Malware Analysis Report

2025-01-06 07:35

Sample ID 240613-gbgt3szdlr
Target 5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523
SHA256 5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523
Tags
evasion
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523

Threat Level: Likely malicious

The file 5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523 was found to be: Likely malicious.

Malicious Activity Summary

evasion

Looks for VirtualBox Guest Additions in registry

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:37

Reported

2024-06-13 05:40

Platform

win7-20240508-en

Max time kernel

148s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe"

Signatures

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe

"C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.137.104:9501 tcp
CN 110.80.137.104:9501 tcp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 httpbin.org udp
CN 103.88.32.177:55146 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.205:16966 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.54:52730 tcp
CN 103.219.177.19:36170 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.205:16966 tcp
CN 125.77.158.194:11400 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.146:36820 tcp
CN 45.248.10.143:14111 tcp
CN 45.117.11.54:52730 tcp
CN 110.80.134.146:36820 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.134.146:36820 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.156:32475 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.29:47194 tcp
CN 183.240.139.120:55394 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.177:55146 tcp
CN 27.159.66.207:34001 tcp
CN 27.159.66.205:25707 tcp
CN 45.248.10.143:14111 tcp
CN 103.219.177.143:42249 tcp
CN 103.219.177.29:47194 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 103.219.177.143:42249 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.156:32475 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 125.77.166.105:55091 tcp
CN 27.159.66.207:34001 tcp
CN 27.159.66.207:34001 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.143:42249 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.156:32475 tcp
CN 110.42.5.82:33603 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.69:23447 tcp
CN 45.117.11.211:31710 tcp
CN 110.80.134.146:36820 tcp
CN 45.248.10.143:14111 tcp
CN 103.88.32.21:35656 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.19:36170 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.8.194:27223 tcp
CN 103.88.32.69:23447 tcp
CN 183.240.139.120:55394 tcp
CN 110.80.134.146:36820 tcp
CN 103.88.32.69:23447 tcp
CN 110.42.5.82:33603 tcp
CN 110.80.134.123:37610 tcp
CN 45.117.11.54:52730 tcp
CN 27.159.66.207:34001 tcp
CN 45.251.9.148:54274 tcp
CN 103.88.32.21:35656 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.54:52730 tcp
CN 45.117.11.211:31710 tcp
CN 103.219.177.29:47194 tcp
CN 110.80.134.123:37610 tcp
CN 103.88.32.177:55146 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.19:36170 tcp
CN 103.219.177.19:36170 tcp
CN 125.77.158.194:11400 tcp
CN 110.80.137.104:9501 tcp
CN 27.159.66.205:25707 tcp
CN 27.159.66.205:25707 tcp
CN 27.159.66.207:34001 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.8.194:27223 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.211:31710 tcp
CN 103.219.177.143:42249 tcp
CN 103.219.177.143:42249 tcp
CN 125.77.158.194:11400 tcp
CN 45.117.11.54:52730 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.21:35656 tcp
CN 45.248.10.143:14111 tcp
CN 45.251.9.148:54274 tcp
CN 117.24.12.219:34650 tcp
CN 110.80.134.123:37610 tcp
CN 103.88.32.177:55146 tcp
CN 103.88.32.177:55146 tcp
CN 45.251.9.148:54274 tcp
CN 45.117.11.211:31710 tcp
CN 125.77.166.105:55091 tcp
CN 125.77.158.194:11400 tcp
CN 110.80.137.104:9501 tcp
CN 45.251.9.148:54274 tcp
CN 110.80.134.123:37610 tcp
CN 45.251.9.148:54274 tcp
CN 103.219.177.29:47194 tcp
CN 110.42.5.82:33603 tcp
CN 110.42.5.82:33603 tcp
CN 183.240.139.120:55394 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.19:36170 tcp
CN 117.24.12.219:34650 tcp
CN 103.88.32.177:55146 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.205:16966 tcp
CN 45.248.10.143:14111 tcp
CN 45.117.11.54:52730 tcp
CN 125.77.158.194:11400 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.146:36820 tcp
CN 45.248.8.194:27223 tcp
CN 117.24.12.219:34650 tcp
CN 27.159.66.205:25707 tcp
CN 45.117.11.54:52730 tcp
CN 27.159.66.205:25707 tcp
CN 125.77.166.105:55091 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.10.143:14111 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 110.80.134.146:36820 tcp
CN 103.219.177.143:42249 tcp
CN 103.219.177.29:47194 tcp
CN 27.159.66.207:34001 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.21:35656 tcp
CN 110.80.134.123:37610 tcp
CN 183.240.139.120:55394 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.177:55146 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.207:34001 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.143:42249 tcp
CN 125.77.158.194:11400 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.156:32475 tcp
CN 27.159.66.207:34001 tcp
CN 183.240.139.120:55394 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.69:23447 tcp
CN 103.219.177.19:36170 tcp
CN 117.24.12.219:34650 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.146:36820 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.211:31710 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.211:31710 tcp
CN 45.117.11.211:31710 tcp
CN 103.219.177.19:36170 tcp
CN 103.88.32.21:35656 tcp
CN 125.77.158.194:11400 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.177:55146 tcp
CN 183.240.139.120:55394 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.8.194:27223 tcp
CN 27.159.66.207:34001 tcp
CN 45.117.11.54:52730 tcp
CN 110.42.5.82:33603 tcp
CN 45.251.9.148:54274 tcp
CN 45.117.11.54:52730 tcp
CN 45.117.11.54:52730 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.143:42249 tcp
CN 45.248.8.194:27223 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.205:25707 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 27.159.66.205:25707 tcp
CN 45.251.9.148:54274 tcp
CN 27.159.66.207:34001 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.29:47194 tcp
CN 110.80.134.123:37610 tcp
CN 45.248.8.194:27223 tcp
CN 45.251.9.148:54274 tcp
CN 125.77.158.194:11400 tcp
CN 45.251.9.148:54274 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.29:47194 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.21:35656 tcp
CN 103.88.32.177:55146 tcp
CN 45.251.9.148:54274 tcp
CN 103.88.32.177:55146 tcp
CN 125.77.158.194:11400 tcp
CN 117.24.12.219:34650 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.123:37610 tcp
CN 45.248.10.143:14111 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.54:52730 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.205:16966 tcp
CN 45.248.10.143:14111 tcp
CN 103.88.32.177:55146 tcp
CN 103.219.177.19:36170 tcp
CN 110.42.5.82:33603 tcp
CN 110.42.5.82:33603 tcp
CN 183.240.139.120:55394 tcp
CN 183.240.139.120:55394 tcp
CN 110.80.134.146:36820 tcp
CN 27.159.66.207:34001 tcp
CN 103.219.177.29:47194 tcp
CN 103.219.177.29:47194 tcp
CN 117.24.12.219:34650 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 45.248.8.194:27223 tcp
CN 45.248.10.143:14111 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.205:25707 tcp
CN 117.24.12.219:34650 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.54:52730 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.143:42249 tcp
CN 125.77.166.105:55091 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.143:42249 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.207:34001 tcp
CN 110.42.5.82:33603 tcp
CN 110.80.137.104:9501 tcp
CN 117.24.12.219:34650 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.156:32475 tcp
CN 110.80.134.123:37610 tcp
CN 45.117.11.205:16966 tcp
CN 45.248.10.143:14111 tcp
CN 117.24.12.219:34650 tcp
CN 110.42.5.82:33603 tcp
CN 45.248.8.194:27223 tcp
CN 103.219.177.19:36170 tcp
CN 103.88.32.177:55146 tcp
CN 110.80.134.146:36820 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.69:23447 tcp
CN 183.240.139.120:55394 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.19:36170 tcp
CN 45.248.8.194:27223 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.69:23447 tcp
CN 27.159.66.207:34001 tcp
CN 103.88.32.177:55146 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.29:47194 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.123:37610 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.211:31710 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.211:31710 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.143:42249 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.205:25707 tcp
CN 45.117.11.211:31710 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.207:34001 tcp
CN 110.42.5.82:33603 tcp
CN 125.77.158.194:11400 tcp
CN 27.159.66.205:25707 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.137.104:9501 tcp

