Malware Analysis Report

2025-01-03 08:08

Sample ID 240419-1vecvahd6s
Target fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118
SHA256 390d20cc8af36c1752366bc7dea8df35c7d6eabecd1efd80cf5515b09f77d77a
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

390d20cc8af36c1752366bc7dea8df35c7d6eabecd1efd80cf5515b09f77d77a

Threat Level: Known bad

The file fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

MetaSploit

Loads dropped DLL

Drops file in Program Files directory

Unsigned PE

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-19 21:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 21:57

Reported

2024-04-19 22:00

Platform

win7-20240221-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\360\360zip\259399882.tmp C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C} C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C}\ = "0" C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C} C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe"

Network

Country Destination Domain Proto
N/A 192.168.1.102:4444 tcp

Files

memory/1968-1-0x0000000000D50000-0x0000000000D60000-memory.dmp

memory/1968-2-0x0000000000280000-0x0000000000281000-memory.dmp

\Users\Admin\AppData\Local\Temp\{30CAA61C-B062-441a-88B4-74BEC48F602D}.tmp

MD5 42dfb5d58bf2ea706253ccfba768f609
SHA1 1f97b07d28c40a9b8ab15724a8420c8948becee4
SHA256 edff28925a5eb1140ddd3312857ef2fe8609503878ad6e5edd73e0999a2c579d
SHA512 25471a4c001a25aac28905cbf6383d5445f13fc9883e362d44eee9410138556e1bc25b662a09b4d3a9c28c619a348da1cc9879f946b07f5f6b41f2786a33e1ab

C:\Program Files (x86)\360\360zip\zipnew.data

MD5 76cdb2bad9582d23c1f6f4d868218d6c
SHA1 b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA256 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA512 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

C:\Program Files (x86)\360\360zip\Uninstaller.exe

MD5 c09178d08c2851cf95ceaee7a1c50fbc
SHA1 96977989022d87b3b2fa530fd13fe8a4e4f13f56
SHA256 50450d5edf6379c86e696600d1b639f0015c97265cfaed9b6e724a6790365529
SHA512 78b144031bff0783a372e276c68fc2608b8a5260f63a034c906e7f01c3fbbb04222b1611bebcaf2d73742502ad9a3952fac5a39321e26c8a21142c5dbccc6187

C:\Program Files (x86)\360\360zip\Uninstall.ico

MD5 8f31b54a468b7c55d66970c276d7d973
SHA1 84bba9667887312673ee127877813af45b858273
SHA256 c669b2f21a2ee4d601d2cdac32828d39c384409b8e221dbbec4a0ca09f4024cc
SHA512 dd13c5305d5affe0206eada595bd5df19e0fec1ddf32f1e5631aee2c61b3fe8225133f067f5d84bd76f7b2f732eba0822cf48dea6c9b7df6125fcfc6a9a1318f

C:\Program Files (x86)\360\360zip\UNACEV2.DLL

MD5 de02c4d04088b69e64ecc30a3d9e22e5
SHA1 a5f66d420b6a6ebb04242fb85ca462a99dbf89b6
SHA256 c9d28800e740a1569aec8fe27df10ef186d883f94cec15a5c228826b45a24f9d
SHA512 32b22966ecec433636f927dc7b27cf782271b36169a9fdd50aa99a4d8cf14496ac3948a3747b7b7680d2d472f6af714e640b05c29194e8f2db92b21619b09c11

C:\Program Files (x86)\360\360zip\tools\360kantu\iSeeRAW.dll

MD5 462b61c0d5f3cc1263e49cec1c49316b
SHA1 73cbd04756bd5086c4a9dbf88c5264a62782ba69
SHA256 2ebfb5459aa3cce13e45d6e34167c7e794ce2e39f2745c9ac7d2ef89f29eec70
SHA512 ddb82ade3d89d00bd042e2b80d1e969941e60414f3bd2f2e6ba6efe05e69d0d626c917cba7d4ef847ec81f3ad7d63c28766a37c092a9e9c019c21fe085eacb79

C:\Program Files (x86)\360\360zip\tools\360kantu\iSeeImage.dll

MD5 a59d667bf6ab074a1ca92727610ab939
SHA1 55d4ff99538b4481b1a33eb14457bab45d8c14d9
SHA256 c4633d65e6933a0b9f1dcd651b96a4f62a049ccb6d2198c808ab9351e1ac460e
SHA512 fca65a707778b85095bd400352ca8e6495ce9764cb520ec14847717d1db80cc9ed832d9b2abfef6edc43a71ca15941316db95da56f4da47c0703e128f15021a8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\tif.ico

MD5 cd1d0c8a9f5a3bbc5019b85aef8cd34e
SHA1 4f047c4fba218d50f30d88801b947a9a232410bf
SHA256 d63ebb78dd98487de1fe9f42bb962439fb98ef0d01000eccdabdec26b79a67ed
SHA512 d5058c957e1b1607cff49c8c4ed8aaaf4ed6f2708533fa1d75814366871d4e4ee981332f8a1208186ae63101a1b7510025c75f258dfc4b0e7d9319d782948a8e

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\raw.ico

MD5 c84d59bb36633ad43dbc1d37fefb1cae
SHA1 beae4aedeb8f31bdf5cf3191ea7ec184ca6f023b
SHA256 f396c1ccf258f53d47e4cedceefe2fcf7d24dceb7d85976f55d25b7f284ab957
SHA512 052ff58c45da3a28ad81ffa636dfeb961d5492f7b5a78de961e492cad6f56783d1c91d19a698f72ebf4b7e7ba2f3f1c0636fb442176429edffe43cb264ba04a8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\psd.ico

MD5 93970cc7eec3cc37da2b1126ed7fda04
SHA1 ad7b9def85d7304845d0657559dd7c19aea5dae8
SHA256 f2b6c1c3cab6cb5f9fdc7a97c5cfd4a043b7b5c52ed21b0f1904fd91f6f47134
SHA512 24168d253cb062dfe23647962c1409f03aed432582178bcba3763cf42f7833cfb52859cf6192003231be0a2d2f14214b5db465ffb70b53cb33e738c157860e99

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\png.ico

MD5 70d373f1bce82d3b42d222db2f0c9772
SHA1 e20459e9b436a189b1dd85753052a9e0df2f4cab
SHA256 8d4bdcb7d2e44b6279339e55ebefc6b131bfae46aab9d14f1c43ecfae7334962
SHA512 ae293428d4e596efe0533dd8e996f246896903fc0db5f004324e47f0160d12a3230ce2b695afda6a51da9d23a97725a0223608e894b806495f269ad8b76ece93

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\none.ico

MD5 a35b601781c3c4b209efcc6236e309f0
SHA1 301c422bea45fe7e9a2375670fbe00e35ee06f58
SHA256 29acfc7fa75b8cafdf1f2c4c323bebe4b93d5991bd291ade156699ae44751f57
SHA512 7a1e60b4a64f50380df225c5499fe47a8c72b1d00e5ea4237759c3cf38fbe6f5a2c07782d8bac0c0915a981f8709f37d8e5a088b17a89635d99ab75572e629b8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\jpg.ico

MD5 1cf6cd446c13261908e2497c84cc087a
SHA1 b340ee6bbaf45f7d27ee1b87daf367d18c142a12
SHA256 798abd202643664ac555365b1b0904a338c46740ac47df912e35a1bc056d0059
SHA512 5ffcf91a59eff7b9a7b485d9d42998c0ee6d0936d3b300dda0dffca342cad53a5f41abb04c4c4e548e23c7320241f6f9fd394fcea83e2454271d07c93c4b98ce

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\gif.ico

MD5 edbda6b7768a5e66dbf7517e110994bd
SHA1 8381207ca4a1e37f03b592d1c3aa1ffa905973fc
SHA256 09d2aa91943c2dc7fac6feefd20b48ebc815e09323ac6305deaffddaec6d6719
SHA512 09c6ca90f2b7ef68a544fdd834e58710e3a720987866e07720ff6bb5439f585417dd14219f6b8e46f8c1a9524fcf1cd03fee647404c6943f8a9c919441faddf3

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\bmp.ico

MD5 ef6064cfc8fa4ce4a0ea6411c498313b
SHA1 fbfef7d8e58bc4a593bac654989cfa8bf69328c1
SHA256 236cfcb64d0796dc56aa8f42012b1f1c5a348afc8493df4a3050f24dc40c2a18
SHA512 758fc77bbf28fd8df1dfc2bb3b71b91a68604f24b24a734cf877d48b30c603fbccd0b2ffb7f6e84636a29c55848d8dc7aa944396b449b88fe91825d153cefc5d

