Malware Analysis Report

2025-06-16 07:24

Sample ID 240602-flhcxscd49
Target 8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118
SHA256 22190ec514ea9337a96863b64332c5aef8409711cbfadd3838a51499c2023de4
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

22190ec514ea9337a96863b64332c5aef8409711cbfadd3838a51499c2023de4

Threat Level: Shows suspicious behavior

The file 8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

Checks computer location settings

UPX packed file

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:57

Reported

2024-06-02 05:00

Platform

win7-20240508-en

Max time kernel

141s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\Zona\License_en.rtf C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A
File created C:\PROGRA~2\Zona\utils.jar C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A
File created C:\PROGRA~2\Zona\License_ru.rtf C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A
File created C:\PROGRA~2\Zona\License_uk.rtf C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1832 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1832 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1832 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1832 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1832 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
PID 1832 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
PID 1832 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
PID 1832 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
PID 1832 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
PID 1832 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE
PID 1832 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE

"C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 i1.x8.net udp
RU 178.218.223.40:80 i1.x8.net tcp
US 8.8.8.8:53 dl2.appzona.net udp
RU 46.254.18.90:80 dl2.appzona.net tcp
RU 178.218.223.40:80 i1.x8.net tcp
RU 178.218.223.40:80 i1.x8.net tcp

Files

memory/1832-0-0x00000000013B0000-0x000000000144E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 cd7287845330d45900e8cfc7b500e3ab
SHA1 223fe524b0cd345b47b8234687c9124b6337622b
SHA256 5221388360f5100728a203ebaa1d968494525bceaa85d4827d5167f7a6e6161b
SHA512 5297aa7f1d3283a2be9a67d76af219121071cfb5f7f4b84d926801b7c0c4bd71e216010e74bc3f258dbba06715ac6e4888df398d7eb77966490d4f856e3606bb

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 573f895f251183dbd6d2a71a1d0f8322
SHA1 462855a8672ab42b1843c45be233a91eb4e21520
SHA256 f5b0aa413cbf8fd059567836a736fbde18fe8bcc6285cac254e54af0db718a08
SHA512 6e79f20806c014fc3d76c45d1207f7fd1215c55e4cc57e978a447421cc900241f395ca7dcfc5a358772b15977af80f1917df6d2507b8f5cb66d3c794fca71f71

memory/1832-45-0x0000000002980000-0x0000000002A1E000-memory.dmp

memory/1832-46-0x0000000002980000-0x0000000002A1E000-memory.dmp

memory/1696-49-0x00000000013B0000-0x000000000144E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 fd408f84cf5a69cb3d772b89452db20e
SHA1 2e0b81ce379ca6c1d8bb1b81fc557131d3cd07f1
SHA256 1f8bf3b7e6670ff4f68004858cfce5717cb456338532cbefed431e291211d1cf
SHA512 d15988773c28661040d84b5fea9a1338f224969bfeaa0840e579cb78d85c3889255b6c4fe4e051276f457310a757136900b7aaf24fa8259d123e1c13fcf373b2

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 ea85a5f016fc5a398e09a125a305f980
SHA1 43aaef71dee11497800be32c0187af844f309f09
SHA256 64852595b138ba7ff6541cc3511376e0240533adbc7c6fdde5e3b12cbc78c69c
SHA512 7116a4e40504e4c1670b0e4c6d6f6fa6981026afb94631851ddfe7b9c2b72dfdf906e28b6d64d19a9e852f0496d461246536de5fa5db302d77e2b7846127a82f

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 5e19b5ae14886d7f16377467d854e3b7
SHA1 05251dd1e3ff4518191281ce6418bafbe4e76f75
SHA256 ae7f53511e3496788de9961bc0c4388ff084e0b98ec2df01780279bf68ad9d13
SHA512 240035ee00be5863ab230467e0baf9f94eb26ccf7175bed9e402aee6f05846624b203992e206bfa5c07f3ecc575495d3bcb1ff1fd1a2a01a6b6fe55695ecc595

