Malware Analysis Report

2024-10-10 12:13

Sample ID 240613-q2t2rsvhqq
Target a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118
SHA256 16e2e3285781170bd60f881927443d71c0c0cce4f5bfe8b1d7e2ce844ce4c646
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

16e2e3285781170bd60f881927443d71c0c0cce4f5bfe8b1d7e2ce844ce4c646

Threat Level: Shows suspicious behavior

The file a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Checks computer location settings

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:45

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:45

Reported

2024-06-13 13:48

Platform

win7-20240508-en

Max time kernel

141s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\Zona\utils.jar C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A
File created C:\PROGRA~2\Zona\License_ru.rtf C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A
File created C:\PROGRA~2\Zona\License_uk.rtf C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A
File created C:\PROGRA~2\Zona\License_en.rtf C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1728 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1728 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1728 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1728 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Windows\SysWOW64\cscript.exe
PID 1728 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
PID 1728 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
PID 1728 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
PID 1728 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
PID 1728 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
PID 1728 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
PID 1728 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE

"C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 dl2.appzona.net udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 dl2.appzona.net udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 dl2.appzona.net udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 dl2.appzona.net udp
US 8.8.8.8:53 dl2.appzona.net udp
US 8.8.8.8:53 dl2.appzona.net udp

Files

memory/1728-0-0x00000000012B0000-0x000000000134E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 53f7dbd61c793054091d3ce412c910a3
SHA1 c9a574340a85b68f0a60d1c3ee118b665cbf2063
SHA256 5aa0b7be54ee4d38108bae1093fad9b519d1b08f1752f9b9ab00e81dc9a6a2ad
SHA512 cafe0aa806ea10220a762ed9713ca75fbda653e15e060e8fd235a2f7f02dbbb7133bd9cbbf1d9467927707b8e9092684291d075acbf51be1fdc12e67563f4620

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 a1bc6645c84efb23730a0ad16a0f2a70
SHA1 91a569deec170a5377604d52251a4d270d62633b
SHA256 4225be8b31ab47be637bd0954d7534574a3f691ab195b988349480deb94150b3
SHA512 b1dff4a95a30db74b6dac174612bf5d79e67081f00173cf859e333652053017d144c3ddf714205789c11b1937a45e9973133ba16ef6c63c5bf2a8c28eda53bb3

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

memory/2556-40-0x00000000012B0000-0x000000000134E000-memory.dmp

memory/1728-39-0x0000000003580000-0x000000000361E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 050f7d1db71d9ed50a96f9426e8e2c86
SHA1 d8d75afa829e442a9f74cc22ce9f92c025791e47
SHA256 26cd2bcff5d48d211419bff68c407151dcf5546437055c1e4d00cb53a35e9de3
SHA512 beae96b027234744d5d4319999eb1132ed534189eaffa4074ac4696745834c17ccb840e8a01f3079e3c22dc892cf136b3a0c07f96dc238a4ecae5d873ee08010

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 15f51cfba0dcb27786af46f54da46896
SHA1 cc0435329fdffda352970f8b4c37bf83a960964c
SHA256 1659e71b9262be4b0747065c76c0b4b391261cc3c7e7adc4946fa5ed6aeb7563
SHA512 38952a9e5135aadee8ebefdba116c992dc7112bc2b550406fe83ba275b971d0112f16b012d0fef51c9f51aea1ca6ff75fe1ff46e0d104d74e232daabab6d45a3

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 4b246821bf38d4515729d9d8e33d3361
SHA1 a6d1bf09e56b3e639e26802fab77b067af9284b9
SHA256 cc025aeff8e93bcbb53065cf7d5c1d66ccf8a008b9076eac63a21f43e89d4c5c
SHA512 c6a1e1fd486dd79fef938147c3147af761c2bf1b115c0a162df2d4b2c6d804659d40e2531ef167842a89231a991b00f8e82585244de7d6ba1aed598607f957b9

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 c5bb1c374e2294655d021d5bed4e973b
SHA1 316fc4fce8d05b3c4c2536360ac218bc36a3ea3b
SHA256 b0e0ecfe80b8439b63f77f895dcd1542559e996d2681c7b493384329e8f857c3
SHA512 f411877e18aee06f39a8b85a148e4d09f420712df53af0cf6de05f2bd7b952f91f4900fcb7a606ee43c3560c12185a325e1e606f1fbe409f7a8aec63633dc0ba

