypted:	false
SSDEEP:	12:vGYCojh/MJy1rE/MOUJuCUkptI3RlOJlb1dj0Gx+lqn:MoMy1Q44CUkpIzOrb/j0La
MD5:	4667D8E8E4F012052ED04A13757EF57B
SHA1:	0E6619CAE40478C90048B2F14B9B26EFA8F129D0
SHA-256:	1BFBDD2DBDFF374858499E849A7B7F24DD0D4AD1EFBE845155F4D06C90367BCC
SHA-512:	E1A70CDFB27FF7D8C5820F6A784E361B8CC2E9469CFB28E668DA51B9B19AF7E293CBFDC40E884E532623548FF138596CFB64EDD17C1837BF39DE93EDB19B069C
Malicious:	false
Preview:	.......1.........................................................()V..5(LcarLambo/jsGSSBxDsfgZgmNRCCRge;Ljava/lang/String;)V...<init>...Code.. LcarLambo/jsGSSBxDsfgZgmNRCCRge;...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...carLambo/jsGSSBxDsfgZgmNRCCRge...carLambo/mdNVabGLtSgHprawsRQOv...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..................................................,Z[+....................................Y..._.............

C:\jar\carLambo\nYKUJiPDMFquwRpKFElAD.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	9108
Entropy (8bit):	6.381538980065949
Encrypted:	false
SSDEEP:	192:ftPTgoGTeZyF1UgV05Lf7VyMprsUqPkowxouCHrAglgFNXAgaU0ahKnBQ:ftcoGiS7Mf7fsIoLWgcXAg0awnBQ
MD5:	337F4F463C43C04D8C9C235CAA510E28
SHA1:	9D000638D33F99345FA378E5CC364CB7EDC90622
SHA-256:	ED1BF3B5A170C7EE10B1AE31991A3C25D5E19701E37938F4137F8972C5FA2CA5
SHA-512:	3A6DF13AC170FEFAAE43CA1F24D5B3C9AFAC23D09B8EAA6773F55F43BA3CE5E492A7D3CEF5771AA4D6F25F9F9BC2568E39C531742D2E66C90CDCCEB360AA5EFD
Malicious:	false
Preview:	.......1...... .........................................................................................................l....m.........h..!................i....j....k....t........................`....d....r.........b....w....x....\|....~.........a....a....r.........c....r..............`....y....g..............f....q....s....u....v....z....{....}..................................... .`.. .e.. .p.. ....".`.."......n....o....................................................................................................................................................................................................................................................................................$...()I...()Ljava/io/InputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...()Z...()[C...()[Ljava/lang/String;...(I)C...(I)I...(I)Ljava/lang/String;...(II)Ljava/lang/String;..,(Lcom/sun/jna/platform/win32/WinNT$HANDLE;)Z...(Ljava/io/File;)V..1(Ljava/io/File;Ljava/io/File;Ljava/lang/String;

C:\jar\carLambo\oGMqziBzYYxWXtOgENcol.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	4895
Entropy (8bit):	6.083288255411674
Encrypted:	false
SSDEEP:	96://+ap0piXhW6ygc4Sxl7+snPyB2C7tVvT6p81Iv7pUQu+RcVPCc://+apNXUZZldqwgTenvUB
MD5:	99DA428A55CF5A29ADB83D9AA6133972
SHA1:	2BDD085D4FF68B56A6B25AA1C099353FB2058866
SHA-256:	3DDE4347F17A5872F3D79E9CED6236F6A237EFFD7EF20C9D929BA877E79E8C69
SHA-512:	4360ED7A20B31479C0227002E5C036C50E318C8E309BA00D40DCAE87B6324C074F46C6BD5AA7DE7F029A2B459D09E841B91477ADC222FC5411E5E8B09771E2F9
Malicious:	false
Preview:	.......1.........G..Z..g.....c..d..e..k..l..m..n..o..p..q..r....2....3....F....E....E....D..../....;....:.........-....7....1....<....>....0....5....6....8....9....=....?....@....A....C....-....4....B..\.L..\.P..\.Q..\.X..\.Y..^.a..`.a..b.T..f.N..h.R..i.I..j.K..s.H..t.L..u.K..v.W..w.V..x.J..y.U..z.O..{.M..\|.K..}.K..~.O..~.S..~._......()I...()Ljava/io/InputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...()[C...(I)C...(II)Ljava/lang/String;...(Ljava/io/InputStream;)V...(Ljava/io/Reader;)V...(Ljava/lang/Object;)Z..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)Z..'(Ljava/lang/String;)[Ljava/lang/String;...(Z)Ljava/lang/ProcessBuilder;...([C)V...([Ljava/lang/String;)V...)......K.`...<clinit>...<init>...Code...IXoamLVdxZHhnOCKEypnx...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...[Ljava/lang/String;...append...carLambo/bzlBSuuREhLCmheoxRLoe...carLambo/hWdmIbubOgKXDUyGkTEEB...carLambo/oGMqziBzYYxWXtOgENcol...ch