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 7585ef3d86ac2983350803875ee33aee
SHA1 5a3d64fdbf45daae331e26d55694f1bf11c172e1
SHA256 c179aff4f3b2421d6d8be413ea76a279bb78d53cf5eaf82a0aab79ae4eb79d01
SHA512 1b63d04ae0c14fe3525ca3ade4756e6c377910de4f426ad6c2a06311b537733e7a13fa3262c306e1d4c5de8b9bf5ecced2da48a32ddb537ebe0fc6e8a5fc420a

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 fa71551a7125df8f1dbea59edd4ca0c4
SHA1 d8bd8eeaa2bf8f15f8f305603dbc7558c1efc42a
SHA256 2c65d705f9bdfd700e5f1e461b835cddd5e1a9a7f97c8e701fa9be618dd66861
SHA512 cc61c922d555417de64c11f63b9d9630bc2a07afd6e8bcba9e36a19d8b82bdf751398047ddad3bb1a7a9ae1b91a83f9fbe75c8eed58fbb96d795123800bbcd12

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 e260a70daa8d700f5bdab63ae61c538f
SHA1 4d99015dbdaff1f92a6129615df98e1676e845f3
SHA256 41077226b4f6fe0c855f5c7267f7e91e468838961bd882d69e99a1091a51fd4c
SHA512 ce20a30a8750ec87752fc9b83dfe7d247e1ebd7c0cd0845a3e6ff28205f4845ccc84efc1c3c68f07d3071091be53f0b5b2609d34ec576a3c0e752a93849b23f0

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 603bfa5a05b4783e5eac4214bade0818
SHA1 bbe58e1d0e697770b9ef08fecacf7a8e29c35e9a
SHA256 b3a215c52a20c92bfdceac90ea1894dd7956cd030915be19d8accb6e27e0bbe5
SHA512 598696467ebc498337f477d834f2290d4520d802bd131ed31185e3a7b633b0e2ed8d0d6b39d9269ca43246284d1adc9471459979fe83c6b7eaf0cf9671339165

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 31f9015683520c593fd8e04bbc96892d
SHA1 efc4b70062c18405907767f9a053ea9df8b93a6f
SHA256 7ceb54e68678165145e6aab4c1ee598f03eaeac18a6148f78b04e6aac7d2148c
SHA512 b47ae1373925a00b8ddd062217af1e20f0f459fabc86146f446e010b5c962dc46b5d969c6796ed4b35f227284ac007fc5806be818f5c4b49f0342d834af15316

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 0448254a9733ee713b03283f49b0954d
SHA1 b60f5d0af0120f828b707af36a022c687b205674
SHA256 a7337d1ec49547c831e2f52628d8f620c33df246ca9f89a80a979fbe1afa073c
SHA512 8749967eeb7527dc0d9182ad6f2a7262fb7b3d8b64d7550b513511da805d767bb2554f444147b57b33161568838d6a060c15059e2f8d6d5fd0a0b48eb4111258

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 fa9509d343a3b418f7419f9580c74bb6
SHA1 3a4c8a2d9dcf6072946e7b713a309ffcb44a10c2
SHA256 d3e03570f8a41e3d2b2ba6ca85bfb194c19c22685705078ec056cbc32bc650c1
SHA512 b32f8a2f1f0923500cacb12d0137dbed6c9a1131792604c05f8220fa9a1b8099330100495b4cb89c6ed99e687352f7413ede6b82ead2555c51780e0b7938b85d

memory/1832-137-0x00000000013B0000-0x000000000144E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 79378b4eff67e0eb6a619e2717d0ca6a
SHA1 31a7461bb686b26e237c5a9c099fc6bfbc674a7e
SHA256 ee02ca310b410cb6561e6f9e884f092e76cef17c99104425711b7e74e4174dc7
SHA512 de3988f1f6136469fc89e24ab2b96e61a0a1622a38e19f38eb3f9886adc6849b144bbbae439dd195f110284678bf41b2ee4c08233478d1de7c40f6b63ab07c12

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 9a519908d167dab9074bf575a241a49f
SHA1 344f639b233ab874a9ff01506bd7e3d873bd0b11
SHA256 707b1af5005a21f84c5f83cb574be39a1fea8f93ce9d82448bc593b8ed7e8c87
SHA512 2f6f5aeaf36032f40fafde5e9690ec5d6de91ca951a7b638a6fe8a6f01d3fcc0b1e69252b0f6d62fde526be2d65ff68e26b54ad68f49ec18c84d43bcf505f5bc

