VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : stericson.busybox-55.apk (File not down)
File Size :3679161 byte
File Type :application/jar
MD5:378976c821f531604eb2983fe94d334e
SHA1:333cd72ba2309dd278ce3e657f446473bde84405
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!        Behavior
    Time: 2018-02-10 15:22:10 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 7
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14865 10.0.1405 2018-02-02 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 24296 0.97.5 2018-02-08 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2018-02-02 Found nothing 60
    fortinet 1.000, 55.058, 54.994, 55.018 5.4.247 2018-02-10 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.15969 25.15969 2018-02-10 Found nothing 15
    ikarus 4.00.06 V1.32.31.0 2018-02-09 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-12-22 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2018-02-09 Found nothing 5
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6872 3.0.21 2018-02-08 Found nothing 60
    panda 9.05.01 9.05.01 2018-02-09 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-11-18 Found nothing 3
    rising 3205 3205 2017-12-26 Found nothing 6
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2018-02-08 Found nothing 3
    tws 17.47.17308 1.0.2.2108 2018-02-09 Found nothing 16
    vba 3.12.29.5 beta 3.12.29.5 beta 2018-02-09 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
  • 文件信息
    安全评分 :
    基本信息
    MD5:378976c821f531604eb2983fe94d334e
    包名:stericson.busybox
    最低运行环境:Android 3.0.x
    版权:
    关键行为
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x0002033e, Text = SSTap-beta 1.0.9.7 Install , ClassName = #32770.
    行为描述:获取TickCount值
    详情信息:TickCount = 234781, SleepMilliseconds = 2000.
    TickCount = 234140, SleepMilliseconds = 1000.
    TickCount = 234156, SleepMilliseconds = 1000.
    TickCount = 234171, SleepMilliseconds = 1000.
    TickCount = 234187, SleepMilliseconds = 1000.
    TickCount = 234203, SleepMilliseconds = 1000.
    TickCount = 234218, SleepMilliseconds = 1000.
    TickCount = 234234, SleepMilliseconds = 1000.
    TickCount = 234250, SleepMilliseconds = 1000.
    TickCount = 234265, SleepMilliseconds = 1000.
    TickCount = 234281, SleepMilliseconds = 1000.
    TickCount = 234296, SleepMilliseconds = 1000.
    TickCount = 234312, SleepMilliseconds = 1000.
    TickCount = 234328, SleepMilliseconds = 1000.
    TickCount = 234343, SleepMilliseconds = 1000.
    行为描述:在桌面创建文件
    详情信息:C:\Documents and Settings\Administrator\桌面\SSTap-beta.lnk
    行为描述:创建系统服务
    详情信息:[服务创建成功]: tap0901, system32\DRIVERS\tap0901.sys
    [服务已存在]: PSched, system32\DRIVERS\psched.sys
    行为描述:修改注册表_Winsock劫持
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns6.tmp" "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe" DETECTTAP
    ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns7.tmp" "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x86\tapinstall.exe" install "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-bet
    行为描述:创建进程
    详情信息:[0x00000e04]ImagePath = C:\WINDOWS\system32\runonce.exe, CmdLine = runonce -r
    [0x00000e4c]ImagePath = C:\WINDOWS\system32\runonce.exe, CmdLine = runonce -r
    行为描述:创建新文件进程
    详情信息:[0x00000d2c]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns6.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns6.tmp" "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe" DETECTTAP
    [0x00000d34]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe" DETECTTAP
    [0x00000d58]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns7.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns7.tmp" "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x86\tapinstall.exe" install "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-bet
    [0x00000d60]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x86\tapinstall.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x86\tapinstall.exe" install "C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x86\OemWin2k.inf" tap0901
    行为描述:枚举进程
    详情信息:N/A
    行为描述:创建本地线程
    详情信息:TargetProcess: SSTap-beta-setup-1.0.9.7.exe, InheritedFromPID = 2000, ProcessID = 2708, ThreadID = 2972, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: SSTap-beta-setup-1.0.9.7.exe, InheritedFromPID = 2000, ProcessID = 2708, ThreadID = 2976, StartAddress = 7C930230, Parameter = 00000000
    TargetProcess: SSTap-beta-setup-1.0.9.7.exe, InheritedFromPID = 2000, ProcessID = 2708, ThreadID = 3104, StartAddress = 004054E7, Parameter = 0002036E
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3432, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3436, StartAddress = 7C930230, Parameter = 00000000
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3440, StartAddress = 7C949B6F, Parameter = 00000000
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3452, StartAddress = 765E964D, Parameter = 0019ECB0
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3456, StartAddress = 759D8761, Parameter = 00000000
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3460, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3480, StartAddress = 757D4D37, Parameter = 00251BD8
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3492, StartAddress = 757D4D37, Parameter = 019FFF18
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3496, StartAddress = 757D4D37, Parameter = 019E48C8
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3504, StartAddress = 757D4D37, Parameter = 019F5B50
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3508, StartAddress = 757D4D37, Parameter = 01A019D8
    TargetProcess: tapinstall.exe, InheritedFromPID = 3416, ProcessID = 3424, ThreadID = 3512, StartAddress = 757D4D37, Parameter = 01A01A30
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsz3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\LangDLL.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ioSpecial.ini
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\InstallOptions.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\modern-wizard.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\modern-header.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\System.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\killer.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\SSTap.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libcurl.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libintl3.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libiconv2.dll
    行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
    详情信息:C:\Documents and Settings\Administrator\「开始」菜单\SSTap-beta.lnk
    C:\Documents and Settings\Administrator\「开始」菜单\程序\SSTap-beta\SSTap-beta.lnk
    C:\Documents and Settings\Administrator\「开始」菜单\程序\SSTap-beta\Uninstall SSTap-beta.lnk
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\LangDLL.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\InstallOptions.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\System.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\killer.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\SSTap.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libcurl.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libintl3.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libiconv2.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\LibPrivoxy.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libsodiumR.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\LiveUpdate.dll
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\unbound\unbound.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x64\tap0901.sys
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x64\tapinstall.exe
    行为描述:修改脚本文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x64\install.bat ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x86\install.bat ---> Offset = 0
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ns6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ns7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarB.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabC.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarD.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabE.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarF.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab10.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar11.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab12.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar13.tmp