C:\Program Files (x86)\360\360zip\tools\360kantu\360kantu.exe

MD5 8107259d6bd169ea84132a644561b0ef
SHA1 b1098d11c31f46b5558c5b346f5e3e6273d8d143
SHA256 aceb9d8d270714d07e91f7ef19d9d34297502828b0677635edde3486e768e412
SHA512 be8506ddbd788496119a09d3201f55171d645a53744a2d6cdea91ac518defe017b45c8f3452950d8d303ede881575e9d29e80299e272970e5bf66022d318b103

C:\Program Files (x86)\360\360zip\Safelive.dll

MD5 47536b4809eb3f2fe8223f7419e79169
SHA1 26a756935aad31e8a41f1f48f6dbccaefa6274bb
SHA256 ddf9537617d7a3f89703fa7fe954e465ced283111630582e4209193e10d3a669
SHA512 586a863f562c79ff40f700017057a925d35d080162a0880a31d1046f49081f5b80c59e585fec8e3327e3f427a0b84436670609c277a36509ece8b0aaa6008924

C:\Program Files (x86)\360\360zip\rarnew.data

MD5 ad08fe53a5e484ea568d60544ef3f05c
SHA1 18629208273779dfa28472d5da28542b69b4dfd2
SHA256 30cbdc8b7afd4e079e93f1666220080b31a9b177f4d94ddcc1e5555fb8821f41
SHA512 f7dc9796341490b53d6a44eda6ec9e2644ab40959177db1d28682a28460747eefda3a9fc0b7d496e15d745e518e98d541078bd61a9517ff3264e304852206962

C:\Program Files (x86)\360\360zip\PDown.dll

MD5 ceb0d27c4af7790660a0a8affe3ec0f5
SHA1 15931069dc169a96b3a509defd5015253f73507a
SHA256 1241d75c31188341feb87609aeae95f6c84b94d45badf5c4335d4ba12dd679d6
SHA512 3516246c917b93428d0e33a04c4a5b16903b238b02102ae95d4839dbc1cc93cf4946194a1517e9974e95557399c845905002d7b6496d9e64ec7a1c8c6093cb26

C:\Program Files (x86)\360\360zip\MiniUI.dll

MD5 67911cf655a94edf04adf09ddc888a33
SHA1 6a4f3b01a9e78e8613565bf19463ed01e4e888f6
SHA256 69ec8c8ae554b428b81b8db6768da2cff2b072f8e6c26516b559589eae8a26ef
SHA512 3942a96f2942c2bf8a48c054ba23736cb64bddfa4fe3b5a3d241ce9effd2566f6a33cdf7cdec2501f8c5bfa18eee0ced2774ba203ffc35ca6647e1c9e9657259

C:\Program Files (x86)\360\360zip\LiveUpdate360.exe

MD5 7d4c411c9dc03a181d6d451d5c6d8fea
SHA1 bae68869012ca9624bec9bcd08d575d64cf1d6a3
SHA256 c9cfcce32da030ecb8c9d726986caf784d2d9b69cde11e6e6478bd8b26938d3f
SHA512 efe5712569937cfb50afa4610efb911144f0deb85559b93c4aa0ebbbd4c9f98c9240cd9abc4dde4a9745925712ae427a5ccfb555fb9dfc4ecfe4d86f1a0b2b5a

C:\Program Files (x86)\360\360zip\LiveUpd360.dll

MD5 7363d682a5fd9bcc0321b6d499b36b79
SHA1 fea91caf9558b85d73b627412fdc177aeac7a527
SHA256 e110f35824b4e826cdb027732cb1933717ad8d6ab63f071a7eb6a417d27abd3b
SHA512 c6be750b56675d7b852be1096a5348cdaeaac52c06dbdbb5bf5ba12daf9e94028530386daf3cbeb96014a1fbddbb6ab9a280cad6d9b4347a304d4d96032176cf

C:\Program Files (x86)\360\360zip\livep.dat

MD5 744da905f156c20cc443a4224e47efeb
SHA1 e1eee1b73bdf30b627c8e88575d3c15a5f9b32a6
SHA256 315dd044eab15b9122315e73f86294c4dff170e639be271f74e7960d84e6e627
SHA512 15d3ddc6ead6b9707379d6f22d5ef1addb9ae6cc339098a57d0808f767b883ec587f562d2f6f55872f09bf32a5a9de66c2245cc1c0caa84b14176968a3677249

C:\Program Files (x86)\360\360zip\IEFile.ico

MD5 8c8a793f357b32ddc870297bd99fe8f2
SHA1 9c7aba7862258c7a7c5e798852558a6c9e7921dc
SHA256 bf39218aa16f6fa8760f805b96a8b0c31ef23c2dbd77740e944aba26b24f5164
SHA512 8c018a0e194ff2576cac943dba69ed4048b8384ec78bb1e8db98afb09af3add16eb1ba7726014e5512a746ac82d7ad5abdab77d4cbdabf0194a6fcfc4d8d8ba2

C:\Program Files (x86)\360\360zip\heavygate.dll

MD5 4602c8546749f9899a7ff07ab3e0a599
SHA1 e3442d4eb230c338b333f8d79287d6a6955c1f8e
SHA256 87d265886fe106ef4afc95cd57998a2e835fb5039796cf794c72ce3edd64f73d
SHA512 6cf43735ca2f55181eda859591e41d06f9b141908399fede45547a24bd0313a780fd85b2b113a420d99bd497c035a441f2a68eea1d237961be71e47f191d9ae0

C:\Program Files (x86)\360\360zip\DumpUper.ini

MD5 0042fc1871c44636ecc5092886fabc34
SHA1 a528160967763b52a42aab6e4c75f5004d6e56bb
SHA256 255d1cea762febd5161133e42b84d18b1b13e8f445ba66dd624b4ccfcb818925
SHA512 515c236344b6899323d222c722e1f2e8282536bb29414c49bdd5ea3d195718db683dade07628ef12fadd647189d8a2ef7b6a965223ea356468c2bd476b54b634

C:\Program Files (x86)\360\360zip\DumpUper.exe

MD5 e5c884ee1556f0970a56c7ffd4dbc4a8
SHA1 2752385feccb738388c36dc16febf2700ef25e28
SHA256 10afeada73e89a89614fae2972b53363231cfde49d1732b5979baf5eed090242
SHA512 f3f31a4c3103d3476a4245a86723db90fdfc8b116d5b7308130df5297f946221c3bb8caa4eb39821cdfb72a51542154eaa6a304536d7305bba972ecca4f61e91

C:\Program Files (x86)\360\360zip\CrashReport.dll

MD5 3c329cffa00c876c608a5675386fc34e
SHA1 9db0962aa258f0fb50a6d15aa7e5411241ec1c6a
SHA256 2795bfc5715b4693fa08b3b0901b5b3df80499653701b7e972d0096fa0bada39
SHA512 27cd942c489556f3b8b9352637e3edf0260d4d354986b8625ddf9314f3215a62f8b07ae7599154691bf3c4e7ed68ea0a14de43925f66846c2264f0d4cd54e7c2

C:\Program Files (x86)\360\360zip\config\zdefaultskin\zMiniUI.xml

MD5 a74ec93247975dbaa0a16ce76ee5d368
SHA1 00ae4f14d74bb7a09b82039135d013a7487af4f7
SHA256 318a89805a03b391556fa663cc52874198616063f854e3508e01f7f426a4afb7
SHA512 ef76eed5d0388c4a736a5d1774765b59e54f6b38b65a6b940e052c4093036ab05c8c1b41af41b31d1fa4680735099a2811385e6501a750fcb82b3e709153d22e

C:\Program Files (x86)\360\360zip\config\zdefaultskin\zdefaultskin.ui

MD5 79a07f2d78e3b834e95b0f01e2f48ba7
SHA1 9dec7af329708d91875d2076fc3f64f2bc52086a
SHA256 06e9d3f766123e35fcd26e4d111b6efa0ba750f8cfd3520bb0fa5beeb4b9843f
SHA512 8bd0ac5c74beb4a9d619ffdf05d50cdf4fc30e54b1c15b529667e975a94d10c4712f221e015b66b931350df9cd6f1e4bdb008e15a1284e3abb7d90df828acc15

C:\Program Files (x86)\360\360zip\config\zconfig.xml

MD5 b0238046e8176a492d49cd81574fd0ad
SHA1 ce81409b56b2ee8550ca31b442793bdc20485369
SHA256 a2d79ec6689988ee90255fe0c7f95875d85630038d911b1e9bee9e2426dfc244
SHA512 95647797359956c9706131ea61ac2ac94a5d6ced206d2796650c813a71bdf69bca0c59fd715a7cea54baac482a5483a7e12b9004a8cbbe28c8882cfd01936e67

