VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Scanner(s) (1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-09-10 17:25:08 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 7
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 5
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14366 10.0.1405 2017-08-23 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
baidusd 1.0 1.0 2017-03-22 Found nothing 3
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23799 0.97.5 2017-09-09 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 1.000, 51.524, 51.433, 51.290 5.4.247 2017-09-09 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.14142 25.14142 2017-09-10 Found nothing 16
ikarus 1.06.01 V1.32.31.0 2017-09-09 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-09-08 Trojan.AndroidOS.bxox 3
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-09-09 Found nothing 4
mcafee 8620 5400.1158 2017-08-12 Found nothing 60
nod32 6051 3.0.21 2017-09-08 Found nothing 60
panda 9.05.01 9.05.01 2017-09-09 Found nothing 9
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-09-09 Found nothing 8
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 16
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 9
thehacker 6.8.0.5 6.8.0.5 2017-09-07 Found nothing 7
tws 17.47.17308 1.0.2.2108 2017-09-09 Found nothing 21
vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-08 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.INTERNET 连接网络(2G或3G)
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_SUPERUSER
android.permission.VIBRATE 允许设备震动
.PERMISSION
android.permission.CHANGE_WIFI_MULTICAST_STATE 变更WIFI多播状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:49cdb17049817b14639b5f83ef8d64ba
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.estrongs.android.pop
最低运行环境:Android 2.0
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x01820000, Size = 0x00002000 TargetPID = 0x000007d0
TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x02480000, Size = 0x00001000 TargetPID = 0x000007d0
TargetProcess = C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe, WriteAddress = 0x00990000, Size = 0x00002000 TargetPID = 0x000000dc
TargetProcess = C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe, WriteAddress = 0x00bb0000, Size = 0x00001000 TargetPID = 0x000000dc
TargetProcess = C:\Program Files\Common Files\Java\Java Update\jusched.exe, WriteAddress = 0x00bf0000, Size = 0x00002000 TargetPID = 0x000000f0
TargetProcess = C:\Program Files\Common Files\Java\Java Update\jusched.exe, WriteAddress = 0x00c00000, Size = 0x00001000 TargetPID = 0x000000f0
TargetProcess = C:\WINDOWS\system32\ctfmon.exe, WriteAddress = 0x009a0000, Size = 0x00002000 TargetPID = 0x000000f8
TargetProcess = C:\WINDOWS\system32\ctfmon.exe, WriteAddress = 0x009b0000, Size = 0x00001000 TargetPID = 0x000000f8
TargetProcess = C:\Program Files\Tencent\QQ\Bin\QQ.exe, WriteAddress = 0x013e0000, Size = 0x00002000 TargetPID = 0x0000010c
TargetProcess = C:\Program Files\Tencent\QQ\Bin\QQ.exe, WriteAddress = 0x013f0000, Size = 0x00001000 TargetPID = 0x0000010c
TargetProcess = C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe, WriteAddress = 0x01110000, Size = 0x00002000 TargetPID = 0x0000015c
TargetProcess = C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe, WriteAddress = 0x01120000, Size = 0x00001000 TargetPID = 0x0000015c
TargetProcess = C:\WINDOWS\system32\conime.exe, WriteAddress = 0x00900000, Size = 0x00002000 TargetPID = 0x00000210
TargetProcess = C:\WINDOWS\system32\conime.exe, WriteAddress = 0x00910000, Size = 0x00001000 TargetPID = 0x00000210
TargetProcess = C:\WINDOWS\system32\PersonalBankPortal.exe, WriteAddress = 0x03a30000, Size = 0x00002000 TargetPID = 0x00000098
行为描述: 尝试连接RootKit驱动设备对象
详情信息: \??\amsint32
行为描述: 修改注册表_UAC关键设置
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
行为描述: 常规加载驱动
详情信息: system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\gqnkf.sys
行为描述: 创建远程线程
详情信息: TargetProcess: explorer.exe, InheritedFromPID = 1932, ProcessID = 2000, ThreadID = 2784, StartAddress = 01820000, Parameter = 00000000
TargetProcess: explorer.exe, InheritedFromPID = 1932, ProcessID = 2000, ThreadID = 2788, StartAddress = 02480000, Parameter = 00000000
TargetProcess: reader_sl.exe, InheritedFromPID = 2000, ProcessID = 220, ThreadID = 2796, StartAddress = 00990000, Parameter = 00000000
TargetProcess: reader_sl.exe, InheritedFromPID = 2000, ProcessID = 220, ThreadID = 2800, StartAddress = 00BB0000, Parameter = 00000000
TargetProcess: jusched.exe, InheritedFromPID = 2000, ProcessID = 240, ThreadID = 2804, StartAddress = 00BF0000, Parameter = 00000000
TargetProcess: jusched.exe, InheritedFromPID = 2000, ProcessID = 240, ThreadID = 2808, StartAddress = 00C00000, Parameter = 00000000
TargetProcess: ctfmon.exe, InheritedFromPID = 2000, ProcessID = 248, ThreadID = 2812, StartAddress = 009A0000, Parameter = 00000000
TargetProcess: ctfmon.exe, InheritedFromPID = 2000, ProcessID = 248, ThreadID = 2816, StartAddress = 009B0000, Parameter = 00000000
TargetProcess: QQ.exe, InheritedFromPID = 2000, ProcessID = 268, ThreadID = 2820, StartAddress = 013E0000, Parameter = 00000000
TargetProcess: QQ.exe, InheritedFromPID = 2000, ProcessID = 268, ThreadID = 2828, StartAddress = 013F0000, Parameter = 00000000
TargetProcess: TXPlatform.exe, InheritedFromPID = 872, ProcessID = 348, ThreadID = 2848, StartAddress = 01110000, Parameter = 00000000
TargetProcess: TXPlatform.exe, InheritedFromPID = 872, ProcessID = 348, ThreadID = 2852, StartAddress = 01120000, Parameter = 00000000
TargetProcess: conime.exe, InheritedFromPID = 476, ProcessID = 528, ThreadID = 2868, StartAddress = 00900000, Parameter = 00000000
TargetProcess: conime.exe, InheritedFromPID = 476, ProcessID = 528, ThreadID = 2872, StartAddress = 00910000, Parameter = 00000000
TargetProcess: PersonalBankPortal.exe, InheritedFromPID = 2000, ProcessID = 152, ThreadID = 2876, StartAddress = 03A30000, Parameter = 00000000
行为描述: 获取TickCount值
详情信息: TickCount = 216199, SleepMilliseconds = 12.
TickCount = 216277, SleepMilliseconds = 12.
TickCount = 216293, SleepMilliseconds = 12.
TickCount = 216355, SleepMilliseconds = 12.
TickCount = 216371, SleepMilliseconds = 12.
TickCount = 216605, SleepMilliseconds = 12.
TickCount = 216652, SleepMilliseconds = 12.
TickCount = 216746, SleepMilliseconds = 12.
TickCount = 216762, SleepMilliseconds = 12.
TickCount = 217037, SleepMilliseconds = 256.
TickCount = 217293, SleepMilliseconds = 512.
TickCount = 516796, SleepMilliseconds = 300000.
TickCount = 516812, SleepMilliseconds = 300000.
TickCount = 516828, SleepMilliseconds = 300000.
TickCount = 516843, SleepMilliseconds = 300000.
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\Explorer.EXE
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 创建系统服务
详情信息: [服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\gqnkf.sys
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x01820000, Size = 0x00002000 TargetPID = 0x000007d0
TargetProcess = C:\WINDOWS\explorer.exe, WriteAddress = 0x02480000, Size = 0x00001000 TargetPID = 0x000007d0
TargetProcess = C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe, WriteAddress = 0x00990000, Size = 0x00002000 TargetPID = 0x000000dc
TargetProcess = C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe, WriteAddress = 0x00bb0000, Size = 0x00001000 TargetPID = 0x000000dc
TargetProcess = C:\Program Files\Common Files\Java\Java Update\jusched.exe, WriteAddress = 0x00bf0000, Size = 0x00002000 TargetPID = 0x000000f0
TargetProcess = C:\Program Files\Common Files\Java\Java Update\jusched.exe, WriteAddress = 0x00c00000, Size = 0x00001000 TargetPID = 0x000000f0
TargetProcess = C:\WINDOWS\system32\ctfmon.exe, WriteAddress = 0x009a0000, Size = 0x00002000 TargetPID = 0x000000f8
TargetProcess = C:\WINDOWS\system32\ctfmon.exe, WriteAddress = 0x009b0000, Size = 0x00001000 TargetPID = 0x000000f8
TargetProcess = C:\Program Files\Tencent\QQ\Bin\QQ.exe, WriteAddress = 0x013e0000, Size = 0x00002000 TargetPID = 0x0000010c
TargetProcess = C:\Program Files\Tencent\QQ\Bin\QQ.exe, WriteAddress = 0x013f0000, Size = 0x00001000 TargetPID = 0x0000010c
TargetProcess = C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe, WriteAddress = 0x01110000, Size = 0x00002000 TargetPID = 0x0000015c
TargetProcess = C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe, WriteAddress = 0x01120000, Size = 0x00001000 TargetPID = 0x0000015c
TargetProcess = C:\WINDOWS\system32\conime.exe, WriteAddress = 0x00900000, Size = 0x00002000 TargetPID = 0x00000210
TargetProcess = C:\WINDOWS\system32\conime.exe, WriteAddress = 0x00910000, Size = 0x00001000 TargetPID = 0x00000210
TargetProcess = C:\WINDOWS\system32\PersonalBankPortal.exe, WriteAddress = 0x03a30000, Size = 0x00002000 TargetPID = 0x00000098
行为描述: 尝试连接RootKit驱动设备对象
详情信息: \??\amsint32
行为描述: 修改注册表_UAC关键设置
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
行为描述: 常规加载驱动
详情信息: system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\gqnkf.sys
行为描述: 创建远程线程
详情信息: TargetProcess: explorer.exe, InheritedFromPID = 1932, ProcessID = 2000, ThreadID = 2784, StartAddress = 01820000, Parameter = 00000000
TargetProcess: explorer.exe, InheritedFromPID = 1932, ProcessID = 2000, ThreadID = 2788, StartAddress = 02480000, Parameter = 00000000
TargetProcess: reader_sl.exe, InheritedFromPID = 2000, ProcessID = 220, ThreadID = 2796, StartAddress = 00990000, Parameter = 00000000
TargetProcess: reader_sl.exe, InheritedFromPID = 2000, ProcessID = 220, ThreadID = 2800, StartAddress = 00BB0000, Parameter = 00000000
TargetProcess: jusched.exe, InheritedFromPID = 2000, ProcessID = 240, ThreadID = 2804, StartAddress = 00BF0000, Parameter = 00000000
TargetProcess: jusched.exe, InheritedFromPID = 2000, ProcessID = 240, ThreadID = 2808, StartAddress = 00C00000, Parameter = 00000000
TargetProcess: ctfmon.exe, InheritedFromPID = 2000, ProcessID = 248, ThreadID = 2812, StartAddress = 009A0000, Parameter = 00000000
TargetProcess: ctfmon.exe, InheritedFromPID = 2000, ProcessID = 248, ThreadID = 2816, StartAddress = 009B0000, Parameter = 00000000
TargetProcess: QQ.exe, InheritedFromPID = 2000, ProcessID = 268, ThreadID = 2820, StartAddress = 013E0000, Parameter = 00000000
TargetProcess: QQ.exe, InheritedFromPID = 2000, ProcessID = 268, ThreadID = 2828, StartAddress = 013F0000, Parameter = 00000000
TargetProcess: TXPlatform.exe, InheritedFromPID = 872, ProcessID = 348, ThreadID = 2848, StartAddress = 01110000, Parameter = 00000000
TargetProcess: TXPlatform.exe, InheritedFromPID = 872, ProcessID = 348, ThreadID = 2852, StartAddress = 01120000, Parameter = 00000000
TargetProcess: conime.exe, InheritedFromPID = 476, ProcessID = 528, ThreadID = 2868, StartAddress = 00900000, Parameter = 00000000
TargetProcess: conime.exe, InheritedFromPID = 476, ProcessID = 528, ThreadID = 2872, StartAddress = 00910000, Parameter = 00000000
TargetProcess: PersonalBankPortal.exe, InheritedFromPID = 2000, ProcessID = 152, ThreadID = 2876, StartAddress = 03A30000, Parameter = 00000000
行为描述: 获取TickCount值
详情信息: TickCount = 216199, SleepMilliseconds = 12.