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\unbound\forward-zone\forward-zone.conf
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\unbound\forward-zone
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\unbound
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\rules\China-IP-only.rules
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\rules
    FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\rules\Playerunknown"s-Battlegrounds-America.rules
    行为描述:复制文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\nsExec.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns6.tmp
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\nsExec.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\ns7.tmp
    c:\documents and settings\administrator\local settings\application data\sstap-beta\tap-driver\x86\oemwin2k.inf ---> C:\WINDOWS\INF\oem15.inf
    c:\documents and settings\administrator\local settings\application data\sstap-beta\tap-driver\x86\tap0901.sys ---> C:\WINDOWS\system32\DRIVERS\SET20.tmp
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsz3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarB.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabC.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarD.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabE.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarF.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab10.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar11.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab12.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar13.tmp
    行为描述:在桌面创建文件
    详情信息:C:\Documents and Settings\Administrator\桌面\SSTap-beta.lnk
    行为描述:重命名文件
    详情信息:C:\WINDOWS\LastGood\TMP14.tmp ---> C:\WINDOWS\LastGood\INF\oem15.inf
    C:\WINDOWS\LastGood\TMP15.tmp ---> C:\WINDOWS\LastGood\INF\oem15.PNF
    C:\WINDOWS\system32\drivers\SET20.tmp ---> C:\WINDOWS\system32\DRIVERS\tap0901.sys
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp ---> Offset = 86805
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsj4.tmp ---> Offset = 119573
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\LangDLL.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ioSpecial.ini ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\InstallOptions.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ioSpecial.ini ---> Offset = 2
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ioSpecial.ini ---> Offset = 74
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\modern-wizard.bmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\modern-wizard.bmp ---> Offset = 16384
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ioSpecial.ini ---> Offset = 250
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\modern-header.bmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\ioSpecial.ini ---> Offset = 68
    网络行为
    行为描述:连接指定站点
    详情信息:WinHttpConnect: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x01a82000, hConnect = 0x01a82100, Flags = 0x00000000
    WinHttpConnect: ServerName = ca****om, PORT = 80, UserName = , Password = , hSession = 0x01a82000, hConnect = 0x01a82100, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x01a82000
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000004ec
    URL: ca****om, IP: **.133.40.**:80, SOCKET = 0x00000570
    行为描述:发送HTTP包
    详情信息:GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: ww****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
    GET /DigiCertAssuredIDRootCA.crt HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: ca****om Connection: Keep-Alive
    行为描述:打开HTTP请求
    详情信息:WinHttpOpenRequest: ww****om:80/msdownload/update/v3/static/trustedr/en/authrootseq.txt, hConnect = 0x01a82100, hRequest = 0x01af0000, Verb: GET, Referer: , Flags = 0x00000100
    WinHttpOpenRequest: ca****om:80/digicertassuredidrootca.crt, hConnect = 0x01a82100, hRequest = 0x01af0000, Verb: GET, Referer: , Flags = 0x00000000
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ww****om
    GetAddrInfoW: ca****om
    注册表行为
    行为描述:删除注册表键_分层网络协议
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Winsock\Setup Migration\Providers\NetBIOS\
    行为描述:删除注册表键
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Network\NetCfgLockHolder\
    行为描述:修改注册表_Winsock劫持
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem15.inf
    \REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem15.PNF
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\Service
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\Interfaces\UpperRange
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\Interfaces\LowerRange
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Manufacturer
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\ProductName
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\ParamDesc
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Type
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Default
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Optional
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Min
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Max
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Step
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\ParamDesc
    行为描述:修改注册表_分层网络协议
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Winsock\Setup Migration\Providers\NetBIOS\WinSock 2.0 Provider ID
    行为描述:删除注册表键_Winsock劫持
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\
    行为描述:删除注册表键值
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\InfSectionExt
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{21CC09FF-165E-4EBB-B24E-FC98ED87267D}\NumInterfaces
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8C6B73CA-C00B-4864-99FA-12B90E0F122A}\InterfaceMetric
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8C6B73CA-C00B-4864-99FA-12B90E0F122A}\ActiveConfigurations
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DD61BB6F-BAC7-4E0D-A2C9-77E74B6BDA63}\InterfaceMetric
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DD61BB6F-BAC7-4E0D-A2C9-77E74B6BDA63}\ActiveConfigurations
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{21CC09FF-165E-4EBB-B24E-FC98ED87267D}\InterfaceMetric
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{21CC09FF-165E-4EBB-B24E-FC98ED87267D}\ActiveConfigurations
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\InfSectionExt
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\BindPath
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\Bind
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\Route
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage\BindPath
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage\Bind
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage\Route
    行为描述:修改注册表_网络设置
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{21CC09FF-165E-4EBB-B24E-FC98ED87267D}\DefaultGateway
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{21CC09FF-165E-4EBB-B24E-FC98ED87267D}\NameServer
    其他行为
    行为描述:创建互斥体
    详情信息:oleacc-msaa-loaded
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.IJK
    RasPbFile
    Global\{84b06608-8026-11d2-b1f2-00c04fd912b2}
    Global\NetCfgWriteLock
    行为描述:创建事件对象
    详情信息:EventName = Global\userenv: User Profile setup event
    EventName = MSCTF.SendReceive.Event.IJK.IC
    EventName = MSCTF.SendReceiveConection.Event.IJK.IC
    EventName = DINPUTWINMM
    EventName = Global\crypt32LogoffEvent
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [SSTap_WND_Class_150213,]
    NtUserFindWindowEx: [Class,Window] = [SysListView32,]
    行为描述:窗口信息
    详情信息:Pid = 2708, Hwnd=0x10342, Text = 中文(简体), ClassName = ComboBox.
    Pid = 2708, Hwnd=0x10346, Text = OK, ClassName = Button.
    Pid = 2708, Hwnd=0x10348, Text = Cancel, ClassName = Button.
    Pid = 2708, Hwnd=0x1034a, Text = Please select a language., ClassName = Static.
    Pid = 2708, Hwnd=0x1033e, Text = Installer Language, ClassName = #32770.
    Pid = 2708, Hwnd=0x20348, Text = 下一步(&N) >, ClassName = Button.
    Pid = 2708, Hwnd=0x20346, Text = 取消(&C), ClassName = Button.
    Pid = 2708, Hwnd=0x50352, Text = Nullsoft Install System v3.02.1 , ClassName = Static.
    Pid = 2708, Hwnd=0x10354, Text = Nullsoft Install System v3.02.1, ClassName = Static.
