Analysis Overview
SHA256
16e2e3285781170bd60f881927443d71c0c0cce4f5bfe8b1d7e2ce844ce4c646
Threat Level: Shows suspicious behavior
The file a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Checks computer location settings
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:45
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:45
Reported
2024-06-13 13:48
Platform
win7-20240508-en
Max time kernel
141s
Max time network
134s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\PROGRA~2\Zona\utils.jar | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
| File created | C:\PROGRA~2\Zona\License_ru.rtf | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
| File created | C:\PROGRA~2\Zona\License_uk.rtf | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
| File created | C:\PROGRA~2\Zona\License_en.rtf | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"
C:\Windows\SysWOW64\cscript.exe
cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
"C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | dl2.appzona.net | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | dl2.appzona.net | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | dl2.appzona.net | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | dl2.appzona.net | udp |
| US | 8.8.8.8:53 | dl2.appzona.net | udp |
| US | 8.8.8.8:53 | dl2.appzona.net | udp |
Files
memory/1728-0-0x00000000012B0000-0x000000000134E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 53f7dbd61c793054091d3ce412c910a3 |
| SHA1 | c9a574340a85b68f0a60d1c3ee118b665cbf2063 |
| SHA256 | 5aa0b7be54ee4d38108bae1093fad9b519d1b08f1752f9b9ab00e81dc9a6a2ad |
| SHA512 | cafe0aa806ea10220a762ed9713ca75fbda653e15e060e8fd235a2f7f02dbbb7133bd9cbbf1d9467927707b8e9092684291d075acbf51be1fdc12e67563f4620 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | a1bc6645c84efb23730a0ad16a0f2a70 |
| SHA1 | 91a569deec170a5377604d52251a4d270d62633b |
| SHA256 | 4225be8b31ab47be637bd0954d7534574a3f691ab195b988349480deb94150b3 |
| SHA512 | b1dff4a95a30db74b6dac174612bf5d79e67081f00173cf859e333652053017d144c3ddf714205789c11b1937a45e9973133ba16ef6c63c5bf2a8c28eda53bb3 |
C:\Users\Admin\AppData\Local\Temp\hd.vbs
| MD5 | d8682d715a652f994dca50509fd09669 |
| SHA1 | bb03cf242964028b5d9183812ed8b04de9d55c6e |
| SHA256 | 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba |
| SHA512 | eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca |
memory/2556-40-0x00000000012B0000-0x000000000134E000-memory.dmp
memory/1728-39-0x0000000003580000-0x000000000361E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 050f7d1db71d9ed50a96f9426e8e2c86 |
| SHA1 | d8d75afa829e442a9f74cc22ce9f92c025791e47 |
| SHA256 | 26cd2bcff5d48d211419bff68c407151dcf5546437055c1e4d00cb53a35e9de3 |
| SHA512 | beae96b027234744d5d4319999eb1132ed534189eaffa4074ac4696745834c17ccb840e8a01f3079e3c22dc892cf136b3a0c07f96dc238a4ecae5d873ee08010 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 15f51cfba0dcb27786af46f54da46896 |
| SHA1 | cc0435329fdffda352970f8b4c37bf83a960964c |
| SHA256 | 1659e71b9262be4b0747065c76c0b4b391261cc3c7e7adc4946fa5ed6aeb7563 |
| SHA512 | 38952a9e5135aadee8ebefdba116c992dc7112bc2b550406fe83ba275b971d0112f16b012d0fef51c9f51aea1ca6ff75fe1ff46e0d104d74e232daabab6d45a3 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 4b246821bf38d4515729d9d8e33d3361 |
| SHA1 | a6d1bf09e56b3e639e26802fab77b067af9284b9 |
| SHA256 | cc025aeff8e93bcbb53065cf7d5c1d66ccf8a008b9076eac63a21f43e89d4c5c |
| SHA512 | c6a1e1fd486dd79fef938147c3147af761c2bf1b115c0a162df2d4b2c6d804659d40e2531ef167842a89231a991b00f8e82585244de7d6ba1aed598607f957b9 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | c5bb1c374e2294655d021d5bed4e973b |