C:\jar\carLambo\qAnFfCeztBRNXnxmfAymy.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.418551690073418
Encrypted:	false
SSDEEP:	6:ObSs3tsfo4y18ohT5h2lhd3oDV2QRPt+NkqlJlbK/sxAfclknM50:Obky1/hTDg1oRBRlOJl2/stkM50
MD5:	0045D734B12753B9C694549D60F961C7
SHA1:	31C1FD9D72FF402A69AF74AE4A459B1685216BA9
SHA-256:	D50024CDBB909AFF135B94E283D21C0FB2F06780BCB41DD45176DFCB1220D4D2
SHA-512:	DB6CD2842D67338FF1EC1522AA94D1044660DB189DF1C36220EE88E0D229A1B0940217C4454A2B74D9F93BAD1A4573F5D36A85190C52B6B3EEEA51225BD50226
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/UWPKqDtrtuRkfgJqVaIfH;)V...<init>...Code.. LcarLambo/UWPKqDtrtuRkfgJqVaIfH;...carLambo/UWPKqDtrtuRkfgJqVaIfH...carLambo/qAnFfCeztBRNXnxmfAymy...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................Y+..............................................

C:\jar\carLambo\qNjCcZeKvVwoJRxKdiCbn.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.375005491029261
Encrypted:	false
SSDEEP:	6:ObSs3ts5uKNW4y1ouKFE5hOuKPCWhkvJ+RPt+NkqlJlbK/sxAfclknM50:ObbSy1rWUJuCUu+RlOJl2/stkM50
MD5:	16AC1AC669BA20460253BFE1BC755616
SHA1:	3DC2FA06477F5A408F90C7A2AC3AADC5F14C27BF
SHA-256:	36B27903F1C753DBDF5257208AFE4B848CD45C1978E363261B14160C66993A0C
SHA-512:	D106DF7C1DA4951042F750122C07C115864EF0BA4F28A435607502CA226FAB5DF5163D0487D8D010E384140BC6DF1A2901952C5D8482F27A185044622C161A2B
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/jsGSSBxDsfgZgmNRCCRge;)V...<init>...Code.. LcarLambo/jsGSSBxDsfgZgmNRCCRge;...carLambo/jsGSSBxDsfgZgmNRCCRge...carLambo/qNjCcZeKvVwoJRxKdiCbn...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................Y+..............................................

C:\jar\carLambo\qSvSnaYHzthBBeWOIMBaB.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	401
Entropy (8bit):	5.511528825145511
Encrypted:	false
SSDEEP:	6:hjitU3ljzsaH8tPy4y1/H8twR20U5hmZy4nNWhtH8tZQRPt+Nkql5dlRXK/sxBPH:Y4HmPhy1/HmXigtHm2RlO5dW/sXqkM50
MD5:	338F19D0F1DDB9676B6CCAC29B206644
SHA1:	1146DCDB229802C7478983489AEB6DE38FC7B7EC
SHA-256:	814201981E47EFF2EF8C481ECA242A07AA6F8C0C7E448BF31ACEB94A8854E797
SHA-512:	4099C78DA49EFB3BEE42D0C9142FC3A04FFD9872CF20F010788F13A8D5C09ACBE659D1B39C86CB55274D1D58A286CD0BC2B0E72D374AE766199C47743B14448D
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/sbsQDGLLzqONvAeirLUFR;)V...<init>...Code.. LcarLambo/sbsQDGLLzqONvAeirLUFR;...ONjFQMbZKhXUIvJECkqdG...carLambo/qSvSnaYHzthBBeWOIMBaB...carLambo/sbsQDGLLzqONvAeirLUFR...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................Y+..............................................