    Pid = 2708, Hwnd=0x10366, Text = 欢迎使用 SSTap-beta 1.0.9.7 安装向导, ClassName = Static.
    Pid = 2708, Hwnd=0x10368, Text = 这个向导将指引你完成 SSTap-beta 1.0.9.7 的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定的系统文件,而不需要重新启动你的计算机。 单击 [下一步(N)] 继续。, ClassName = Static.
    Pid = 2708, Hwnd=0x2033e, Text = SSTap-beta 1.0.9.7 Install, ClassName = #32770.
    Pid = 2708, Hwnd=0x2034a, Text = < 上一步(&P), ClassName = Button.
    Pid = 2708, Hwnd=0x20348, Text = 我接受(&I), ClassName = Button.
    Pid = 2708, Hwnd=0x10358, Text = 许可证协议, ClassName = Static.
    行为描述:获取TickCount值
    详情信息:TickCount = 234781, SleepMilliseconds = 2000.
    TickCount = 234140, SleepMilliseconds = 1000.
    TickCount = 234156, SleepMilliseconds = 1000.
    TickCount = 234171, SleepMilliseconds = 1000.
    TickCount = 234187, SleepMilliseconds = 1000.
    TickCount = 234203, SleepMilliseconds = 1000.
    TickCount = 234218, SleepMilliseconds = 1000.
    TickCount = 234234, SleepMilliseconds = 1000.
    TickCount = 234250, SleepMilliseconds = 1000.
    TickCount = 234265, SleepMilliseconds = 1000.
    TickCount = 234281, SleepMilliseconds = 1000.
    TickCount = 234296, SleepMilliseconds = 1000.
    TickCount = 234312, SleepMilliseconds = 1000.
    TickCount = 234328, SleepMilliseconds = 1000.
    TickCount = 234343, SleepMilliseconds = 1000.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x0002033e, Text = SSTap-beta 1.0.9.7 Install , ClassName = #32770.
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    Global\crypt32LogoffEvent
    Global\SvcctrlStartEvent_A3752DX
    Global\userenv: Machine Group Policy has been applied
    userenv: User Group Policy has been applied
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    \INSTALLATION_SECURITY_HOLD
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    行为描述:导入密钥
    详情信息:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002080C8, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00207548, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019EBE08, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019EBEC0, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019EC100, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019EC840, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019ECA50, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x01A025C8, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019FF558, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x01A01678, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x01A01C40, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019EBE78, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x001FD228, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x001FDF38, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x019E5D10, DataLen: 532, Flags: 0x00000000
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\LangDLL.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\InstallOptions.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\System.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\killer.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\SSTap.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libcurl.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libintl3.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libiconv2.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\LibPrivoxy.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libsodiumR.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\LiveUpdate.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\unbound\unbound.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x64\tap0901.sys(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x64\tapinstall.exe(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 2000.
    [2]: MilliSeconds = 1000.
    [3]: MilliSeconds = 100.
    [4]: MilliSeconds = 100.
    [5]: MilliSeconds = 100.
    [6]: MilliSeconds = 100.
    [7]: MilliSeconds = 100.
    [8]: MilliSeconds = 100.
    [9]: MilliSeconds = 100.
    [10]: MilliSeconds = 100.
    [1]: MilliSeconds = 0.
    [2]: MilliSeconds = 0.
    [3]: MilliSeconds = 0.
    [4]: MilliSeconds = 0.
    [5]: MilliSeconds = 0.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [,Button]
    [Window,Class] = [Nullsoft Install System v3.02.1,Static]
    [Window,Class] = [Nullsoft Install System v3.02.1 ,Static]
    [Window,Class] = [,Static]
    [Window,Class] = [,Auto-Suggest Dropdown]
    [Window,Class] = [显示细节(&D),Button]
    [Window,Class] = [帮助,Button]
    [Window,Class] = [完成,Button]
    [Window,Class] = [,msctls_progress32]
    [Window,Class] = [,#32770]
    [Window,Class] = [,SysTabControl32]
    [Window,Class] = [资源(&E)...,Button]
    [Window,Class] = [下一步(&N) >,Button]
    [Window,Class] = [安装完成,Static]
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\LangDLL.dll ---> 30b091668111ab1d6c19f16586a9eee5
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\InstallOptions.dll ---> b06dfd343c2a80f584ec8968b942a839
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\System.dll ---> 9625d5b1754bc4ff29281d415d27a0fd
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsp5.tmp\killer.dll ---> 90d4a02442dbf8cbe8acdd751c090e3a
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\SSTap.exe ---> 13cbd58ed7d92c22fa64cd69e7f2bcca
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\TAP.exe ---> ad00b220f78a83eab2cc4cefaf4b42a4
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libcurl.dll ---> 2b275e2cfbe9d7d972718c0eb14238bd
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libintl3.dll ---> d202baa425176287017ffe1fb5d1b77c
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libiconv2.dll ---> 331f570aa7c20bc93deb7b237b21cc9c
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\LibPrivoxy.dll ---> db6bbc603d26258ca897403583521847
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libsodiumR.dll ---> ef662f86340b6a7ec47540a5cf8cd691
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\LiveUpdate.dll ---> 1b0843a89ac1eb4744b8797d36af4fb2
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\unbound\unbound.exe ---> 文件过大!
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x64\tap0901.sys ---> d765f43cbea72d14c04af3d2b9c8e54b
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\tap-driver\x64\tapinstall.exe ---> 1b6fc49e4ef3ad16c0166e7fedd6b173
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    RasPbFile
    行为描述:创建系统服务
    详情信息:[服务创建成功]: tap0901, system32\DRIVERS\tap0901.sys
    [服务已存在]: PSched, system32\DRIVERS\psched.sys
    行为描述:加载新释放的文件
    详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\LangDLL.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\InstallOptions.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\System.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\killer.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp5.tmp\nsExec.dll.
    Image: C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libintl3.dll.
    Image: C:\Documents and Settings\Administrator\Local Settings\Application Data\SSTap-beta\libiconv2.dll.