C:\Program Files (x86)\360\360zip\config\zcomment\template\template5.rtf

MD5 5418c6856750fe631453f1282df49ff5
SHA1 f3829b433dd3f63c486d443ab4be52cd84d6dd7e
SHA256 6f8b7b9a9e3887841d6c3aa408791c1fb89b62033d4aa41861f9ed79e11f998b
SHA512 ba581aaa0c269be46b8eaa95f9211d1f7dafa243992eefb7ae86dd9153c01507088e6b2fd2ce2a0b435df04f4b91448e3c01505d8cd2f7326462a4b0ca048941

C:\Program Files (x86)\360\360zip\config\zcomment\template\template4.rtf

MD5 1ec22d5a31359a15590a2cb4c40b8e0d
SHA1 ecd809d57d97442901e60d87bfe3ba3b2a23d0ef
SHA256 5496bcaec92fcfe098c36149d4d4419bda84e8c10844ff366abba5eaf65ba728
SHA512 3b86076be54e2f6805c740ad12e5a27dd26dba40ce69d9479e8290cec996663aea5c96f389c52d2cd0975cae374834ac9de89e9a3d3de41f7a1d75295551eb56

C:\Program Files (x86)\360\360zip\config\zcomment\template\template3.rtf

MD5 5d8c1859af1b06f59d6419c2ef54bae3
SHA1 093d6282c71b8dad6597f86abfbd91625df30fd7
SHA256 17142f44fac293d44b1a620fd231dc68083757c7c5725a54b4064c2d66a0ae07
SHA512 fd68dff0ba0477c211bdda9493057713ab14d31d32aebb85f0ffd0d4aa217cdcaff71525d06644a18aaf3c772505dce2db44ac1582423b73e6f972f312366e68

C:\Program Files (x86)\360\360zip\config\zcomment\template\template2.rtf

MD5 bf3cd0f7701e1a9ed1500c3d2a9eabac
SHA1 ca173cd84214e726a797dd6da700c1247f26f4b4
SHA256 e98f1fbda90dee28cf6e3fd1229bef0ae7b2c18f1878b87fd54681e09ccde58a
SHA512 298d2dff4b3ca57fcd344c03478b4c6713d86d9eeb72f006ba4ea70a5753ac32b69b02bca2540861787e38cdcf0e3ddde18311a7afead1f40d37806339505c42

C:\Program Files (x86)\360\360zip\config\zcomment\template\template1.rtf

MD5 147c993d7b8faf2036ebfb2058dcbe33
SHA1 d0ecf29fa285be5c701ddb3bd49797cba70d0e20
SHA256 c9812cd6ff409783dfbda634fada8bc75a75585da7464564ee251322bc6087f2
SHA512 9122d44e86629fcd2ae8580592e61897d240dac220c5c4e876d15f3a789f1f0a8174ca5adff04be93327af74f410b7ae9e0ea9907ad5d4df6112eac5d53560b5

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin5.jpg

MD5 f686c8fb34d556023ddc6b2258234a2d
SHA1 f624c4ff752826040746a7a724d50f33d11cd0b1
SHA256 2ef010c2074cd0f5a21133ae532fe9b81639db00b6646e1d6121c3fe41d361a6
SHA512 cb870a2a6b2494c6935c8119701bee72719f5b17b9cfd7328732676f11725e34a3dd8d5325355f73b7eb9e9f2f0e1ad992e7a63dc2b5596db6dc9aa3b6dc7448

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin4.jpg

MD5 8014d59bf19967d6e7d2783369819724
SHA1 c0f66dabdcfa250a404161e975718a65eb80131f
SHA256 c25380d366fd95c625c77b0b6025f13ff6a4d2717e6e1660c07c0b086a38d79b
SHA512 464d20b3a2a320ddea77e13fc731e8d62c710722a637f663e6ae7348746ea4a55a0d8ee7d8287cade1cc2e1e8dc0848603fb063823c9dcd40a754d76f3e386e6

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin3.jpg

MD5 ad5be1790c2981990c9356478559dc49
SHA1 555f448684ca5d18241deafa6a790e4116d3fff7
SHA256 29efa2aa564cef96e5f2dd64279a6697a681f066443091d320f2b59642bb7010
SHA512 2c0092f336b1feb10cf68e7bf08322a87a5b2c9eb9e2a7c65ea23dd23b89402c3d37438f01c1e616612a60fe4a5bbd578762921dc7b935b90f6e622985528488

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin2.jpg

MD5 8cab43852a5677c00e949b92e9d8efb5
SHA1 879936e80f9798dcdd04ace231472da649ed3dd2
SHA256 d73fa1136d46266c7a2b5e418e1adec9281b0e42caa7741040cb7db8f7274d4e
SHA512 f2876d76ca6306a31a047655b676d3dfcae57326589a0e2cae7b14cb060601acb62fbdf4a84201b67e71e1b197eb5b7f6b96305703a8bf0ca8b23f5cf74d4f71

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin1.jpg

MD5 254f08b459f9586b5f396e1fd0bcf83e
SHA1 efb5ef475f068b126a5c1f99d32adde8148282c5
SHA256 dc75fdcdada93e82ea23c4e7f5481c77208325804824c574cc6f7591e4044ada
SHA512 ec56031569a91124de2fd9df3b5fea4df9efa6713757b0ee775d021606c378651ec062c2bb5ba84ec9fa97c45b02bdb8bd0e1e68312d3a6ce26bb044564eb92f

C:\Program Files (x86)\360\360zip\config\zclassic\zMiniUI.xml

MD5 e9844106f937813ea05329a07a32211d
SHA1 d420f2da0323fbff15ca0c99ac36906651e4fb8f
SHA256 9d71e8245962f8dbab2d76c625c9c11116f5aeeae627a15e459de08bbebaac0f
SHA512 3b2e6851077ccc6aa0236799a7170560fc9ee99b7a836f41296ae3c93826510ab0047b61aa46e2bf4a64dce6b79613ada98a17157940b09e60f9c5a1b9a0ea33

C:\Program Files (x86)\360\360zip\config\zclassic\zclassic.ui

MD5 057a5a2fc66dadf0db98341a3eb030ca
SHA1 0fbd2015aeae94d1d9938b170548ee8d7a8dc35a
SHA256 d95fc9c33785365c1def82629670ceb74396267e982bc9c8ff622f5f115ebdf4
SHA512 1c98b340f1998290750248389589f5e1849b891c1d49cb3ae00144227997ccc32a8b8893d6f8f08145c66c020e96ac38fd2e76c67d029b84d30a7c2b2b2d9c02

C:\Program Files (x86)\360\360zip\cloudcom2.dll

MD5 895e7ed767afb8631122c4f8d0d56f3a
SHA1 408dbf174b8d608b39c9cad8aea95768b3904350
SHA256 6828c02acdb2b513a5bad24d8196cb0605fdd0cfe2f4b2f5a83d2e3963b238e9
SHA512 e57829fa50245cf7c62d659cb3c41803fb2db4b548f7ef7cf63878d191e374034c222d9a5d6482c178022564c445c544e4cddb5c8bdba71b0a94bc75ded72d86

C:\Program Files (x86)\360\360zip\360压缩官网.url

MD5 c0669c8febaba3615325feaf279ec606
SHA1 e229bf415cc010a1288f73209206d9290fee660e
SHA256 602a8969fd04598c38c25d16c56322a41727213706e4e85124e12544a43f1a00
SHA512 e1b524236c5bb08539288609633caebfceca1b0fbfc28654a70dc5c3c170b5be39ff2bd8219e99f10affad70227484df326bf94d825726e689ff13a266e550e3

C:\Program Files (x86)\360\360zip\360zipver.dll

MD5 0a62788b63f0f202c367f646ec261814
SHA1 e564ca73677fca39fbeb831254a573621677a127
SHA256 28f4877f0e807c9cbfcc2dfcc2b8e7224f13b3ea518ee6480450ecdab8ffbdb1
SHA512 b2d742110783784a0531b8f788ff2891665d297660d5c03b9dd245bdc0285db21b48e40f9591d440effe12155e3a75e982522ad02e26706ef26b9005f893c95e