TickCount = 216277, SleepMilliseconds = 12.
TickCount = 216293, SleepMilliseconds = 12.
TickCount = 216355, SleepMilliseconds = 12.
TickCount = 216371, SleepMilliseconds = 12.
TickCount = 216605, SleepMilliseconds = 12.
TickCount = 216652, SleepMilliseconds = 12.
TickCount = 216746, SleepMilliseconds = 12.
TickCount = 216762, SleepMilliseconds = 12.
TickCount = 217037, SleepMilliseconds = 256.
TickCount = 217293, SleepMilliseconds = 512.
TickCount = 516796, SleepMilliseconds = 300000.
TickCount = 516812, SleepMilliseconds = 300000.
TickCount = 516828, SleepMilliseconds = 300000.
TickCount = 516843, SleepMilliseconds = 300000.
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\Explorer.EXE
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 创建系统服务
详情信息: [服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\gqnkf.sys
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\winngowtp.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7F625A5E-E2C5-11E7-91C0-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3820.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F625A5F-E2C5-11E7-91C0-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF48ED.tmp
C:\WINDOWS\system32\drivers\gqnkf.sys
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\yixun_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\ohlnr.exe
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\winngowtp.exe
C:\WINDOWS\system32\drivers\gqnkf.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\ohlnr.exe
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\*
FileName = C:\Documents and Settings\Administrator\桌面\*.*
FileName = C:\Documents and Settings\All Users\桌面\*.*
FileName = C:\*.*
FileName = C:\Documents and Settings\root
FileName = C:\Documents and Settings\root\My Documents
FileName = C:\*
FileName = D:\*
行为描述: 内存映射方式修改可执行文件
详情信息: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3820.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF48ED.tmp
C:\WINDOWS\system32\drivers\gqnkf.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\winngowtp.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\WINDOWS\system.ini ---> Offset = 231
C:\Documents and Settings\Administrator\Local Settings\Temp\winngowtp.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7F625A5E-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7F625A5E-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3820.tmp ---> Offset = 16383
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3820.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7F625A5E-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7F625A5E-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F625A5F-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F625A5F-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF48ED.tmp ---> Offset = 16383
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF48ED.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F625A5F-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F625A5F-E2C5-11E7-91C0-7B****28}.dat ---> Offset = 1536
C:\WINDOWS\system32\drivers\gqnkf.sys ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://ww****om/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000448
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000058c
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x00000440
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x000005cc
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0018, BytesToRead =4095, BytesRead = 4095.
行为描述: 发送HTTP包
详情信息: GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: ww****om Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: ww****om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=9ozyftpe2uj/evjfitdbpa%3d%3d&msurs-patented-lock=ulptmayp%2bxm%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: ww****om
GetAddrInfoW: ur****om
注册表行为
VirSCANVirSCAN
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
行为描述: 修改注册表_Explorer文件显示相关属性
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
行为描述: 删除注册表键_安全模式启动项
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\AppMgmt\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Base\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Boot Bus Extender\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Boot file system\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\CryptSvc\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\DcomLaunch\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmadmin\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmboot.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmio.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmload.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmserver\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\EventLog\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\File system\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Filter\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Netlogon\
行为描述: 修改注册表_UAC关键设置
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\1768776769
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-757413758
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\1011363011
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-1514827516
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\253949253
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-503464505
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A1_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A2_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A3_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A4_0
\REGISTRY\USER\S-*\SessionInformation\ProgramCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\Explorer.EXE
行为描述: 修改注册表_安全中心相关属性
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UacDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify
行为描述: 删除注册表键值
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: uxJLpe1m
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
smss.exeM_520_
csrss.exeM_584_
winlogon.exeM_608_
services.exeM_652_
lsass.exeM_664_
wirxservice.exeM_820_
czdcthlp.exeM_832_
svchost.exeM_872_
行为描述: 创建事件对象
详情信息: EventName = Global\crypt32LogoffEvent
EventName = CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
EventName = CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
EventName = MSCTF.SendReceive.Event.IOH.IC
EventName = MSCTF.SendReceiveConection.Event.IOH.IC
EventName = Isolation Signal Registry Event (7F625A5B-E2C5-11E7-91C0-7B****28, 0)
EventName = IE_EarlyTabStart_0xcb4
EventName = Isolation Signal Registry Event (7F625A5C-E2C5-11E7-91C0-7B****28, 0)
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.ANB.IC
EventName = MSCTF.SendReceiveConection.Event.ANB.IC
EventName = MSCTF.SendReceive.Event.ENH.IC
EventName = MSCTF.SendReceive.Event.EOD.IC
EventName = MSCTF.SendReceiveConection.Event.ENH.IC
行为描述: 常规加载驱动
详情信息: system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\gqnkf.sys
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Acrobat Viewer,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [,GINA Logon]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述: 启动系统服务
详情信息: [服务启动成功]: , IP Traffic Filter Driver, system32\DRIVERS\ipfltdrv.sys
[服务启动成功]: , amsint32, \??\C:\WINDOWS\system32\drivers\gqnkf.sys
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
Global\crypt32LogoffEvent
ExplorerWindowIdle
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Isolation Signal Registry Event (7F625A5B-E2C5-11E7-91C0-7B****28, 0)
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.3248
MSFT.VSA.IEC.STATUS.6c736db0
Isolation Signal Registry Event (7F625A5C-E2C5-11E7-91C0-7B****28, 0)
行为描述: 获取TickCount值
详情信息: TickCount = 216199, SleepMilliseconds = 12.
TickCount = 216277, SleepMilliseconds = 12.
TickCount = 216293, SleepMilliseconds = 12.
TickCount = 216355, SleepMilliseconds = 12.
TickCount = 216371, SleepMilliseconds = 12.
TickCount = 216605, SleepMilliseconds = 12.
TickCount = 216652, SleepMilliseconds = 12.
TickCount = 216746, SleepMilliseconds = 12.
TickCount = 216762, SleepMilliseconds = 12.
TickCount = 217037, SleepMilliseconds = 256.
TickCount = 217293, SleepMilliseconds = 512.
TickCount = 516796, SleepMilliseconds = 300000.
TickCount = 516812, SleepMilliseconds = 300000.
TickCount = 516828, SleepMilliseconds = 300000.
TickCount = 516843, SleepMilliseconds = 300000.
行为描述: 搜索kernel32.dll基地址
详情信息: Instruction Address = 0x0040237e
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
行为描述: 枚举窗口
详情信息: N/A
行为描述: 停止系统服务
详情信息: ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
行为描述: 尝试连接RootKit驱动设备对象
详情信息: \??\amsint32
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\winngowtp.exe(签名验证: 未通过)
C:\WINDOWS\system32\drivers\gqnkf.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\ohlnr.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 12.
[2]: MilliSeconds = 1024.
[3]: MilliSeconds = 120000.
[4]: MilliSeconds = 180000.
[5]: MilliSeconds = 256.
[6]: MilliSeconds = 512.
[7]: MilliSeconds = 300000.
[8]: MilliSeconds = 600000.
[9]: MilliSeconds = 512.
[10]: MilliSeconds = 20000.