Files

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 708a2774b819ce321b985a09dcdc0aca
SHA1 43f5406dbd8c8d27782c494127325839d10c96f4
SHA256 ab9f96da50d284a861f728b3f375e7114961463a79aa32720fb0ec23dd3cabc7
SHA512 98b4079f4acfe43d569a97527eb9832b69c2c401973037cfaa653b5fd01b49a7b7e912fc83188ae5fe1b55da40eb96cf902382602aee8f1c11a34c39323119dd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:37

Reported

2024-06-13 05:40

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe"

Signatures

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe

"C:\Users\Admin\AppData\Local\Temp\5f36ba5db724d5181d42f48cbb48630ff81db4c56143c5f1d912d513742b8523.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3984,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
CN 110.80.137.104:9501 tcp
CN 110.80.137.104:9501 tcp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 httpbin.org udp
CN 103.88.32.177:55146 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.205:16966 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.54:52730 tcp
CN 103.219.177.19:36170 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.205:16966 tcp
CN 125.77.158.194:11400 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.146:36820 tcp
CN 45.248.10.143:14111 tcp
CN 45.117.11.54:52730 tcp
CN 110.80.134.146:36820 tcp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.134.146:36820 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.156:32475 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.29:47194 tcp
CN 183.240.139.120:55394 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.177:55146 tcp
CN 27.159.66.207:34001 tcp
CN 27.159.66.205:25707 tcp
CN 45.248.10.143:14111 tcp
CN 103.219.177.143:42249 tcp
CN 103.219.177.29:47194 tcp
CN 103.219.177.143:42249 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.156:32475 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 125.77.166.105:55091 tcp
CN 27.159.66.207:34001 tcp
CN 27.159.66.207:34001 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.143:42249 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.156:32475 tcp
CN 110.42.5.82:33603 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.69:23447 tcp
CN 45.117.11.211:31710 tcp
CN 110.80.134.146:36820 tcp
CN 45.248.10.143:14111 tcp
CN 103.88.32.21:35656 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.19:36170 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.8.194:27223 tcp
CN 103.88.32.69:23447 tcp
CN 183.240.139.120:55394 tcp
CN 110.80.134.146:36820 tcp
CN 103.88.32.69:23447 tcp
CN 110.42.5.82:33603 tcp
CN 110.80.134.123:37610 tcp
CN 45.117.11.54:52730 tcp
CN 27.159.66.207:34001 tcp
CN 45.251.9.148:54274 tcp
CN 103.88.32.21:35656 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.54:52730 tcp
CN 45.117.11.211:31710 tcp
CN 103.219.177.29:47194 tcp
CN 110.80.134.123:37610 tcp
CN 103.88.32.177:55146 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.19:36170 tcp
CN 103.219.177.19:36170 tcp
CN 125.77.158.194:11400 tcp
CN 110.80.137.104:9501 tcp
CN 27.159.66.205:25707 tcp
CN 27.159.66.205:25707 tcp
CN 27.159.66.207:34001 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.8.194:27223 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.211:31710 tcp
CN 103.219.177.143:42249 tcp
CN 103.219.177.143:42249 tcp
CN 125.77.158.194:11400 tcp
CN 45.117.11.54:52730 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.21:35656 tcp
CN 45.248.10.143:14111 tcp
CN 45.251.9.148:54274 tcp
CN 117.24.12.219:34650 tcp
CN 110.80.134.123:37610 tcp
CN 103.88.32.177:55146 tcp
CN 103.88.32.177:55146 tcp
CN 45.251.9.148:54274 tcp
CN 45.117.11.211:31710 tcp
CN 125.77.166.105:55091 tcp
CN 125.77.158.194:11400 tcp
CN 45.251.9.148:54274 tcp
CN 110.80.134.123:37610 tcp
CN 45.251.9.148:54274 tcp
CN 103.219.177.29:47194 tcp
CN 110.80.137.104:9501 tcp
CN 110.42.5.82:33603 tcp
CN 110.42.5.82:33603 tcp
CN 183.240.139.120:55394 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.19:36170 tcp
CN 117.24.12.219:34650 tcp
CN 103.88.32.177:55146 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.205:16966 tcp
CN 45.248.10.143:14111 tcp
CN 45.117.11.54:52730 tcp
CN 125.77.158.194:11400 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.146:36820 tcp
CN 45.248.8.194:27223 tcp
CN 117.24.12.219:34650 tcp
CN 27.159.66.205:25707 tcp
CN 45.117.11.54:52730 tcp
CN 27.159.66.205:25707 tcp
CN 125.77.166.105:55091 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.10.143:14111 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 110.80.134.146:36820 tcp
