Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://3g.yy.com0x100004600x100004610x100004650x100004640x100004630x100004621on_validateDialog_close |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://a.yy.com/client/popClick?action=%1&msgid=%2&uid=%3&aid=%4&type=%5&sid=%6&ticket= |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://a.yy.com/client/popClick?action=%1&msgid=%2&uid=%3&aid=%4&type=%5&sid=%6&ticket=start |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://bugreport.yy.duowan.com/feedback_2012/bug_upload.php-----------------------------19810202abcd |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://bugreport.yy.duowan.com/feedback_2012/feedback_log.php |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://bugreport.yy.duowan.com/feedback_2012/feedback_log.php%1?uid=%2&version=%3&ticket=%4http://bu |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://bugreport.yy.duowan.com/feedback_2012/main.php |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://cp.yy.com/ |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://cp.yy.com/&appid=5060&busiId=11&busiUrl=http://udb.yy.com/authentication.do?&action=authentic |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://dc.yypm.yy.com:8081/api/collection |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://dc.yypm.yy.com:8081/api/collectionhdatatimelist |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/festival.xml |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/festival.xmlfestival.xmlfestivalinfostartdateenddatebackgroundbackgroundmd5l |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/live.xml |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/live.xmlhttp://do.yy.duowan.com/liveRules.xmlrulelogoheadnormalhoverimapp/ga |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/liveRules.xml |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/user.php |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/user.php?sids= |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/user.php?sids=The |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/yyliveworld?from=client&version=1&lang=%1 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://do.yy.duowan.com/yyliveworld?from=client&version=1&lang=%1http://do.yy.duowan.com/user.phpMai |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://edu.yy.com/openCourse/show?ticket= |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://edu.yy.com/openCourse/show?ticket=layout/mainframe/educlassroomframe.xml:theme/mainframe/icon |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://find.yyemebed.yy.com/auth/index |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://find.yyemebed.yy.com/auth/index503000002retrying(const |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://kf.duowan.com/?from=proxy |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://kf.yy.com/channal/freezeChannal.action |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://kf.yy.com/channal/freezeChannal.actionView |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://kf.yy.com/channel/freezeChannal.action |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://kf.yy.com/search/qa/5530.html#=%u5C0F%u67D3%u97F3%u9891IVideoDeviceSetting_UUIDconfig/videoon |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://m.yy.com/zone/%1 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://mai.yy.com/?_= |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://mai.yy.com/?_=key=yg0yygame-service-mai&from=from_service_mai&enterFrom=4rank&showUserGuide=0 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://mini.pay.yy.com/v1.0/index.html |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://mini.pay.yy.com/v1.0/index.htmlhttp://mini.pay.yy.com/yyticketMainframe |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://mini.pay.yy.com/yyticket |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://payment.yy.com/global/loginPayment.action?lang= |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://tu.duowan.com/images/tyy/index.html |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://tu.duowan.com/images/tyy/index.htmltabPid=1019&tabSid=0IDWUIElementInner_UUIDIDWUIContainer_U |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://udb.duowan.com/LoginAction.do |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://udb.duowan.com/LoginAction.do&encrypt=1&url=&passwd=username=com.yy.bizdirvercom.yy.bizpasspo |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://udb.duowan.com/authentication.do?ticket=YYWebLoginTicket::_openUrl&client=?id=memory&enterFro |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://udb.duowan.com/security/index.doYYMainFrameMenuReactor::on_securityHome_triggered0x100005600x |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://udb.yy.com/authentication.do?&action=authenticate&direct=1&ticket= |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://udb.yy.com/authentication.do?direct=1&ticket= |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://udb.yy.com/authentication.do?direct=1&ticket=&appid=5060_http://payment.yy.com/global/loginPa |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://update.yy.com/report? |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://update.yy.com/report?YUBYYApplication::_processReportDataYYApplication::_processReportData |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/index?src=3 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/index?src=3tabPid=%1&tabSid=%20x100010710x10001072http://xiage.yy.com/thread-5 |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/redirect?src=introduction-moreskin |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/redirect?src=introduction-moreskinhttp://vip.yy.com/vip/redirect?src=introduct |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/redirect?src=introduction-showskin |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/redirect?src=introduction-skin |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/redirect?src=pay-signface |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/redirect?src=pay-signface:/theme/common/signature_face_normal.png:/theme/duifw |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://vip.yy.com/vip/redirect?src=pay-skin |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://www.yy.com/1005/136983598049.html |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://www.yy.com/1005/136983598049.htmlModify |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://xiage.yy.com |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://xiage.yy.com/logging.php?action=loginhttp://xiage.yy.comimStatus0x100011860x10001187http://m. |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: http://yydl.duowan.com/qastat/sampler.conf |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: https://udb.duowan.com/ProfilePasswordPage.do |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: https://udb.duowan.com/mtoken.do |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: https://udb.duowan.com/mtoken.doServer |
Source: SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll |
String found in binary or memory: https://udb.duowan.com/security/index.do |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0CPerfRecord@Perf@@QAE@XZ |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0YYLoginWidget@@QAE@PAVQGraphicsItem@@@Z |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0YYLoginWidget_i18n@@QAE@PAVQGraphicsItem@@@Z |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0CPerfRecord@Perf@@QAE@XZ |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0YYLoginWidget@@QAE@PAVQGraphicsItem@@@Z |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0YYLoginWidget_i18n@@QAE@PAVQGraphicsItem@@@Z |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll",#1 |
Jump to behavior |