[11]: MilliSeconds = 256.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [http://www.yixun.com/ - Windows Internet Explorer,IEFrame]
[Window,Class] = [,UniversalSearchBand]
[Window,Class] = [,TravelBand]
[Window,Class] = [,CommandBarClass]
[Window,Class] = [,ReBarWindow32]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\winngowtp.exe ---> 25aa9bb549ecc7bb6100f8d179452508
C:\WINDOWS\system32\drivers\gqnkf.sys ---> bf31a8d79f704f488e3dbcb6eea3b3e3
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Local Settings\Temp\ohlnr.exe ---> 25aa9bb549ecc7bb6100f8d179452508
行为描述: 打开互斥体
详情信息: Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!BrowserEmulation!SharedMemory!Mutex
ShimCacheMutex
RasPbFile
CtfmonInstMutexDefaultS-*
Local\RSS Eventing Connection Database Mutex 00000cb0
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
Local\!IECompat!Mutex
行为描述: 创建系统服务
详情信息: [服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\gqnkf.sys
Activities
VirSCANVirSCAN
活动名 类型
com.estrongs.android.pop.view.FileExplorerActivity android.intent.action.MAIN
com.estrongs.android.pop.view.FileExplorerActivity android.intent.action.VIEW
com.estrongs.android.pop.view.FileExplorerActivity org.openintents.action.VIEW_DIRECTORY
com.estrongs.android.pop.view.FileExplorerActivity com.estrongs.android.SHOW_DISK_USAGE
com.estrongs.android.pop.view.FileExplorerActivity android.hardware.usb.action.USB_DEVICE_ATTACHED
com.estrongs.android.pop.view.FileExplorerActivity android.hardware.usb.action.USB_DEVICE_DETACHED
com.estrongs.android.pop.view.FileExplorerActivity android.intent.category.LEANBACK_LAUNCHER
com.estrongs.android.pop.view.FileExplorerActivity android.intent.category.LAUNCHER
com.estrongs.android.pop.view.FileExplorerActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.compress.CompressionActivity android.intent.action.VIEW
com.estrongs.android.pop.app.compress.CompressionActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.compress.CompressionProxyActivity android.intent.action.VIEW
com.estrongs.android.pop.app.compress.CompressionProxyActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.ESFileSharingActivity android.intent.action.VIEW
com.estrongs.android.pop.app.ESFileSharingActivity android.intent.action.SEND
com.estrongs.android.pop.app.ESFileSharingActivity android.intent.action.SEND_MULTIPLE
com.estrongs.android.pop.app.ESFileSharingActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.SaveToESActivity android.intent.action.VIEW
com.estrongs.android.pop.app.SaveToESActivity android.intent.action.SEND
com.estrongs.android.pop.app.SaveToESActivity android.intent.action.SEND_MULTIPLE
com.estrongs.android.pop.app.SaveToESActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.LocalFileSharingActivity android.intent.action.VIEW
com.estrongs.android.pop.app.LocalFileSharingActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.PopVideoPlayer android.intent.action.VIEW
com.estrongs.android.pop.app.PopVideoPlayer android.intent.category.DEFAULT
com.estrongs.android.pop.app.PopVideoPlayerProxyActivity android.intent.action.VIEW
com.estrongs.android.pop.app.PopVideoPlayerProxyActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.AudioPlayerProxyActivity android.intent.action.VIEW
com.estrongs.android.pop.app.AudioPlayerProxyActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.editor.PopNoteEditor android.intent.action.VIEW
com.estrongs.android.pop.app.editor.PopNoteEditor android.intent.action.EDIT
com.estrongs.android.pop.app.editor.PopNoteEditor android.intent.category.DEFAULT
com.estrongs.android.pop.app.FileChooserActivity com.estrongs.action.PICK_FILE
com.estrongs.android.pop.app.FileChooserActivity com.estrongs.action.PICK_DIRECTORY
com.estrongs.android.pop.app.FileChooserActivity android.intent.action.CREATE_SHORTCUT
com.estrongs.android.pop.app.FileChooserActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.ESContentChooserActivity android.intent.action.GET_CONTENT
com.estrongs.android.pop.app.ESContentChooserActivity android.intent.category.OPENABLE
com.estrongs.android.pop.app.ESContentChooserActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.ESRingtoneChooserActivity android.intent.action.RINGTONE_PICKER
com.estrongs.android.pop.app.ESRingtoneChooserActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.ESWallPaperChooserActivity android.intent.action.SET_WALLPAPER
com.estrongs.android.pop.app.ESWallPaperChooserActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.DownloaderActivity android.intent.action.VIEW
com.estrongs.android.pop.app.DownloaderActivity android.intent.category.BROWSABLE
com.estrongs.android.pop.app.DownloaderActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.BrowserDownloaderActivity android.intent.action.VIEW
com.estrongs.android.pop.app.BrowserDownloaderActivity android.intent.category.BROWSABLE
com.estrongs.android.pop.app.BrowserDownloaderActivity android.intent.category.DEFAULT
com.estrongs.android.pop.app.PopRemoteImageBrowser android.intent.action.VIEW
com.estrongs.android.pop.app.PopRemoteImageBrowser android.intent.category.DEFAULT
com.estrongs.android.pop.ftp.ESFtpShortcut android.intent.action.MAIN
com.estrongs.android.pop.app.ShowDialogActivity estrongs.intent.action.ShowDialogActivity
com.estrongs.android.pop.app.ShowDialogActivity android.intent.category.DEFAULT
.app.AdbControllerActivity com.estrongs.android.pop.app.AdbControllerActivity
.app.AdbControllerActivity android.intent.category.DEFAULT
.app.AppCheckUpdateList com.estrongs.action.APP_CHECK_UPDATE_LIST
.app.AppCheckUpdateList android.intent.category.DEFAULT
.app.DefaultWindowSetting com.estrongs.action.DEFAULT_OPEN_WINDOW_LIST
.app.DefaultWindowSetting android.intent.category.DEFAULT
.app.DocumentExtModifyList com.estrongs.action.DOCUMENT_EXT_MODIFY_LIST
.app.DocumentExtModifyList android.intent.category.DEFAULT
.app.UsbMonitorActivity android.hardware.usb.action.USB_DEVICE_ATTACHED
.app.UsbMonitorActivity android.hardware.usb.action.USB_DEVICE_DETACHED
.app.UsbMonitorActivity android.intent.category.DEFAULT
.app.TransitActivity com.estrongs.android.SHOW_DISK_USAGE
.app.TransitActivity com.estrongs.android.SHOW_APP_MGR
.app.TransitActivity com.estrongs.android.SHOW_SDCARD
.app.TransitActivity com.estrongs.android.SHOW_MUSIC_PLAYER
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
HttpClient;->execute 请求远程服务器
java/net/HttpURLConnection;->connect 连接URL
LocationManager;->getLastKnownLocation 获取地址位置
java/net/URL;->openConnection 连接URL
TelephonyManager;->getLine1Number 获取手机号
SmsManager;->sendTextMessage 发送普通短信
ContentResolver;->query 读取联系人、短信等数据库
WifiManager;->setWifiEnabled 变更WIFI状态
android/app/NotificationManager;->notify 信息通知栏
ContentResolver;->delete 删除短信、联系人
java/net/URLConnection;->connect 连接URL
启动方式
VirSCANVirSCAN
名称 信息
com.estrongs.android.pop.app.AudioPlayerService$MediaButtonReceiver
com.estrongs.android.pop.app.CampaignReceiver
com.baidu.share.message.ShareReceiver
com.estrongs.android.pop.EnableOEMConfig
com.estrongs.android.pop.EnableOEMConfig
com.estrongs.android.pop.EnableOEMConfig
com.estrongs.android.pop.app.InstallMonitorReceiver 应用安装时启动服务
com.estrongs.android.pop.app.InstallMonitorReceiver 应用卸载时启动服务
com.estrongs.android.pop.app.StartServiceReceiver 屏幕解锁启动服务
com.estrongs.android.pop.app.StartServiceReceiver
com.estrongs.android.pop.app.StartServiceReceiver
广告信息
VirSCANVirSCAN
名称 信息
com.baidu 百度
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.INTERNET 连接网络(2G或3G)
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_SUPERUSER
android.permission.VIBRATE 允许设备震动
.PERMISSION
