VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : Mag***_VIP破解版独家福利.apk (File not down)
File Size :7870960 byte
File Type :application/jar
MD5:18fe80fa82cefa5ab0905a9df9d59237
SHA1:f143e3ea5099ecba2b34b16b2dc6a69f4b9756c3
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!        Behavior
    Time: 2017-09-18 14:18:50 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 10
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23840 0.97.5 2017-09-16 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
    fortinet 1.000, 51.717, 51.597, 51.621 5.4.247 2017-09-18 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14225 25.14225 2017-09-18 Found nothing 19
    ikarus 3.02.08 V1.32.31.0 2017-09-17 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-17 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-17 Found nothing 12
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6091 3.0.21 2017-09-16 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-17 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 5
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-16 Found nothing 4
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 7
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 11
    thehacker 6.8.0.5 6.8.0.5 2017-09-16 Found nothing 4
    tws 17.47.17308 1.0.2.2108 2017-09-17 Found nothing 23
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-15 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.hardware.camera
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.CAMERA访问照相机设备
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.FLASHLIGHT访问闪光灯
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
  • 文件信息
    安全评分 :
    基本信息
    MD5:18fe80fa82cefa5ab0905a9df9d59237
    包名:com.warm
    最低运行环境:Android 2.2.x
    版权:Android
    关键行为
    行为描述:打开注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\Software\VMware, Inc.\VMware Workstation\1.12.5.4
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x327832b1, EDX = 0x000000b6
    EAX = 0x327832fd, EDX = 0x000000b6
    EAX = 0x352b3279, EDX = 0x000000b6
    EAX = 0x352b32c5, EDX = 0x000000b6
    EAX = 0x352b3311, EDX = 0x000000b6
    EAX = 0x352b335d, EDX = 0x000000b6
    EAX = 0x3a660216, EDX = 0x000000b6
    EAX = 0x3a660262, EDX = 0x000000b6
    EAX = 0x3fa0d11b, EDX = 0x000000b6
    EAX = 0x3fa0d167, EDX = 0x000000b6
    EAX = 0x8ee37d19, EDX = 0x000000ba
    EAX = 0x8ee37d65, EDX = 0x000000ba
    EAX = 0x916b4cee, EDX = 0x000000ba
    EAX = 0x916b4d3a, EDX = 0x000000ba
    EAX = 0x941e4cb6, EDX = 0x000000ba
    行为描述:修改注册表_系统防火墙可信进程列表
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe
    行为描述:获取TickCount值
    详情信息:TickCount = 221625, SleepMilliseconds = 1000.
    TickCount = 221812, SleepMilliseconds = 1000.
    TickCount = 221953, SleepMilliseconds = 1000.
    TickCount = 221984, SleepMilliseconds = 1000.
    TickCount = 222000, SleepMilliseconds = 1000.
    TickCount = 222031, SleepMilliseconds = 1000.
    TickCount = 222046, SleepMilliseconds = 1000.
    TickCount = 222578, SleepMilliseconds = 1000.
    TickCount = 222593, SleepMilliseconds = 1000.
    TickCount = 222609, SleepMilliseconds = 1000.
    TickCount = 221629, SleepMilliseconds = 20.
    TickCount = 221660, SleepMilliseconds = 20.
    TickCount = 221707, SleepMilliseconds = 20.
    TickCount = 232218, SleepMilliseconds = 1000.
    TickCount = 231626, SleepMilliseconds = 1.
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = netsh firewall add allowedprogram "C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe" "server.exe" ENABLE
    行为描述:创建进程
    详情信息:[0x00000c00]ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = netsh firewall add allowedprogram "C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe" "server.exe" ENABLE
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2740, StartAddress = 79F0237F, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2744, StartAddress = 79F91FCF, Parameter = 001A5780
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2752, StartAddress = 765E964D, Parameter = 001BFF20
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2756, StartAddress = 7C949B6F, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2760, StartAddress = 759D8761, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2764, StartAddress = 757D4D37, Parameter = 00201668
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2768, StartAddress = 757D4D37, Parameter = 00201668
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2796, StartAddress = 757D4D37, Parameter = 00201668
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2800, StartAddress = 757D4D37, Parameter = 00201668
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2804, StartAddress = 4AEA7456, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2864, StartAddress = 79FDA29C, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2868, StartAddress = 77E56C7D, Parameter = 002456E0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2872, StartAddress = 769AE43B, Parameter = 001EAAA0
    TargetProcess: server.exe, InheritedFromPID = 2704, ProcessID = 2856, ThreadID = 2876, StartAddress = 79F0237F, Parameter = 00000000
    TargetProcess: server.exe, InheritedFromPID = 2704, ProcessID = 2856, ThreadID = 2880, StartAddress = 79F91FCF, Parameter = 001A5630
    行为描述:创建新文件进程
    详情信息:[0x00000b28]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe"
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Cab3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabB.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarC.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabD.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarE.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabF.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar10.tmp
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Cab3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabB.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarC.tmp
    C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabD.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarE.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabF.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar10.tmp
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
    FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
    FileName = C:\WINDOWS
    FileName = C:\WINDOWS\WinSxS
    FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    FileName = C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Cab3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarA.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabB.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarC.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabD.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\TarE.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\CabF.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar10.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab11.tmp
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Cab3.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar4.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar4.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar4.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar4.tmp ---> Offset = 98304
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar6.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar6.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar6.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar6.tmp ---> Offset = 98304
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab7.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar8.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar8.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar8.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar8.tmp ---> Offset = 98304
    网络行为
    行为描述:连接指定站点
    详情信息:WinHttpConnect: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x014c2000, hConnect = 0x014c2100, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x014c2000
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000320
    IP: **.0.0.**:1314, SOCKET = 0x00000420
    IP: **.0.0.**:1314, SOCKET = 0x00000558
    IP: **.0.0.**:1314, SOCKET = 0x00000568
    IP: **.0.0.**:1314, SOCKET = 0x000003f8
    IP: **.0.0.**:1314, SOCKET = 0x00000574
    IP: **.0.0.**:1314, SOCKET = 0x0000058c
    IP: **.0.0.**:1314, SOCKET = 0x00000598
    IP: **.0.0.**:1314, SOCKET = 0x000005a4
    IP: **.0.0.**:1314, SOCKET = 0x000005b0
    IP: **.0.0.**:1314, SOCKET = 0x000005bc
    IP: **.0.0.**:1314, SOCKET = 0x000005c8
    IP: **.0.0.**:1314, SOCKET = 0x000005d4
    IP: **.0.0.**:1314, SOCKET = 0x000005e0
    IP: **.0.0.**:1314, SOCKET = 0x000005ec
    行为描述:发送HTTP包
    详情信息:GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: ww****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
    行为描述:打开HTTP请求
    详情信息:WinHttpOpenRequest: ww****om:80/msdownload/update/v3/static/trustedr/en/authrootseq.txt, hConnect = 0x014c2100, hRequest = 0x03b90000, Verb: GET, Referer: , Flags = 0x00000100
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ww****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\di
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\LogSessionName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Active
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\ControlFlags
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\Guid
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\BitNames
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\LogSessionName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\Active
    行为描述:打开注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\Software\VMware, Inc.\VMware Workstation\1.12.5.4
    行为描述:修改注册表_系统防火墙可信进程列表
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe
    行为描述:修改注册表_系统环境变量
    详情信息:\REGISTRY\USER\S-*\Environment\SEE_MASK_NOZONECHECKS
    其他行为
    行为描述:检测自身是否被调试
    详情信息:IsDebuggerPresent
    行为描述:创建互斥体
    详情信息:RasPbFile
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    49ca671a1410d4659ad27e7804373804
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    Global\.net clr networking
    MSCTF.Shared.MUTEX.IOH
    行为描述:创建事件对象
    详情信息:EventName = Global\CorDBIPCSetupSyncEvent_2704
    EventName = Global\crypt32LogoffEvent
    EventName = Global\userenv: User Profile setup event
    EventName = DINPUTWINMM
    EventName = Global\CorDBIPCSetupSyncEvent_2856
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Global\CLR_CASOFF_MUTEX
    RasPbFile
    Local\!IETld!Mutex
    Global\.net clr networking
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    行为描述:加密数据
    详情信息:[CryptEncrypt] Data: 0x00254E18, PlainTextLen: 16, CipherTextLen: 16, Flags: 0x00000000
    [CryptEncrypt] Data: 0x00261120, PlainTextLen: 16, CipherTextLen: 16, Flags: 0x00000000
    行为描述:窗口信息
    详情信息:Pid = 2856, Hwnd=0x20344, Text = Form1, ClassName = WindowsForms10.Window.8.app.0.378734a.
    行为描述:获取TickCount值
    详情信息:TickCount = 221625, SleepMilliseconds = 1000.
    TickCount = 221812, SleepMilliseconds = 1000.
    TickCount = 221953, SleepMilliseconds = 1000.
    TickCount = 221984, SleepMilliseconds = 1000.
    TickCount = 222000, SleepMilliseconds = 1000.
    TickCount = 222031, SleepMilliseconds = 1000.
    TickCount = 222046, SleepMilliseconds = 1000.
    TickCount = 222578, SleepMilliseconds = 1000.
    TickCount = 222593, SleepMilliseconds = 1000.
    TickCount = 222609, SleepMilliseconds = 1000.
    TickCount = 221629, SleepMilliseconds = 20.
    TickCount = 221660, SleepMilliseconds = 20.
    TickCount = 221707, SleepMilliseconds = 20.
    TickCount = 232218, SleepMilliseconds = 1000.
    TickCount = 231626, SleepMilliseconds = 1.
    行为描述:获取光标位置
    详情信息:CursorPos = (80,18468), SleepMilliseconds = 1000.
    CursorPos = (6373,26501), SleepMilliseconds = 1000.
    行为描述:打开事件
    详情信息:Global\CLR_PerfMon_StartEnumEvent
    \KernelObjects\LowMemoryCondition
    Global\crypt32LogoffEvent
    Global\userenv: Machine Group Policy has been applied
    userenv: User Group Policy has been applied
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    \INSTALLATION_SECURITY_HOLD
    HookSwitchHookEnabledEvent
    Global\SvcctrlStartEvent_A3752DX
    _fCanRegisterWithShellService
    MSFT.VSA.COM.DISABLE.2704
    MSFT.VSA.IEC.STATUS.6c736db0
    MSFT.VSA.COM.DISABLE.3072
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    SE_INC_BASE_PRIORITY_PRIVILEGE
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 40000.
    [2]: MilliSeconds = 5000.
    [3]: MilliSeconds = 1000.
    [4]: MilliSeconds = -1.
    [5]: MilliSeconds = 20.
    [6]: MilliSeconds = 20.
    [4]: MilliSeconds = 2000.
    [5]: MilliSeconds = 1000.
    [6]: MilliSeconds = 1.
    [7]: MilliSeconds = 1.
    [8]: MilliSeconds = 1.
    [9]: MilliSeconds = 1.
    [10]: MilliSeconds = 1.