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 75aa1ce75d08f5f58836d805d8064ed9
SHA1 9dc3a7d5573e85c15638f7626fc4d1b24f655155
SHA256 8b38be868c4067c0cd8199229ff9a86c44eddf4060810da6820b07d64881b06b
SHA512 ace30f14437a181df750f46184d44c7f897ac85aef2a32faefaa03bf58c8cacfcaaec35b10f1861f387322bf574423115fb8824e375b260f755dd204cfe97667

memory/1728-88-0x00000000012B0000-0x000000000134E000-memory.dmp

memory/2556-89-0x00000000012B0000-0x000000000134E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 1b4f9b18ca78157770a949f2934a19f4
SHA1 9272f12f8d52f62ff701769355a65e21c7d4803d
SHA256 6894acd8103174b3cd847346525e60b2ae61894a81b06e9598626b2407344046
SHA512 1b9d86c41285f9228b38fb61aff1d743ab174f62fbf8bbe1f4a1e3b754092794f134d94d21cbe70d8c6167d3d59d7e8c972f35d7b41d54aedca64038df7084ae

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 bb3fc0d9651875432b1ecb32526cade1
SHA1 35138f7f3c1121fe62911cbc6fbfbdaca2809822
SHA256 21dec1061e61ad10c8b4ec9535e551e7c6fe74f0de6407dbcee18fae7fed2973
SHA512 aecb37ac99541b7205ba9dcc64daabce708e603095b5fe0bb6945b72af8adee8e37fdbc9eed4f2d40f98e3cb4064739c40278e61ab3305e40df8daccdccd7b6b

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 325729d5d5ae53a59a4a79d43fc6936f
SHA1 70ee738345d710b585fa6b3e787e05d3f85e7b5d
SHA256 444bd79ba0b449518e9294add5eabad5e2ad16df40c3211200eb621677b76bbf
SHA512 f79ee45f6f7fac623b71ceea2638c18d0e2dc41fa49f2ef0403403a35d98dafb98e8e19afa7a12793e1212db9a26e1752b6dec4c6f95e8b85eb74e7aab6cc9fd

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 ef0fb29f0c086e189d7f0aa25399239f
SHA1 80358abd77eb3103bdece0cafd1a96509fcbc866
SHA256 2f91685399b7b4ebe69d8822331c98c1aa2a32e940b5d3fc6bf13067b3b857cb
SHA512 18c5712840d0269263e86822132532de136dbc1f36c7b874e8acc552da2db5053e64e320bf49b1bcc24b1c57cab659131ddc4c456616e9bc1ade17655f841b8a

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 04788a6a779a011504dee656142e5c1e
SHA1 2129c9e1d32cf77fc46386d86814f6d77e459f58
SHA256 a3d266e6aad5c464bcd44187c5953fecc6aa8a37c14568285242bd8c0e48d2c4
SHA512 807839d621e9de8d47d4c5927a23f05ab985e7c6282af605772eb0cd2fc5db4d040e1277ffc9a98903d77ed67777228c70fb7928ce017454da088373d721cfa0

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 e78eb348f260e56cb8a9574bf1112f73
SHA1 dd9003e7c235dd4c23fd9d759d913e718e4becbd
SHA256 898a74d022920a6f296a025680dcdc33e5172dabf888d97d4ba15d2d53077e08
SHA512 c23346656419e5c0f909e6ca1374ada5df0c549b618aabed04ec4b8288c6b07026a3666d1fc477d8e035d81fd478abe8bc7c8794377a397172f3bae69e477e11

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 7335f94a284d656d0a01b47c1033652b
SHA1 9ea033e40a9d9997e68b61b5d10bd0439885fa45
SHA256 2bde286d50988e9522500a09fb03e9c30c02c5fd9481ef389aee64eb4b591cad
SHA512 6c70ccfa808d5df8dc32c5884fca15ce491da7c74d91348607cdfcf775232f2e876550f85cb9c3f36418c0b2f76c7a806549dfe1c26331753bd9587bcf1b42db

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 9f1f7a0cdf95fa29806bdb8d8258d71c
SHA1 6d8809dedb81862e57b378bd00df1a704980a12c
SHA256 23a793ae61f98f576c4a20ec343c74ab634a1a9d26a78f19fe4771ee524efd82
SHA512 a54385e1939d43afdb1a0010fe89e3d207f899da47de3bd13cfd1e5956f062c0d812ad721a515070f6dbe5ecc9bf5ea645300ac631ad19493ee19e096a3b3b06