android.permission.CHANGE_WIFI_MULTICAST_STATE 变更WIFI多播状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
服务列表
VirSCANVirSCAN
名称
com.estrongs.android.pop.app.AudioPlayerService
com.estrongs.android.pop.bt.OBEXFtpServerService
com.estrongs.android.ftp.ESFtpService
com.estrongs.android.ui.notification.ESTaskService
com.estrongs.android.pop.app.service.PerformanceAccelerateService
Providers
VirSCANVirSCAN
名称 信息
com.estrongs.android.pop.app.AudioPlayerService
com.estrongs.android.pop.bt.OBEXFtpServerService
com.estrongs.android.ftp.ESFtpService
com.estrongs.android.ui.notification.ESTaskService
com.estrongs.android.pop.app.service.PerformanceAccelerateService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0xab861268
META-INF/CERT.SF 0xd4bfec12
META-INF/CERT.RSA 0xe2e5c76a
res/drawable-hdpi-v4/toolbar_save.png 0xd23a668f
res/drawable-hdpi-v4/home_download.png 0x61b8924c
res/drawable-hdpi-v4/access_titlebar_bg.9.png 0x62d4e576
res/layout/new_adb_server.xml 0xa772fe10
res/layout/pic_comment_item.xml 0x244a625e
res/drawable-xlarge-v4/sidebar_home.png 0x9bba0af2
res/drawable-hdpi-v4/btn_camera_arrow_right_default.png 0xd368a127
res/drawable-hdpi-v4/notification_ongoing.png 0x6e9f177b
res/layout-hdpi-v4/item_context_menu.xml 0x6a68b152
res/drawable-hdpi-v4/taskcenter_content_delete.png 0x242dc4b8
res/drawable-hdpi-v4/toolbar_edit_addto.png 0x5c9c707a
res/drawable-hdpi-v4/net_wireless_ssd.png 0x16c4aa70
res/xml/pref_document.xml 0xd3d07416
res/drawable-xlarge-v4/main_titlebar_picture_selected.png 0x6d4f67ed
res/drawable-hdpi-v4/webdav_folder.png 0x47a83180
res/drawable-xlarge-v4/sidebar_chromecast.png 0x8ecf88c7
res/drawable/indicator_icon_ftp.xml 0x3cbf784e
res/layout/single_column_menu.xml 0x9c45e490
res/layout/item_listview_clipboard.xml 0xa7e74519
res/drawable-hdpi-v4/popbox_moveto_content_bg.9.png 0xa84e41a9
jcifs/util/mime.map 0x7918a91b
res/drawable-hdpi-v4/sidebar_home.png 0x9bba0af2
res/drawable-xlarge-v4/home_book.png 0xd4997a65
jcifs/http/ne.css 0x21ad88f
res/drawable-hdpi-v4/icon_app_noteeditor.png 0x1e7a7473
res/layout/traffic_alert_content.xml 0x99407963
res/drawable-hdpi-v4/app_audio_button.png 0xfd60106e
res/drawable/preference_background.xml 0x6494e6ee
res/drawable-hdpi-v4/addressbar_tab_left.9.png 0x99caa217
res/drawable/popupbox_listview_selector.xml 0x8af54fe5
res/layout/new_username_pasword.xml 0xe39cd2b0
res/layout-land-hdpi-v4/land_tools_top_file.xml 0x6287102d
res/drawable-hdpi-v4/home_library_icon.png 0xd53615af
res/drawable-xlarge-v4/sidebar_exsdcard.png 0xdc049a78
res/drawable-xlarge-v4/folder_pink.png 0xc8bf1cfa
res/drawable-hdpi-v4/toolbar_slides.png 0x801ee6c1
res/drawable-hdpi-v4/main_titlebar_playlist.png 0xa20688d8
res/layout-hdpi-v4/list_item_with_switch.xml 0xdcc98292
res/layout/help_page.xml 0x7e9bcda5
res/drawable-hdpi-v4/networkdisk_skydrive.png 0xc97efc24
res/drawable-hdpi-v4/remote_button_click.9.png 0x42d9c196
res/drawable-hdpi-v4/switch_thumb_disabled_holo_light.9.png 0xe396467c
res/anim/slide_in_from_bottom.xml 0x71f7453b
res/drawable-hdpi-v4/main_addressbar_icon_bg_click.9.png 0xbd4b34d2
res/drawable-hdpi-v4/setting_icon_about.png 0x179c7be5
res/drawable-hdpi-v4/toolbar_edit_decrypt.png 0x23aca646
res/layout/image_picker_file_item.xml 0x4aa7c07c
res/drawable-hdpi-v4/clipboard_button_delete_bg_click.9.png 0x2ed16f9e
res/layout/root_explorer_mount_item.xml 0x75c5c9cf
res/drawable-xlarge-v4/main_titlebar_net_selected.png 0xb25736c6
res/raw/netdisk_dropbox 0x6c12895c
res/drawable-hdpi-v4/toolbar_startup.png 0xca7d03a2
res/drawable-hdpi-v4/toolbar_bg.9.png 0x1f455838
res/drawable-xlarge-v4/format_text.png 0xc9203d67
res/drawable/seekbar_thumb.xml 0xf915beec
res/drawable-hdpi-v4/folder_yellow_full.png 0x92a2bea6
res/drawable/shadow_tools_top.xml 0xc613b82d
res/drawable-hdpi-v4/popupbox_arrow_up.png 0xceafd21c
res/drawable-hdpi-v4/toolbar_view_detail_s.png 0x7b6102be
res/drawable-hdpi-v4/home_app.png 0x92f10077
res/drawable-xlarge-v4/sidebar_sdcard.png 0xafd90830
res/drawable-hdpi-v4/open_recomm_title_recomm_img_gray.png 0xc0a09c59
res/drawable-xlarge-v4/sidebar_sethome.png 0xf9cff537
res/anim/slide_out_to_bottom.xml 0x6f6f1906
res/drawable-hdpi-v4/toolbar_return.png 0xa65df0ab
res/layout/general_list_item.xml 0x98923fbf
res/drawable-xlarge-v4/main_titlebar_lan_selected.png 0x49348789
res/drawable-xlarge-v4/main_titlebar_recycle_selected.png 0xac38d0de
res/xml/pref_window.xml 0x25ea9f19
res/layout/dialog_library_refresh.xml 0x8c2715c9
res/xml/pref_password.xml 0x415ecb6c
res/layout-land-hdpi-v4/theme_set_bg_color.xml 0x14b50e7
res/drawable-hdpi-v4/net_wirelessadapter.png 0x23788f3c
res/drawable-xlarge-v4/home_app.png 0x92f10077
res/drawable-hdpi-v4/toolbar_autoupdate.png 0x5f09b337
res/drawable-xlarge-v4/format_chm.png 0x76a01aee
res/drawable-hdpi-v4/home_item_dark_bg.9.png 0xef93e614
res/drawable-hdpi-v4/sidebar_apps.png 0xc1d0b3de
res/drawable-hdpi-v4/app_audio_button_click.png 0xa186af5
res/drawable-hdpi-v4/main_addressbar_shadow.9.png 0x60d921d8
res/drawable-hdpi-v4/indicator_bg_bottom.xml 0x23cfe9b5
res/drawable-hdpi-v4/format_zip.png 0xedd161b9
res/layout-hdpi-v4/theme_activity.xml 0x82f1812d
res/drawable/progressbar_notification_sdcard.xml 0xbef4d5ca
res/layout-hdpi-v4/theme_choose_folder.xml 0xbd283d29
res/drawable-hdpi-v4/logo_download.png 0xd59001f9
res/drawable-hdpi-v4/icon_app_musicplayer.png 0xe4c4914
res/layout/port_window_history.xml 0x44dcd73a
res/layout-land-hdpi-v4/select_bar.xml 0x19c7a783
res/drawable-hdpi-v4/notification_sdcard_progress_background.9.png 0x2f19d3ab
res/drawable-hdpi-v4/icon_instagram.png 0x556f8bfa
res/drawable-hdpi-v4/toolbar_sort_type_ascending.png 0xbab1593a
res/drawable-hdpi-v4/toolbar_edit_tofavorites.png 0xc9042bb1
res/drawable-xlarge-v4/format_unkown.png 0xd610569
res/drawable-hdpi-v4/icon_folder_shortcut.png 0x65d4ed77
res/drawable-hdpi-v4/networkdisk_baidu.png 0x7b22409b
res/drawable-hdpi-v4/popupbox_button_copy_bg.9.png 0xd3517af0
res/drawable-hdpi-v4/default_ptr_flip.png 0x8a5a300d
res/drawable-hdpi-v4/search_category_video_click.png 0x4e56a21e
res/drawable-hdpi-v4/toolbar_edit_send.png 0x148464bb
res/drawable-hdpi-v4/toolbar_sort_time_descending.png 0x2fd6b9c4
res/drawable-hdpi-v4/notification_lock.png 0x4a5cb63b
res/layout-hdpi-v4/common_alert_dialog.xml 0x40bcb2a5
res/layout/pop_video_player.xml 0x956238b3
res/drawable-hdpi-v4/seekbar_progress_front.png 0xc444f7e8
res/drawable/sapi_btn_selector.xml 0x3dcc4c49
res/drawable-hdpi-v4/drag_multiwindow_unavailable_bg.9.png 0x355d6775
res/drawable-hdpi-v4/toolbar_edit_play.png 0xf91c9db5
res/layout-hdpi-v4/drag_action_layer.xml 0x2538e802
res/drawable-hdpi-v4/bt_type_other02.png 0x5234eeac
res/layout/add_favorite_web_page.xml 0x6c30b64
res/drawable-hdpi-v4/access_tab_bg_click.9.png 0x2e2f1b80
res/drawable-hdpi-v4/sidebar_esnet.png 0x746c0ab5
res/drawable-hdpi-v4/switch_thumb_disabled_holo_dark.9.png 0xedb912bf
res/drawable/btn_camera_arrow_left.xml 0xed4cd8e2
res/drawable-hdpi-v4/app_new_audio_prev.png 0x92397fa3
res/drawable-hdpi-v4/recommendation_content_button_run_bg_click.9.png 0x5535271f
res/drawable-hdpi-v4/toolbar_update.png 0x69d28f1a
res/layout/custom_preference_widget_checkbox.xml 0xa79b6235
res/drawable-hdpi-v4/task_item_stoped_.png 0x4dc5c924
res/drawable-hdpi-v4/sidebar_recycle.png 0xa00bc38e
res/drawable/indicator_icon_compress.xml 0x6d4b293a
res/drawable-hdpi-v4/setting_pad_bg.9.png 0x39862120
res/drawable-hdpi-v4/sidebar_remove.png 0x5e43a0e9
res/drawable-hdpi-v4/toolbar_playlist.png 0xb2628557
res/drawable-xlarge-v4/sidebar_cloud.png 0xa9dfd2e4
res/layout/root_explorer.xml 0x28fe77aa
res/drawable-hdpi-v4/main_titlebar_recommend_selected.png 0xa751c1ee