C:\Program Files (x86)\360\360zip\360zipUpdate.exe

MD5 91e63e3a0616230c41298637f942eb5c
SHA1 3bd5015ed4ec77e95348919fa7d3d22e3e5df098
SHA256 2278388799473037dc4eb6e56c21cba444a7112663fc6aa14d717257018ee060
SHA512 2760d0388697c0e5cd642e559bdaef65ceaebf0a48236115fe830a76d572fd884551f11d91e85761abb2d54b97d06b17cd78f058ab43cb11fa5095d170c9f0ad

C:\Program Files (x86)\360\360zip\360zipPluginMgr.dll

MD5 6f61f508c3ad9cb6c9f057dfe926e039
SHA1 a55ab96fa41ebf6ecff39f34ede72c0f503b74c6
SHA256 46e5ca7a70bc341e408282ae260f57a302e10f9b9e54904f413c2b48dbf4a318
SHA512 08117a1e1d46ee46991b6388ac9db9a2f7a838c3310ebf0a7340d43fb298a90f6b27833eb1ca6296a6bfd059236e63f47007114d2f9b9a4d8c4686f057edfe1c

C:\Program Files (x86)\360\360zip\360zipInst.exe

MD5 e5403d95ea9fe5fa25efbfbcefdacb94
SHA1 c09941427ac59d877e800a3fdff7ac9b320bbdb0
SHA256 2d7fa17a36c91761eb8bbd43ac1262b36701fd3dec518f3963fa801a15097cde
SHA512 3df62de4af54b89f7014e022934a4f268c442346790d4321496a1458c63389da97c3436339d65b54acf319ab9e891278994a719523806d3e865223d5f52e7fc7

C:\Program Files (x86)\360\360zip\360zipExt64.dll

MD5 e75ad5a5373a6765ffc0023adae63f3e
SHA1 f1aa08e7823ddb93bfca2bcd2178f496639917ae
SHA256 2cc103e629a1ed71883948940dfa881fc2f9b90c640c9242a8fec54b4256414f
SHA512 bf15a5def691b5798fe564fef07d9784915917fb734a9da5f7e121567c2591dc075f2cd7ef57a7a4183de354d997a3a68e5d09034a7b24368fb9e41056be18c7

C:\Program Files (x86)\360\360zip\360zipc.dll

MD5 48ee23ffeabff80d99d439f645b08a6c
SHA1 2e06fc27c25139225aa324a880d90dd9b31cb84e
SHA256 dfd8cd8ae3b5d2924c7d9fb6e76da7a2a69d2c380a08d59efb341289db5d9a8f
SHA512 f2bf65a94da1081e9ec4c97630b8912bcfd9cc4f759ae47a92eb53782b4a7f8f31a77acf71b50bdf09c1347b144371d7e4a79c15856b2b6035e8b5a74c59a7c9

C:\Program Files (x86)\360\360zip\360zip.sfx

MD5 1884e021597290edb49f86ec012af285
SHA1 d24804d0d881200ebbe55250768a95ccee51bd24
SHA256 c2eb423585a6009428d33b6e1b47baa765f9b59645a5493738c8cc092b55f334
SHA512 44b7d702bec4c3525717d6d2c26ea38547e114c9e003e4ae01a68052e21d297bc4a9da74bb6940daaad5646c3a15c772d4efd0a55555c22d0f49f46547d499cb

C:\Program Files (x86)\360\360zip\360zip.exe

MD5 4085ef27ed2758f15aa339c8f0fb592e
SHA1 79abc977283cc76fa33e473415cc68abfc8e435a
SHA256 60819a69a71c3370d948c11ad6cb6da6017fb7370f046ebcc7bdad7f13dc9eb7
SHA512 cfea159dcf685fb065d2e36c03a8c72a051449d72694dd4f5a9805e55bb69f0c15c8319521065fb0aea880c61bf554c415479720e077a78202ce917dedbf9a0d

C:\Program Files (x86)\360\360zip\360verify.dll

MD5 8db36240d12ed1bfd16b395ff404fe15
SHA1 aec5e4225d583eef2514b51998ae704fc6c88b89
SHA256 4962a6fcde70c79cb1dd416f57dd00fca8efe43ded82e9d63e9edd961032834a
SHA512 27a429606cbd147cd007b348c67c32269126239f9d6a367d652a57497b4c747759231126e8cfff224c995d1de22a965a590a9c75cdcf5eb6d1a5c973a7550815

C:\Program Files (x86)\360\360zip\360P2SP.dll

MD5 96c74f16a2b94f33ce54df012e1a9143
SHA1 c685b6a26b4abffa25399beea2eb45dc7869bc0a
SHA256 9dfc5349404e386f87c44419f8ff83e2dc0666f3ef3278860d872e10af9766a5
SHA512 e186578e68ed40e91b3167a6d7f594f390d614c44b83f5d17213421cff12649c3a8a4f1dc47c8479bd0a20e303f90be8c5526325086db20e960024af1996fb65

C:\Program Files (x86)\360\360zip\360NetUL.dll

MD5 6c2cd3003689a373b158a4f8c6fe75a7
SHA1 f4938a64224b9cfc16920a83b4cb9ef83c8b68ff
SHA256 a7ff68fe983f3fc97efcd0970e3f93952658420290a3e3d1cec97a2e0bfa83ed
SHA512 8a89da3786bcc7b2936e090a35b51fe59fa37c5b80bac5fd471777b9068a79b8f46bdeaf22f8d5be8bf47a3e1e239366f04ea1fb49c2233526bd1ea545960bd0

C:\Program Files (x86)\360\360zip\360NetBase.dll

MD5 0b0787616c46750f3b14aa0ca93d2868
SHA1 8a2fedae31cf47a12c5922f1a6487ff9f693722f
SHA256 d0ffadd00b58c407c5ce9b98d771bff7ca75a8115547a3b5e9ba93e5a8568e53
SHA512 5a9f3d80092f77ec5d252ab88faa8e9aa78ebc40b31d322939d6e70ad40c61c9bfa098647b49f1acd4030cc542474b7e5bb25ada95740dfaf7d6c909465b114c

C:\Program Files (x86)\360\360zip\360net.dll

MD5 9266ff80da54b887409ec27c2f0ea653
SHA1 748698e64c198d3b70b04a2e4e9cf000346fd7be
SHA256 84c38c308e1602d280a4f6f1dfea486ddcbd5fad9feeb322b069fa6e077ebc6a
SHA512 8f570c9b8e8d28599537cba3265f0a005b9487d1345714ce09069b6a7d09fdfa4d523e96c0420018655e403ad01242614b5c4692fab9fd48208d325894ac9d14

C:\Program Files (x86)\360\360zip\360ExtLoader.exe

MD5 c5961fafe4d6610977d391cc894349ab
SHA1 1b6fd4024f5d211c990a925d56e12827556fa9a6
SHA256 e943e34e2fe515f168c2f933c269933a793f623489ace79fb2c7d6b047c5a60b
SHA512 6a5a4c87574ce1b3ccbc093d4a43555be7d6441358a167c6dda8a1fc02551839546b217e0d41741e455f4f62c80cd98679bac9dce1103b544ca9fe8db6607d9f

C:\Program Files (x86)\360\360zip\360Conf.dll

MD5 f92e084de6bf6d4ca79271ebdecdac75
SHA1 864e3aafed4048870bb1aad3c0e891f891bb8c4b
SHA256 88e3498ab273c2fb47973daf0b6e6e68674e71b64fa13f493dd18329138d7051
SHA512 a11d9defe146ae5eb0f61ea02925f29eebdcb62f13ab65b5b56eefaaac017f9cf4c8ebc8285902d5d903d87b11d22d3fef56878e65851f790b7ec13e996eb942

C:\Program Files (x86)\360\360zip\360Common.dll

MD5 105f16f60b36510ae98da5b7c8e80b50
SHA1 707254f6f06971245dda1408ab0a51d7177371a3
SHA256 02ecb2453e6660fb159864d83899cbf844520af74e54b2bebe2ad17c5da2a770
SHA512 a1865e6b0f9999ce797bc1b1a057d4cb522b1db9ee2e279b7c34eced9b72390dcc032a32d88950f6fcfbc7c7cbaf34d760301adf7df24f317fb67fcf3dd7f929

C:\Program Files (x86)\360\360zip\360Base.dll

MD5 e43e7e408bfca335cc4240b7c1bbb8ca
SHA1 52965129de897ca96834d98aadd55307fd7f5712
SHA256 a9251bd5e8591d165420c41570c414b6283c6b6abf802986aac4f1d19972a4d7
SHA512 31c03fa1746aafe00854bacfb4a59cc382da3fc4f652fd422b7a217747341fedc34a1f3bdef59efdcb79edd70df7652e19608ea03f622abcfac4a9044eaa86ef

memory/1968-594-0x0000000000D50000-0x0000000000D60000-memory.dmp

memory/1968-595-0x0000000000280000-0x0000000000281000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-19 21:57