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe ---> 123910b79c004e0aaef0ff445af855a2
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x327832b1, EDX = 0x000000b6
    EAX = 0x327832fd, EDX = 0x000000b6
    EAX = 0x352b3279, EDX = 0x000000b6
    EAX = 0x352b32c5, EDX = 0x000000b6
    EAX = 0x352b3311, EDX = 0x000000b6
    EAX = 0x352b335d, EDX = 0x000000b6
    EAX = 0x3a660216, EDX = 0x000000b6
    EAX = 0x3a660262, EDX = 0x000000b6
    EAX = 0x3fa0d11b, EDX = 0x000000b6
    EAX = 0x3fa0d167, EDX = 0x000000b6
    EAX = 0x8ee37d19, EDX = 0x000000ba
    EAX = 0x8ee37d65, EDX = 0x000000ba
    EAX = 0x916b4cee, EDX = 0x000000ba
    EAX = 0x916b4d3a, EDX = 0x000000ba
    EAX = 0x941e4cb6, EDX = 0x000000ba
    行为描述:解密数据
    详情信息:[CryptDecrypt] Data: 0x0022D008, CipherTextLen: 32096, PlainTextLen: 32096, Flags: 0x00000000
    [CryptDecrypt] Data: 0x0022C008, CipherTextLen: 32096, PlainTextLen: 32096, Flags: 0x00000000
    行为描述:导入密钥
    详情信息:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x001BE720, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00261D10, DataLen: 532, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_3DES (0x00006603), Data: 0x0022A740, DataLen: 36, Flags: 0x00000001
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x001BE4F0, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00220928, DataLen: 532, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_3DES (0x00006603), Data: 0x00226180, DataLen: 36, Flags: 0x00000001
    Activities
    活动名类型
    com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
    com.stub.stub01.Stub01android.intent.action.MAIN
    com.stub.stub01.Stub01android.intent.category.LAUNCHER
    com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivityandroid.intent.action.VIEW
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivityandroid.intent.category.BROWSABLE
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2android.intent.action.VIEW
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2android.intent.category.DEFAULT
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2android.intent.category.BROWSABLE
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4android.intent.action.VIEW
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4android.intent.category.DEFAULT
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4android.intent.category.BROWSABLE
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity5android.intent.action.VIEW
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity5android.intent.category.DEFAULT
    com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity5android.intent.category.BROWSABLE
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.hardware.camera
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.CAMERA访问照相机设备
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.FLASHLIGHT访问闪光灯
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    服务列表
    名称
    com.stub.stub01.Stub03
    com.stub.stub02.Stub02
    com.stub.stub02.Stub03
    com.stub.stub05.Stub02
    Providers
    名字信息
    com.stub.stub02.Stub04
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x3ecf5fcf
    META-INF/CERT.SF 0x805ed1d0
    META-INF/CERT.RSA 0x87411c36
    res/drawable/zidingyi_anniu_style2.xml 0x40db2da1
    res/drawable/qcloud_player_icon_audio_vol.png 0x73be6b62
    res/drawable/spinner_9.png 0xe690790e
    res/drawable-hdpi-v4/ic_zoom_out_btn_videoplayer.png 0xa25660f0
    org/mozilla/javascript/resources/Messages.properties 0x8287c52e
    assets/shadow_small_player_normal.92.png 0xfd288f3d
    assets/account_btn_clear.png 0x5c9f44fe
    res/drawable/bg_actionsheet_cancel.xml 0x72f99eb8
    res/anim/fade_out_center.xml 0x40d8dc69
    res/drawable/lose.png 0x1d62133
    assets/lol.png 0x9217e718
    res/drawable-xhdpi-v4/ok_win10_6.png 0xf8a63f04
    assets/login_icon_weibo.png 0x50a25c64
    res/drawable-xhdpi-v4/download_bookmark_toolbar_delete.png 0x3a7249be
    res/drawable-hdpi-v4/ic_retreat_media.png 0x62ad09c7
    res/drawable-hdpi-v4/cyberplayer_play_media_disable.png 0xd06ad4ea
    res/drawable-xhdpi-v4/ok_win10_27.png 0xf9812dff
    assets/kh.png 0xcf2cac6a
    res/drawable/pay_button1.xml 0xc5453db9
    assets/se.png 0xaecd4155
    res/drawable-xhdpi-v4/ok_win10_28.png 0x353d2aef
    res/drawable-xhdpi-v4/pause_btn_hou_apy_style.xml 0x11a9fda
    res/drawable-hdpi-v4/xinwen_beijing4.xml 0x972c832e
    res/anim/spinner.xml 0xf0f38f50