res/drawable/indicator_icon_pcs.xml 0xcf44651d
res/drawable-hdpi-v4/home_websearch.png 0x4c3c96a0
res/drawable-hdpi-v4/toolbar_associate.png 0x167b385f
res/drawable/progressbar_green.xml 0x19cfd1d9
res/drawable-hdpi-v4/pic_folder.png 0x104cfd53
res/layout/content_clipboard.xml 0xe706e195
res/layout/grid_view_item_small.xml 0x8ef993ad
res/layout/pull_to_refresh_header_vertical.xml 0xf891f21e
res/drawable-xlarge-v4/sidebar_picture.png 0x3511fee1
res/drawable-hdpi-v4/toolbar_edit_delete.png 0xf2feb553
res/drawable-hdpi-v4/popupbox_radio_button_unchecked.png 0xe38cf162
res/layout/guideline.xml 0x7448a00c
res/drawable-hdpi-v4/toolbar_edit_view.png 0x1c629801
res/drawable/preference_checkbox_drawable.xml 0x2c626c22
res/drawable-hdpi-v4/icon_app_mediaplayer.png 0xac058c5d
res/drawable-hdpi-v4/app_pic_file_bg.png 0xb9aaa3a6
res/drawable/indicator_icon_net.xml 0xf98a6af
res/drawable-xlarge-v4/format_picture.png 0x3dab7a19
res/drawable-hdpi-v4/drag_pressed_right_up.png 0x52ea1eef
res/drawable-hdpi-v4/toolbar_music.png 0xd6ed9396
res/layout-ldpi-v4/theme_set_bg_color.xml 0x7246664
res/drawable/background_theme_item.xml 0x732628b3
res/layout/item_select_disk.xml 0x7a57031c
res/layout/backup_settings.xml 0x641134d2
res/drawable-hdpi-v4/gesture_button_click.png 0x2a7c982a
res/layout/pic_comment_post.xml 0xbd8be510
res/drawable/content_button_holo_bg_selector.xml 0x2454518b
res/drawable-xlarge-v4/home_music.png 0xfb7ecf2d
res/layout/body_main.xml 0x43151a74
res/drawable-xlarge-v4/format_zip.png 0xedd161b9
res/drawable-hdpi-v4/download_folder.png 0xe8161488
res/drawable-hdpi-v4/popupbox_button_cancel_window_left.9.png 0xffdfd9d8
res/layout/preference_widget_switch.xml 0x51f364b6
res/drawable-hdpi-v4/theme_test_01.png 0xbe222c4a
res/layout-hdpi-v4/audio_player_activity.xml 0x5ddc7c1c
res/drawable-hdpi-v4/toolbar_charset.png 0x29b2ed14
res/drawable-xlarge-v4/main_titlebar_current_bg.9.png 0x4214e292
res/drawable/tablet_preference_background.xml 0x6700e83a
res/drawable/seekbar_progress.xml 0xbfe903d
res/drawable-hdpi-v4/search_category_bg_middle.9.png 0x5bbeb9bb
res/layout/dialog_recv_result.xml 0x986e5ad7
res/drawable-hdpi-v4/app_audio_notification_play.png 0x968770b6
res/drawable-hdpi-v4/popupbox_button_cancel_window_right.9.png 0xa664438
res/layout/task_grid_view_item.xml 0xb4ff0053
res/drawable-hdpi-v4/switch_bg_holo_dark.9.png 0xbc86c032
res/layout/item_listview_theme_folder.xml 0xcbe7870c
res/drawable-hdpi-v4/pull_end.png 0x927c2ec2
res/drawable-hdpi-v4/history_system_app.png 0x76cda8e
res/drawable-hdpi-v4/icon_app_share.png 0xf3c9a70f
res/drawable-hdpi-v4/main_titlebar_apk.png 0x1122feb
res/drawable-hdpi-v4/sidebar_web_app.png 0x22b4fd02
res/drawable-hdpi-v4/webdavs_folder.png 0x8cb27650
res/layout/image_chooser.xml 0x31065083
res/drawable-hdpi-v4/pull_normal.png 0xbac29448
res/drawable-xlarge-v4/main_titlebar_music_selected.png 0x74aa6ece
res/drawable-hdpi-v4/content_button_bg_click.9.png 0xd13552f8
res/drawable-xlarge-v4/main_titlebar_playlist.png 0xa20688d8
res/drawable-hdpi-v4/sdcard_folder.png 0xe3903faf
res/layout/drag_window_grid.xml 0x23858327
res/layout/item_listview_history.xml 0xe8dc30a4
res/drawable-hdpi-v4/sapi_btn_disabled.9.png 0x6e706bcf
res/layout/image_crop.xml 0xe30e339a
res/drawable-hdpi-v4/ftp_ser_up_ind.png 0x18bfcd3a
res/drawable-xlarge-v4/sidebar_phone.png 0xa6683c97
res/drawable-hdpi-v4/taskcenter_content_button_bg_click.9.png 0xff2e6183
res/layout/sdcard_notification_ics.xml 0x36f68203
res/drawable-hdpi-v4/toolbar_edit_encrypt.png 0x467297e0
res/drawable-hdpi-v4/clipboard_button_paste_bg.9.png 0xc5fc01f1
res/drawable-hdpi-v4/history_listitem_file.png 0x18ead96b
res/drawable-hdpi-v4/bt_type_phone02.png 0xb5cef647
res/drawable-hdpi-v4/sidebar_system.png 0x4cf7c75f
res/drawable-hdpi-v4/video_play.png 0xf470b134
res/xml/pref_download.xml 0x7a3a2db8
res/raw/netdisk_skydrv 0x3a3b10e1
res/drawable-hdpi-v4/home_search.png 0xa4945dd8
res/drawable-hdpi-v4/main_titlebar_media_selected.png 0x56132ef0
res/drawable-xlarge-v4/format_app.png 0x8cf91289
res/drawable-xlarge-v4/format_torrent.png 0x809145bf
res/layout/simple_edit_view.xml 0xa932bf6f
res/drawable-hdpi-v4/pcs_login_renren.png 0x154b2ce2
res/raw/netdisk_megacloud 0x8055e005
res/drawable-hdpi-v4/toolbar_enter.png 0xec24695
res/drawable/indicator_icon_apk.xml 0xbc15dcdd
res/layout/layout_sapi_webview.xml 0x8e9eec7a
res/drawable-hdpi-v4/popupbox_button_cancel_window_right_click.9.png 0x333e32bd
res/layout-hdpi-v4/menu_item_bottom.xml 0xba3e53c3
res/drawable-hdpi-v4/main_titlebar_ftp_selected.png 0xc47de517
res/layout/clear_app_remnant_folders_dialog.xml 0x32eff3b7
res/drawable/component_child_download_expanded_selector.xml 0xcfd9494e
res/drawable/main_addressbar_access_icon.xml 0x32e63b3e
res/layout/item_common_dialog_icon.xml 0x3be5376c
res/drawable-hdpi-v4/popupbox_button_confirm_window_right_click.9.png 0x333e32bd
res/layout/file_picker.xml 0xfc04ea6
res/drawable-hdpi-v4/main_content_unchecked.png 0x8149339b
res/drawable-hdpi-v4/toolbar_view_icon_s.png 0x29768331
res/xml/esnet_setting_preference.xml 0x6bb3b194
res/drawable-hdpi-v4/pcs_drive_formal.png 0xe38820a4
res/layout/flickr_photo_privacy.xml 0x442cebcb
res/drawable-xlarge-v4/sidebar_hiddenfiles.png 0x4e75d1cf
res/drawable-hdpi-v4/icon_app_zipviewer.png 0x79b3359a
res/drawable-hdpi-v4/pcs_hot_folder.png 0xf4edd2f7
res/drawable-xlarge-v4/sidebar_web_app.png 0x22b4fd02
res/drawable-hdpi-v4/toolbar_window.png 0x410f6d22
res/drawable-hdpi-v4/ftps_folder.png 0xc56f5d60
res/drawable-hdpi-v4/sapi_btn_normal.9.png 0xdde8c8f
res/drawable-hdpi-v4/sidebar_media.png 0xac8c2d6e
res/xml/pref_upgrade.xml 0xe188981c
res/drawable-hdpi-v4/toolbar_edit_install.png 0x69e14c1a
res/drawable-xlarge-v4/sidebar_lan.png 0x4e1c6591
res/drawable-hdpi-v4/sidebar_thumbnails.png 0x9485d875
res/drawable-hdpi-v4/main_titlebar_lan_selected.png 0x49348789
res/drawable-xlarge-v4/sidebar_media.png 0xac8c2d6e
res/drawable-hdpi-v4/main_addressbar_address_bg_02.9.png 0x360e2268
res/layout/drag_multi_window.xml 0x5ffa4bd5
res/drawable/indicator_icon_diskusage.xml 0xd57e7d89
res/drawable-hdpi-v4/notification_eslogo.png 0xc58895c0
res/drawable-hdpi-v4/setting_button_bg_click.9.png 0xd13552f8
res/drawable-xlarge-v4/main_titlebar_home.png 0x8524488b
res/drawable-hdpi-v4/drag_normal_right_up.png 0x643e9db9
res/layout/multi_files_property.xml 0x3264d24a
res/anim/animation_menu_in.xml 0x9e8e9eef
res/layout/space_not_enough_dialog.xml 0x95e0de45
res/drawable-hdpi-v4/sidebar_root.png 0x7c6a2d7b
res/drawable-hdpi-v4/home_clear.png 0x56a49d59
res/drawable-hdpi-v4/recommendation_pic_placeholder.png 0x4f6e86ab
res/drawable-hdpi-v4/setting_icon_display.png 0x18b50af0
res/drawable/content_listview_selector.xml 0x7a23e394
res/drawable-hdpi-v4/task_item_status_running.png 0x88a974d9
res/drawable-hdpi-v4/app_pic_net_flickr.png 0x3db38575
res/drawable-hdpi-v4/theme_net_button_bg.9.png 0xfd7b3514
res/xml/pref_about.xml 0x55ee8b1b
res/drawable-hdpi-v4/popupbox_button_action_bg_click.9.png 0x8d386b0f
res/drawable-hdpi-v4/sidebar_send.png 0x38c7c02f
res/drawable-hdpi-v4/format_word.png 0xf7b63677
res/drawable-hdpi-v4/home_line_vertical.9.png 0xc02abeb6
res/drawable-hdpi-v4/dot_selected.png 0x7ad1a740
res/drawable-hdpi-v4/notification_fail.png 0x8d5b48e8
res/layout/apk_falsified_alert.xml 0x1e2e97d0
res/drawable-hdpi-v4/popupbox_arrow_down.png 0x7dfede15
res/drawable-hdpi-v4/setting_content_bg_click.9.png 0x6586f1db
res/drawable-hdpi-v4/setting_title_bg.9.png 0x27b27fcb
res/drawable-xlarge-v4/format_ebook.png 0xe5594c4f
res/drawable-hdpi-v4/toolbar_more_content_sp.9.png 0x8ae487cb