CN 103.219.177.143:42249 tcp
CN 103.219.177.29:47194 tcp
CN 27.159.66.207:34001 tcp
CN 117.24.12.219:34650 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.21:35656 tcp
CN 110.80.134.123:37610 tcp
CN 183.240.139.120:55394 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.177:55146 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.207:34001 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.143:42249 tcp
CN 125.77.158.194:11400 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.156:32475 tcp
CN 27.159.66.207:34001 tcp
CN 183.240.139.120:55394 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.69:23447 tcp
CN 103.219.177.19:36170 tcp
CN 117.24.12.219:34650 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.146:36820 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.8.194:27223 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.137.104:9501 tcp
CN 45.117.11.211:31710 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.211:31710 tcp
CN 45.117.11.211:31710 tcp
CN 103.219.177.19:36170 tcp
CN 103.88.32.21:35656 tcp
CN 125.77.158.194:11400 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.177:55146 tcp
CN 183.240.139.120:55394 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.8.194:27223 tcp
CN 27.159.66.207:34001 tcp
CN 45.117.11.54:52730 tcp
CN 110.42.5.82:33603 tcp
CN 45.251.9.148:54274 tcp
CN 45.117.11.54:52730 tcp
CN 45.117.11.54:52730 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.143:42249 tcp
CN 45.248.8.194:27223 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.205:25707 tcp
CN 27.159.66.205:25707 tcp
CN 45.251.9.148:54274 tcp
CN 27.159.66.207:34001 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.29:47194 tcp
CN 110.80.134.123:37610 tcp
CN 45.248.8.194:27223 tcp
CN 45.251.9.148:54274 tcp
CN 125.77.158.194:11400 tcp
CN 45.251.9.148:54274 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.29:47194 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.21:35656 tcp
CN 103.88.32.177:55146 tcp
CN 45.251.9.148:54274 tcp
CN 103.88.32.177:55146 tcp
CN 125.77.158.194:11400 tcp
CN 117.24.12.219:34650 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.123:37610 tcp
CN 45.248.10.143:14111 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.54:52730 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.205:16966 tcp
CN 45.248.10.143:14111 tcp
CN 103.88.32.177:55146 tcp
CN 103.219.177.19:36170 tcp
CN 110.42.5.82:33603 tcp
CN 110.42.5.82:33603 tcp
CN 183.240.139.120:55394 tcp
CN 183.240.139.120:55394 tcp
CN 110.80.134.146:36820 tcp
CN 27.159.66.207:34001 tcp
CN 103.219.177.29:47194 tcp
CN 103.219.177.29:47194 tcp
CN 117.24.12.219:34650 tcp
CN 27.159.66.205:25707 tcp
CN 103.88.32.69:23447 tcp
CN 45.248.10.143:14111 tcp
CN 45.248.8.194:27223 tcp
CN 45.248.10.143:14111 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.205:25707 tcp
CN 117.24.12.219:34650 tcp
CN 125.77.166.105:55091 tcp
CN 45.117.11.54:52730 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.143:42249 tcp
CN 125.77.166.105:55091 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.143:42249 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.207:34001 tcp
CN 110.42.5.82:33603 tcp
CN 117.24.12.219:34650 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.156:32475 tcp
CN 110.80.134.123:37610 tcp
CN 45.117.11.205:16966 tcp
CN 45.248.10.143:14111 tcp
CN 117.24.12.219:34650 tcp
CN 110.42.5.82:33603 tcp
CN 45.248.8.194:27223 tcp
CN 103.219.177.19:36170 tcp
CN 103.88.32.177:55146 tcp
CN 110.80.134.146:36820 tcp
CN 103.219.177.156:32475 tcp
CN 103.219.177.156:32475 tcp
CN 103.88.32.69:23447 tcp
CN 183.240.139.120:55394 tcp
CN 125.77.166.105:55091 tcp
CN 103.219.177.19:36170 tcp
CN 45.248.8.194:27223 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.69:23447 tcp
CN 27.159.66.207:34001 tcp
CN 103.88.32.177:55146 tcp
CN 125.77.158.194:11400 tcp
CN 103.219.177.29:47194 tcp
CN 183.240.139.120:55394 tcp
CN 103.219.177.19:36170 tcp
CN 110.80.134.123:37610 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.211:31710 tcp
CN 45.248.8.194:27223 tcp
CN 45.117.11.211:31710 tcp
CN 45.117.11.211:31710 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.143:42249 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.205:25707 tcp
CN 45.117.11.211:31710 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.143:42249 tcp
CN 27.159.66.207:34001 tcp
CN 110.42.5.82:33603 tcp
CN 125.77.158.194:11400 tcp
CN 27.159.66.205:25707 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.137.104:9501 tcp