| SHA1 | 316fc4fce8d05b3c4c2536360ac218bc36a3ea3b |
| SHA256 | b0e0ecfe80b8439b63f77f895dcd1542559e996d2681c7b493384329e8f857c3 |
| SHA512 | f411877e18aee06f39a8b85a148e4d09f420712df53af0cf6de05f2bd7b952f91f4900fcb7a606ee43c3560c12185a325e1e606f1fbe409f7a8aec63633dc0ba |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 75aa1ce75d08f5f58836d805d8064ed9 |
| SHA1 | 9dc3a7d5573e85c15638f7626fc4d1b24f655155 |
| SHA256 | 8b38be868c4067c0cd8199229ff9a86c44eddf4060810da6820b07d64881b06b |
| SHA512 | ace30f14437a181df750f46184d44c7f897ac85aef2a32faefaa03bf58c8cacfcaaec35b10f1861f387322bf574423115fb8824e375b260f755dd204cfe97667 |
memory/1728-88-0x00000000012B0000-0x000000000134E000-memory.dmp
memory/2556-89-0x00000000012B0000-0x000000000134E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 1b4f9b18ca78157770a949f2934a19f4 |
| SHA1 | 9272f12f8d52f62ff701769355a65e21c7d4803d |
| SHA256 | 6894acd8103174b3cd847346525e60b2ae61894a81b06e9598626b2407344046 |
| SHA512 | 1b9d86c41285f9228b38fb61aff1d743ab174f62fbf8bbe1f4a1e3b754092794f134d94d21cbe70d8c6167d3d59d7e8c972f35d7b41d54aedca64038df7084ae |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | bb3fc0d9651875432b1ecb32526cade1 |
| SHA1 | 35138f7f3c1121fe62911cbc6fbfbdaca2809822 |
| SHA256 | 21dec1061e61ad10c8b4ec9535e551e7c6fe74f0de6407dbcee18fae7fed2973 |
| SHA512 | aecb37ac99541b7205ba9dcc64daabce708e603095b5fe0bb6945b72af8adee8e37fdbc9eed4f2d40f98e3cb4064739c40278e61ab3305e40df8daccdccd7b6b |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 325729d5d5ae53a59a4a79d43fc6936f |
| SHA1 | 70ee738345d710b585fa6b3e787e05d3f85e7b5d |
| SHA256 | 444bd79ba0b449518e9294add5eabad5e2ad16df40c3211200eb621677b76bbf |
| SHA512 | f79ee45f6f7fac623b71ceea2638c18d0e2dc41fa49f2ef0403403a35d98dafb98e8e19afa7a12793e1212db9a26e1752b6dec4c6f95e8b85eb74e7aab6cc9fd |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | ef0fb29f0c086e189d7f0aa25399239f |
| SHA1 | 80358abd77eb3103bdece0cafd1a96509fcbc866 |
| SHA256 | 2f91685399b7b4ebe69d8822331c98c1aa2a32e940b5d3fc6bf13067b3b857cb |
| SHA512 | 18c5712840d0269263e86822132532de136dbc1f36c7b874e8acc552da2db5053e64e320bf49b1bcc24b1c57cab659131ddc4c456616e9bc1ade17655f841b8a |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 04788a6a779a011504dee656142e5c1e |
| SHA1 | 2129c9e1d32cf77fc46386d86814f6d77e459f58 |
| SHA256 | a3d266e6aad5c464bcd44187c5953fecc6aa8a37c14568285242bd8c0e48d2c4 |
| SHA512 | 807839d621e9de8d47d4c5927a23f05ab985e7c6282af605772eb0cd2fc5db4d040e1277ffc9a98903d77ed67777228c70fb7928ce017454da088373d721cfa0 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | e78eb348f260e56cb8a9574bf1112f73 |
| SHA1 | dd9003e7c235dd4c23fd9d759d913e718e4becbd |
| SHA256 | 898a74d022920a6f296a025680dcdc33e5172dabf888d97d4ba15d2d53077e08 |
| SHA512 | c23346656419e5c0f909e6ca1374ada5df0c549b618aabed04ec4b8288c6b07026a3666d1fc477d8e035d81fd478abe8bc7c8794377a397172f3bae69e477e11 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 7335f94a284d656d0a01b47c1033652b |
| SHA1 | 9ea033e40a9d9997e68b61b5d10bd0439885fa45 |
| SHA256 | 2bde286d50988e9522500a09fb03e9c30c02c5fd9481ef389aee64eb4b591cad |
| SHA512 | 6c70ccfa808d5df8dc32c5884fca15ce491da7c74d91348607cdfcf775232f2e876550f85cb9c3f36418c0b2f76c7a806549dfe1c26331753bd9587bcf1b42db |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 9f1f7a0cdf95fa29806bdb8d8258d71c |
| SHA1 | 6d8809dedb81862e57b378bd00df1a704980a12c |
| SHA256 | 23a793ae61f98f576c4a20ec343c74ab634a1a9d26a78f19fe4771ee524efd82 |
| SHA512 | a54385e1939d43afdb1a0010fe89e3d207f899da47de3bd13cfd1e5956f062c0d812ad721a515070f6dbe5ecc9bf5ea645300ac631ad19493ee19e096a3b3b06 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 35f3b552ce41a06bb2cec26e3ab71a2c |