res/drawable-hdpi-v4/popupbox_button_confirm_window_middle.9.png 0xffdfd9d8
res/layout/clear_app_remnant_folders_app_item.xml 0x5fb39836
res/drawable-hdpi-v4/recycle_setting_icon.png 0x82365ce5
res/drawable-hdpi-v4/pcs_icon_share.png 0xfbd3b164
res/drawable-hdpi-v4/toolbar_playto.png 0xfb2e91f9
res/drawable-hdpi-v4/toolbar_extractto.png 0xb92b94dc
res/layout/wifi_dialog_row.xml 0x1a04b3ec
res/drawable-xlarge-v4/sidebar_hidelist.png 0x53348703
res/drawable/indicator_icon_recommend.xml 0x7daa0f30
res/drawable-hdpi-v4/popupbox_input_bg_50.9.png 0xeb5a2315
res/drawable-xlarge-v4/sidebar_web.png 0xcb0c0995
res/drawable-hdpi-v4/notification_sdcard.png 0x54ae899a
res/drawable-hdpi-v4/toolbar_player.png 0x2c665254
res/xml/ftp_server_pref_tablet.xml 0xaafb800b
res/drawable-hdpi-v4/main_titlebar_zip_selected.png 0xde3ad339
res/drawable-hdpi-v4/popupbox_button_back_bg.9.png 0x3f32df75
res/drawable-hdpi-v4/toolbar_search.png 0x5d307f85
res/drawable-xlarge-v4/main_titlebar_book_selected.png 0x58cf0e18
res/layout/audio_notification_ics.xml 0x19f659f2
res/layout/menu_list_item.xml 0x339486ea
res/drawable-hdpi-v4/pcs_home_content_button_click.9.png 0x3d4e7cb5
res/drawable-hdpi-v4/sidebar_web_pic.png 0xd223b0e1
res/drawable-hdpi-v4/main_titlebar_playlist_selected.png 0xbc1a33e6
res/drawable-hdpi-v4/search_category_bg_right.9.png 0x1c5a995d
res/drawable-hdpi-v4/history_pic_mine.png 0x33a5b835
res/drawable/background_menu_item.xml 0x559693f4
res/layout/dialog_customized_ap.xml 0x2f6e29be
res/drawable-hdpi-v4/main_titlebar_disk_selected.png 0x9de61fa5
res/drawable-hdpi-v4/sidebar_picture.png 0x3511fee1
res/drawable-hdpi-v4/blank.png 0xc983d817
res/layout/root_permission_manager.xml 0x5113af90
res/drawable-hdpi-v4/main_top_shadow.png 0xb97de0f1
res/drawable-hdpi-v4/toolbar_clear.png 0x1bd139ef
res/drawable-hdpi-v4/logo_movies.png 0x2dec660a
res/drawable-hdpi-v4/drag_normal_right_down.png 0x832742ca
res/drawable-xlarge-v4/sidebar_apps.png 0xc1d0b3de
res/drawable-hdpi-v4/app_audio_album_default_bg.9.png 0x3c2553b9
res/drawable-xlarge-v4/format_ppt.png 0x2fffc959
res/drawable-hdpi-v4/app_pic_net_pcs.png 0xf97d8b0a
res/layout/download_task_property.xml 0x2a151139
res/layout/flickr_photo_album.xml 0x13d48fd7
res/drawable-hdpi-v4/notification_rename.png 0x4fc6b7ef
res/xml/pref_display.xml 0x7d16150a
res/drawable-hdpi-v4/main_titlebar_picture.png 0xac340ddb
res/layout/dialog_file_sharing.xml 0xaf1e318b
res/drawable-hdpi-v4/main_titlebar_download_selected.png 0xb87ff2b9
res/drawable-hdpi-v4/setting_icon_directory.png 0xe4808060
res/drawable-hdpi-v4/disk_analyse_content_left_bg.9.png 0x72ff0f68
res/layout/hidelist_item.xml 0x3e3772f3
res/drawable-hdpi-v4/main_addressbar_access.png 0x4c97ae7e
res/drawable-hdpi-v4/search_category_music.png 0xcb521ef7
res/drawable-xlarge-v4/sidebar_remote.png 0x19f991f2
res/drawable-hdpi-v4/main_addressbar_access_land.png 0x8f8a3e53
res/xml/pref_search_engine.xml 0xde2f619f
res/drawable-xlarge-v4/main_titlebar_playlist_selected.png 0xbc1a33e6
res/drawable-xlarge-v4/main_titlebar_ftp.png 0x4521dfaf
res/layout/grid_view_image_folder_item.xml 0xc6c0b07f
res/drawable-hdpi-v4/drag_normal_left_up.png 0x745d8b73
res/layout/new_ftp_server.xml 0xf57872f9
res/drawable-hdpi-v4/ftpsvr.png 0x80e55f9d
res/drawable-xlarge-v4/main_titlebar_media.png 0x24e47973
res/drawable-hdpi-v4/main_titlebar_device.png 0xf247439a
res/drawable-hdpi-v4/main_addressbar_bg.9.png 0xa49d0565
res/drawable-xlarge-v4/main_content_checked.png 0x464dfec4
res/layout/navi_page1.xml 0x9d8da241
res/drawable-hdpi-v4/btn_camera_arrow_left_press.png 0xae1354f
res/drawable-xlarge-v4/main_titlebar_web.png 0x84c7b403
res/layout-xhdpi-v4/block_item_search.xml 0x5a2771a5
res/drawable/indicator_icon_audio_playlist.xml 0xf3c359fa
res/drawable-xlarge-v4/home_download.png 0x61b8924c
res/layout/item_single_column_menu.xml 0xee3dd61a
res/drawable-hdpi-v4/appmanager_backedup_delete_click.9.png 0x3900207b
res/drawable-hdpi-v4/main_left_shadow.png 0xc81a9001
res/drawable/popupbox_button_cancel_single_selector.xml 0x458056e2
res/layout/ftp_server.xml 0x36562b63
res/drawable-hdpi-v4/main_titlebar_book.png 0x2bd2bfe7
res/layout/new_oauth_netdisk.xml 0x7978e6c
res/drawable-hdpi-v4/app_pic_net_detail_bg.9.png 0x87306474
res/drawable-xlarge-v4/sidebar_web_music.png 0x38201c2b
AndroidManifest.xml 0xc8697c09
res/drawable-hdpi-v4/toolbar_edit_backup.png 0xd2ec8ea9
res/drawable-hdpi-v4/toolbar_search_sp.9.png 0x3fb0a70d
res/drawable-hdpi-v4/sidebar_ftp.png 0x59c14cbe
res/layout/image_view.xml 0xdf598bd7
res/drawable-hdpi-v4/access_content_sp.9.png 0xe47c2923
res/layout/wifi_dialog.xml 0x30b4107a
res/drawable-hdpi-v4/history_music.png 0x62c8ea75
res/layout/home_page.xml 0x3652a69b
res/drawable/popupbox_button_cancel_right_selector.xml 0xf447706f
res/layout/note_editor.xml 0xf326bbfc
res/drawable-hdpi-v4/main_titlebar_media.png 0x24e47973
res/drawable-hdpi-v4/search_category_apk.png 0x549243ae
res/drawable-hdpi-v4/toolbar_sort_time_ascending.png 0x8d1fb716
res/layout/tablet_preference_offical_website.xml 0x476f16d8
res/layout/tablet_preference.xml 0x255048e
res/drawable-hdpi-v4/app_pic_net_detail_comment.png 0x90f912a3
res/drawable-hdpi-v4/home_progress_foreground.9.png 0x112da3ae
res/layout/net_pincode.xml 0xd20d42af
res/drawable-xlarge-v4/sidebar_web_weather.png 0xfa8aeccf
res/drawable-hdpi-v4/sidebar_hidelist.png 0x53348703
res/drawable-hdpi-v4/toolbar_refresh.png 0x1c824bbb
res/layout/custom_preference_dialog_edittext.xml 0x119e13be
res/drawable-hdpi-v4/btn_camera_arrow_left_default.png 0xb0774821
res/layout/switch_google_play.xml 0xa209c8df
res/layout-hdpi-v4/block_item_media.xml 0x76255759
res/drawable-hdpi-v4/setting_icon_window.png 0xd70b0d67
res/drawable-hdpi-v4/setting_icon_backup.png 0xfd10131f
res/drawable-hdpi-v4/switch_thumb_activated_holo_light.9.png 0xd6d62d63
res/drawable-hdpi-v4/toolbar_exit.png 0xb8b5746d
res/drawable-hdpi-v4/history_rootdirectory.png 0x7ba214d
res/drawable-hdpi-v4/toolbar_playlist_playing.png 0x8e2be829
res/layout/image_folder_create_site.xml 0xe9a6e6d2
assets/theme/classic/image_thumb 0xaee80ba0
res/drawable-hdpi-v4/history_pic_album.png 0x77f8c233
res/layout/custom_preference_offical_website.xml 0x908b887d
res/layout/image_details.xml 0xcb8fa648
res/drawable-hdpi-v4/home_block_bg.9.png 0xa0decc50
res/drawable-hdpi-v4/format_lock.png 0xc6ddd982
res/drawable-hdpi-v4/icon_display.png 0x7c4675dc
res/drawable/content_button_bg_selector.xml 0x8a4e671a
res/drawable-hdpi-v4/switch_thumb_pressed_holo_dark.9.png 0xd43ca788
res/raw/netdisk_mediafire 0xaa3b101a
res/drawable-hdpi-v4/main_addressbar_access_click.png 0x2ccb7bbf
res/drawable-hdpi-v4/main_addressbar_icon_bg.9.png 0x360e2268
res/drawable-hdpi-v4/toolbar_close.png 0x84fb8f11
res/drawable-hdpi-v4/toolbar_sort_name_descending.png 0x12e6b119
res/drawable-zh-rCN-xhdpi-v4/tv_320_180.png 0xc9357e84
res/drawable-hdpi-v4/sidebar_safe.png 0x970abadd
res/drawable-hdpi-v4/toolbar_edit_selectnone.png 0x3ad730e3
res/drawable-hdpi-v4/toolbar_clear_recycle.png 0xf2feb553
res/drawable-hdpi-v4/setting_close.png 0x1043160f
res/drawable-hdpi-v4/toolbar_enlarge.png 0x46a3e397
res/drawable-hdpi-v4/content_top_float_label.9.png 0x990688bf
res/layout/search_advance_field_scope_input.xml 0xbe08973a
res/layout-land-hdpi-v4/body_main.xml 0x189d1e32
res/xml/esnet_setting_pref_tablet.xml 0xa563ebae
res/drawable/popupbox_checkbox_drawable.xml 0x2c626c22
res/drawable-xlarge-v4/format_excel.png 0x845b186d
res/drawable-hdpi-v4/toolbar_search_input_bar.9.png 0x7362a318
res/drawable-hdpi-v4/switch_thumb_activated_holo_dark.9.png 0xabf208aa
res/drawable-hdpi-v4/sapi_icon_connection_failed.png 0x57524469