    assets/about_icon_wallet.png 0x337cd177
    assets/zc_zh2.png 0x32d9cbfd
    res/drawable-hdpi-v4/cyberplayer_seekbar_background_normal.9.png 0xf31d4690
    assets/about_bg_3.png 0x927ea7ad
    res/layout/controllerplayingok_apy.xml 0xba8eb24d
    res/drawable-hdpi-v4/cyberplayer_take_snapshot.png 0xab8e7fd5
    res/drawable-xhdpi-v4/ok_win10_39.png 0x5b69bac3
    res/drawable-xhdpi-v4/ok_win10_52.png 0xf2b97805
    assets/qq_2.png 0xf8fbad0c
    res/drawable-hdpi-v4/cyberplayer_stop_media_disable.png 0xbaafc338
    res/drawable-xhdpi-v4/ok_win10_23.png 0x8e25fefa
    res/layout/item_alertbutton.xml 0x9f3eac86
    res/drawable-hdpi-v4/cyberplayer_listbtn_normal.png 0xa2be03dc
    res/drawable-xhdpi-v4/ok_win101.xml 0x8ac4471c
    assets/account_icon_lock.png 0x67f3c7d9
    res/drawable-xhdpi-v4/pause_btn_jin2_apy_style.xml 0x1b2174bc
    res/drawable/bt3.xml 0x6ca4c35
    assets/want.png 0x8372dc4a
    res/drawable-xhdpi-v4/ok_win10_5.png 0x1e969f02
    res/drawable-xhdpi-v4/ok_win10_56.png 0x5819d596
    res/layout/include_alertheader.xml 0x141b7763
    res/drawable-xhdpi-v4/ok_win10_11.png 0xbb91fe35
    res/drawable-xhdpi-v4/round_46px_1071539_easyicon.png 0xa0be8d2c
    assets/about_icon_more.png 0xbad2c404
    res/drawable-xhdpi-v4/ok_win10_68.png 0x726b7b15
    res/drawable/bbc.xml 0xe3238399
    assets/tv.png 0x44b5d74d
    res/drawable-xhdpi-v4/pause_btn_shoc_apy_style.xml 0xe627b9df
    res/drawable-xhdpi-v4/player_landscape_next_normals.png 0x15ae1191
    res/drawable/btn_style_alert_dialog_button.xml 0x4b1b230e
    res/drawable/spinner_6.png 0xba5a45f0
    res/layout/layout_alertview.xml 0xab7e7063
    res/drawable-xhdpi-v4/ok_win10_24.png 0x8f107ff3
    assets/qq_1.png 0x8eeb775b
    res/drawable-xhdpi-v4/ok_win10_60.png 0xf3901052
    res/drawable-xhdpi-v4/yanse_huhuise.png 0xbf5ef6c1
    res/drawable-hdpi-v4/cyberplayer_textbtn_background_blue.9.png 0x1d8472ff
    res/drawable/xml5.xml 0xfa81c122
    res/drawable-xhdpi-v4/ok_win10_57.png 0xb37a1fd1
    res/drawable-xhdpi-v4/toast_uncollect.png 0x1a1382d4
    res/drawable-xhdpi-v4/player_landscape_btn_paopao_normal.png 0xe9597c12
    assets/bbyl.png 0xb0b2d8ee
    res/drawable-xhdpi-v4/ok_win10_20.png 0xc2062a6
    assets/onhot.png 0x6749f62e
    assets/icon_tips_text4.png 0x90d9ae81
    assets/about_icon_equipment.png 0xbb45927f
    res/drawable-xhdpi-v4/btn_style_alert_dialog_button_pressed.9.png 0x4523cce1
    res/drawable/button_f.xml 0x34334290
    res/drawable-xhdpi-v4/camera_normal.png 0xd352bf52
    assets/ny.txt 0x61a936bb
    assets/payment_btn_check_sel.png 0x281df051
    res/drawable-xhdpi-v4/ok_win10_1.png 0x3f2da75e
    res/drawable/next_btn_style.xml 0xba1aea36
    assets/pay_1.jpg 0x121ffa1b
    res/drawable-hdpi-v4/cyberplayer_stop_media_pressed.png 0x520b1252
    res/drawable-xhdpi-v4/pause_btn_qi_apy_style.xml 0x273650cd
    assets/collection_pic_norecord.png 0x6d0eb3b5
    res/drawable-xhdpi-v4/ok_win10_9.png 0x90a86d8c
    assets/feedback_check_sel.png 0x1e31090c
    res/drawable/pause_btn_style.xml 0x3ee9957d
    res/drawable-hdpi-v4/xinwen_beijing8.xml 0x99045c5b
    assets/dyfys.png 0xb11c974b
    assets/tb_gb.png 0x54b69457
    assets/sc_0000s_0003s_0000_home_2.png 0x23b7ab8f
    res/drawable/player_landscape_more_normal.png 0xcf66ec96
    res/drawable-xhdpi-v4/p_phone_account_back_small_caidan.png 0x6fd891c7
    res/drawable-xhdpi-v4/p_phone_account_back_small_selected_caidan.png 0xd1dec9c3
    res/anim/update_loading_progressbar_anim.xml 0xdef80a8
    res/drawable/confirm_dialog_bg.xml 0x6f7e7b5a
    res/drawable-xhdpi-v4/mo_xia.png 0x33a6a99b
    res/drawable-xhdpi-v4/ok_win10_47.png 0x72bf0510
    res/layout/controllerplayingok.xml 0xc04953e9
    res/drawable-xhdpi-v4/qiyi_sdk_play_portrait_btn_player_normal.png 0xc0397656
    res/drawable-hdpi-v4/cyberplayer_retreat_media.png 0xc1863e71
    res/drawable-hdpi-v4/cyberplayer_seekbar_background.png 0x470141ee
    res/drawable-xhdpi-v4/ok_win10_64.png 0x89777e6b
    res/drawable/qian.png 0xf69d578
    res/drawable-xhdpi-v4/bookmark_icon_folder.png 0xae8b5d6b
    res/drawable/pay_button.xml 0x9381fe05
    res/drawable/login_button.xml 0xd90414b9
    res/layout/progress_custom.xml 0xcbdb88b9
    res/drawable-hdpi-v4/cyberplayer_next_play_pressed.png 0xecd2fb3a
    res/drawable/ad_indicator_selected.png 0x3c90412a
    assets/.appkey 0x8d2c3cf8
    assets/login_icon_qq.png 0x59be7a57
