Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0CPerfRecord@Perf@@QAE@XZ
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0YYLoginWidget@@QAE@PAVQGraphicsItem@@@Z
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Sasfis.6307.8338.dll,??0YYLoginWidget_i18n@@QAE@PAVQGraphicsItem@@@Z
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://vip.yy.com/vip/redirect?src=pay-signface:/theme/common/signature_face_normal.png:/theme/duifw
|
unknown
|
||
|
http://m.yy.com/zone/%1
|
unknown
|
||
|
http://mini.pay.yy.com/v1.0/index.html
|
unknown
|
||
|
http://a.yy.com/client/popClick?action=%1&msgid=%2&uid=%3&aid=%4&type=%5&sid=%6&ticket=
|
unknown
|
||
|
http://kf.yy.com/channal/freezeChannal.action
|
unknown
|
||
|
http://mai.yy.com/?_=
|
unknown
|
||
|
http://do.yy.duowan.com/yyliveworld?from=client&version=1&lang=%1
|
unknown
|
||
|
http://vip.yy.com/vip/redirect?src=introduction-moreskin
|
unknown
|
||
|
http://do.yy.duowan.com/live.xml
|
unknown
|
||
|
http://find.yyemebed.yy.com/auth/index503000002retrying(const
|
unknown
|
||
|
http://udb.duowan.com/security/index.doYYMainFrameMenuReactor::on_securityHome_triggered0x100005600x
|
unknown
|
||
|
http://cp.yy.com/&appid=5060&busiId=11&busiUrl=http://udb.yy.com/authentication.do?&action=authentic
|
unknown
|
||
|
http://www.yy.com/1005/136983598049.html
|
unknown
|
||
|
http://kf.yy.com/search/qa/5530.html#=%u5C0F%u67D3%u97F3%u9891IVideoDeviceSetting_UUIDconfig/videoon
|
unknown
|
||
|
http://mini.pay.yy.com/yyticket
|
unknown
|
||
|
http://payment.yy.com/global/loginPayment.action?lang=
|
unknown
|
||
|
http://udb.duowan.com/LoginAction.do
|
unknown
|
||
|
http://vip.yy.com/vip/index?src=3
|
unknown
|
||
|
http://dc.yypm.yy.com:8081/api/collection
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://tu.duowan.com/images/tyy/index.html
|
unknown
|
||
|
http://bugreport.yy.duowan.com/feedback_2012/main.php
|
unknown
|
||
|
http://find.yyemebed.yy.com/auth/index
|
unknown
|
||
|
http://udb.yy.com/authentication.do?direct=1&ticket=
|
unknown
|
||
|
https://udb.duowan.com/ProfilePasswordPage.do
|
unknown
|
||
|
http://do.yy.duowan.com/yyliveworld?from=client&version=1&lang=%1http://do.yy.duowan.com/user.phpMai
|
unknown
|
||
|
https://udb.duowan.com/mtoken.doServer
|
unknown
|
||
|
http://xiage.yy.com
|
unknown
|
||
|
http://udb.yy.com/authentication.do?direct=1&ticket=&appid=5060_http://payment.yy.com/global/loginPa
|
unknown
|
||
|
http://udb.duowan.com/authentication.do?ticket=YYWebLoginTicket::_openUrl&client=?id=memory&enterFro
|
unknown
|
||
|
http://vip.yy.com/vip/redirect?src=introduction-skin
|
unknown
|
||
|
http://mai.yy.com/?_=key=yg0yygame-service-mai&from=from_service_mai&enterFrom=4rank&showUserGuide=0
|
unknown
|
||
|
http://do.yy.duowan.com/user.php?sids=
|
unknown
|
||
|
http://do.yy.duowan.com/liveRules.xml
|
unknown
|
||
|
http://dc.yypm.yy.com:8081/api/collectionhdatatimelist
|
unknown
|
||
|
http://cp.yy.com/
|
unknown
|
||
|
http://yydl.duowan.com/qastat/sampler.conf
|
unknown
|
||
|
http://vip.yy.com/vip/redirect?src=introduction-showskin
|
unknown
|
||
|
http://udb.yy.com/authentication.do?&action=authenticate&direct=1&ticket=
|
unknown
|
||
|
http://kf.yy.com/channel/freezeChannal.action
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
https://udb.duowan.com/mtoken.do
|
unknown
|
||
|
http://do.yy.duowan.com/user.php?sids=The
|
unknown
|
||
|
http://xiage.yy.com/logging.php?action=loginhttp://xiage.yy.comimStatus0x100011860x10001187http://m.
|
unknown
|
||
|
http://vip.yy.com/vip/redirect?src=introduction-moreskinhttp://vip.yy.com/vip/redirect?src=introduct
|
unknown
|
||
|
http://do.yy.duowan.com/user.php
|
unknown
|
||
|
http://do.yy.duowan.com/festival.xmlfestival.xmlfestivalinfostartdateenddatebackgroundbackgroundmd5l
|
unknown
|
||
|
http://vip.yy.com/vip/redirect?src=pay-skin
|
unknown
|
||
|
http://update.yy.com/report?