Files

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 addcebb0dbc6e3374e7c2b71532bbf86
SHA1 71b1eaf3c7de01eb5084ab57c92ea7a65795fcd4
SHA256 0986fe277fdfa9ea5c2ffb2f23fc4bcb944e592a804027ee321ba04b055aa097
SHA512 7bd01d3c37750e63ea3b32516817a7f30e032513431050c0ca8b84d0e62d52522b799920a27edae9d3d19bad4a34a4908a6e29b2f9acb99b65a5d5c4bd04152d

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 c0a361526587e52ecdfe077f84720739
SHA1 9d78710259d521b86db5048690032295de883bc2
SHA256 472ed227e03d9e2947b63e5c6e4517c9276c063895788ae7ead34963940b25e8
SHA512 a6bbf32ab9fd8060d82a6d9333b5ed7a3aecd7dfdc2f9b053d92ac244f8ef05ee8ebd5a08387f48b98a1c215e58b5baaef5ee431fa7d72721afd4c19066e3df8

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 0f9c6964df504008f9b170755fbcb8b5
SHA1 9e07c52a4d2a0ef268d45bc09873a0f7560eb30a
SHA256 e49d836ceca36cefc7045b6d1ec48246750eb279786afbed67fbecad6c27558e
SHA512 7901df10e06f04594848407ef3d981270f96c0da91f8286133b01c7d6243be0b1ce10c21aaa48e5e9d5b2cf6c58a5fa746baaff51800682f10d6d67e3d9759d4