    res/drawable-xhdpi-v4/player_landscape_next_pressed_1.png 0xa127802
    res/drawable/confirm_dialog_ok_selector.xml 0x11449098
    res/drawable-xhdpi-v4/bookmark_expand_icon.png 0x6639221b
    res/drawable-hdpi-v4/xinwen_beijing6.xml 0xc943c852
    res/drawable-xhdpi-v4/btn_style_alert_dialog_special_pressed.9.png 0x927ecba9
    res/drawable-xhdpi-v4/ok_win10_3.png 0x30d49bea
    res/anim/push_danru_out.xml 0x2c9ee4a4
    res/drawable-xhdpi-v4/toast_uncollectz.png 0x5a76eab6
    res/drawable/fanhao.xml 0x34f1cac2
    assets/pay_4.jpg 0xa6c2dd58
    res/drawable-xhdpi-v4/bookmark_unexpand_icon.png 0xf6e40be6
    assets/rd.png 0xfbd357c3
    res/drawable-xhdpi-v4/player_landscape_next_normal_1.png 0x8c07631c
    res/layout/loading_dialog.xml 0xae542e20
    assets/about_icon_up.png 0xf27336ad
    res/drawable/on.png 0x4c584f40
    assets/controll_normal.9.png 0x811a6e7d
    res/drawable/spinner_12.png 0x9d9c1435
    res/drawable-xhdpi-v4/pause_btn_zan_apy_style.xml 0x8ea169bc
    assets/qr_mm.png 0x793a6e8d
    res/drawable-xhdpi-v4/play_ctrl_battery1.png 0x3aef9f86
    res/drawable-hdpi-v4/ic_play_media.png 0xe1efa842
    res/drawable-hdpi-v4/cyberplayer_switch_subtitle.png 0xe91d219b
    assets/about_orange_check_nor.9.png 0xdddf0ed
    res/drawable/spinner_2.png 0xba02520b
    res/drawable-hdpi-v4/cyberplayer_seekbar_background_process.9.png 0x2a659b3d
    res/drawable-xhdpi-v4/ok_win10_12.png 0x8e59419e
    assets/car.png 0xcf4bb08a
    assets/sc_0000s_0006s_0001_grid.png 0x6b85bfe0
    res/drawable-hdpi-v4/cyberplayer_subtitle_setting.png 0xdd3621e6
    res/drawable-hdpi-v4/cyberplayer_seekbar_ratio_white.png 0xa7a8ded9
    res/drawable/zidingyi_anniu_style1.xml 0x73a7a4df
    res/drawable-xhdpi-v4/play_ctrl_battery.png 0x17f7be70
    res/drawable/bg_alertbutton_left.xml 0x79fac8bc
    assets/payment_icon_alipay.png 0x56660d05
    res/drawable-xhdpi-v4/download_toolbar_backward.png 0xa3e23cfd
    assets/icon_tips_text3.png 0x331ee477
    res/drawable-xhdpi-v4/ok_win10_70.png 0xd1b58aa5
    assets/resm.png 0x3a510559
    assets/login1.png 0x47f22415
    res/drawable/button2.xml 0x21e88874
    AndroidManifest.xml 0x37aa5e5e
    assets/sad_face.png 0x6800e05a
    res/drawable/caidan_btn_style.xml 0x2aa375ee
    res/drawable-xhdpi-v4/ok_win10_37.png 0x8c34a715
    lib/armeabi/libcyberplayer-core.so 0xb98484e0
    res/drawable-xhdpi-v4/ok_win10_65.png 0x6ec37229
    res/drawable-hdpi-v4/ic_play_media_pressed.png 0x369158f9
    res/drawable-hdpi-v4/xinwen_beijing5.xml 0xcb8a986b
    res/drawable-xhdpi-v4/ok_win10_10.png 0xf1b2f71e
    assets/libjiagu.so 0x33ed92f2
    res/drawable-xhdpi-v4/pause_btn_ting_apy_style.xml 0x56ca6da3
    assets/sjyx.png 0xdec459ad
    res/drawable-hdpi-v4/cyberplayer_subtitle_setting_pressed.png 0x9a0a6625
    res/drawable-xhdpi-v4/mo_shang.png 0x9c8a8e1d
    classes.dex 0x6d7160d1
    assets/laji.png 0x2730bdd8
    res/drawable-xhdpi-v4/concern_tags_cross.png 0x7fe3e8a2
    res/drawable-xhdpi-v4/toast_collect.png 0x960bb6c9
    res/drawable-hdpi-v4/cyberplayer_stop_media.png 0x6395a790
    res/drawable-xhdpi-v4/player_landscape_share_pressed.png 0xcd6ce27f
    res/drawable-xhdpi-v4/play_ctrl_battery2.png 0x2ca1eba9
    res/drawable-xhdpi-v4/ok_win101_1.png 0xc18f6c93
    res/drawable-xhdpi-v4/ok_win10_14.png 0x7e6d87da
    res/drawable-xhdpi-v4/ok_win10_55.png 0x8f107ff3
    LICENSE.txt 0x2bd1e5df
    res/drawable-xhdpi-v4/ok_win10_48.png 0x8c77307a
    res/drawable-xhdpi-v4/ok_win10_71.png 0xa97f2961
    res/drawable-hdpi-v4/ic_stop_media.png 0x5e106da4
    res/drawable-hdpi-v4/cyberplayer_retreat_media_disable.png 0x105d69ea
    res/drawable-xhdpi-v4/ok_win10_15.png 0x9c5fd291
    assets/sc_0000s_0003s_0000_home.png 0x98695f2a
    assets/bt.png 0x290e99a6
    res/drawable-xhdpi-v4/pause_btn_suo1_apy_style.xml 0x2b9ca9f1
    res/layout/ok_xinwen_dialog.xml 0xf798fa15
    assets/about_orange_check_sel.9.png 0x6f2c6e9f
    res/drawable-xhdpi-v4/qiyi_sdk_play_portrait_btn_pause_pressed.png 0x7359dc1e
    res/drawable-hdpi-v4/ic_stop_media_pressed.png 0x101fb9db
    assets/sc_0000s_0000s_0004_search.png 0x5455742f
    res/drawable-xhdpi-v4/p_phone_account_back_small_jietu.png 0x5dae8fb5
    res/drawable-hdpi-v4/ic_retreat_media_pressed.png 0x9e62fb86
    assets/qr_mm2.png 0x3eda9539
    res/drawable-xhdpi-v4/ok_win10_4.png 0x9042ed2
    res/drawable/seekbar_define2_style.xml 0x6c876c72
    res/drawable/zidingyi_anniu_style.xml 0x1df72310