    Activities
    活动名类型
    stericson.busybox.Activity.MainActivityandroid.intent.action.MAIN
    stericson.busybox.Activity.MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    ContentResolver;->query读取联系人、短信等数据库
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    启动方式
    名称信息
    stericson.busybox.receivers.OnUpgradeReceiver
    权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    文件列表
    文件名 校验码
    AndroidManifest.xml 0x6a199486
    assets/busybox-arm.png 0x67239f68
    assets/busybox-x86.png 0x6661f4c2
    assets/fonts/DJGROSS.ttf 0x4a14ee94
    assets/fonts/default.ttf 0x2c38f7c2
    res/anim/abc_fade_in.xml 0x2f94166b
    res/anim/abc_fade_out.xml 0x396f7a13
    res/anim/abc_grow_fade_in_from_bottom.xml 0xeafc430
    res/anim/abc_shrink_fade_out_from_bottom.xml 0xab9df452
    res/anim/abc_slide_in_bottom.xml 0x73663fbe
    res/anim/abc_slide_in_top.xml 0x41f8f3af
    res/anim/abc_slide_out_bottom.xml 0x51b9c50a
    res/anim/abc_slide_out_top.xml 0x4f613364
    res/anim/enter_dropin.xml 0xe01edee
    res/anim/enter_scalein.xml 0x7093048f
    res/anim/enter_slidein.xml 0xd7f8abc3
    res/anim/exit_dropout.xml 0x14b166c6
    res/anim/exit_scaleout.xml 0x865b439f
    res/anim/exit_slideout.xml 0x60c1e224
    res/color/abc_background_cache_hint_selector_material_dark.xml 0xb95731bf
    res/color/abc_background_cache_hint_selector_material_light.xml 0xe34c81e2
    res/color/abc_primary_text_disable_only_material_dark.xml 0xc2caa083
    res/color/abc_primary_text_disable_only_material_light.xml 0x51d5dff9
    res/color/abc_primary_text_material_dark.xml 0x3454076b
    res/color/abc_primary_text_material_light.xml 0xa74b7811
    res/color/abc_search_url_text.xml 0x3c5ab94c
    res/color/abc_secondary_text_material_dark.xml 0x776c43c5
    res/color/abc_secondary_text_material_light.xml 0xe4733cbf
    res/color/primary_text_holo_dark.xml 0x987a5cb5
    res/color/vpi__dark_theme.xml 0x400748a6
    res/color/vpi__light_theme.xml 0x8e0a45e
    res/drawable-hdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png 0x64228504
    res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_000.png 0xd03742f2
    res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_015.png 0xd2d6badf
    res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_000.png 0xff76aca0
    res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_015.png 0x40073691
    res/drawable-hdpi-v4/abc_btn_rating_star_off_mtrl_alpha.png 0x8efc8de5
    res/drawable-hdpi-v4/abc_btn_rating_star_on_mtrl_alpha.png 0x8f25d6ab
    res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png 0xa8ea08e8
    res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png 0xd86a40af
    res/drawable-hdpi-v4/abc_cab_background_top_mtrl_alpha.9.png 0x3df2f3
    res/drawable-hdpi-v4/abc_ic_ab_back_mtrl_am_alpha.png 0x12e781b
    res/drawable-hdpi-v4/abc_ic_clear_mtrl_alpha.png 0xe5d3821a
    res/drawable-hdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png 0x29b0319a
    res/drawable-hdpi-v4/abc_ic_go_search_api_mtrl_alpha.png 0x50e4f199
    res/drawable-hdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png 0xc3e37254
    res/drawable-hdpi-v4/abc_ic_menu_cut_mtrl_alpha.png 0xdadcfc6b
    res/drawable-hdpi-v4/abc_ic_menu_moreoverflow_mtrl_alpha.png 0xb8ef5307
    res/drawable-hdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png 0xb00ec44b
    res/drawable-hdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png 0xbbf49cde
    res/drawable-hdpi-v4/abc_ic_menu_share_mtrl_alpha.png 0x131dcca
    res/drawable-hdpi-v4/abc_ic_search_api_mtrl_alpha.png 0x1a4117f3
    res/drawable-hdpi-v4/abc_ic_voice_search_api_mtrl_alpha.png 0xdfd550e6
    res/drawable-hdpi-v4/abc_list_divider_mtrl_alpha.9.png 0x72ff0f68
    res/drawable-hdpi-v4/abc_list_focused_holo.9.png 0x8e4da209
    res/drawable-hdpi-v4/abc_list_longpressed_holo.9.png 0x81b12fde
    res/drawable-hdpi-v4/abc_list_pressed_holo_dark.9.png 0x62993bc8
    res/drawable-hdpi-v4/abc_list_pressed_holo_light.9.png 0x7c69f413
    res/drawable-hdpi-v4/abc_list_selector_disabled_holo_dark.9.png 0xe50f1648
    res/drawable-hdpi-v4/abc_list_selector_disabled_holo_light.9.png 0x43f655e6
    res/drawable-hdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png 0xd545942a
    res/drawable-hdpi-v4/abc_popup_background_mtrl_mult.9.png 0xda0d75a8
    res/drawable-hdpi-v4/abc_spinner_mtrl_am_alpha.9.png 0x794a6a7
    res/drawable-hdpi-v4/abc_switch_track_mtrl_alpha.9.png 0xc3a621e0
    res/drawable-hdpi-v4/abc_tab_indicator_mtrl_alpha.9.png 0x6c11debe
    res/drawable-hdpi-v4/abc_textfield_activated_mtrl_alpha.9.png 0xd4c413c7
    res/drawable-hdpi-v4/abc_textfield_default_mtrl_alpha.9.png 0x4ad2d936
    res/drawable-hdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png 0x280969db
    res/drawable-hdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png 0xee0f1fea
    res/drawable-hdpi-v4/arrow_down_float.png 0xd7c11a36
    res/drawable-hdpi-v4/arrow_up_float.png 0xb524be18
    res/drawable-hdpi-v4/btn_check_off_disable_focused_holo_dark.png 0xc420be59
    res/drawable-hdpi-v4/btn_check_off_disable_holo_dark.png 0xc420be59
    res/drawable-hdpi-v4/btn_check_off_disabled_focused_holo_dark.png 0x320f8143
    res/drawable-hdpi-v4/btn_check_off_disabled_holo_dark.png 0x3102d860
    res/drawable-hdpi-v4/btn_check_off_focused_holo_dark.png 0xc2ce8924
    res/drawable-hdpi-v4/btn_check_off_holo_dark.png 0x8aad536e
    res/drawable-hdpi-v4/btn_check_off_normal_holo_dark.png 0x805f0182