| SHA1 | 351b0c87d6c486bfe58abb2eca72bda4670042e6 |
| SHA256 | 57282eb40c038e7b4e12e5a63b231af5d05aab5d23d3e94e7bfb8f94a7af4927 |
| SHA512 | 8f96b8b7725c18f7178f8ead9d693cc248d8dbe6f750166ccdbf320fe5009d8a63bd2c7230ed9ecc3285e7dee9f3fe9c496df00dd5b228ca4c772688959416b2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:45
Reported
2024-06-13 13:48
Platform
win10v2004-20240611-en
Max time kernel
141s
Max time network
130s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\PROGRA~2\Zona\utils.jar | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
| File created | C:\PROGRA~2\Zona\License_ru.rtf | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
| File created | C:\PROGRA~2\Zona\License_uk.rtf | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
| File created | C:\PROGRA~2\Zona\License_en.rtf | C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5dbaa806f205ed76b1e389ef7934c06_JaffaCakes118.exe"
C:\Windows\SysWOW64\cscript.exe
cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE
"C:\Users\Admin\AppData\Local\Temp\A5DBAA~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl2.appzona.net | udp |
| RU | 46.254.18.90:80 | dl2.appzona.net | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 90.18.254.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| BE | 88.221.83.250:443 | www.bing.com | tcp |
| BE | 88.221.83.250:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | stat.miniload.org | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
memory/4248-0-0x00000000002A0000-0x000000000033E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | b5caffe9554ef05eabe00675af81b79c |
| SHA1 | 7bbc34ea2e94b1737d336c8099411742713a1a44 |
| SHA256 | 83e35d65a932b11a2c30116d2d80194b287a77099854f8bfd8c31477f3ec541c |
| SHA512 | 9f77a140f5f6b1a5aefbd8c711f7dac8551dde1c54dc0aea95f3fd8b70f218adece6825ceca5889d0e6d0bc1bdad20ff3f03ef62eac5d76e46cc169f6d557017 |
C:\Users\Admin\AppData\Local\Temp\hd.vbs
| MD5 | d8682d715a652f994dca50509fd09669 |
| SHA1 | bb03cf242964028b5d9183812ed8b04de9d55c6e |
| SHA256 | 4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba |
| SHA512 | eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 44c33d09f9960145648e5db41644d47b |
| SHA1 | fffadc213cdb83c657dda8f8ac5da805753142c5 |
| SHA256 | 5c06e21981e163bc8010bbdac2ee0e2d3a1331e3e10572adfa67b048ddeb353a |
| SHA512 | 6f0b68264258b6051f179967c20ea4ef637f87fa1edbf26be2a0f0826afa506f2cf8518ebe6c08e63e9b56d560eda4bbd0ce081ca9e3210d9b73c2b7a96c34dc |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 64093e8205e577084927d9834d1fa2f4 |
| SHA1 | 88837f0924c38e825617983084b9e91677ff8547 |
| SHA256 | 51018ea82e260069e9423934fff291e5e18e3b01d69765220b5b4e3e56c1739f |
| SHA512 | 5094e1e513a0bfa1e36bc907e61af0251ff487f8b764e4ff0586250003caf93d413338429cd96e850308f2118bbf7421d2d43b31f2198dc70b113b466d621731 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 910aa6b047cbf4a10aaced0f874eb3f3 |
| SHA1 | a6ff9b9db996c3e8c921dbe5a8559b6a0f5f7c23 |
| SHA256 | ae80152b4e65da5ca6fe5dcfc81fb64b1bda1e738e0d05c3c5943da39efa8673 |
| SHA512 | 41d8269fa02c066964d2092c4ba458b5078057ac68a99200ff8c32223b502dfc9ff4d0aa04e915b4af444654b1069146b3507394ca8a6272fe8b5fde49f2eaf5 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | ce7807315aabd17b7a57b390be79b3bf |
| SHA1 | 33ffa87f635063528c7dfd875ff57c76abdd5917 |
| SHA256 | 76414ada4e4a69807ace1d92815c02e526a176c9c7f5913e80f62b952df4fba7 |
| SHA512 | 24f655a036f758cd290a8061881192b5b77276f0284d486accb5c36b9456dee508a523d87cd9af6b1ec390c3790a61c96d31d9b970f691587fbe9628b1ebfbd8 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 895f7f122b95eee031e515743b955117 |