res/xml/pref_clean.xml 0xf5784838
res/drawable-hdpi-v4/history_update_app.png 0xd3c5fa32
res/drawable-hdpi-v4/app_new_audio_ctrl_pause.png 0x59f009ca
res/layout/guideline_land.xml 0x7734174d
res/drawable-hdpi-v4/app_pic_net_detail_like_off.png 0x1b8f9276
res/drawable/access_content_icon_bg_selector.xml 0x5a81281d
res/drawable-hdpi-v4/app_locked.png 0xe188150e
res/drawable-xlarge-v4/main_titlebar_recycle.png 0x715360ed
res/raw/netdisk_boxnet 0x28da49dc
res/drawable-hdpi-v4/folder_red.png 0x87b6de6e
res/drawable-xlarge-v4/main_titlebar_bg.9.png 0xbbf0c6c6
res/drawable-hdpi-v4/setting_icon_recycle.png 0x9aa893f
res/drawable-hdpi-v4/main_titlebar_phone_selected.png 0x3326d8d9
res/drawable-hdpi-v4/format_music.png 0x7651ca9f
res/drawable-xlarge-v4/sidebar_homepage.png 0x5ba4e81c
res/layout-hdpi-v4/group_new_navi.xml 0x9040e19b
res/drawable-xhdpi-v4/icon_display.png 0x6b67ae68
res/drawable-hdpi-v4/main_titlebar_tv_selected.png 0xfce8523d
res/drawable-hdpi-v4/sapi_btn_pressed.9.png 0xdbe8a2e0
res/drawable-hdpi-v4/toolbar_edit_cut.png 0xbb2a2f11
res/drawable/indicator_icon_home.xml 0x1be5b2f2
res/drawable-hdpi-v4/popbox_moveto_path_bg.9.png 0xaa13b156
res/layout/custom_preference.xml 0x2850d014
res/drawable-hdpi-v4/icon_pcs.png 0xd1dd8e88
res/drawable-hdpi-v4/toolbar_tool.png 0x6cfb0862
res/drawable-hdpi-v4/main_titlebar_equipment_selected.png 0xbefbf3d4
res/layout/window_new_network.xml 0x912a6349
res/drawable-xlarge-v4/sidebar_web_book.png 0x53d6f5cf
res/drawable-hdpi-v4/toolbar_sort_name_ascending.png 0xcfd471f1
res/drawable-hdpi-v4/toolbar_localsearch.png 0x5f4c1332
res/layout-land-hdpi-v4/pop_multi_window.xml 0x1dd4017b
res/drawable-hdpi-v4/format_unkown.png 0xd610569
res/drawable-hdpi-v4/recommendation_content_button_download_bg_click.9.png 0xa7cbd558
res/drawable-xlarge-v4/main_titlebar_download.png 0x56b9599b
res/drawable-hdpi-v4/format_text.png 0xc9203d67
res/drawable-hdpi-v4/sidebar_favorite_download.png 0xd4686592
res/anim/fade.xml 0x83f3e6d9
res/drawable-xlarge-v4/main_titlebar_pcs.png 0x91da0534
res/drawable-hdpi-v4/search_category_bg_left.9.png 0x984e862b
res/drawable/popupbox_button_confirm_selector.xml 0xba358a81
res/layout/main.xml 0xf677028a
res/drawable-hdpi-v4/icon_app_chromecastplayer.png 0x98ba30a
res/layout/grid_clipboard.xml 0xa5a15764
res/drawable-hdpi-v4/drag_pressed_left_up.png 0x79313432
res/drawable-hdpi-v4/sapi_icon_network_unavailable.png 0xc2993529
res/layout/my_network_item_title.xml 0x36cc3df6
res/layout/batch_rename.xml 0xc79d9616
res/layout/task_clear_confirm.xml 0xd181c888
res/drawable-hdpi-v4/app_audio_progress_default.9.png 0xaf399acc
res/drawable/popupbox_button_confirm_middle_selector.xml 0x3ec6f5ca
res/drawable-hdpi-v4/format_folder.png 0xaabec886
res/drawable-hdpi-v4/logo_music.png 0x1d20b979
res/drawable-hdpi-v4/search_category_book.png 0x469e7e92
res/drawable-hdpi-v4/seekbar_progress_backgroud.png 0x57c34daf
res/layout-hdpi-v4/block_item_toolkit.xml 0xfb16a390
res/drawable/indicator_icon_remote.xml 0x27628e15
res/layout/grid_view_image_file_item.xml 0xa3d27362
res/layout/privacy_page.xml 0xcd11f5d5
res/drawable/preference_radio_drawable.xml 0x2e79d931
res/layout/multiwindow_pager.xml 0x2014305e
res/drawable-hdpi-v4/toolbar_sort.png 0x62a450c7
res/drawable-hdpi-v4/remote_icon_wifioff.png 0xa5febdf1
res/drawable-hdpi-v4/setting_icon_rate.png 0xba2d8a2d
res/layout/openapp_item.xml 0xb5469c66
res/drawable/radio_button_background.xml 0x9724ae5
res/drawable-hdpi-v4/ftp_folder.png 0xcf988373
res/layout/image_picker_folder_item.xml 0xedd6813a
res/drawable-hdpi-v4/history_document.png 0xb0270e3d
res/drawable-hdpi-v4/format_pdf.png 0x949073ec
res/drawable-hdpi-v4/guideline_zoom.png 0xcbd8c35
res/layout/progress.xml 0x26965769
res/drawable-xlarge-v4/main_titlebar_download_selected.png 0xb87ff2b9
res/drawable-hdpi-v4/history_user_app.png 0xcd631822
res/drawable/clipboard_toolbar_icon_bg_selector.xml 0x15fad1d
res/drawable-xlarge-v4/sidebar_favorite_download.png 0xd4686592
res/drawable-hdpi-v4/main_addressbar_close.png 0xad71b624
res/xml/device_filter.xml 0x2f1894d8
res/layout/grid_view_item_horizontal_item.xml 0x9dd4c8c5
res/drawable-hdpi-v4/multiwindow_remove_focused.png 0xdd86d5b3
res/drawable-hdpi-v4/ftp_ser_down_ind.png 0xf74d58f8
res/layout/layout_sapi_loading_timeout.xml 0xa9c6069c
res/drawable-hdpi-v4/popupbox_button_confirm_window_left_click.9.png 0x333e32bd
res/layout/app_select_dialog.xml 0x11318db2
res/drawable-hdpi-v4/recommendation_content_button_run_bg.9.png 0x4b176974
res/layout-hdpi-v4/block_item_collection.xml 0xdbfea1ac
res/layout-hdpi-v4/port_select_bar.xml 0x41a7e1f
res/layout/extra_edit_bottom.xml 0x56e3836c
res/xml/pref_app.xml 0xbfec44cd
res/drawable-hdpi-v4/folder_green.png 0x18965594
res/drawable-hdpi-v4/toolbar_sort_size_descending.png 0xa95d57c4
res/drawable-hdpi-v4/history_dowmload.png 0x3fd510cc
res/drawable/notification_item_bg.xml 0x32dd3955
res/drawable-hdpi-v4/toolbar_cancel.png 0xaea3f4f9
res/layout/es_use_prompt.xml 0x462e2b04
res/layout/encrypt_password_prompt_dialog.xml 0x315eef3
res/drawable-hdpi-v4/popupbox_content_selected.9.png 0x1f54787b
res/drawable-xlarge-v4/main_titlebar_apk.png 0x1122feb
res/layout/chromecast_notification_ics.xml 0x9dd9e6eb
res/drawable-hdpi-v4/popupbox_button_confirm_window_left.9.png 0x8e68a949
res/drawable-hdpi-v4/popupbox_bg.9.png 0x6c9d7bbf
res/drawable-hdpi-v4/logo_backups.png 0xb01c37e3
res/drawable-hdpi-v4/sidebar_books.png 0x380132c1
res/layout/window_history_page.xml 0x97b44058
res/drawable/popupbox_sublist_selector.xml 0x253e4c82
res/drawable-hdpi-v4/format_flash.png 0x6a2f03bd
res/drawable-hdpi-v4/main_titlebar_recycle.png 0x715360ed
res/drawable-hdpi-v4/toolbar_startusing.png 0x5d2fdf1d
res/drawable-hdpi-v4/search_category_apk_click.png 0x7eb7fc2c
res/drawable-hdpi-v4/app_new_audio_ctrl_play.png 0x56ac7789
res/layout/grid_view_item_horizontal_item_small.xml 0x30cf8aad
res/layout/file_sharing_notification.xml 0xadc13b7f
res/layout/body_main_tablet.xml 0x3505a58f
res/raw/dingcover 0x89f13144
res/drawable/indicator_icon_media.xml 0x5550278a
res/drawable-hdpi-v4/app_new_audio_repeat.png 0xad724064
res/drawable-hdpi-v4/toolbar_paste.png 0x34afe9c0
res/layout/app_check_list.xml 0x92dfe8c6
res/layout-hdpi-v4/block_item_search.xml 0xefa9b6a
res/layout-hdpi-v4/es_network.xml 0xb6da3f7f
res/drawable-hdpi-v4/toolbar_download.png 0xbc8ab67a
res/drawable-xlarge-v4/sidebar_equipment.png 0x3d320bd6
res/drawable/progressbar_home.xml 0x1e096ba4
res/drawable-xlarge-v4/sidebar_root.png 0x7c6a2d7b
res/drawable/shadow_tools_left.xml 0xbe8d82cd
res/drawable-hdpi-v4/toolbar_backedup_files.png 0x85fdf920
res/drawable-hdpi-v4/app_audio_list_order.png 0x6ba6b05c
res/drawable-hdpi-v4/logo_android.png 0xbe6975d9
res/drawable-hdpi-v4/switch_thumb_pressed_holo_light.9.png 0x7e2abfdd
res/drawable-hdpi-v4/history_backedup_apk.png 0x83d92059
res/drawable-hdpi-v4/toolbar_edit_copyto.png 0xeae6c4de
res/drawable-xlarge-v4/sidebar_music.png 0x913f4d5b
res/drawable-hdpi-v4/toolbar_sort_size_ascending.png 0xa16af4a2
res/drawable-hdpi-v4/app_audio_notification_bg_click.9.png 0xf33ade2b
res/drawable-hdpi-v4/popupbox_button_confirm_click.9.png 0xb3d8bd6e
res/drawable-xlarge-v4/home_pic.png 0x828808c3
res/layout/audio_playing_content.xml 0xaab9104a
res/drawable-hdpi-v4/networkdisk_vdisk.png 0x7a0df474
res/drawable/switch_inner_holo_dark.xml 0xb0516250
res/drawable-hdpi-v4/bt_type_other.png 0x773e625a
res/drawable-hdpi-v4/toolbar_defaultwindow.png 0x9c3760e5
res/drawable/background_content_grid.xml 0x4039b899
res/drawable-hdpi-v4/main_titlebar_device_selected.png 0x5d56fd56
