'%TEMP%\javaSetup.exe' (downloaded from the Internet)
Executes the following:
'<SYSTEM32>\cscript.exe' //NoLogo %TEMP%\hd.vbs
Modifies file system :
Creates the following files:
%PROGRAM_FILES%\Zona\License_uk.rtf
%PROGRAM_FILES%\Zona\License_ru.rtf
%PROGRAM_FILES%\Zona\License_en.rtf
%TEMP%\appdata.7z
%TEMP%\Zona.7z
%PROGRAM_FILES%\Zona\utils.jar
%APPDATA%\Zona\init.xml
%TEMP%\ZonaInstall.log
%TEMP%\hd.vbs
%TEMP%\javaSetup.exe
%TEMP%\zon2.tmp
Network activity:
Connects to:
'i2.#8.net':80
'zo#a.ru':80
TCP:
HTTP GET requests:
zo#a.ru/Zona.7z
zo#a.ru/appdata.7z
i2.#8.net/T/gJr_X.jpeg
zo#a.ru/jre_latest.exe
UDP:
DNS ASK dl.#ona.ru
DNS ASK i2.#8.net
DNS ASK zo#a.ru
Miscellaneous:
Searches for the following windows:
ClassName: 'Shell_TrayWnd' WindowName: '(null)'
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more