    res/drawable/ound_easyicon.png 0x9d7c819f
    res/drawable-xhdpi-v4/ok_win10_74.png 0xf52b6e9b
    assets/zc_zh.png 0x45ee544e
    assets/shar.png 0x23738412
    res/drawable-hdpi-v4/ic_episode_titlebar_videoplayer_disable.png 0xaba89ad2
    res/drawable-xhdpi-v4/p_phone_account_back_small_selected_jietu.png 0xd615adc4
    assets/about_icon_enshrine.png 0x46b70141
    assets/sc_0000s_0006s_0001_grid_2.png 0xbd1b3259
    res/layout/layout_alertview_alert.xml 0x39cc316
    assets/pay_3.jpg 0x9341af1
    res/drawable-xhdpi-v4/pause_btn_suo_apy_style.xml 0xb02a43b8
    res/drawable-hdpi-v4/cyberplayer_seekbar_ratio.png 0x8ec16bd1
    res/drawable-xhdpi-v4/ok_win10_69.png 0xe59993a2
    res/drawable-xhdpi-v4/ok_win10_16.png 0xda091058
    res/drawable-hdpi-v4/ic_zoom_in_btn_videoplayer_pressed.png 0xea9b5ca1
    res/drawable-xhdpi-v4/mo_zhong.png 0x5784734e
    assets/ny.png 0x2fa32cab
    assets/sc_0000s_0003s_0002_user_2.png 0xaab13e10
    res/drawable/bg_alertbutton_bottom.xml 0x4add86d2
    res/drawable-hdpi-v4/ic_episode_titlebar_videoplayer_pressed.png 0x4b8d08e3
    res/drawable/player_landscape_more_press.png 0x38397897
    res/drawable/mag_list_ph.xml 0xf8151a2f
    res/drawable/xsearch_loading.png 0x575b24df
    res/drawable-hdpi-v4/cyberplayer_subtitle_setting_disable.png 0xcb77113f
    assets/buttbg.png 0x2c769923
    res/drawable-xhdpi-v4/ok_win10_44.png 0x583476b6
    res/anim/push_bottom_out.xml 0x9958726e
    res/drawable-xhdpi-v4/ok_win10_8.png 0xb6af5baf
    res/drawable-hdpi-v4/cyberplayer_seekbar_cache.png 0x273eb0ec
    res/drawable-xhdpi-v4/ok_win10_54.png 0xa397d7dd
    res/drawable-xhdpi-v4/pause_btn_shocz_apy_style.xml 0xbb0bb76e
    res/drawable-hdpi-v4/cyberplayer_switch_subtitle_pressed.png 0xf6580cd6
    assets/cf.png 0x94d4da26
    res/drawable-hdpi-v4/ic_zoom_in_btn_videoplayer.png 0x986da792
    res/drawable-hdpi-v4/cyberplayer_retreat_media_pressed.png 0x107d406d
    res/drawable/button4.xml 0x99d89b2
    assets/about_icon_us.png 0x5f91e1d9
    res/drawable-hdpi-v4/cyberplayer_play_media_pressed.png 0x754abc4d
    assets/about_icon_history.png 0xebe73bf7
    res/drawable-hdpi-v4/xinwen_beijing3.xml 0xddaee313
    res/layout/alertext_form.xml 0xf4e2d6ca
    assets/sc_0000s_0000s_0004_search_2.png 0x9846b412
    res/drawable-xhdpi-v4/ok_win10_13.png 0x583476b6
    res/drawable/progress_custom_bg.xml 0x30820e0e
    assets/fan.png 0x5b9734e
    res/drawable-hdpi-v4/ic_retreat_media_disable.png 0x105d69ea
    res/drawable-xhdpi-v4/ok_win10_45.png 0x5af76e72
    res/drawable/ok_win10.xml 0x24806719
    assets/about_icon_feedback.png 0x29021cf1
    res/drawable-xhdpi-v4/pause_btn_jin_apy_style.xml 0xa17969de
    res/drawable-xhdpi-v4/ok_win10_29.png 0xd6403544
    res/drawable/spinner_11.png 0x8e42fa6f
    res/layout/pull_to_refresh_header.xml 0x74cda2c3
    res/layout/pull_to_load_footer.xml 0x2518ad0
    res/drawable-xhdpi-v4/yanse_baise.png 0xc1df8226
    res/drawable-xhdpi-v4/player_landscape_btn_paopao_pressed.png 0xd822ef8d
    res/drawable/spinner_10.png 0x1f9b8425
    res/drawable-hdpi-v4/cyberplayer_take_snapshot_pressed.png 0x241205e
    res/drawable-xhdpi-v4/player_landscape_more_normal.png 0x41dc98c1
    res/drawable-xhdpi-v4/ok_win10_50.png 0x93a5e64e
    res/drawable/spinner_7.png 0xbff999d9
    res/drawable-xhdpi-v4/ok_win10_53.png 0x9816bea0
    res/drawable-xhdpi-v4/ok_win10_18.png 0x7d50df6d
    res/drawable-xhdpi-v4/pause_btn_xiazai_apy_style.xml 0x1a950159
    res/anim/push_danru_in.xml 0xc7117215
    assets/mine_btn_video.png 0xc5795b7e
    res/drawable-xhdpi-v4/player_landscape_screen_off_normal.png 0x9d608819
    res/drawable-xhdpi-v4/ok_win10_72.png 0xb79aa5b7
    assets/pay_2.jpg 0x257e88f8
    res/drawable-xhdpi-v4/btn_style_alert_dialog_button_normal.9.png 0xeeda2f8b
    res/drawable-xhdpi-v4/player_landscape_next_pressed.png 0x41f5238c
    lib/armeabi/libcyberplayer.so 0x2350af82
    res/drawable/spinner_8.png 0xef00a68f
    assets/random.txt 0x865a480c
    res/drawable-xhdpi-v4/ok_win10_63.png 0x1811001f
    res/drawable-xhdpi-v4/yanse_baisu.png 0x1da031d2
    res/drawable/bg_alertview_alert.xml 0xbe33f1cc
    res/anim/pull_arrow_down.xml 0x56b2b7c5
    res/drawable-xhdpi-v4/ok_win10_41.png 0x562d4ca1
    res/drawable/seekbar_define_style.xml 0x82abbc95
    res/drawable-xhdpi-v4/btn_style_alert_dialog_cancel_normal.9.png 0x4e1e9432
    assets/cache_pic_none.png 0x558f620e