C:\jar\carLambo\qcwPdWnKTLcdPxDSEKqai.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	11145
Entropy (8bit):	6.470081023218369
Encrypted:	false
SSDEEP:	192:3G5cJGpCJYUwNe8uBr9SsfXWcrQsmA2H7CcQzf5IsdcNkqLCtAyi5U1VZN7:z4pIVv59SsfXTrln2H+cQjaxkq+Ji5K9
MD5:	D1EED31271486EF64577CDCFA4D25334
SHA1:	E00C65D29899CAF59900F6A59F925ECBEECF81E2
SHA-256:	A05521D4416C71F61C01C39569BDD03021078363D51120C83B411979C9CC1C55
SHA-512:	3EE25A0B20F88E15338EFBA64C16B172A96BC8210E74EF48A1827DAB82D17A168022F09906BB406C9A4CA3EBDAD14350554B12618253D0FAFB8CD11E32B5E9B1
Malicious:	false
Preview:	.......1.p.........................................#..]..l..o................................ ..9..:..;..<..=..>..?..@..A..B..C..D..E..F..G..H..I..J..K..L..M..................................................................................................................................................................... .... .... ....!....#....$....%....&....&....&....'....'....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....)....)....)....)....)................+....,....,....,....,....,....,....,....-....-....-....-.................../..../...................................................................................................!...."....%....&....'....(....)....*....+....,....-........./....0....1....2....3....4....5....6....7....8....P....Q....S....T....U....V....W....X....Z....[....\....^...._....`....a....b....c....d....e....e....f....g....h....h....i....j....k....k....k....k....k....k....k....m.................>.ylr..k..jN..

C:\jar\carLambo\resources\config.txt Download File
Process:	C:\Windows\System32\7za.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.7168031151650105
Encrypted:	false
SSDEEP:	6:cYRxN6epouXMyBoBQDFoDYg3Tc2Ld+93KKn:coN6enftFQY0p+EK
MD5:	53A8DDAB5B788AC16393C94687E0DA3C
SHA1:	BA9913773A9B3E556A072C6BD935369C45DB66C8
SHA-256:	5E308F29E6B598F63911FC0D6B23DEFCF0DD889F0116C3619A2DCBEA591B6E98
SHA-512:	28EC5B09CE7C1688E287C9B3E5FB28AAD2923934E883A8774BB916EDF7A10F39E9BC9E5911D26FDE73A612DEA153233250CE45698AD0D9409D8091404B51AA66
Malicious:	false
Preview:	AAAAEBqdn/e2cNd0kQOtnQnB9lFzUvqA7sRaApDYlyC8outMT/561df8J+3EWC7ajcwFn1sDb9yi51nNNjLnwz8l5NDHfYm1eFOLSz8IyOLyJeFmd5oMW6QdHvclu984lbagMpzbeEn4zZ3o9IJe6a86MpdK669H6cHnxU4mmXNJQbej26p8LCV8yOnfcrJEXTUylg==