Reported

2024-04-19 22:00

Platform

win10v2004-20240412-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\360\360zip\240602875.tmp C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C} C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C}\ = "0" C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A893393-71A8-4a50-95A1-2B89DE87B24C} C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\fb40cf21e303a47c3aca42dd808d0b51_JaffaCakes118.exe"

Network

Country Destination Domain Proto
N/A 192.168.1.102:4444 tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 154.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 217.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/4580-1-0x0000000003010000-0x0000000003020000-memory.dmp

memory/4580-2-0x0000000000C10000-0x0000000000C11000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{0FC635E7-B39D-4cea-A860-7F51018F3DF0}.tmp

MD5 42dfb5d58bf2ea706253ccfba768f609
SHA1 1f97b07d28c40a9b8ab15724a8420c8948becee4
SHA256 edff28925a5eb1140ddd3312857ef2fe8609503878ad6e5edd73e0999a2c579d
SHA512 25471a4c001a25aac28905cbf6383d5445f13fc9883e362d44eee9410138556e1bc25b662a09b4d3a9c28c619a348da1cc9879f946b07f5f6b41f2786a33e1ab

C:\Program Files (x86)\360\360zip\360zipExt64.dll

MD5 e75ad5a5373a6765ffc0023adae63f3e
SHA1 f1aa08e7823ddb93bfca2bcd2178f496639917ae
SHA256 2cc103e629a1ed71883948940dfa881fc2f9b90c640c9242a8fec54b4256414f
SHA512 bf15a5def691b5798fe564fef07d9784915917fb734a9da5f7e121567c2591dc075f2cd7ef57a7a4183de354d997a3a68e5d09034a7b24368fb9e41056be18c7

C:\Program Files (x86)\360\360zip\360zipc.dll

MD5 48ee23ffeabff80d99d439f645b08a6c
SHA1 2e06fc27c25139225aa324a880d90dd9b31cb84e
SHA256 dfd8cd8ae3b5d2924c7d9fb6e76da7a2a69d2c380a08d59efb341289db5d9a8f
SHA512 f2bf65a94da1081e9ec4c97630b8912bcfd9cc4f759ae47a92eb53782b4a7f8f31a77acf71b50bdf09c1347b144371d7e4a79c15856b2b6035e8b5a74c59a7c9

C:\Program Files (x86)\360\360zip\360压缩官网.url

MD5 c0669c8febaba3615325feaf279ec606
SHA1 e229bf415cc010a1288f73209206d9290fee660e
SHA256 602a8969fd04598c38c25d16c56322a41727213706e4e85124e12544a43f1a00
SHA512 e1b524236c5bb08539288609633caebfceca1b0fbfc28654a70dc5c3c170b5be39ff2bd8219e99f10affad70227484df326bf94d825726e689ff13a266e550e3

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin2.jpg

MD5 8cab43852a5677c00e949b92e9d8efb5
SHA1 879936e80f9798dcdd04ace231472da649ed3dd2
SHA256 d73fa1136d46266c7a2b5e418e1adec9281b0e42caa7741040cb7db8f7274d4e
SHA512 f2876d76ca6306a31a047655b676d3dfcae57326589a0e2cae7b14cb060601acb62fbdf4a84201b67e71e1b197eb5b7f6b96305703a8bf0ca8b23f5cf74d4f71

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin1.jpg

MD5 254f08b459f9586b5f396e1fd0bcf83e
SHA1 efb5ef475f068b126a5c1f99d32adde8148282c5
SHA256 dc75fdcdada93e82ea23c4e7f5481c77208325804824c574cc6f7591e4044ada
SHA512 ec56031569a91124de2fd9df3b5fea4df9efa6713757b0ee775d021606c378651ec062c2bb5ba84ec9fa97c45b02bdb8bd0e1e68312d3a6ce26bb044564eb92f

C:\Program Files (x86)\360\360zip\config\zclassic\zMiniUI.xml

MD5 e9844106f937813ea05329a07a32211d
SHA1 d420f2da0323fbff15ca0c99ac36906651e4fb8f
SHA256 9d71e8245962f8dbab2d76c625c9c11116f5aeeae627a15e459de08bbebaac0f
SHA512 3b2e6851077ccc6aa0236799a7170560fc9ee99b7a836f41296ae3c93826510ab0047b61aa46e2bf4a64dce6b79613ada98a17157940b09e60f9c5a1b9a0ea33

C:\Program Files (x86)\360\360zip\config\zclassic\zclassic.ui

MD5 057a5a2fc66dadf0db98341a3eb030ca
SHA1 0fbd2015aeae94d1d9938b170548ee8d7a8dc35a
SHA256 d95fc9c33785365c1def82629670ceb74396267e982bc9c8ff622f5f115ebdf4
SHA512 1c98b340f1998290750248389589f5e1849b891c1d49cb3ae00144227997ccc32a8b8893d6f8f08145c66c020e96ac38fd2e76c67d029b84d30a7c2b2b2d9c02

C:\Program Files (x86)\360\360zip\cloudcom2.dll

MD5 895e7ed767afb8631122c4f8d0d56f3a
SHA1 408dbf174b8d608b39c9cad8aea95768b3904350
SHA256 6828c02acdb2b513a5bad24d8196cb0605fdd0cfe2f4b2f5a83d2e3963b238e9
SHA512 e57829fa50245cf7c62d659cb3c41803fb2db4b548f7ef7cf63878d191e374034c222d9a5d6482c178022564c445c544e4cddb5c8bdba71b0a94bc75ded72d86

C:\Program Files (x86)\360\360zip\360zipver.dll

MD5 0a62788b63f0f202c367f646ec261814
SHA1 e564ca73677fca39fbeb831254a573621677a127
SHA256 28f4877f0e807c9cbfcc2dfcc2b8e7224f13b3ea518ee6480450ecdab8ffbdb1
SHA512 b2d742110783784a0531b8f788ff2891665d297660d5c03b9dd245bdc0285db21b48e40f9591d440effe12155e3a75e982522ad02e26706ef26b9005f893c95e

C:\Program Files (x86)\360\360zip\360zipUpdate.exe

MD5 91e63e3a0616230c41298637f942eb5c
SHA1 3bd5015ed4ec77e95348919fa7d3d22e3e5df098
SHA256 2278388799473037dc4eb6e56c21cba444a7112663fc6aa14d717257018ee060
SHA512 2760d0388697c0e5cd642e559bdaef65ceaebf0a48236115fe830a76d572fd884551f11d91e85761abb2d54b97d06b17cd78f058ab43cb11fa5095d170c9f0ad

C:\Program Files (x86)\360\360zip\360zipPluginMgr.dll

MD5 6f61f508c3ad9cb6c9f057dfe926e039
SHA1 a55ab96fa41ebf6ecff39f34ede72c0f503b74c6
SHA256 46e5ca7a70bc341e408282ae260f57a302e10f9b9e54904f413c2b48dbf4a318
SHA512 08117a1e1d46ee46991b6388ac9db9a2f7a838c3310ebf0a7340d43fb298a90f6b27833eb1ca6296a6bfd059236e63f47007114d2f9b9a4d8c4686f057edfe1c

C:\Program Files (x86)\360\360zip\livep.dat

MD5 744da905f156c20cc443a4224e47efeb
SHA1 e1eee1b73bdf30b627c8e88575d3c15a5f9b32a6
SHA256 315dd044eab15b9122315e73f86294c4dff170e639be271f74e7960d84e6e627
SHA512 15d3ddc6ead6b9707379d6f22d5ef1addb9ae6cc339098a57d0808f767b883ec587f562d2f6f55872f09bf32a5a9de66c2245cc1c0caa84b14176968a3677249

C:\Program Files (x86)\360\360zip\zipnew.data

MD5 76cdb2bad9582d23c1f6f4d868218d6c
SHA1 b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA256 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA512 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

C:\Program Files (x86)\360\360zip\LiveUpd360.dll

MD5 7363d682a5fd9bcc0321b6d499b36b79
SHA1 fea91caf9558b85d73b627412fdc177aeac7a527
SHA256 e110f35824b4e826cdb027732cb1933717ad8d6ab63f071a7eb6a417d27abd3b
SHA512 c6be750b56675d7b852be1096a5348cdaeaac52c06dbdbb5bf5ba12daf9e94028530386daf3cbeb96014a1fbddbb6ab9a280cad6d9b4347a304d4d96032176cf