    res/drawable-hdpi-v4/btn_check_off_pressed_holo_dark.png 0xf01c59e9
    res/drawable-hdpi-v4/btn_check_on_disable_holo_dark.png 0xe02b2462
    res/drawable-hdpi-v4/btn_check_on_disabled_focused_holo_dark.png 0x20bc6858
    res/drawable-hdpi-v4/btn_check_on_disabled_holo_dark.png 0x5ff81a58
    res/drawable-hdpi-v4/btn_check_on_focused_holo_dark.png 0x9d5bd3d6
    res/drawable-hdpi-v4/btn_check_on_holo_dark.png 0x43d70d9
    res/drawable-hdpi-v4/btn_check_on_pressed_holo_dark.png 0xa3575c09
    res/drawable-hdpi-v4/btn_default_disabled_focused_holo_dark.9.png 0x20519bf1
    res/drawable-hdpi-v4/btn_default_disabled_holo_dark.9.png 0x750e1da8
    res/drawable-hdpi-v4/btn_default_focused_holo_dark.9.png 0xdece9f22
    res/drawable-hdpi-v4/btn_default_normal_holo_dark.9.png 0xfc85d911
    res/drawable-hdpi-v4/btn_default_pressed_holo_dark.9.png 0x175f3050
    res/drawable-hdpi-v4/icon.png 0x5d50ad8b
    res/drawable-hdpi-v4/spinner_default_holo_dark.9.png 0x3fe66c4f
    res/drawable-hdpi-v4/spinner_disabled_holo_dark.9.png 0x77330d4c
    res/drawable-hdpi-v4/spinner_focused_holo_dark.9.png 0x4c593866
    res/drawable-hdpi-v4/spinner_pressed_holo_dark.9.png 0xbb9effc6
    res/drawable-hdpi-v4/vpi__tab_selected_focused_holo.9.png 0xcd8b95b0
    res/drawable-hdpi-v4/vpi__tab_selected_holo.9.png 0x3c3aed54
    res/drawable-hdpi-v4/vpi__tab_selected_pressed_holo.9.png 0xcbdab7f1
    res/drawable-hdpi-v4/vpi__tab_unselected_focused_holo.9.png 0x91ed13ab
    res/drawable-hdpi-v4/vpi__tab_unselected_holo.9.png 0x5995d5bf
    res/drawable-hdpi-v4/vpi__tab_unselected_pressed_holo.9.png 0x2900ff50
    res/drawable-ldrtl-hdpi-v17/abc_ic_ab_back_mtrl_am_alpha.png 0x649274a
    res/drawable-ldrtl-hdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png 0x1cab6e79
    res/drawable-ldrtl-hdpi-v17/abc_ic_menu_cut_mtrl_alpha.png 0x68855ee1
    res/drawable-ldrtl-hdpi-v17/abc_spinner_mtrl_am_alpha.9.png 0xa596c3d0
    res/drawable-ldrtl-mdpi-v17/abc_ic_ab_back_mtrl_am_alpha.png 0x3dd2af1
    res/drawable-ldrtl-mdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png 0x9dd80c40
    res/drawable-ldrtl-mdpi-v17/abc_ic_menu_cut_mtrl_alpha.png 0x5df414eb
    res/drawable-ldrtl-mdpi-v17/abc_spinner_mtrl_am_alpha.9.png 0xb1c14ea7
    res/drawable-ldrtl-xhdpi-v17/abc_ic_ab_back_mtrl_am_alpha.png 0x3d5fe422
    res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png 0xbba16689
    res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png 0x8cf6bf4c
    res/drawable-ldrtl-xhdpi-v17/abc_spinner_mtrl_am_alpha.9.png 0x64a842b9
    res/drawable-ldrtl-xxhdpi-v17/abc_ic_ab_back_mtrl_am_alpha.png 0xa41983f1
    res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png 0x1d5aea2b
    res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png 0xed023aa
    res/drawable-ldrtl-xxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png 0x48f4c207
    res/drawable-ldrtl-xxxhdpi-v17/abc_ic_ab_back_mtrl_am_alpha.png 0x3b12c1e6
    res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png 0x9917cc6e
    res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png 0x5dc1bc5e
    res/drawable-ldrtl-xxxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png 0x2ff6ecc
    res/drawable-mdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png 0xa852580c
    res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_000.png 0xd152fae1
    res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_015.png 0xa32a8346
    res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_000.png 0x9394b434
    res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_015.png 0x1bcdcb4b
    res/drawable-mdpi-v4/abc_btn_rating_star_off_mtrl_alpha.png 0x7aaf0acb
    res/drawable-mdpi-v4/abc_btn_rating_star_on_mtrl_alpha.png 0xf2f728e3
    res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png 0xe8a926bc
    res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png 0xcd774af1
    res/drawable-mdpi-v4/abc_cab_background_top_mtrl_alpha.9.png 0xb6857dd0
    res/drawable-mdpi-v4/abc_ic_ab_back_mtrl_am_alpha.png 0x139df14f
    res/drawable-mdpi-v4/abc_ic_clear_mtrl_alpha.png 0xc91c4b1f
    res/drawable-mdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png 0xc890fc5c
    res/drawable-mdpi-v4/abc_ic_go_search_api_mtrl_alpha.png 0xef213bb9
    res/drawable-mdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png 0xf441f369
    res/drawable-mdpi-v4/abc_ic_menu_cut_mtrl_alpha.png 0x32e7d88e
    res/drawable-mdpi-v4/abc_ic_menu_moreoverflow_mtrl_alpha.png 0x462e916e
    res/drawable-mdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png 0xda4f722
    res/drawable-mdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png 0x38b59203
    res/drawable-mdpi-v4/abc_ic_menu_share_mtrl_alpha.png 0x93c6c875
    res/drawable-mdpi-v4/abc_ic_search_api_mtrl_alpha.png 0xe10a04c9
    res/drawable-mdpi-v4/abc_ic_voice_search_api_mtrl_alpha.png 0x3166a648
    res/drawable-mdpi-v4/abc_list_divider_mtrl_alpha.9.png 0x72ff0f68
    res/drawable-mdpi-v4/abc_list_focused_holo.9.png 0xb1ab9d03
    res/drawable-mdpi-v4/abc_list_longpressed_holo.9.png 0x78c37895
    res/drawable-mdpi-v4/abc_list_pressed_holo_dark.9.png 0x686b7a66
    res/drawable-mdpi-v4/abc_list_pressed_holo_light.9.png 0x32efca3
    res/drawable-mdpi-v4/abc_list_selector_disabled_holo_dark.9.png 0x551f7c98
    res/drawable-mdpi-v4/abc_list_selector_disabled_holo_light.9.png 0xd6426851
    res/drawable-mdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png 0x54345552