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 af191fa539f804a52a5d7de5066d1226
SHA1 39829d54795b1d8b7de42917c44421fcfc9fb4d2
SHA256 3729b5b6823efde9c2847a1eb77b97c05071abec87fd2f8be98b6f7e0292bc6a
SHA512 1523b98bc3720085d431a2adb74d07a829effc6d511db8eb45e3056ae828d9cc985b5813b1ba53a2cf15aa16b559862b298476faa132b44e86674e20ce724d96

memory/1832-177-0x0000000002980000-0x0000000002A1E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 eff9c951b7e2f937989c4d839f527570
SHA1 1efc9116c45a78cbe2a400ee3de0e6be48bf22f1
SHA256 96f41f2462510ea971e1a0adc932bda27cafb644bb78dd02848f16cef83f2910
SHA512 793f7d8dea7d23e5f1a07a9cf58d64fdecec16629524e228b49ad85bddfebca53fc39f63672be941fc36ca5dde74d364f9802445f58bffd34a4244152896a45e

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 989ae7369c960ab4437475ac0b2bba43
SHA1 4ddc1f89075a6062de1dcf247be66552f33b98e3
SHA256 9241b5c9e05b55ecf2ef207e602eb55712ca7b1fb1030d5f356852089f46a5c3
SHA512 fa04f6e83662008039535605495ffffc0ebaeb398ac5e56f3694b21a8f0ea63604bbcdae06202f85e0b87da7d8030ac7be34621746fa652b8cfd7e90304ac15f

C:\Users\Admin\AppData\Roaming\Zona\tmp\133617778637310000jre_packed.exe

MD5 a53e183b2c571a68b246ad570b76da19
SHA1 7eac95d26ba1e92a3b4d6fd47ee057f00274ac13
SHA256 29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7
SHA512 1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

memory/1832-209-0x0000000002980000-0x0000000002A1E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:57

Reported

2024-06-02 05:00

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\Zona\License_uk.rtf C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A
File created C:\PROGRA~2\Zona\License_en.rtf C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A
File created C:\PROGRA~2\Zona\utils.jar C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A
File created C:\PROGRA~2\Zona\License_ru.rtf C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8cf38bf1440cb8a40847cfce6ec71497_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE

"C:\Users\Admin\AppData\Local\Temp\8CF38B~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 i1.x8.net udp
RU 178.218.223.40:80 i1.x8.net tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 dl2.appzona.net udp
RU 46.254.18.90:80 dl2.appzona.net tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 90.18.254.46.in-addr.arpa udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 stat.miniload.org udp
RU 178.218.223.40:80 i1.x8.net tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
RU 178.218.223.40:80 i1.x8.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

memory/2240-0-0x0000000000F00000-0x0000000000F9E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 c26fe576354ab9201e336143ace1f773
SHA1 307c887bb265226c143cc90e2ab2589f0faae239
SHA256 b528530138eeda02504fd41500b2d773f7b0578917c6e4bc18487ebdfec6930b
SHA512 19af7cd07ca1db7270a2a51466d0fd8d4363a7429efd8228f176ff5e0bcbf63e4309db2e7c3c69c69f699f0b8080d73dff5461f6f6f5421d0d6a507de164c366

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 1522aaad0d50f047ec36cb033e3d15b1
SHA1 210664cced06c7541abee8fe24a1bf51849805b5
SHA256 9d2f706b951540efa2751772d530c50cf75b5c54eac19f0b693582eb747e747d
SHA512 4985cd02bfe4c2e5b6a32c12e20d456f1bdd6c5ae780d7f2987bc6cb37af30b9fdacea0e137a1428a3c2f29e665eda52fdff92c103f85b37d6347059f994981d

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 97d0969757f2896eb8f28397d5301339
SHA1 a5c935ac62ba436a023480d3498ef34bb5d33cdb
SHA256 713dce4a11122f4a69d04945d985758e5f9c88334e008166c1bfddaee878b0ff
SHA512 f7262a674c21d17f25b33aa36a236b5593cd7bf2d786b651e7a0dfad70c1b0ade72dfc4a23a164e176be4d8f12eb8970bef8076cc69299bf0a945d6cfbc60056