C:\jar\carLambo\sbsQDGLLzqONvAeirLUFR.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	7509
Entropy (8bit):	6.230602408484613
Encrypted:	false
SSDEEP:	192:auHyD4S4I1o7sRJRhKmU19SzU4YHCOtt95q:au+4Sj1oiKxTSO7q
MD5:	20B1BE0F34F5AA57FCEE0DB6309E2C3F
SHA1:	E405B4A4618EDEFE37CC1FB78992571131526CA3
SHA-256:	1329562D999971A5EC6CF76E8128748FD1B5334ACE914ED9833778CFDE6D2677
SHA-512:	415227B941F35517187D1FFB24BF5508E468C48ACF3E36413071D265AABE7E1A80E7AD2DDFC5E2D51F5808FF89A752144C5C416C2341415D77F7BAA4F73357C9
Malicious:	false
Preview:	.......1..................................................................................................@.....k....m....g....j....t...................l....h........................i.........b..............d....u....x....z....}...................c....s.........c....s....y.........}....b....f....r....w.............................b....p..............~....o....q..............b.........b....\|.........v....{.........e..............n..................................................................................................................................................................................................................................................................................................................A>.......C19S...c/./7>..9G.?6....V.G..8..........eK..#h............d..#Xq..-.w..........()I...()J...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()V...()Z...()[B...()[C...()[Ljava/io/File;...(

C:\jar\carLambo\sdQKOtlJzWCBporuolMyN.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	1297
Entropy (8bit):	5.81601389953463
Encrypted:	false
SSDEEP:	24:8xqPQfzoy1/d8qEwBxxqnzT5DzEKrelSlmceuAXqYj:8cPQfk8dB3MzT5DzTeMIceHaS
MD5:	063948920926B55E075E97B43726E507
SHA1:	B72667F9A14C5D92DB62572E1AE752C493926929
SHA-256:	13D19559126C049FAD76CD546EBCE04077F6340352D56D4A764950CA7A6B4D83
SHA-512:	9700188DA3E6030278C7BC9902BA674D6655BCB8CAFE6988A9CD9E9DC61F1DA045D1555F5725869C80897E6A964D4217B0BF0BBFF866B5B60DB7C13979E16347
Malicious:	false
Preview:	.......1.K..0..;..<..=..?..@..A..B..C..D..............&.... ....$....%....!..................."..............#..2.(..2....2./..4.7..8.5..:.-..>.'..E.6..F....H.)..I.'..J.*..J.,..J.9...()Ljava/lang/String;...()V...()[C..G(LcarLambo/AaISogscfReXxeZKUWBlO;Ljava/lang/String;Ljava/lang/String;)V..6(LcarLambo/AaISogscfReXxeZKUWBlO;[Ljava/lang/String;)V..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/lang/String;)V...([C)V...;\|.1.6v'J4Yo...<clinit>...<init>...Code...IXoamLVdxZHhnOCKEypnx.. LcarLambo/AaISogscfReXxeZKUWBlO;...Ljava/io/PrintStream;...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...[Ljava/lang/String;...append...carLambo/AaISogscfReXxeZKUWBlO...carLambo/hWdmIbubOgKXDUyGkTEEB...carLambo/sdQKOtlJzWCBporuolMyN...intern...java/io/PrintStream...java/lang/Object...java/lang/Runnable...java/lang/String...java/lang/StringBuilder...java/lang/System...out...println...run...toCharArray...toString...vPGWlacnCrelHWkRFSJnJ.0.............J.9.....8.5

C:\jar\carLambo\susnFxnUwlidMWpefYbJj.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	6490
Entropy (8bit):	6.173454259903965
Encrypted:	false
SSDEEP:	192:pF7jMEnc2+D0k9L9FwbXsqLw/R7nlWA1F9:pF3H4giLL8LLI7nlWeF9
MD5:	50ACA9B8E36F29521BB71CCD5E131274
SHA1:	2799138ED5FAAE3028A8BFE70F6EA24AFC77FED3
SHA-256:	C2F9DF8BDF4463888DFC6D4ECD92D483A931B2548BF8CE54C805E7C9A3DD4665
SHA-512:	7A6CA312880BD46645A3D30BF57EB19ADA2CE730F1191D6C121572332EDF4F13F8AC60DB4453CBD1402C64278404AC46605E65E8B71DC58A0C48B5FA4B3F9719
Malicious:	false
Preview:	.......1..............y............................................................................U....S....T....Y....r....w....t....s....u....v....M....m....N....N....L....Q....W....e....h....o....p....q....]....a....n....x....L....L....b....j....X....i....Z...._....d....[....`....O....R....P....c....k....V....\....g....l....f....^.............................................................................................................z...................\|....}.........z..............{.........\|....z..............\|.....................................3.t.........#.vx~.....)[."..Se.}......()I...()Ljava/lang/Object;...()Ljava/lang/String;...()Ljava/util/Iterator;...()Ljava/util/List;...()Ljava/util/Set;...()V...()Z...()[B...()[C...(I)C...(I)Ljava/lang/String;...(II)Ljava/lang/String;..B(ILjava/security/Key;Ljava/security/spec/AlgorithmParameterSpec;)V...(Ljava/io/Reader;)V..3(Ljava/lang/CharSequence;)Ljava/util/regex/Matcher;..&(Ljava/lang/Object;)Ljava/lang/Object;