    res/drawable-mdpi-v4/abc_popup_background_mtrl_mult.9.png 0x3c2b73c5
    res/drawable-mdpi-v4/abc_spinner_mtrl_am_alpha.9.png 0xcc2f6eda
    res/drawable-mdpi-v4/abc_switch_track_mtrl_alpha.9.png 0x9517f5a8
    res/drawable-mdpi-v4/abc_tab_indicator_mtrl_alpha.9.png 0xb58b040f
    res/drawable-mdpi-v4/abc_textfield_activated_mtrl_alpha.9.png 0x6f3d3312
    res/drawable-mdpi-v4/abc_textfield_default_mtrl_alpha.9.png 0xbca1ab83
    res/drawable-mdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png 0xfb4249d4
    res/drawable-mdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png 0x19a0052e
    res/drawable-mdpi-v4/arrow_down_float.png 0xa4ae4f69
    res/drawable-mdpi-v4/arrow_up_float.png 0xa7f0dc40
    res/drawable-mdpi-v4/btn_check_off_disable_focused_holo_dark.png 0xdb3d62f3
    res/drawable-mdpi-v4/btn_check_off_disable_holo_dark.png 0xdb3d62f3
    res/drawable-mdpi-v4/btn_check_off_disabled_focused_holo_dark.png 0x84c438dd
    res/drawable-mdpi-v4/btn_check_off_disabled_holo_dark.png 0x56a81031
    res/drawable-mdpi-v4/btn_check_off_focused_holo_dark.png 0x816ca8aa
    res/drawable-mdpi-v4/btn_check_off_holo_dark.png 0x7bc92cc5
    res/drawable-mdpi-v4/btn_check_off_normal_holo_dark.png 0x42f4b5f5
    res/drawable-mdpi-v4/btn_check_off_pressed_holo_dark.png 0x951386db
    res/drawable-mdpi-v4/btn_check_on_disable_holo_dark.png 0x83d22e09
    res/drawable-mdpi-v4/btn_check_on_disabled_focused_holo_dark.png 0x355a9b5e
    res/drawable-mdpi-v4/btn_check_on_disabled_holo_dark.png 0xa93768d7
    res/drawable-mdpi-v4/btn_check_on_focused_holo_dark.png 0x145996f5
    res/drawable-mdpi-v4/btn_check_on_holo_dark.png 0x240ba86b
    res/drawable-mdpi-v4/btn_check_on_pressed_holo_dark.png 0x5dbaae6
    res/drawable-mdpi-v4/btn_default_disabled_focused_holo_dark.9.png 0xab7b10dc
    res/drawable-mdpi-v4/btn_default_disabled_holo_dark.9.png 0x9690e670
    res/drawable-mdpi-v4/btn_default_focused_holo_dark.9.png 0xe450965b
    res/drawable-mdpi-v4/btn_default_normal_holo_dark.9.png 0x593179ce
    res/drawable-mdpi-v4/btn_default_pressed_holo_dark.9.png 0x6079eef4
    res/drawable-mdpi-v4/icon.png 0x4c7d72dd
    res/drawable-mdpi-v4/spinner_default_holo_dark.9.png 0x1a0447fe
    res/drawable-mdpi-v4/spinner_disabled_holo_dark.9.png 0xfa9196ab
    res/drawable-mdpi-v4/spinner_focused_holo_dark.9.png 0xbb7a23e1
    res/drawable-mdpi-v4/spinner_pressed_holo_dark.9.png 0x2712b019
    res/drawable-mdpi-v4/vpi__tab_selected_focused_holo.9.png 0x26e5dc86
    res/drawable-mdpi-v4/vpi__tab_selected_holo.9.png 0x59e9a6a7
    res/drawable-mdpi-v4/vpi__tab_selected_pressed_holo.9.png 0x89c6b495
    res/drawable-mdpi-v4/vpi__tab_unselected_focused_holo.9.png 0x10dc7d91
    res/drawable-mdpi-v4/vpi__tab_unselected_holo.9.png 0xe909a232
    res/drawable-mdpi-v4/vpi__tab_unselected_pressed_holo.9.png 0x34d82257
    res/drawable-tvdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png 0xa3be6d6
    res/drawable-tvdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png 0x5391351e
    res/drawable-v21/abc_cab_background_top_material.xml 0xd7dad76d
    res/drawable-xhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png 0xcf127e45
    res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_000.png 0xcfba78ba
    res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_015.png 0x726c24c9
    res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_000.png 0xe6c8339c
    res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_015.png 0x2c324db4
    res/drawable-xhdpi-v4/abc_btn_rating_star_off_mtrl_alpha.png 0x5221e639
    res/drawable-xhdpi-v4/abc_btn_rating_star_on_mtrl_alpha.png 0x4d98f972
    res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png 0x1b3b3347
    res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png 0xd2cf9d2d
    res/drawable-xhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png 0xf70ddcc0
    res/drawable-xhdpi-v4/abc_ic_ab_back_mtrl_am_alpha.png 0xb0c9bc5
    res/drawable-xhdpi-v4/abc_ic_clear_mtrl_alpha.png 0x32c3e102
    res/drawable-xhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png 0xa633729c
    res/drawable-xhdpi-v4/abc_ic_go_search_api_mtrl_alpha.png 0x93ca28c3
    res/drawable-xhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png 0x533b142e
    res/drawable-xhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png 0xae52a132
    res/drawable-xhdpi-v4/abc_ic_menu_moreoverflow_mtrl_alpha.png 0xe871f885
    res/drawable-xhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png 0xe8d92779
    res/drawable-xhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png 0xb1440f00
    res/drawable-xhdpi-v4/abc_ic_menu_share_mtrl_alpha.png 0xfca584e5
    res/drawable-xhdpi-v4/abc_ic_search_api_mtrl_alpha.png 0xf748a486
    res/drawable-xhdpi-v4/abc_ic_voice_search_api_mtrl_alpha.png 0x86fc4299
    res/drawable-xhdpi-v4/abc_list_divider_mtrl_alpha.9.png 0x72ff0f68
    res/drawable-xhdpi-v4/abc_list_focused_holo.9.png 0xbde23956
    res/drawable-xhdpi-v4/abc_list_longpressed_holo.9.png 0x84a788a6
    res/drawable-xhdpi-v4/abc_list_pressed_holo_dark.9.png 0x98f7c81a
    res/drawable-xhdpi-v4/abc_list_pressed_holo_light.9.png 0x5314692b
    res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_dark.9.png 0x41748705
    res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_light.9.png 0x1c2ff2be
    res/drawable-xhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png 0xc889872d