C:\Program Files (x86)\360\360zip\Uninstaller.exe

MD5 c09178d08c2851cf95ceaee7a1c50fbc
SHA1 96977989022d87b3b2fa530fd13fe8a4e4f13f56
SHA256 50450d5edf6379c86e696600d1b639f0015c97265cfaed9b6e724a6790365529
SHA512 78b144031bff0783a372e276c68fc2608b8a5260f63a034c906e7f01c3fbbb04222b1611bebcaf2d73742502ad9a3952fac5a39321e26c8a21142c5dbccc6187

C:\Program Files (x86)\360\360zip\Uninstall.ico

MD5 8f31b54a468b7c55d66970c276d7d973
SHA1 84bba9667887312673ee127877813af45b858273
SHA256 c669b2f21a2ee4d601d2cdac32828d39c384409b8e221dbbec4a0ca09f4024cc
SHA512 dd13c5305d5affe0206eada595bd5df19e0fec1ddf32f1e5631aee2c61b3fe8225133f067f5d84bd76f7b2f732eba0822cf48dea6c9b7df6125fcfc6a9a1318f

C:\Program Files (x86)\360\360zip\UNACEV2.DLL

MD5 de02c4d04088b69e64ecc30a3d9e22e5
SHA1 a5f66d420b6a6ebb04242fb85ca462a99dbf89b6
SHA256 c9d28800e740a1569aec8fe27df10ef186d883f94cec15a5c228826b45a24f9d
SHA512 32b22966ecec433636f927dc7b27cf782271b36169a9fdd50aa99a4d8cf14496ac3948a3747b7b7680d2d472f6af714e640b05c29194e8f2db92b21619b09c11

C:\Program Files (x86)\360\360zip\tools\360kantu\iSeeRAW.dll

MD5 462b61c0d5f3cc1263e49cec1c49316b
SHA1 73cbd04756bd5086c4a9dbf88c5264a62782ba69
SHA256 2ebfb5459aa3cce13e45d6e34167c7e794ce2e39f2745c9ac7d2ef89f29eec70
SHA512 ddb82ade3d89d00bd042e2b80d1e969941e60414f3bd2f2e6ba6efe05e69d0d626c917cba7d4ef847ec81f3ad7d63c28766a37c092a9e9c019c21fe085eacb79

C:\Program Files (x86)\360\360zip\tools\360kantu\iSeeImage.dll

MD5 a59d667bf6ab074a1ca92727610ab939
SHA1 55d4ff99538b4481b1a33eb14457bab45d8c14d9
SHA256 c4633d65e6933a0b9f1dcd651b96a4f62a049ccb6d2198c808ab9351e1ac460e
SHA512 fca65a707778b85095bd400352ca8e6495ce9764cb520ec14847717d1db80cc9ed832d9b2abfef6edc43a71ca15941316db95da56f4da47c0703e128f15021a8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\tif.ico

MD5 cd1d0c8a9f5a3bbc5019b85aef8cd34e
SHA1 4f047c4fba218d50f30d88801b947a9a232410bf
SHA256 d63ebb78dd98487de1fe9f42bb962439fb98ef0d01000eccdabdec26b79a67ed
SHA512 d5058c957e1b1607cff49c8c4ed8aaaf4ed6f2708533fa1d75814366871d4e4ee981332f8a1208186ae63101a1b7510025c75f258dfc4b0e7d9319d782948a8e

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\raw.ico

MD5 c84d59bb36633ad43dbc1d37fefb1cae
SHA1 beae4aedeb8f31bdf5cf3191ea7ec184ca6f023b
SHA256 f396c1ccf258f53d47e4cedceefe2fcf7d24dceb7d85976f55d25b7f284ab957
SHA512 052ff58c45da3a28ad81ffa636dfeb961d5492f7b5a78de961e492cad6f56783d1c91d19a698f72ebf4b7e7ba2f3f1c0636fb442176429edffe43cb264ba04a8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\psd.ico

MD5 93970cc7eec3cc37da2b1126ed7fda04
SHA1 ad7b9def85d7304845d0657559dd7c19aea5dae8
SHA256 f2b6c1c3cab6cb5f9fdc7a97c5cfd4a043b7b5c52ed21b0f1904fd91f6f47134
SHA512 24168d253cb062dfe23647962c1409f03aed432582178bcba3763cf42f7833cfb52859cf6192003231be0a2d2f14214b5db465ffb70b53cb33e738c157860e99

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\png.ico

MD5 70d373f1bce82d3b42d222db2f0c9772
SHA1 e20459e9b436a189b1dd85753052a9e0df2f4cab
SHA256 8d4bdcb7d2e44b6279339e55ebefc6b131bfae46aab9d14f1c43ecfae7334962
SHA512 ae293428d4e596efe0533dd8e996f246896903fc0db5f004324e47f0160d12a3230ce2b695afda6a51da9d23a97725a0223608e894b806495f269ad8b76ece93

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\none.ico

MD5 a35b601781c3c4b209efcc6236e309f0
SHA1 301c422bea45fe7e9a2375670fbe00e35ee06f58
SHA256 29acfc7fa75b8cafdf1f2c4c323bebe4b93d5991bd291ade156699ae44751f57
SHA512 7a1e60b4a64f50380df225c5499fe47a8c72b1d00e5ea4237759c3cf38fbe6f5a2c07782d8bac0c0915a981f8709f37d8e5a088b17a89635d99ab75572e629b8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\jpg.ico

MD5 1cf6cd446c13261908e2497c84cc087a
SHA1 b340ee6bbaf45f7d27ee1b87daf367d18c142a12
SHA256 798abd202643664ac555365b1b0904a338c46740ac47df912e35a1bc056d0059
SHA512 5ffcf91a59eff7b9a7b485d9d42998c0ee6d0936d3b300dda0dffca342cad53a5f41abb04c4c4e548e23c7320241f6f9fd394fcea83e2454271d07c93c4b98ce

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\gif.ico

MD5 edbda6b7768a5e66dbf7517e110994bd
SHA1 8381207ca4a1e37f03b592d1c3aa1ffa905973fc
SHA256 09d2aa91943c2dc7fac6feefd20b48ebc815e09323ac6305deaffddaec6d6719
SHA512 09c6ca90f2b7ef68a544fdd834e58710e3a720987866e07720ff6bb5439f585417dd14219f6b8e46f8c1a9524fcf1cd03fee647404c6943f8a9c919441faddf3

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\bmp.ico

MD5 ef6064cfc8fa4ce4a0ea6411c498313b
SHA1 fbfef7d8e58bc4a593bac654989cfa8bf69328c1
SHA256 236cfcb64d0796dc56aa8f42012b1f1c5a348afc8493df4a3050f24dc40c2a18
SHA512 758fc77bbf28fd8df1dfc2bb3b71b91a68604f24b24a734cf877d48b30c603fbccd0b2ffb7f6e84636a29c55848d8dc7aa944396b449b88fe91825d153cefc5d

C:\Program Files (x86)\360\360zip\tools\360kantu\360kantu.exe

MD5 8107259d6bd169ea84132a644561b0ef
SHA1 b1098d11c31f46b5558c5b346f5e3e6273d8d143
SHA256 aceb9d8d270714d07e91f7ef19d9d34297502828b0677635edde3486e768e412
SHA512 be8506ddbd788496119a09d3201f55171d645a53744a2d6cdea91ac518defe017b45c8f3452950d8d303ede881575e9d29e80299e272970e5bf66022d318b103

C:\Program Files (x86)\360\360zip\Safelive.dll

MD5 47536b4809eb3f2fe8223f7419e79169
SHA1 26a756935aad31e8a41f1f48f6dbccaefa6274bb
SHA256 ddf9537617d7a3f89703fa7fe954e465ced283111630582e4209193e10d3a669
SHA512 586a863f562c79ff40f700017057a925d35d080162a0880a31d1046f49081f5b80c59e585fec8e3327e3f427a0b84436670609c277a36509ece8b0aaa6008924

C:\Program Files (x86)\360\360zip\rarnew.data

MD5 ad08fe53a5e484ea568d60544ef3f05c
SHA1 18629208273779dfa28472d5da28542b69b4dfd2
SHA256 30cbdc8b7afd4e079e93f1666220080b31a9b177f4d94ddcc1e5555fb8821f41
SHA512 f7dc9796341490b53d6a44eda6ec9e2644ab40959177db1d28682a28460747eefda3a9fc0b7d496e15d745e518e98d541078bd61a9517ff3264e304852206962