C:\jar\carLambo\tSrrFgcYOfUSarEmZIkay.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.385925302555541
Encrypted:	false
SSDEEP:	6:ObxAU3tsDjooG4y16jooihWQreOEVvhMjoo/SRPt+Nkql5dl7ljclknM5UK/sxl:ObxmB9y16BIWQreOIMB/SRlO5dxWkM5E
MD5:	FDEE2DA98DD25AFA2F8D42E09F7E3185
SHA1:	68182D35A13F910AD159B72AFEA0D795500C0107
SHA-256:	4CEB9897B0EDFA586DB39F9D643820389454679B85D4A0D923AFC077BC3E15B9
SHA-512:	E4E9C55D9A006DECFD815C1016088D1FAEB7B482B1667B55A227C35EA4845567B8E10A314B25BBF31C0EBB66D38E339999EF2F86C23DE8F90C27C33B45C7B83D
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/unFpTnLKGCoDhhTwCythd;)V...<init>...Code.. LcarLambo/unFpTnLKGCoDhhTwCythd;...carLambo/tSrrFgcYOfUSarEmZIkay...carLambo/unFpTnLKGCoDhhTwCythd...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0...........................................................................Y+.............

C:\jar\carLambo\uinODIkCilGXJDaSnyVJx.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	377
Entropy (8bit):	5.409734755046493
Encrypted:	false
SSDEEP:	6:ObSs3tsNk0O4y1wk0y7T5hik0Phrp9SRPt+NkqlJlbK/sxAfclknM50:ObiFy1yoTDgZlYRlOJl2/stkM50
MD5:	972EF445D939C719B2C5592A0AEB7516
SHA1:	1D6FC872B5CEC0C5F70B764901578C9517697B55
SHA-256:	35426BD8D2DA9319189B6361AC4FE9589EB5A637124D9BCC50B4F8AC5A88D068
SHA-512:	B45B63FC3A0C33F9ED99A313B7B158C1A467C39DEE8DBFD6A6BD2D62E8C214CF4CB09B50FEF60C7A6397791DBB9A3BF62E4D85AF840DF1617D9F17D06D0F1361
Malicious:	false
Preview:	.......1...............................................()V..#(LcarLambo/TwJpMYXWnMJHKsRderDDT;)V...<init>...Code.. LcarLambo/TwJpMYXWnMJHKsRderDDT;...carLambo/TwJpMYXWnMJHKsRderDDT...carLambo/uinODIkCilGXJDaSnyVJx...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................Y+..............................................

C:\jar\carLambo\unFpTnLKGCoDhhTwCythd.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	9831
Entropy (8bit):	6.39664147581915
Encrypted:	false
SSDEEP:	192:mkC42YsrBQ4rHyHm6VYjG2wGUMiiPgkqzNwyH4Jr5dMdNU3J6tOx7:mD0OBbrSGqYjG2cDkqqyH8Fid2wti7
MD5:	9C2D663D3347D84DF5DE1BD058E32058
SHA1:	D2B82C62AF366AAA6FE117F2017F20CC05EBAAD9
SHA-256:	66CC85EF64862B456F720146C8CF3D285C67F974A3C8CEFE0422E528C1259E8B
SHA-512:	ADFF79C3BBBF06A003DAABA17B25D3556003230FB1BF917265FB077A0164A148954E91CFEC786C079261FCC8D8DB44B934836D1DB7C92FABE304ABAFD937F09A
Malicious:	false
Preview:	.......1.S...............................................<..R....................&..'..(..)....+..,..-...../..0..1..2..3..4..5..6..7..8..9..:..;..........................................................................................................................................................................................................................~.. ....!.~.."....#....#....#....$....$....%....%....%....%....%....%....%....%....%....%....%....%....%....%....%....%....%....&.~..&....&....&....&....&....'....(....(....)....)....+....+......................................................................................................................................................................... ....!...."....#....$....%....=....>....?....@....A....B....C....C....D....E....F....G....H....H....I....J....K....L....M....N....O....O....O....O....O....O....O....O....O....O....P....Q....Q................$...()I...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/