    res/drawable-xhdpi-v4/abc_popup_background_mtrl_mult.9.png 0x5343eaf
    res/drawable-xhdpi-v4/abc_spinner_mtrl_am_alpha.9.png 0x7d5ac7b2
    res/drawable-xhdpi-v4/abc_switch_track_mtrl_alpha.9.png 0x48d4fcce
    res/drawable-xhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png 0x361544c6
    res/drawable-xhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png 0x679b414f
    res/drawable-xhdpi-v4/abc_textfield_default_mtrl_alpha.9.png 0xdd92a059
    res/drawable-xhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png 0xeaa0434b
    res/drawable-xhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png 0x4cfa2def
    res/drawable-xhdpi-v4/icon.png 0xa4d0d227
    res/drawable-xhdpi-v4/vpi__tab_selected_focused_holo.9.png 0xa988d9cc
    res/drawable-xhdpi-v4/vpi__tab_selected_holo.9.png 0xabd1663b
    res/drawable-xhdpi-v4/vpi__tab_selected_pressed_holo.9.png 0x6ceb5eb1
    res/drawable-xhdpi-v4/vpi__tab_unselected_focused_holo.9.png 0xb9355c81
    res/drawable-xhdpi-v4/vpi__tab_unselected_holo.9.png 0x13d29f09
    res/drawable-xhdpi-v4/vpi__tab_unselected_pressed_holo.9.png 0xed4deb7a
    res/drawable-xxhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png 0x3671f729
    res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_000.png 0xa8af72f3
    res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_015.png 0x47977e9
    res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png 0xcfc747f2
    res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png 0xdbaceef4
    res/drawable-xxhdpi-v4/abc_btn_rating_star_off_mtrl_alpha.png 0x81abcfd8
    res/drawable-xxhdpi-v4/abc_btn_rating_star_on_mtrl_alpha.png 0x6f5ae661
    res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png 0x83b2cf26
    res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png 0xc4a02862
    res/drawable-xxhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png 0x7cd87445
    res/drawable-xxhdpi-v4/abc_ic_ab_back_mtrl_am_alpha.png 0xe6a7081f
    res/drawable-xxhdpi-v4/abc_ic_clear_mtrl_alpha.png 0xd5ad0324
    res/drawable-xxhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png 0x25b5619d
    res/drawable-xxhdpi-v4/abc_ic_go_search_api_mtrl_alpha.png 0x978987bf
    res/drawable-xxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png 0x49d49756
    res/drawable-xxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png 0x185907e3
    res/drawable-xxhdpi-v4/abc_ic_menu_moreoverflow_mtrl_alpha.png 0xa2a2dc9c
    res/drawable-xxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png 0xde8d92d0
    res/drawable-xxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png 0x69be88b4
    res/drawable-xxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png 0x5464c34f
    res/drawable-xxhdpi-v4/abc_ic_search_api_mtrl_alpha.png 0xc94a51b0
    res/drawable-xxhdpi-v4/abc_ic_voice_search_api_mtrl_alpha.png 0xfedf00ca
    res/drawable-xxhdpi-v4/abc_list_divider_mtrl_alpha.9.png 0x2d5a2100
    res/drawable-xxhdpi-v4/abc_list_focused_holo.9.png 0x19c09c27
    res/drawable-xxhdpi-v4/abc_list_longpressed_holo.9.png 0x236b6e98
    res/drawable-xxhdpi-v4/abc_list_pressed_holo_dark.9.png 0x823780d0
    res/drawable-xxhdpi-v4/abc_list_pressed_holo_light.9.png 0x813ae23c
    res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_dark.9.png 0xdddaae2e
    res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_light.9.png 0x1ff1856f
    res/drawable-xxhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png 0xf530669f
    res/drawable-xxhdpi-v4/abc_popup_background_mtrl_mult.9.png 0x478db1d1
    res/drawable-xxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png 0xcf6b8a3c
    res/drawable-xxhdpi-v4/abc_switch_track_mtrl_alpha.9.png 0x8f09b28c
    res/drawable-xxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png 0x2ebcb002
    res/drawable-xxhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png 0xb1a48ddb
    res/drawable-xxhdpi-v4/abc_textfield_default_mtrl_alpha.9.png 0x7a521950
    res/drawable-xxhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png 0x77c42d34
    res/drawable-xxhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png 0x9e0d73d
    res/drawable-xxhdpi-v4/icon.png 0xa4d0d227
    res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_000.png 0x23bc6175
    res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_015.png 0x2ea066c3
    res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png 0xed039207
    res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png 0x590aeae3
    res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png 0x526e70a4
    res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png 0xf4cf7694
    res/drawable-xxxhdpi-v4/abc_ic_ab_back_mtrl_am_alpha.png 0xe35af066
    res/drawable-xxxhdpi-v4/abc_ic_clear_mtrl_alpha.png 0x53dc259e
    res/drawable-xxxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png 0x39d6d931
    res/drawable-xxxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png 0xc9f78467
    res/drawable-xxxhdpi-v4/abc_ic_menu_moreoverflow_mtrl_alpha.png 0xb7cc364f
    res/drawable-xxxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png 0xa9f4da32
    res/drawable-xxxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png 0x529b0aa2
    res/drawable-xxxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png 0xf1ac06d9
    res/drawable-xxxhdpi-v4/abc_ic_search_api_mtrl_alpha.png 0xfe786fa7
    res/drawable-xxxhdpi-v4/abc_ic_voice_search_api_mtrl_alpha.png 0x1022e769