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 50546a4335ed07ff821aa43d25a9dc52
SHA1 91bce8b65a362bbc605a24f976fc484057a7a881
SHA256 e6939614faeeaa6788a35e012f620aa9a25998770462784aaf0905b7b56762ad
SHA512 686967fddea258c20174261066b2bab69204e902ef192b299a5b4e6000e069abade4dedf935455adfac90995b5a284cc072fdd8907d33f3cf2402a8806375065

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 3578cbba36b81005617cbb9cfcde61e3
SHA1 8b3a22a61f76601885f576103c732a61ae6508c3
SHA256 0727bb29703c06558e8e1e0ed508bf07f79fc9cb703cdaf44ffbb6f7af7a5304
SHA512 801e870746c407d066ba96ba9d26764348dacb8ac174ee5b670b07e96aa4e991fc4d217781aa8d0773c3d2241ed45cf0a1d19c03ad7e06aa50ebaed2305e50f8

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 e3f59a7194541780b815ef335321fb4a
SHA1 8125a7e01c8ff605cf3ea01f99c696a6ee152c41
SHA256 d545438a5fa22b790d026f1cef43c5e1bd944a95aaf26e6458d2b6354040b6c9
SHA512 39d7b398a3bcc7c47ff7de56b14b491740f32ef2921dd50a2951ab1252f0b24bd2cc16880eab676f27ad40d2bd8163b9866958163d81206200ee8e62dd704d6c

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 fdfff6d6197fc57b23fa5ff7e187ca8c
SHA1 c1225b3807be10cf5a1c4103bef219edc7d1c44d
SHA256 0f4daf8c35c234cddf6d02bf61bcdd7075078bd1a82e3ab82f9d6f9fb815f8d8
SHA512 53b3f86553bfea6dcda1363063c1f981bc3c3c368df24e9a3dfe511a0a5f46c39bccbf1ce86fc18d54c091fdb4a989b736bd1450e8c0aa377b3429a6fb7448bc

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 c0c5eadc3272d81764e403e85b8a07e3
SHA1 d7c9a8d844793a5c4e9e6114af5e729eb979cf8b
SHA256 c44bbe1c0fe5274e1df74628226834ceb8d83b2e62198c2189334c8f7925bf85
SHA512 59502ca715a7897d6b77877654041a975c4348764099d75286576e149c434ad81268c974ea3e4f2d3e0d6029befac5f50cae2dca2985618e1fe98907902f3549

C:\Users\Admin\AppData\Roaming\Zona\tmp\133617778541803176javaSetup.exe

MD5 a53e183b2c571a68b246ad570b76da19
SHA1 7eac95d26ba1e92a3b4d6fd47ee057f00274ac13
SHA256 29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7
SHA512 1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 f549f978068caaaf387dafe287014220
SHA1 836720b6201ba429080b4dfbce03e4a3116952de
SHA256 1e2ea34eb115820bd787f66343a42b90741d0bb8978072844b972a2a440b8897
SHA512 9db115282b10c3bbd29168bb55da296bed2ca940b39f5e75b10da84b377d99decb03d4cc2973c4fdb2c7da842f30caa2662d1932d815b7e50709111cbf681b8e

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 b7d3a32b0e530da88580dc18c5f40253
SHA1 5483ba75a73e77629621a75a1cfb60cf1cd13a74
SHA256 7a41915e009a0e7150bbe843d45b6468117efeb8136fd54f9812fd6e606be669
SHA512 279be9842618020108933867aefcc142f92d591aad0dc8a6a317e7b31b11a8762f0fff81f13a20f742af80ddf2ca3d08845e8754646ca34b9c3fae074870978d

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 c9b743009e12089d46bd075100a61cf4
SHA1 0c7929c02f988a5ea2e61f7261f6303c33f70c22
SHA256 4e4435063f62f621e6414ead59ba06dde806a95d0c03ca53cdbd3a0c8919017d
SHA512 87cdfc815384ff4ab1a8fb5fb59d78027e37118c8b020fd1525508490b7db695eb69ac40e4331a144581dfe65b68c5403db023c0c677c3f293a92b8275b1dbbd