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 35f3b552ce41a06bb2cec26e3ab71a2c
SHA1 351b0c87d6c486bfe58abb2eca72bda4670042e6
SHA256 57282eb40c038e7b4e12e5a63b231af5d05aab5d23d3e94e7bfb8f94a7af4927
SHA512 8f96b8b7725c18f7178f8ead9d693cc248d8dbe6f750166ccdbf320fe5009d8a63bd2c7230ed9ecc3285e7dee9f3fe9c496df00dd5b228ca4c772688959416b2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:45

Reported

2024-06-13 13:48

Platform

win10v2004-20240611-en

Max time kernel

141s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\Zona\utils.jar C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A
File created C:\PROGRA~2\Zona\License_ru.rtf C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A
File created C:\PROGRA~2\Zona\License_uk.rtf C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A
File created C:\PROGRA~2\Zona\License_en.rtf C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"

C:\Windows\SysWOW64\cscript.exe

cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs

C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE

"C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 dl2.appzona.net udp
RU 46.254.18.90:80 dl2.appzona.net tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 90.18.254.46.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
BE 88.221.83.250:443 www.bing.com tcp
BE 88.221.83.250:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 250.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 stat.miniload.org udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

memory/4248-0-0x00000000002A0000-0x000000000033E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 b5caffe9554ef05eabe00675af81b79c
SHA1 7bbc34ea2e94b1737d336c8099411742713a1a44
SHA256 83e35d65a932b11a2c30116d2d80194b287a77099854f8bfd8c31477f3ec541c
SHA512 9f77a140f5f6b1a5aefbd8c711f7dac8551dde1c54dc0aea95f3fd8b70f218adece6825ceca5889d0e6d0bc1bdad20ff3f03ef62eac5d76e46cc169f6d557017

C:\Users\Admin\AppData\Local\Temp\hd.vbs

MD5 d8682d715a652f994dca50509fd09669
SHA1 bb03cf242964028b5d9183812ed8b04de9d55c6e
SHA256 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba
SHA512 eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 44c33d09f9960145648e5db41644d47b
SHA1 fffadc213cdb83c657dda8f8ac5da805753142c5
SHA256 5c06e21981e163bc8010bbdac2ee0e2d3a1331e3e10572adfa67b048ddeb353a
SHA512 6f0b68264258b6051f179967c20ea4ef637f87fa1edbf26be2a0f0826afa506f2cf8518ebe6c08e63e9b56d560eda4bbd0ce081ca9e3210d9b73c2b7a96c34dc

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 64093e8205e577084927d9834d1fa2f4
SHA1 88837f0924c38e825617983084b9e91677ff8547
SHA256 51018ea82e260069e9423934fff291e5e18e3b01d69765220b5b4e3e56c1739f
SHA512 5094e1e513a0bfa1e36bc907e61af0251ff487f8b764e4ff0586250003caf93d413338429cd96e850308f2118bbf7421d2d43b31f2198dc70b113b466d621731

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 910aa6b047cbf4a10aaced0f874eb3f3
SHA1 a6ff9b9db996c3e8c921dbe5a8559b6a0f5f7c23
SHA256 ae80152b4e65da5ca6fe5dcfc81fb64b1bda1e738e0d05c3c5943da39efa8673
SHA512 41d8269fa02c066964d2092c4ba458b5078057ac68a99200ff8c32223b502dfc9ff4d0aa04e915b4af444654b1069146b3507394ca8a6272fe8b5fde49f2eaf5

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 ce7807315aabd17b7a57b390be79b3bf
SHA1 33ffa87f635063528c7dfd875ff57c76abdd5917
SHA256 76414ada4e4a69807ace1d92815c02e526a176c9c7f5913e80f62b952df4fba7
SHA512 24f655a036f758cd290a8061881192b5b77276f0284d486accb5c36b9456dee508a523d87cd9af6b1ec390c3790a61c96d31d9b970f691587fbe9628b1ebfbd8

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 895f7f122b95eee031e515743b955117
SHA1 78a28123a6317009687b158bd2d67ba958d5f392
SHA256 301a2ad363eae9dd2e5abd3cc1cc20330e40698a70ca9217ccf174961ddca450
SHA512 b8830e9e54582208d9730803205a01d24b20962a1657ffec173605cbe3814eb9032107f75b38bab55f75df7f6cfb402d53c7090f2dd8637c35cdd619f32a2eff