    assets/gth.png 0x358cbb90
    res/drawable-xhdpi-v4/ok_win10_33.png 0xf1647bbe
    assets/default_photo.png 0xf95c30f2
    res/drawable-hdpi-v4/ic_next_play_pressed.png 0x1da89f5
    org/mozilla/javascript/resources/Messages_fr.properties 0xebc0a322
    res/drawable-xhdpi-v4/p_phone_account_back_small_selected.png 0xc7fcf407
    res/drawable/spinner_5.png 0x4ac7394b
    res/drawable/bg_actionsheet_header.xml 0x91856b2b
    res/drawable-xhdpi-v4/ic_action_search.png 0x3294aee3
    res/drawable-xhdpi-v4/ok_win10_19.png 0xedd4f106
    res/drawable-xhdpi-v4/ok_win10_58.png 0xd02da4a6
    res/anim/slide_in_bottom.xml 0x6cb39dde
    res/drawable/bg_edittext.png 0x55a8b2f6
    res/anim/slide_out_bottom.xml 0xf68f5bef
    res/drawable-xhdpi-v4/yanse_huise.png 0xd8256c99
    res/drawable-xhdpi-v4/ok_win10_67.png 0x3bad2405
    org/mozilla/javascript/tools/resources/Messages.properties 0xc5e5414f
    res/drawable/btn_style_alert_dialog_cancel.xml 0xb1e5fed0
    res/drawable-hdpi-v4/cyberplayer_next_play.png 0x4dbc08ae
    res/drawable-xhdpi-v4/player_landscape_download_normal.png 0x6a357a7d
    res/drawable/hou.png 0x356ecd7c
    res/drawable-xhdpi-v4/ok_win10_51.png 0x84db4127
    res/drawable-xhdpi-v4/player_landscape_screen_off_pressed.png 0xd5da8283
    res/drawable-xhdpi-v4/player_landscape_next_normal.png 0x98d1268f
    res/drawable-hdpi-v4/cyberplayer_play_media.png 0x7825fccf
    res/drawable-hdpi-v4/ic_zoom_in_btn_videoplayer_disable.png 0x590e0a34
    res/drawable-xhdpi-v4/ok_win10_62.png 0xdc899480
    res/drawable-xhdpi-v4/player_landscape_screen_on_pressed.png 0xf96e4c3b
    res/drawable-xhdpi-v4/ok_win10_42.png 0xfbb04908
    assets/vr.png 0x95ccf55a
    assets/payment_text_bg.png 0x6d86137a
    res/drawable-xhdpi-v4/ok_win10_66.png 0xd849beaa
    assets/tittle_btn_back_2.png 0xd5038ec7
    res/drawable/qian1.png 0xa5833ed
    res/drawable-hdpi-v4/mo_shang_1.png 0x8ab606b3
    res/drawable-xhdpi-v4/pause_btn_cai_apy_style.xml 0x273650cd
    assets/logo.png 0x83a72ea
    assets/bj_2.png 0x3af942c4
    res/drawable-xhdpi-v4/qiyi_sdk_play_portrait_btn_pause_normal.png 0x7359dc1e
    assets/feedback_check_nor.png 0x9132d5a1
    res/drawable/default_photo.png 0xe971346c
    res/drawable-xhdpi-v4/ok_win10_31.png 0xae4fcca7
    res/drawable-xhdpi-v4/player_landscape_screen_on_noraml.png 0x48dded46
    assets/resm2.png 0xe43e5df
    res/layout/layout.xml 0xb112ad46
    res/drawable-hdpi-v4/cyberplayer_seekbar_background_sound_normal.9.png 0xf7f5607f
    assets/about_icon_native.png 0x12a74a81
    res/drawable-xhdpi-v4/toast_collectz.png 0xa5fc1274
    res/drawable-xhdpi-v4/ok_win10_36.png 0xf2f61c5
    res/drawable/btn_style_alert_dialog_special.xml 0x4aa2a382
    res/drawable/qcloud_player_icon_brightness.png 0x3e7ba87b
    assets/LM2_2.png 0x744bbc3d
    res/drawable-xhdpi-v4/ok_win10_61.png 0xb7a2ff0e
    res/drawable-xhdpi-v4/player_landscape_more_pressed.png 0x574b1438
    res/drawable/spinner_4.png 0x5ecbc0aa
    assets/libjiagu_ls.so 0xcc92cf74
    res/drawable/moren.png 0xbbddf0e4
    assets/f_220_1.png 0x625187b3
    res/drawable/nohistorydata.png 0xff2430e1
    assets/LM1_2.png 0x42c26f98
    res/drawable-xhdpi-v4/ok_win10_35.png 0xd4560822
    res/drawable/pay_button2.xml 0x4a4092f
    res/drawable-hdpi-v4/ic_zoom_out_btn_videoplayer_disable.png 0x1489a84c
    res/anim/fade_in_center.xml 0x74833e56
    res/drawable/caidian_lie_style.xml 0x79a7831e
    assets/lxj.png 0x3da66325
    res/drawable-xhdpi-v4/player_landscape_download_pressed.png 0x1549bd49
    res/anim/push_bottom_in.xml 0x76732c3a
    res/drawable-xhdpi-v4/ok_win10_26.png 0x7c5fadae
    res/drawable-hdpi-v4/progress_custom_bg.xml 0x30820e0e
    res/drawable-hdpi-v4/ic_episode_titlebar_videoplayer.png 0xc4f1ae6b
    res/drawable-hdpi-v4/cyberplayer_next_play_disable.png 0xd9509e6a
    res/drawable-xhdpi-v4/ok_win10_46.png 0xdf187d2f
    res/drawable/spinner_3.png 0xffbbe70c
    res/drawable-hdpi-v4/cyberplayer_switch_subtitle_disable.png 0x4f852d8c
    res/drawable-xhdpi-v4/ok_win10_2.png 0x8c31996e
    assets/about_icon_following.png 0x7c22a5c3
    res/drawable-xhdpi-v4/menu_exit.png 0x2983d8b8
    res/drawable/vive_yuanxing.xml 0x64873533
    res/drawable-hdpi-v4/cyberplayer_titlebar_return.png 0xaafad296
    res/drawable-hdpi-v4/cyberplayer_take_snapshot_disable.png 0x234d73be
    assets/an2.png 0xe6067640
    res/drawable-xhdpi-v4/gallery_normal.png 0x662ff493