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 958a7d8085712e3a8ae034e8b47fdec5
SHA1 f40bdbe16616e1b293635f35bc81dc685bc8b0b9
SHA256 d20e03a849d3340ee27ece6e0326109b592864bc2b222bbf4d9e9f0410a02c10
SHA512 06f6c01c6ad636156b26804ac737f6e7b6b38175cdff115064e62ec12e7f6c4013e2cad626efe43c10f142163a74befa76d953befec8365cf81392220cf817c6

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 2fb331d2e23757c3fdb27e6a96be5a52
SHA1 e5c7854df4b82bfabaf5b0ac3f06957f99eabfb6
SHA256 a69db635f362846538f89f7e5a20ab8285de64995d8d8f48dfc014c73f7ec272
SHA512 128b8d2e01a3b1ea085f397463a6309b0134f7b0f2073a337a09bf00dd30e93fa8f67f429879d2e83ad0f720b74e63aef98aad7a144d6432b9156d221d05f2c1

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 9422dc2687da92a16d6bba200c56ea41
SHA1 fdedbd5e4f2b7a10936f413e56c6312b05f7a1f1
SHA256 981f8fcbda34ca227be21509b4edfded710b0c1d8fccbfa32c2e150a1d07e219
SHA512 68254687b1945f9d43712458cb2703f12c9371667451c75a43b5e265073ad3f0a63cd03e53f99b3193805e2a3d0e5b700af7ec16a6ac0edcfc8bde23fe190577

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 9a0e907a30e3e0b5832d9de8c696810e
SHA1 3ea1bde784d9eedd9ef4f016e76d84d046aef6a6
SHA256 afe0ed2986b79406c467fc039f5db336ecd3f64164a81b67af1ba1d408c15e38
SHA512 31e834cb49519550fc3f43afe4f0b7acb3274adc981def36772230f7b9bb945f4ee8d2e4c78ab3d426ff83316cb348055648f7654c79ec549f3d70af0f839923

memory/2240-163-0x0000000000F00000-0x0000000000F9E000-memory.dmp

memory/2140-168-0x0000000000F00000-0x0000000000F9E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 74b916c1d8fadfbe8c08762bf1893cb2
SHA1 375abc1afa02bc03ebe561ca5b789a63117b86b7
SHA256 054ab1fabdbd12ebfd48c05ba139c06b9030dcb742e27d339dd45ae41a5e9f73
SHA512 94a779f5a2cb5dd737a5565edd0d4f11eab6076c8251cc4981e1c979424b75407b7b011fc0e726bb6ec14962387d335823aea0b5426ce40441debcccf06c20a0

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 5d3f581c6c6ceb0e4b26460efd6402bc
SHA1 afa6e1e3f0771db984316c6c6a8a0b960a3dc8cf
SHA256 3b94b84ac3fe57a4f028afe517560f8b4466478081a55b2310e07bbcaf66008f
SHA512 6f2bf71db7b168262880532ed9f5f3705d80df5dd91445a330447ad950ef7f386e66e2dbc0c18e5c6c5d89127a64ac45a43c855712223236e6a6286f6e1155e4

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 de27b4e095610572612f90a8a2218776
SHA1 828b00fe8effe7a4a31a20fddeef11ced032e5b6
SHA256 a26a19179c8ccb1887a63b18df889c6606a45a3d9130324c4743d4c5e338de86
SHA512 4f59f0148efa66bb88f4dfe51731ef12c9cd57eed234c03fb187bc2301813eaf426999b7914139207fbf251ef0deb34e75567618602b61b699de7a5e55aea13f

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 3bf9b83aef932ab354dc6c3c4d7de3f7
SHA1 ed3a3f264e7888f9d5a252f7cc42b62a08e4ffa5
SHA256 415a6267c44e0a4f3857cb2acb53c1ebe164fc6e94c8d811334815514ca608ff
SHA512 9cda9a0aaa7304bd0e2b813c08c3cdbf549b74c84c541132ef569edd1ff96c4bec0673b7bef3fdf38e7aea5f37fc5b47b29ec317476c95578be3e3fc936f1a9a