C:\Program Files (x86)\360\360zip\PDown.dll

MD5 ceb0d27c4af7790660a0a8affe3ec0f5
SHA1 15931069dc169a96b3a509defd5015253f73507a
SHA256 1241d75c31188341feb87609aeae95f6c84b94d45badf5c4335d4ba12dd679d6
SHA512 3516246c917b93428d0e33a04c4a5b16903b238b02102ae95d4839dbc1cc93cf4946194a1517e9974e95557399c845905002d7b6496d9e64ec7a1c8c6093cb26

C:\Program Files (x86)\360\360zip\MiniUI.dll

MD5 67911cf655a94edf04adf09ddc888a33
SHA1 6a4f3b01a9e78e8613565bf19463ed01e4e888f6
SHA256 69ec8c8ae554b428b81b8db6768da2cff2b072f8e6c26516b559589eae8a26ef
SHA512 3942a96f2942c2bf8a48c054ba23736cb64bddfa4fe3b5a3d241ce9effd2566f6a33cdf7cdec2501f8c5bfa18eee0ced2774ba203ffc35ca6647e1c9e9657259

C:\Program Files (x86)\360\360zip\LiveUpdate360.exe

MD5 7d4c411c9dc03a181d6d451d5c6d8fea
SHA1 bae68869012ca9624bec9bcd08d575d64cf1d6a3
SHA256 c9cfcce32da030ecb8c9d726986caf784d2d9b69cde11e6e6478bd8b26938d3f
SHA512 efe5712569937cfb50afa4610efb911144f0deb85559b93c4aa0ebbbd4c9f98c9240cd9abc4dde4a9745925712ae427a5ccfb555fb9dfc4ecfe4d86f1a0b2b5a

C:\Program Files (x86)\360\360zip\IEFile.ico

MD5 8c8a793f357b32ddc870297bd99fe8f2
SHA1 9c7aba7862258c7a7c5e798852558a6c9e7921dc
SHA256 bf39218aa16f6fa8760f805b96a8b0c31ef23c2dbd77740e944aba26b24f5164
SHA512 8c018a0e194ff2576cac943dba69ed4048b8384ec78bb1e8db98afb09af3add16eb1ba7726014e5512a746ac82d7ad5abdab77d4cbdabf0194a6fcfc4d8d8ba2

C:\Program Files (x86)\360\360zip\heavygate.dll

MD5 4602c8546749f9899a7ff07ab3e0a599
SHA1 e3442d4eb230c338b333f8d79287d6a6955c1f8e
SHA256 87d265886fe106ef4afc95cd57998a2e835fb5039796cf794c72ce3edd64f73d
SHA512 6cf43735ca2f55181eda859591e41d06f9b141908399fede45547a24bd0313a780fd85b2b113a420d99bd497c035a441f2a68eea1d237961be71e47f191d9ae0

C:\Program Files (x86)\360\360zip\DumpUper.ini

MD5 0042fc1871c44636ecc5092886fabc34
SHA1 a528160967763b52a42aab6e4c75f5004d6e56bb
SHA256 255d1cea762febd5161133e42b84d18b1b13e8f445ba66dd624b4ccfcb818925
SHA512 515c236344b6899323d222c722e1f2e8282536bb29414c49bdd5ea3d195718db683dade07628ef12fadd647189d8a2ef7b6a965223ea356468c2bd476b54b634

C:\Program Files (x86)\360\360zip\DumpUper.exe

MD5 e5c884ee1556f0970a56c7ffd4dbc4a8
SHA1 2752385feccb738388c36dc16febf2700ef25e28
SHA256 10afeada73e89a89614fae2972b53363231cfde49d1732b5979baf5eed090242
SHA512 f3f31a4c3103d3476a4245a86723db90fdfc8b116d5b7308130df5297f946221c3bb8caa4eb39821cdfb72a51542154eaa6a304536d7305bba972ecca4f61e91

C:\Program Files (x86)\360\360zip\CrashReport.dll

MD5 3c329cffa00c876c608a5675386fc34e
SHA1 9db0962aa258f0fb50a6d15aa7e5411241ec1c6a
SHA256 2795bfc5715b4693fa08b3b0901b5b3df80499653701b7e972d0096fa0bada39
SHA512 27cd942c489556f3b8b9352637e3edf0260d4d354986b8625ddf9314f3215a62f8b07ae7599154691bf3c4e7ed68ea0a14de43925f66846c2264f0d4cd54e7c2

C:\Program Files (x86)\360\360zip\config\zdefaultskin\zMiniUI.xml

MD5 a74ec93247975dbaa0a16ce76ee5d368
SHA1 00ae4f14d74bb7a09b82039135d013a7487af4f7
SHA256 318a89805a03b391556fa663cc52874198616063f854e3508e01f7f426a4afb7
SHA512 ef76eed5d0388c4a736a5d1774765b59e54f6b38b65a6b940e052c4093036ab05c8c1b41af41b31d1fa4680735099a2811385e6501a750fcb82b3e709153d22e

C:\Program Files (x86)\360\360zip\config\zdefaultskin\zdefaultskin.ui

MD5 79a07f2d78e3b834e95b0f01e2f48ba7
SHA1 9dec7af329708d91875d2076fc3f64f2bc52086a
SHA256 06e9d3f766123e35fcd26e4d111b6efa0ba750f8cfd3520bb0fa5beeb4b9843f
SHA512 8bd0ac5c74beb4a9d619ffdf05d50cdf4fc30e54b1c15b529667e975a94d10c4712f221e015b66b931350df9cd6f1e4bdb008e15a1284e3abb7d90df828acc15

C:\Program Files (x86)\360\360zip\config\zconfig.xml

MD5 b0238046e8176a492d49cd81574fd0ad
SHA1 ce81409b56b2ee8550ca31b442793bdc20485369
SHA256 a2d79ec6689988ee90255fe0c7f95875d85630038d911b1e9bee9e2426dfc244
SHA512 95647797359956c9706131ea61ac2ac94a5d6ced206d2796650c813a71bdf69bca0c59fd715a7cea54baac482a5483a7e12b9004a8cbbe28c8882cfd01936e67

C:\Program Files (x86)\360\360zip\config\zcomment\template\template5.rtf

MD5 5418c6856750fe631453f1282df49ff5
SHA1 f3829b433dd3f63c486d443ab4be52cd84d6dd7e
SHA256 6f8b7b9a9e3887841d6c3aa408791c1fb89b62033d4aa41861f9ed79e11f998b
SHA512 ba581aaa0c269be46b8eaa95f9211d1f7dafa243992eefb7ae86dd9153c01507088e6b2fd2ce2a0b435df04f4b91448e3c01505d8cd2f7326462a4b0ca048941

C:\Program Files (x86)\360\360zip\config\zcomment\template\template4.rtf

MD5 1ec22d5a31359a15590a2cb4c40b8e0d
SHA1 ecd809d57d97442901e60d87bfe3ba3b2a23d0ef
SHA256 5496bcaec92fcfe098c36149d4d4419bda84e8c10844ff366abba5eaf65ba728
SHA512 3b86076be54e2f6805c740ad12e5a27dd26dba40ce69d9479e8290cec996663aea5c96f389c52d2cd0975cae374834ac9de89e9a3d3de41f7a1d75295551eb56

C:\Program Files (x86)\360\360zip\config\zcomment\template\template3.rtf

MD5 5d8c1859af1b06f59d6419c2ef54bae3
SHA1 093d6282c71b8dad6597f86abfbd91625df30fd7
SHA256 17142f44fac293d44b1a620fd231dc68083757c7c5725a54b4064c2d66a0ae07
SHA512 fd68dff0ba0477c211bdda9493057713ab14d31d32aebb85f0ffd0d4aa217cdcaff71525d06644a18aaf3c772505dce2db44ac1582423b73e6f972f312366e68

C:\Program Files (x86)\360\360zip\config\zcomment\template\template2.rtf

MD5 bf3cd0f7701e1a9ed1500c3d2a9eabac
SHA1 ca173cd84214e726a797dd6da700c1247f26f4b4
SHA256 e98f1fbda90dee28cf6e3fd1229bef0ae7b2c18f1878b87fd54681e09ccde58a
SHA512 298d2dff4b3ca57fcd344c03478b4c6713d86d9eeb72f006ba4ea70a5753ac32b69b02bca2540861787e38cdcf0e3ddde18311a7afead1f40d37806339505c42