C:\jar\carLambo\vISXLMxulVKJDJdBSbyBW.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	5696
Entropy (8bit):	6.242223998301852
Encrypted:	false
SSDEEP:	96:pitk7ndYOKGEdMPvAk6NdzbEMJSnSW6viicPYmKWnlpc/yeVPCe:pr3KzMPokmZbEMY+viiltWlpc/tT
MD5:	D24EFB2AFBA6849E895A9B83344DB3BA
SHA1:	FFCFDCBB88C18E35CEF04CF1DFBE1DA03C898FCF
SHA-256:	8206FE2FF1AC6ACF8DBF293EC0B266DA2F5810C8D12BCEB9CFE936F917847BB6
SHA-512:	8405FAB77CE5F0E9253DDD3DD4E5CDB4F019A05180EAD3399B2DB1E90A1F21C084F256749ACCCC92DBFF51F1BCEF3EB07A564CFD7280EDEC1D6BDACAFEA66244
Malicious:	false
Preview:	.......1.........T..U..]..m..p........w..x..y...............................;....<....S....R....R....Q....8....?....H....7....?....6....B....C....:....I....K....9....>....@....A....D....F....G....J....L....M....N....P....6....=....E....O..o.[..o.b..o.c..o.k..o.l..r.u..t.u..v.h..z.^..{.[..\|.d..}.e..~.W....X....f....a....Z....V....Z....j....i....Y...._....`....\....Z....Z....`....g....s..........()I...()Ljava/io/InputStream;...()Ljava/io/OutputStream;...()Ljava/lang/Process;...()Ljava/lang/String;...()V...()[C...(5H....-Wl+...<.B'..*3...2......K0....$P.t!.l.....(8.!...g.{.=..7tI...+yn.AWL.q.(9..';..^... .........JC...~-gE.-..F^....(I)C...(I)Ljava/lang/String;...(II)Ljava/lang/String;...(ILjava/lang/String;)Ljava/lang/StringBuilder;...(Ljava/io/InputStream;)V...(Ljava/io/Reader;)V...(Ljava/lang/CharSequence;)Z...(Ljava/lang/Object;)Z...(Ljava/lang/String;)I..&(Ljava/lang/String;)Ljava/lang/String;..-(Ljava/lang/String;)Ljava/lang/Str

C:\jar\carLambo\vPGWlacnCrelHWkRFSJnJ.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	905
Entropy (8bit):	5.811610127514052
Encrypted:	false
SSDEEP:	24:PTFv9gAy1sQ4OBH7zTSPMWludeE7O1hAX18mxFi:LR9DRQBzTS0ePQF8oi
MD5:	B90B8782E5637E450EA46EAE489B26B6
SHA1:	A9806BACDB4C711D4AC5E5E98B44373FB6569060
SHA-256:	BC90C44FF21CC99691F0B9FACD89AAC9F744488A2DB7AF763661316FC2307CBD
SHA-512:	30676AD3FF2102AA044B58FC56690BEB458839803FE25644362B3C2DE1E05ED03B0F443701F0AB0C2E22CA0B3B202433FE53CEF64F37D14B8E106DFAEA05406E
Malicious:	false
Preview:	.......1.3.....)....+..-...../...............................................#....#.!..%. ..(.'..,....1....2....2....2.&....zFC0`G.Nfy..C.P....()Ljava/lang/String;...()V...()[C..#(LcarLambo/eauxCIrdjXbTstchfeoOk;)V..&(Ljava/lang/String;)Ljava/lang/String;...(Ljava/lang/String;)V...([C)V...<clinit>...<init>...Code...JJNChPaoaJuTageKFIyUf.. LcarLambo/eauxCIrdjXbTstchfeoOk;...Ljava/lang/String;...ONjFQMbZKhXUIvJECkqdG...carLambo/TwJpMYXWnMJHKsRderDDT...carLambo/eauxCIrdjXbTstchfeoOk...carLambo/vPGWlacnCrelHWkRFSJnJ...intern...java/lang/Object...java/lang/Runnable...java/lang/String...run...toCharArray...vPGWlacnCrelHWkRFSJnJ.0.............2.&.....(.'.......#.....$............Y+..............0.....$...................................".....$........................Y._.;_Z...`Y.\4...p....C...........%....../...4...9...>.V....-....6.........@....8....2..U..._Z...\_..._Z.......Z_......_W..~......