    res/drawable-xxxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png 0xe0b0765
    res/drawable-xxxhdpi-v4/abc_switch_track_mtrl_alpha.9.png 0x61eb59ce
    res/drawable-xxxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png 0x7a59660c
    res/drawable/abc_btn_check_material.xml 0x3e560294
    res/drawable/abc_btn_default_mtrl_shape.xml 0xf5ac3863
    res/drawable/abc_btn_radio_material.xml 0x1fb8f5bf
    res/drawable/abc_cab_background_internal_bg.xml 0x9c5b1555
    res/drawable/abc_cab_background_top_material.xml 0x9c3e5b27
    res/drawable/abc_edit_text_material.xml 0x105af3d7
    res/drawable/abc_item_background_holo_dark.xml 0x992b9cc4
    res/drawable/abc_item_background_holo_light.xml 0xfda408f4
    res/drawable/abc_list_selector_background_transition_holo_dark.xml 0x138064e7
    res/drawable/abc_list_selector_background_transition_holo_light.xml 0x3466362b
    res/drawable/abc_list_selector_holo_dark.xml 0xe0a3d86f
    res/drawable/abc_list_selector_holo_light.xml 0x40604695
    res/drawable/abc_ratingbar_full_material.xml 0x1ae774f9
    res/drawable/abc_spinner_textfield_background_material.xml 0xcb79e528
    res/drawable/abc_switch_thumb_material.xml 0x7d8becc2
    res/drawable/abc_tab_indicator_material.xml 0x61036851
    res/drawable/abc_textfield_search_material.xml 0x9bfa0ebc
    res/drawable/arrow_down_float.png 0xa4ae4f69
    res/drawable/arrow_up_float.png 0xa7f0dc40
    res/drawable/back.png 0xf3d8da1f
    res/drawable/btn_check_holo_dark.xml 0x11795935
    res/drawable/btn_check_off_disable_focused_holo_dark.png 0xdb3d62f3
    res/drawable/btn_check_off_disable_holo_dark.png 0xdb3d62f3
    res/drawable/btn_check_off_disabled_focused_holo_dark.png 0x84c438dd
    res/drawable/btn_check_off_disabled_holo_dark.png 0x56a81031
    res/drawable/btn_check_off_focused_holo_dark.png 0x816ca8aa
    res/drawable/btn_check_off_holo_dark.png 0x7bc92cc5
    res/drawable/btn_check_off_normal_holo_dark.png 0x42f4b5f5
    res/drawable/btn_check_off_pressed_holo_dark.png 0x951386db
    res/drawable/btn_check_on_disable_holo_dark.png 0x83d22e09
    res/drawable/btn_check_on_disabled_focused_holo_dark.png 0x355a9b5e
    res/drawable/btn_check_on_disabled_holo_dark.png 0xa93768d7
    res/drawable/btn_check_on_focused_holo_dark.png 0x145996f5
    res/drawable/btn_check_on_holo_dark.png 0x240ba86b
    res/drawable/btn_check_on_pressed_holo_dark.png 0x5dbaae6
    res/drawable/btn_default_holo_dark.xml 0x2d0c5daa
    res/drawable/button.png 0xf1dde32d
    res/drawable/close.png 0xc55ba0c6
    res/drawable/icon.png 0x4c7d72dd
    res/drawable/notif.png 0x6f79263
    res/drawable/roundedborder_black_translucent.xml 0x103d3811
    res/drawable/roundedborder_white_translucent.xml 0x5b2926f8
    res/drawable/spinner.png 0x33e0b245
    res/drawable/spinner_background_holo_dark.xml 0xf65927a3
    res/drawable/spinner_default_holo_dark.9.png 0x1a0447fe
    res/drawable/spinner_disabled_holo_dark.9.png 0xfa9196ab
    res/drawable/spinner_focused_holo_dark.9.png 0xbb7a23e1
    res/drawable/spinner_pressed_holo_dark.9.png 0x2712b019
    res/drawable/vpi__tab_indicator.xml 0x1832cc1b
    res/layout-v11/abc_screen_content_include.xml 0x539e62c1
    res/layout-v17/abc_activity_chooser_view.xml 0x68a66f2f
    res/layout-v17/abc_search_view.xml 0xc5f9782d
    res/layout-v21/abc_screen_toolbar.xml 0x58b3c28b
    res/layout/abc_action_bar_title_item.xml 0x8ef9a6
    res/layout/abc_action_bar_up_container.xml 0x69e39e55
    res/layout/abc_action_bar_view_list_nav_layout.xml 0x29a70480
    res/layout/abc_action_menu_item_layout.xml 0xc4c881a3
    res/layout/abc_action_menu_layout.xml 0xce3a65af
    res/layout/abc_action_mode_bar.xml 0xbaf3a130
    res/layout/abc_action_mode_close_item_material.xml 0x45924a14
    res/layout/abc_activity_chooser_view.xml 0xc47b3f37
    res/layout/abc_activity_chooser_view_list_item.xml 0xb60e6ca
    res/layout/abc_expanded_menu_layout.xml 0x19e02bc4
    res/layout/abc_list_menu_item_checkbox.xml 0x6d1f0bed
    res/layout/abc_list_menu_item_icon.xml 0x644ef332
    res/layout/abc_list_menu_item_layout.xml 0x9ef18628
    res/layout/abc_list_menu_item_radio.xml 0xecd2786
    res/layout/abc_popup_menu_item_layout.xml 0xb87549b
    res/layout/abc_screen_content_include.xml 0x1e8268df
    res/layout/abc_screen_simple.xml 0xc0877abf
    res/layout/abc_screen_simple_overlay_action_mode.xml 0x9346e355
    res/layout/abc_screen_toolbar.xml 0xc493e85f
    res/layout/abc_search_dropdown_item_icons_2line.xml 0x2a34e964
    res/layout/abc_search_view.xml 0x73fc5f4b
    res/layout/abc_simple_dropdown_hint.xml 0xa35203a5
    res/layout/applet_item.xml 0xf19216bf
    res/layout/generic_list.xml 0xe82fa52e
    res/layout/header.xml 0x3b05ee8f
    res/layout/header_dark.xml 0x55414ac5
    res/layout/list_item.xml 0x584c3e9
    res/layout/main.xml 0xde683f84
    res/layout/main_content.xml 0xb30e0e4f
    res/layout/popupwindow.xml 0xe1842f48
    res/layout/popupwindow_spinner.xml 0x56eb4e9c
    res/layout/progress.xml 0xfd82b611
    res/layout/simple_spinner_item.xml 0xfdd63245
    res/layout/support_simple_spinner_dropdown_item.xml 0x538a7fd8
    res/layout/toast_layout.xml 0x1978fd5c
    res/layout/vpi__tab.xml 0xc029f4f8
    resources.arsc 0x8880fe57
    classes.dex 0x9538c20e
    com/android/vending/billing/IInAppBillingService.aidl 0x90ebe791
    META-INF/MANIFEST.MF 0x6e672d65
    META-INF/CERT.SF 0xcb7d3bf3
    META-INF/CERT.RSA 0x345fabcb
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号