C:\Program Files (x86)\360\360zip\config\zcomment\template\template1.rtf

MD5 147c993d7b8faf2036ebfb2058dcbe33
SHA1 d0ecf29fa285be5c701ddb3bd49797cba70d0e20
SHA256 c9812cd6ff409783dfbda634fada8bc75a75585da7464564ee251322bc6087f2
SHA512 9122d44e86629fcd2ae8580592e61897d240dac220c5c4e876d15f3a789f1f0a8174ca5adff04be93327af74f410b7ae9e0ea9907ad5d4df6112eac5d53560b5

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin5.jpg

MD5 f686c8fb34d556023ddc6b2258234a2d
SHA1 f624c4ff752826040746a7a724d50f33d11cd0b1
SHA256 2ef010c2074cd0f5a21133ae532fe9b81639db00b6646e1d6121c3fe41d361a6
SHA512 cb870a2a6b2494c6935c8119701bee72719f5b17b9cfd7328732676f11725e34a3dd8d5325355f73b7eb9e9f2f0e1ad992e7a63dc2b5596db6dc9aa3b6dc7448

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin4.jpg

MD5 8014d59bf19967d6e7d2783369819724
SHA1 c0f66dabdcfa250a404161e975718a65eb80131f
SHA256 c25380d366fd95c625c77b0b6025f13ff6a4d2717e6e1660c07c0b086a38d79b
SHA512 464d20b3a2a320ddea77e13fc731e8d62c710722a637f663e6ae7348746ea4a55a0d8ee7d8287cade1cc2e1e8dc0848603fb063823c9dcd40a754d76f3e386e6

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin3.jpg

MD5 ad5be1790c2981990c9356478559dc49
SHA1 555f448684ca5d18241deafa6a790e4116d3fff7
SHA256 29efa2aa564cef96e5f2dd64279a6697a681f066443091d320f2b59642bb7010
SHA512 2c0092f336b1feb10cf68e7bf08322a87a5b2c9eb9e2a7c65ea23dd23b89402c3d37438f01c1e616612a60fe4a5bbd578762921dc7b935b90f6e622985528488

C:\Program Files (x86)\360\360zip\360zipInst.exe

MD5 e5403d95ea9fe5fa25efbfbcefdacb94
SHA1 c09941427ac59d877e800a3fdff7ac9b320bbdb0
SHA256 2d7fa17a36c91761eb8bbd43ac1262b36701fd3dec518f3963fa801a15097cde
SHA512 3df62de4af54b89f7014e022934a4f268c442346790d4321496a1458c63389da97c3436339d65b54acf319ab9e891278994a719523806d3e865223d5f52e7fc7

C:\Program Files (x86)\360\360zip\360zip.sfx

MD5 1884e021597290edb49f86ec012af285
SHA1 d24804d0d881200ebbe55250768a95ccee51bd24
SHA256 c2eb423585a6009428d33b6e1b47baa765f9b59645a5493738c8cc092b55f334
SHA512 44b7d702bec4c3525717d6d2c26ea38547e114c9e003e4ae01a68052e21d297bc4a9da74bb6940daaad5646c3a15c772d4efd0a55555c22d0f49f46547d499cb

C:\Program Files (x86)\360\360zip\360zip.exe

MD5 4085ef27ed2758f15aa339c8f0fb592e
SHA1 79abc977283cc76fa33e473415cc68abfc8e435a
SHA256 60819a69a71c3370d948c11ad6cb6da6017fb7370f046ebcc7bdad7f13dc9eb7
SHA512 cfea159dcf685fb065d2e36c03a8c72a051449d72694dd4f5a9805e55bb69f0c15c8319521065fb0aea880c61bf554c415479720e077a78202ce917dedbf9a0d

C:\Program Files (x86)\360\360zip\360verify.dll

MD5 8db36240d12ed1bfd16b395ff404fe15
SHA1 aec5e4225d583eef2514b51998ae704fc6c88b89
SHA256 4962a6fcde70c79cb1dd416f57dd00fca8efe43ded82e9d63e9edd961032834a
SHA512 27a429606cbd147cd007b348c67c32269126239f9d6a367d652a57497b4c747759231126e8cfff224c995d1de22a965a590a9c75cdcf5eb6d1a5c973a7550815

C:\Program Files (x86)\360\360zip\360P2SP.dll

MD5 96c74f16a2b94f33ce54df012e1a9143
SHA1 c685b6a26b4abffa25399beea2eb45dc7869bc0a
SHA256 9dfc5349404e386f87c44419f8ff83e2dc0666f3ef3278860d872e10af9766a5
SHA512 e186578e68ed40e91b3167a6d7f594f390d614c44b83f5d17213421cff12649c3a8a4f1dc47c8479bd0a20e303f90be8c5526325086db20e960024af1996fb65

C:\Program Files (x86)\360\360zip\360NetUL.dll

MD5 6c2cd3003689a373b158a4f8c6fe75a7
SHA1 f4938a64224b9cfc16920a83b4cb9ef83c8b68ff
SHA256 a7ff68fe983f3fc97efcd0970e3f93952658420290a3e3d1cec97a2e0bfa83ed
SHA512 8a89da3786bcc7b2936e090a35b51fe59fa37c5b80bac5fd471777b9068a79b8f46bdeaf22f8d5be8bf47a3e1e239366f04ea1fb49c2233526bd1ea545960bd0

C:\Program Files (x86)\360\360zip\360NetBase.dll

MD5 0b0787616c46750f3b14aa0ca93d2868
SHA1 8a2fedae31cf47a12c5922f1a6487ff9f693722f
SHA256 d0ffadd00b58c407c5ce9b98d771bff7ca75a8115547a3b5e9ba93e5a8568e53
SHA512 5a9f3d80092f77ec5d252ab88faa8e9aa78ebc40b31d322939d6e70ad40c61c9bfa098647b49f1acd4030cc542474b7e5bb25ada95740dfaf7d6c909465b114c

C:\Program Files (x86)\360\360zip\360net.dll

MD5 9266ff80da54b887409ec27c2f0ea653
SHA1 748698e64c198d3b70b04a2e4e9cf000346fd7be
SHA256 84c38c308e1602d280a4f6f1dfea486ddcbd5fad9feeb322b069fa6e077ebc6a
SHA512 8f570c9b8e8d28599537cba3265f0a005b9487d1345714ce09069b6a7d09fdfa4d523e96c0420018655e403ad01242614b5c4692fab9fd48208d325894ac9d14

C:\Program Files (x86)\360\360zip\360ExtLoader.exe

MD5 c5961fafe4d6610977d391cc894349ab
SHA1 1b6fd4024f5d211c990a925d56e12827556fa9a6
SHA256 e943e34e2fe515f168c2f933c269933a793f623489ace79fb2c7d6b047c5a60b
SHA512 6a5a4c87574ce1b3ccbc093d4a43555be7d6441358a167c6dda8a1fc02551839546b217e0d41741e455f4f62c80cd98679bac9dce1103b544ca9fe8db6607d9f

C:\Program Files (x86)\360\360zip\360Conf.dll

MD5 f92e084de6bf6d4ca79271ebdecdac75
SHA1 864e3aafed4048870bb1aad3c0e891f891bb8c4b
SHA256 88e3498ab273c2fb47973daf0b6e6e68674e71b64fa13f493dd18329138d7051
SHA512 a11d9defe146ae5eb0f61ea02925f29eebdcb62f13ab65b5b56eefaaac017f9cf4c8ebc8285902d5d903d87b11d22d3fef56878e65851f790b7ec13e996eb942

C:\Program Files (x86)\360\360zip\360Common.dll

MD5 105f16f60b36510ae98da5b7c8e80b50
SHA1 707254f6f06971245dda1408ab0a51d7177371a3
SHA256 02ecb2453e6660fb159864d83899cbf844520af74e54b2bebe2ad17c5da2a770
SHA512 a1865e6b0f9999ce797bc1b1a057d4cb522b1db9ee2e279b7c34eced9b72390dcc032a32d88950f6fcfbc7c7cbaf34d760301adf7df24f317fb67fcf3dd7f929

C:\Program Files (x86)\360\360zip\360Base.dll

MD5 e43e7e408bfca335cc4240b7c1bbb8ca
SHA1 52965129de897ca96834d98aadd55307fd7f5712
SHA256 a9251bd5e8591d165420c41570c414b6283c6b6abf802986aac4f1d19972a4d7
SHA512 31c03fa1746aafe00854bacfb4a59cc382da3fc4f652fd422b7a217747341fedc34a1f3bdef59efdcb79edd70df7652e19608ea03f622abcfac4a9044eaa86ef

memory/4580-597-0x0000000000C10000-0x0000000000C11000-memory.dmp

memory/4580-596-0x0000000003010000-0x0000000003020000-memory.dmp