C:\jar\carLambo\wparXSrkmxMhKOZjMNKKu.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	277
Entropy (8bit):	5.121071061131822
Encrypted:	false
SSDEEP:	6:xkdHfW4y1vhCKjlBW5h4n2IcRPt+NkqlJl500lplln0OloFv:ODy15tuD42NRlOJlLLNNlod
MD5:	68BE706DDB652BACD10CB11438221C06
SHA1:	4748571F87F7B7B665711EA6B15ADD82C5634E04
SHA-256:	D0A990635873FDAE4252529C3CB52B0EA13A907844906AFDE7F6459F04D6B2ED
SHA-512:	5582E1C175BC306B5C3C8C49434457B0F036336E9A13CF362695749D4DC28B14DD77622E28836145AC80181C5A14B1B376B85E4C05ED83B228CEFC2774F5E4A0
Malicious:	false
Preview:	.......1.....................................()V...<init>...Code...carLambo/bmfvovJGUyUbPgySKkkcq...carLambo/wparXSrkmxMhKOZjMNKKu...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0................................................................*..........

C:\jar\carLambo\yLBVjlynSgWMgvIJTRRcy.class Download File
Process:	C:\Windows\System32\7za.exe
File Type:	compiled Java class data, version 49.0 (Java 1.5)
Category:	dropped
Size (bytes):	584
Entropy (8bit):	5.716849730300627
Encrypted:	false
SSDEEP:	12:ubxzfZnffzy14HFnRZm/9nHEYxvRlOJlIivBamgS/:ubxzBnzy1QRc/9HBxvzOrX3gS/
MD5:	FE606169E6457AF51AF4F785E0D563E6
SHA1:	A6F2A42EF084B44184080F578CD269B775F4157D
SHA-256:	DC9D365B44481CE8045468EBAD9C3CDD26AB9582F4003F1AECC7EA85A4659E77
SHA-512:	4567E1BD0D807560E4A416E12CC71DB8E69252BDEAFD5A6C8A0F5181E464A1E81AC8F18FDB37CD6E852B64E1211A5E3617D9EF59B17373108BBEC33A124F0E6C
Malicious:	false
Preview:	.......1...................................................................()V..T(LcarLambo/TlNoUrOpQFTDEOhhEkJkV;Ljava/net/Socket;LcarLambo/ktqJfqRpauSAGkfJbNchr;)V...<init>...Code...IXoamLVdxZHhnOCKEypnx.. LcarLambo/TlNoUrOpQFTDEOhhEkJkV;.. LcarLambo/ktqJfqRpauSAGkfJbNchr;...Ljava/net/Socket;...ONjFQMbZKhXUIvJECkqdG...carLambo/TlNoUrOpQFTDEOhhEkJkV...carLambo/yLBVjlynSgWMgvIJTRRcy...java/lang/Object...java/lang/Runnable...run...vPGWlacnCrelHWkRFSJnJ.0..........................................................Y..._........................... ........-Z[,+...................