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 289dd77ecc46860e464ed64581d56fbd
SHA1 e0e3f59d7b18ec3354f4956d95f855f640017a17
SHA256 992dd6b601acddd8aaba18cc682da4e7686120833a36e970f778592b450f5c16
SHA512 104b72de8ac711389287a49556b6f74f5e49a0d859dda08cb070a3c35e1da68bf5255eab572670420b6ba7179e3651602b92b74dcebf375b0b8ee8e77c890934

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 28d37f2fd08205fff052877e5c32333e
SHA1 82fdfa1736fc9364fd7e1ad24f90b9ec92f2b282
SHA256 af3a910f97deb0b05248a19ab2c641d7decd2e67c3659da4e787ed40df1ba739
SHA512 a37dea02725f9019778f27e7ff1b8fbeea3e3b0a09b840cd25a949bbb402e1761590b5f1fe82f1378c1b2c3d7ea50d9980a5f39e1711753d0e5ff0c2d975558a

C:\Users\Admin\AppData\Roaming\Zona\tmp\133627599569060181javaSetup.exe

MD5 a53e183b2c571a68b246ad570b76da19
SHA1 7eac95d26ba1e92a3b4d6fd47ee057f00274ac13
SHA256 29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7
SHA512 1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 43984cb73563d6bc6af22d51dbdfd918
SHA1 e77642cf4f4ca655ef6ac62e18be6ef73fdd6ae6
SHA256 d2418fa57372921bd7b5900b46faa00a2c4522bf3e8c941148328baa48917c5d
SHA512 d17e8a9ce0c1465393bfaefea6a70a8c129022dfcfcc794dd3ebd94e1af795259aa77af5eddd61b53ecbea4abedc3a13a9b387d38118d5c577659199f7481d70

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 d2b6fc0d52339503cf9a0636b510f795
SHA1 a5f4f34f82b7f20baf5f699f5eff8559767b7cfc
SHA256 9ef6b064ed64f3a82b04dfbfabdf2898976fb8a33d74c0974429f7992e37fd3b
SHA512 65ec844a59befbdefec166b9350a0f156763b224c9e3bfd42996820f87568aa16d337eeeb62f1746fdcc3a9c440ffafb59ee864d0e1f8aae6ea6256b7f2adfcf

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 a82ad0b6b28ef957a645865f05fe5705
SHA1 d6b8af994450368852e067b58b9c1b532067f8d8
SHA256 b066afdff965d84bd70d7111dde6b4e444767217ec262da4d4b1e0c5bc200951
SHA512 ffdcc35acc5348336316f65934c7762a164ebe176e57d6821a576f6c3f47c857291c5a9a43f36ee8872188f06dd95126c66d6926fa8a87b81675747f3c04bbc2

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 650686fa21f1d96b461482f5edb8356c
SHA1 50441de1e4960f18ec19d51a2e1d453b8a7553af
SHA256 aa261f5cf4232733f1bc50a3398921d8bec08564918de82d89da73f68712b6e3
SHA512 9ecde024a5a03f2d23379a9f79b7cf6605b1fd65791f2fd2b3957f973fe1d973508d8406f4ac257e05ab4a076c1df5bdc6d0db15b6ec1f99c40a096ddc9207ac

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 502d64ffecdd38efe3d8c5b5cf557ceb
SHA1 c5cbf7c00feb2ea3df665baf3680ecdfab3bd2dd
SHA256 f8a9ba67f6f75d798ebe3396c1d2097355cdd66d8855573afc9bdc2b179c9500
SHA512 325abdda80e0457f7481e5f6af6a25b9a2fe92f4d575a17330c30ef0ceb75b7cc9dd827d352526aa10bcf1ce88ed17eb30ea45517fc30385992dc28755882e42

C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

MD5 d4afe3990fbe73e32cf6f2b53cbaaa05
SHA1 790e2a26ad267450165fcaa93916be4983e02cc3
SHA256 30759c51aa680bd057f8700556c980040abc14b2a2809ef5f48704f0aad77ed8
SHA512 d2beefa848b460e469988da24ada0550b723749a591925317ab715b36a2b03cd0d3eb490d26a27864ab4c79e874ba971b4e44cf4bd225d13714ae1f9ee65bbb9

memory/4248-181-0x00000000002A0000-0x000000000033E000-memory.dmp

memory/2700-182-0x00000000002A0000-0x000000000033E000-memory.dmp