    res/drawable-xhdpi-v4/pause_btn_fenx_apy_style.xml 0x8de9ca5b
    res/drawable-xhdpi-v4/ok_win10_75.png 0xc4a38d7f
    res/layout/layout_alertview_actionsheet.xml 0xab2882ef
    res/drawable-hdpi-v4/mo_xia_1.png 0x7cc1ef0d
    res/drawable/xsearch_msg_pull_arrow_down.png 0xa94f8937
    res/drawable-xhdpi-v4/ok_win10_25.png 0x23650567
    res/drawable-xhdpi-v4/p_phone_account_back_small.png 0x44fcca81
    res/drawable/confirm_dialog_cancel_selector.xml 0xb342599d
    res/drawable-xhdpi-v4/ok_win10_38.png 0x54f98dd1
    res/drawable-xhdpi-v4/pause_btn_fanhui_apy_style.xml 0x23dc1361
    assets/icon_tips_text2.png 0xcb89aa7c
    res/drawable/play_btn_style.xml 0xef9f71b4
    assets/history_pic_norecord.png 0x5885e951
    assets/account_icon_lock_sel.png 0x6511827d
    res/drawable/emoticon_pager_select_normal.png 0xd4b3274c
    res/layout/ok_xinwen_bujv.xml 0x444787a7
    res/drawable-xhdpi-v4/round_48px_1071539_easyicon.png 0xc24a6722
    resources.arsc 0x40963c33
    res/drawable/xml1.xml 0x6e514ed5
    res/layout/confirm_dialog.xml 0xffa03cc1
    res/layout/layout_alertview_alert_horizontal.xml 0xf0a169e1
    res/drawable-xhdpi-v4/ok_win10_40.png 0x5204a48e
    res/drawable/spinner_1.png 0xf7667de7
    res/drawable/caidian_lies_style.xml 0xe7f2da31
    res/drawable/pre_btn_style.xml 0x99813ccb
    res/drawable-xhdpi-v4/ok_win10_43.png 0x96e3309e
    res/drawable-hdpi-v4/xinwen_beijing7.xml 0x2824320
    res/drawable/bg_alertbutton_right.xml 0x81b993ec
    res/drawable-hdpi-v4/xinwen_beijing2.xml 0xe2894498
    res/drawable/icon.png 0x400b4184
    res/drawable-xhdpi-v4/ok_win10_34.png 0xee51f09b
    res/drawable-hdpi-v4/ic_zoom_out_btn_videoplayer_pressed.png 0x722558a6
    res/drawable/fancircle_banner_cover.png 0x635e2d55
    res/drawable/history_pic_norecord.png 0xb05ee23
    res/drawable-xhdpi-v4/ok_win10_17.png 0xabd11b0b
    res/drawable-xhdpi-v4/qiyi_sdk_play_portrait_btn_player_pressed.png 0xc0397656
    res/drawable-hdpi-v4/cyberplayer_volumebar_background.9.png 0x6db21740
    res/drawable-xhdpi-v4/ok_win10_73.png 0xbec3199d
    res/drawable/button3.xml 0xb3ead27c
    res/drawable-xhdpi-v4/player_landscape_next_presseds.png 0x6355b68f
    res/drawable-xhdpi-v4/ok_win10_59.png 0x353d2aef
    assets/bxyl.png 0xff2db046
    assets/about_icon_supervise.png 0x65b24b50
    res/drawable-xhdpi-v4/player_landscape_share_normal.png 0x5bfc76c
    assets/icon_tips_text1.png 0xa8281661
    res/layout/item_image.xml 0x427047aa
    res/anim/pull_arrow_up.xml 0xf3cb2f0e
    assets/libjiagu_x86.so 0xa0bd9b30
    res/layout/layout_alertview_alert_vertical.xml 0x5c200207
    assets/buton.png 0xd3e9cc99
    res/drawable-hdpi-v4/ic_play_media_disable.png 0xd06ad4ea
    res/drawable-xhdpi-v4/ok_win10_7.png 0xb5d1e2f4
    assets/dota2.png 0xda7f86e4
    res/drawable-hdpi-v4/cyberplayer_listbtn_pressed.png 0x21de95cb
    res/drawable/e4alistview_new_message.png 0x1cdc5409
    assets/tittle_btn_back.png 0x32e016aa
    assets/alllistempty.png 0x8e91d326
    res/drawable-xhdpi-v4/ok_win10_32.png 0x1811001f
    assets/games.png 0x475c1f30
    assets/more.png 0xe748bd05
    res/drawable/seekbar_thumb.xml 0x9f109b7e
    assets/icon_s.png 0xf268564c
    res/drawable-xhdpi-v4/pause_btn_caidan_apy_style.xml 0xb7c833a9
    assets/account_btn_show_nor.png 0xbf4dc3df
    assets/dd.jpg 0x93147042
    res/layout/canduanxiang.xml 0xad7e60e2
    res/drawable-xhdpi-v4/pause_btn_jietu_apy_style.xml 0x17abc5ad
    res/drawable-hdpi-v4/ic_next_play.png 0x719162df
    res/drawable-xhdpi-v4/btn_style_alert_dialog_special_normal.9.png 0x15962bf2
    assets/dnf.png 0xa43b1e92
    res/drawable-hdpi-v4/cyberplayer_seekbar_normal.png 0x60b412f3
    res/drawable-xhdpi-v4/ok_win10_22.png 0xb429d99c
    res/anim/push_bottom_in2.xml 0x28fc0f1f
    assets/jx_fan.png 0x8b3f86a7
    assets/sc_0000s_0003s_0002_user.png 0x66b6b1b5
    assets/account_btn_show_sel.png 0xb4b6917d
    res/drawable-xhdpi-v4/ok_win10_30.png 0x4fd184fe
    res/drawable/bg_alertbutton_none.xml 0x68a4ec65
    assets/sxxxx.png 0xd0419acf
    assets/face1.png 0xcf712e81
    res/drawable-hdpi-v4/cyberplayer_seekbar_background_sound_process.9.png 0x26b0d50a
    assets/login_icon_wechat.png 0x56a0ea66
    res/layout/controllerplayinging.xml 0xc7507315
    res/drawable-xhdpi-v4/ok_win10_49.png 0x7d50df6d
    res/drawable-xhdpi-v4/ok_win10_21.png 0x7b988fc4
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号