|
unknown
|
||
|
http://edu.yy.com/openCourse/show?ticket=
|
unknown
|
||
|
http://udb.duowan.com/LoginAction.do&encrypt=1&url=&passwd=username=com.yy.bizdirvercom.yy.bizpasspo
|
unknown
|
||
|
http://update.yy.com/report?YUBYYApplication::_processReportDataYYApplication::_processReportData
|
unknown
|
||
|
http://kf.yy.com/channal/freezeChannal.actionView
|
unknown
|
||
|
https://udb.duowan.com/security/index.do
|
unknown
|
||
|
http://edu.yy.com/openCourse/show?ticket=layout/mainframe/educlassroomframe.xml:theme/mainframe/icon
|
unknown
|
||
|
http://vip.yy.com/vip/redirect?src=pay-signface
|
unknown
|
||
|
http://www.yy.com/1005/136983598049.htmlModify
|
unknown
|
||
|
http://3g.yy.com0x100004600x100004610x100004650x100004640x100004630x100004621on_validateDialog_close
|
unknown
|
||
|
http://a.yy.com/client/popClick?action=%1&msgid=%2&uid=%3&aid=%4&type=%5&sid=%6&ticket=start
|
unknown
|
||
|
http://bugreport.yy.duowan.com/feedback_2012/feedback_log.php
|
unknown
|
||
|
http://vip.yy.com/vip/index?src=3tabPid=%1&tabSid=%20x100010710x10001072http://xiage.yy.com/thread-5
|
unknown
|
||
|
http://do.yy.duowan.com/live.xmlhttp://do.yy.duowan.com/liveRules.xmlrulelogoheadnormalhoverimapp/ga
|
unknown
|
||
|
http://bugreport.yy.duowan.com/feedback_2012/feedback_log.php%1?uid=%2&version=%3&ticket=%4http://bu
|
unknown
|
||
|
http://do.yy.duowan.com/festival.xml
|
unknown
|
||
|
http://kf.duowan.com/?from=proxy
|
unknown
|
||
|
http://mini.pay.yy.com/v1.0/index.htmlhttp://mini.pay.yy.com/yyticketMainframe
|
unknown
|
||
|
http://tu.duowan.com/images/tyy/index.htmltabPid=1019&tabSid=0IDWUIElementInner_UUIDIDWUIContainer_U
|
unknown
|
||
|
http://bugreport.yy.duowan.com/feedback_2012/bug_upload.php-----------------------------19810202abcd
|
unknown
|
There are 58 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2DC2000
|
heap
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
7F9000
|
stack
|
page read and write
|
||
|
577000
|
heap
|
page read and write
|
||
|
A96000
|
heap
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
2DA9000
|
heap
|
page read and write
|
||
|
44CE000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
2DD7000
|
heap
|
page read and write
|
||
|
577000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
B2D000
|
stack
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
A91000
|
heap
|
page read and write
|
||
|
2DB3000
|
heap
|
page read and write
|
||
|
2DA9000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
5AD000
|
stack
|
page read and write
|
||
|
D9F000
|
stack
|
page read and write
|
||
|
5F50000
|
heap
|
page read and write
|
||
|
60D4000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
57C000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
4904000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2D93000
|
heap
|
page read and write
|
||
|
5ED0000
|
trusted library allocation
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
2D8A000
|
heap
|
page read and write
|
||
|
2E36000
|
heap
|
page read and write
|
||
|
5FDE000
|
stack
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
450E000
|
stack
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
2D86000
|
heap
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
601F000
|
stack
|
page read and write
|
||
|
583000
|
heap
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2DB3000
|
heap
|
page read and write
|
||
|
2DA9000
|
heap
|
page read and write
|
||
|
573000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
2DBB000
|
heap
|
page read and write
|
||
|
2DB6000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
AA1000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
BAB000
|
heap
|
page read and write
|
||
|
5D30000
|
trusted library allocation
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
2DAF000
|
heap
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
BAF000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
57F000
|
heap
|
page read and write
|
||
|
46CF000
|
stack
|
page read and write
|
||
|
59E4000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
A9F000
|
heap
|
page read and write
|
||
|
A91000
|
heap
|
page read and write
|
||
|
A9D000
|
heap
|
page read and write
|
||
|
573000
|
heap
|
page read and write
|
||
|
709000
|
stack
|
page read and write
|
||
|
468E000
|
stack
|
page read and write
|
||
|
2D6A000
|
heap
|
page read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
448E000
|
stack
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
BC9000
|
heap
|
page read and write
|
||
|
62F0000
|
trusted library allocation
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
5F54000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
2DC1000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
56F000
|
heap
|
page read and write
|
||
|
74C000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
593000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
577000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
50E000
|
stack
|
page read and write
|
||
|
6E9000
|
stack
|
page read and write
|
||
|
57F000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
2D8C000
|
heap
|
page read and write
|
||
|
2D0F000
|
stack
|
page read and write
|
||
|
2D84000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
B8D000
|
stack
|
page read and write
|
||
|
2D9A000
|
heap
|
page read and write
|
||
|
2DA9000
|
heap
|
page read and write
|
||
|
60D0000
|
heap
|
page read and write
|
||
|
2DC1000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
2D84000
|
heap
|
page read and write
|
||
|
2F56000
|
heap
|
page read and write
|
||
|
55A000
|
heap
|
page read and write
|
||
|
1DD000
|
stack
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
2DDF000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
A95000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
2DBD000
|
heap
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
6470000
|
trusted library allocation
|
page read and write
|
||
|
2DBB000
|
heap
|
page read and write
|
||
|
578000
|
heap
|
page read and write
|
||
|
2D96000
|
heap
|
page read and write
|
There are 138 hidden memdumps, click here to show them.