| SHA1 | 78a28123a6317009687b158bd2d67ba958d5f392 |
| SHA256 | 301a2ad363eae9dd2e5abd3cc1cc20330e40698a70ca9217ccf174961ddca450 |
| SHA512 | b8830e9e54582208d9730803205a01d24b20962a1657ffec173605cbe3814eb9032107f75b38bab55f75df7f6cfb402d53c7090f2dd8637c35cdd619f32a2eff |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 289dd77ecc46860e464ed64581d56fbd |
| SHA1 | e0e3f59d7b18ec3354f4956d95f855f640017a17 |
| SHA256 | 992dd6b601acddd8aaba18cc682da4e7686120833a36e970f778592b450f5c16 |
| SHA512 | 104b72de8ac711389287a49556b6f74f5e49a0d859dda08cb070a3c35e1da68bf5255eab572670420b6ba7179e3651602b92b74dcebf375b0b8ee8e77c890934 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 28d37f2fd08205fff052877e5c32333e |
| SHA1 | 82fdfa1736fc9364fd7e1ad24f90b9ec92f2b282 |
| SHA256 | af3a910f97deb0b05248a19ab2c641d7decd2e67c3659da4e787ed40df1ba739 |
| SHA512 | a37dea02725f9019778f27e7ff1b8fbeea3e3b0a09b840cd25a949bbb402e1761590b5f1fe82f1378c1b2c3d7ea50d9980a5f39e1711753d0e5ff0c2d975558a |
C:\Users\Admin\AppData\Roaming\Zona\tmp\133627599569060181javaSetup.exe
| MD5 | a53e183b2c571a68b246ad570b76da19 |
| SHA1 | 7eac95d26ba1e92a3b4d6fd47ee057f00274ac13 |
| SHA256 | 29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7 |
| SHA512 | 1ca8f70acd82a194984a248a15541e0d2c75e052e00fc43c1c6b6682941dad6ce4b6c2cab4833e208e79f3546758c30857d1d4a3b05d8e571f0ce7a3a5b357be |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 43984cb73563d6bc6af22d51dbdfd918 |
| SHA1 | e77642cf4f4ca655ef6ac62e18be6ef73fdd6ae6 |
| SHA256 | d2418fa57372921bd7b5900b46faa00a2c4522bf3e8c941148328baa48917c5d |
| SHA512 | d17e8a9ce0c1465393bfaefea6a70a8c129022dfcfcc794dd3ebd94e1af795259aa77af5eddd61b53ecbea4abedc3a13a9b387d38118d5c577659199f7481d70 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | d2b6fc0d52339503cf9a0636b510f795 |
| SHA1 | a5f4f34f82b7f20baf5f699f5eff8559767b7cfc |
| SHA256 | 9ef6b064ed64f3a82b04dfbfabdf2898976fb8a33d74c0974429f7992e37fd3b |
| SHA512 | 65ec844a59befbdefec166b9350a0f156763b224c9e3bfd42996820f87568aa16d337eeeb62f1746fdcc3a9c440ffafb59ee864d0e1f8aae6ea6256b7f2adfcf |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | a82ad0b6b28ef957a645865f05fe5705 |
| SHA1 | d6b8af994450368852e067b58b9c1b532067f8d8 |
| SHA256 | b066afdff965d84bd70d7111dde6b4e444767217ec262da4d4b1e0c5bc200951 |
| SHA512 | ffdcc35acc5348336316f65934c7762a164ebe176e57d6821a576f6c3f47c857291c5a9a43f36ee8872188f06dd95126c66d6926fa8a87b81675747f3c04bbc2 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 650686fa21f1d96b461482f5edb8356c |
| SHA1 | 50441de1e4960f18ec19d51a2e1d453b8a7553af |
| SHA256 | aa261f5cf4232733f1bc50a3398921d8bec08564918de82d89da73f68712b6e3 |
| SHA512 | 9ecde024a5a03f2d23379a9f79b7cf6605b1fd65791f2fd2b3957f973fe1d973508d8406f4ac257e05ab4a076c1df5bdc6d0db15b6ec1f99c40a096ddc9207ac |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | 502d64ffecdd38efe3d8c5b5cf557ceb |
| SHA1 | c5cbf7c00feb2ea3df665baf3680ecdfab3bd2dd |
| SHA256 | f8a9ba67f6f75d798ebe3396c1d2097355cdd66d8855573afc9bdc2b179c9500 |
| SHA512 | 325abdda80e0457f7481e5f6af6a25b9a2fe92f4d575a17330c30ef0ceb75b7cc9dd827d352526aa10bcf1ce88ed17eb30ea45517fc30385992dc28755882e42 |
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log
| MD5 | d4afe3990fbe73e32cf6f2b53cbaaa05 |
| SHA1 | 790e2a26ad267450165fcaa93916be4983e02cc3 |
| SHA256 | 30759c51aa680bd057f8700556c980040abc14b2a2809ef5f48704f0aad77ed8 |
| SHA512 | d2beefa848b460e469988da24ada0550b723749a591925317ab715b36a2b03cd0d3eb490d26a27864ab4c79e874ba971b4e44cf4bd225d13714ae1f9ee65bbb9 |
memory/4248-181-0x00000000002A0000-0x000000000033E000-memory.dmp
memory/2700-182-0x00000000002A0000-0x000000000033E000-memory.dmp