Static File Info

General
File type:	Zip archive data, at least v2.0 to extract
Entropy (8bit):	7.970588409725289
TrID:	Java Archive (13504/1) 62.80% ZIP compressed archive (8000/1) 37.20%
File name:	Quotation.jar
File size:	188977
MD5:	8eab8f1a928fa55303b7558536079a2a
SHA1:	491e913225a8c8d144c538fe27cf62f5a8465b38
SHA256:	20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
SHA512:	886928d68f14c012186872429739d1317350f329e5afa4ec820779e7f312d776433e8926000f522a3393e2ad454779eee1245ba266226bd0c8421f1fb97ba4a0
SSDEEP:	3072:vCcBIJZi3Kd1+Fv2CmQMKMh4BoRAnm8KELI09Cu/qinGVexOvwGyJ5e/wWR5inCw:6jc3Kd1xDQMKoTAnmEL6enGVZdyy/QCw
File Content Preview:	PK........5V<S................META-INF/MANIFEST.MFU..N.0..wK~...p&......&B.B.....S...#...e.J....~....'.2~..l..HQqv...a.~0PX..Br.FC.h\|X.....B%%l..zg..q..r9...#..u.R.=.g.T.O6.....u1.Jyh.Yu.....C.g....).....e....(.B.....l.r6....K........'...{\|yo..7....2@Z...

File Icon


Icon Hash:	d28c8e8ea2868ad6

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/28/21-12:52:07.068868	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54795	8.8.8.8	192.168.2.5
09/28/21-12:52:37.204978	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	65296	8.8.8.8	192.168.2.5
09/28/21-12:53:08.097498	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	56969	8.8.8.8	192.168.2.5
09/28/21-12:53:38.312550	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54791	8.8.8.8	192.168.2.5
09/28/21-12:54:08.375172	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	63732	8.8.8.8	192.168.2.5
09/28/21-12:54:38.499931	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62372	8.8.8.8	192.168.2.5

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 13:05:41.308106899 CEST	60892	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:05:41.328864098 CEST	53	60892	8.8.8.8	192.168.2.6

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: cmd.exe PID: 5680 Parent PID: 5304

General

Start time:	13:04:20
Start date:	28/09/2021
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Imagebase:	0x7ff7180e0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: 7za.exe PID: 3312 Parent PID: 5680

General

Start time:	13:04:21
Start date:	28/09/2021
Path:	C:\Windows\System32\7za.exe
Wow64 process (32bit):	true
Commandline:	7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Imagebase:	0x9a0000
File size:	289792 bytes
MD5 hash:	77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.exe PID: 3068 Parent PID: 5304

General

Start time:	13:04:22
Start date:	28/09/2021
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun >> C:\cmdlinestart.log 2>&1
Imagebase:	0x7ff7180e0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: conhost.exe PID: 5292 Parent PID: 3068

General

Start time:	13:04:22
Start date:	28/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: java.exe PID: 5672 Parent PID: 3068

General

Start time:	13:04:23
Start date:	28/09/2021
Path:	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
Wow64 process (32bit):	true
Commandline:	java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun
Imagebase:	0xeb0000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Java
Yara matches:	Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: 00000004.00000002.624987172.000000000A7A5000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: 00000004.00000002.624888196.000000000A76A000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_STRRAT, Description: Yara detected STRRAT, Source: 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	high

Analysis Process: icacls.exe PID: 2728 Parent PID: 5672

General

Start time:	13:04:24
Start date:	28/09/2021
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Imagebase:	0x1030000
File size:	29696 bytes
MD5 hash:	FF0D1D4317A44C951240FAE75075D501
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: conhost.exe PID: 972 Parent PID: 2728

General

Start time:	13:04:24
Start date:	28/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Quotation.jar

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Dropped Files

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

UDP Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: cmd.exe PID: 5680 Parent PID: 5304

General

Analysis Process: 7za.exe PID: 3312 Parent PID: 5680

General

Analysis Process: cmd.exe PID: 3068 Parent PID: 5304

General

Analysis Process: conhost.exe PID: 5292 Parent PID: 3068

General

Analysis Process: java.exe PID: 5672 Parent PID: 3068

General

Analysis Process: icacls.exe PID: 2728 Parent PID: 5672

General