res/layout/recomm_item_image_viewer.xml 0x3dd19038
res/drawable-xlarge-v4/sidebar_web_news.png 0x5e823b12
res/drawable-hdpi-v4/icon_app_sdcard.png 0xa56bdb2b
res/drawable-hdpi-v4/app_pic_net_edit_comment.png 0xeb610b70
res/drawable-hdpi-v4/toolbar_applock.png 0x4bda142b
res/drawable-xhdpi-v4/fex.png 0x1caba367
res/drawable-hdpi-v4/toolbar_edit_openas.png 0x621464c3
res/drawable/indicator_icon_audio_playing.xml 0x331f9a48
res/drawable-hdpi-v4/notification_play_to.png 0x953ecad6
res/drawable-hdpi-v4/toolbar_sort_type_descending.png 0xe57c5477
res/drawable-hdpi-v4/addressbar_tab_sp.9.png 0x16be7a6
res/drawable-xlarge-v4/main_titlebar_playing_selected.png 0x4875cad4
res/drawable-hdpi-v4/setting_new.png 0x27d65f07
res/drawable-xlarge-v4/sidebar_blue.png 0xea50e8d8
res/drawable-hdpi-v4/pcs_instruction.png 0x908a3772
res/drawable-hdpi-v4/setting_icon_download.png 0xda4ca43a
res/layout/simple_progress_dialog.xml 0xc3f0fa15
res/layout/dialog_pcs_backup_path.xml 0x4da04fbc
res/layout/image_picker.xml 0xc6e7d540
res/drawable-xlarge-v4/sidebar_send.png 0x38c7c02f
res/drawable-xlarge-v4/main_titlebar_recommend_selected.png 0xa751c1ee
res/anim/animation_longclick_menu_window.xml 0x9d31da51
res/layout/content_file_sharing.xml 0x43fe3fde
com/estrongs/android/pop/app/imageviewer/gallery/fileoperations.html 0xb54729b1
res/drawable-hdpi-v4/main_titlebar_remote.png 0x2c2b48ef
res/drawable-hdpi-v4/networkdisk_sugarsync.png 0xba8c6d8
res/drawable/indicator_icon_lan.xml 0xdb397140
res/drawable-hdpi-v4/toolbar_position.png 0xbc779ab2
res/xml/pref_headers.xml 0x1a32cb62
res/drawable-xlarge-v4/sidebar_ftp.png 0x59c14cbe
res/drawable-hdpi-v4/sidebar_tv.png 0xce9f7b1e
res/drawable-hdpi-v4/toolbar_openfolder.png 0x8fabf3e
res/drawable-hdpi-v4/indicator_arrow.png 0x29dbfc2f
res/drawable-hdpi-v4/menu_property.png 0x9fe0693
res/layout/disk_usage_graphic.xml 0x9a76b62e
res/drawable-hdpi-v4/app_audio_playing_ind.png 0x9761166f
res/color/color_preference_summary.xml 0xfea99ab
res/drawable-hdpi-v4/setting_icon_password.png 0x7d2c67b1
res/anim/slide_out_to_top.xml 0xf7d4e050
res/drawable-hdpi-v4/home_video.png 0xbaeaf3ab
res/layout-hdpi-v4/theme_set_bg_color.xml 0xb92825fc
res/drawable-hdpi-v4/toolbar_edit_compression.png 0x17637879
res/drawable/remote_button_background.xml 0x8492d5ea
res/drawable-hdpi-v4/popupbox_button_back_bg_click.9.png 0xbed7d397
res/drawable-hdpi-v4/popupbox_button_cancel_window_middle_click.9.png 0xc0e295fb
classes.dex 0xfc14bdb4
res/drawable-hdpi-v4/indicator_bg_top.xml 0xe0416b0b
res/drawable-hdpi-v4/popupbox_arrow_left.png 0x6c9e52b5
res/layout/recomm_item_detail.xml 0x6ae9f3a5
res/drawable-hdpi-v4/notification_extract.png 0x562a0c9f
res/drawable-hdpi-v4/sftp_folder.png 0x54a10376
res/drawable/audio_seekbar_thumb_selector.xml 0x3ce4860d
res/drawable-hdpi-v4/send_phone.png 0xa5ff614b
res/drawable/drag_action_zone4.xml 0x1928914e
res/drawable/main_addressbar_icon_bg_selector.xml 0x2fc51d44
res/drawable-hdpi-v4/notification_video.png 0x8bedf789
res/layout-hdpi-v4/custom_preference_screen.xml 0xef176627
res/drawable-xlarge-v4/sidebar_associate.png 0x2e759129
res/layout-hdpi-v4/popupwindowwitharrow.xml 0x7abb8ac6
res/drawable-hdpi-v4/folder_black.png 0xb8c10c85
res/drawable-hdpi-v4/sidebar_disk.png 0xe1bc14fd
res/drawable-hdpi-v4/toolbar_new.png 0xaf8199ea
res/drawable-xlarge-v4/format_html.png 0xc8271c62
res/drawable-hdpi-v4/networkdisk_box.png 0x17f0edb1
res/drawable-xlarge-v4/format_apk.png 0xbfe3f4a8
res/layout-hdpi-v4/theme_modify.xml 0xec79f2f7
res/drawable-hdpi-v4/disk_content_statistics_bg.9.png 0x5bcb6e42
res/drawable-hdpi-v4/logo_estrongs.png 0xb01c37e3
res/drawable-hdpi-v4/toolbar_select.png 0x6a74186e
res/drawable-xlarge-v4/folder_black.png 0xb8c10c85
res/drawable-hdpi-v4/tv_folder.png 0x3184448
res/drawable-hdpi-v4/toolbar_more_list_up.png 0xf87e691a
res/drawable-hdpi-v4/setting_button_bg.9.png 0x8f688658
res/drawable/progressbar_recomm.xml 0x3806544c
res/drawable-hdpi-v4/app_new_audio_ctrl_next.png 0x8e03dad3
res/drawable-hdpi-v4/task_item_pause.png 0x525cb49
res/drawable-xlarge-v4/sidebar_web_baidu.png 0xf12c733b
res/drawable-hdpi-v4/setting_icon_cleanup.png 0x31ebf15f
res/drawable/indicator_icon_web.xml 0x299c5edb
res/layout/custom_preference_widget_dialog.xml 0xd83b2868
res/drawable-hdpi-v4/setting_content_bg.9.png 0x86639912
res/layout/dialog_permission.xml 0x10f3c8f6
res/layout/search_category.xml 0xa74ab664
res/drawable-hdpi-v4/main_titlebar_book_selected.png 0x58cf0e18
res/layout/pcs_oauth.xml 0xfef6b034
res/drawable-hdpi-v4/format_apk.png 0xbfe3f4a8
res/drawable-xlarge-v4/main_titlebar_music.png 0x3297d3a7
res/drawable-hdpi-v4/toolbar_forward.png 0xbcdef6f9
res/drawable-hdpi-v4/music_play.png 0x887ff7e4
res/drawable-xlarge-v4/sidebar_disk.png 0xe1bc14fd
res/drawable-hdpi-v4/recommendation_content_button_download_bg.9.png 0xe6551de
res/drawable-hdpi-v4/toolbar_edit_rename.png 0x556e62ff
res/drawable-xlarge-v4/main_titlebar_device_selected.png 0x5d56fd56
resources.arsc 0x20c23be6
res/layout/clear_app_remnant_folders_item.xml 0x6082df63
res/raw/netdisk_gdrive 0x3558e45a
res/drawable-hdpi-v4/app_pic_net_people.png 0xdcb85469
res/drawable-hdpi-v4/logo_android_secure.png 0xbe6975d9
res/layout/grid_view_item_horizontal_details_item_medium.xml 0xfb566ba3
res/drawable-hdpi-v4/app_audio_album_default_icon.png 0x6e2ceb6a
res/drawable-hdpi-v4/main_content_icon_bg_click.9.png 0x44fd091
res/layout/window_history.xml 0x89ee3976
res/layout/item_gesture_manage.xml 0x23393a44
res/drawable-hdpi-v4/icon_app_appmanager.png 0xe5729647
res/drawable-hdpi-v4/history_local.png 0x80e4724b
res/drawable-hdpi-v4/toolbar_lockwindow.png 0x467297e0
res/drawable-hdpi-v4/crop_height.png 0xc12cfc65
res/layout/dialog_progress.xml 0x3fb6cf40
res/layout/pic_image.xml 0xf96dc52a
res/drawable-hdpi-v4/sidebar_storage.png 0x8dc66a31
res/drawable-hdpi-v4/esnet_create.png 0x93bbf49
res/drawable-hdpi-v4/toolbar_login.png 0xb357c081
res/drawable-hdpi-v4/clipboard_toolbar_icon_bg_clcik.9.png 0x6586f1db
res/drawable-hdpi-v4/main_content_checked.png 0x464dfec4
res/drawable-hdpi-v4/guideline_slide.png 0x1792c796
res/layout/diskusage_body_result.xml 0xae1e8e10
res/drawable-hdpi-v4/disk_analyse_content_right_bg01.9.png 0x6ebdbfa3
res/drawable-xlarge-v4/main_titlebar_picture.png 0xac340ddb
res/drawable-hdpi-v4/popupbox_button_action_bg.9.png 0xc70987c6
res/drawable-hdpi-v4/app_audio_notification_next.png 0x6b357610
res/layout/pcs_register_inner_view.xml 0x1bbc8932
res/raw/estool_x86 0x89ecf6a8
res/drawable-hdpi-v4/app_new_audio_ctrl_shuffle_sel.png 0xa8687319
res/drawable-hdpi-v4/main_bottom_shadow.png 0x18219afa
res/drawable-hdpi-v4/toolbar_history.png 0x266609c5
res/xml/pop_note_editor_preferences.xml 0xdedcc729
res/drawable-hdpi-v4/main_titlebar_download.png 0x56b9599b
res/drawable-xlarge-v4/main_titlebar_phone.png 0x7141d8ab
res/drawable-hdpi-v4/access_tab_up.png 0xac407dd9
res/layout/app_select_list_item.xml 0xb92d5a27
res/drawable-xlarge-v4/main_titlebar_device.png 0xf247439a
res/drawable-hdpi-v4/taskcenter_content_button_bg.9.png 0x457c210
res/layout/new_smb_server.xml 0xfac7001d
res/drawable-hdpi-v4/app_new_audio_ctrl_shuffle.png 0x9f829f5a
res/drawable-hdpi-v4/sidebar_clear.png 0x93b17a6f
res/layout/dialog_push_item.xml 0x7fa5337e
res/drawable-hdpi-v4/history_all.png 0xdfb03fbc
res/layout/associate_app_recommend_item.xml 0xd305ff4f
res/drawable-hdpi-v4/remote_icon_wifion.png 0x415251fe
res/layout/common_progress_panel.xml 0x6e888a17
res/drawable-hdpi-v4/app_audio_notification_close.png 0x934fbf1e
res/drawable-hdpi-v4/file_unlock.png 0x6184cba4
res/drawable-xlarge-v4/format_picture_broken.png 0x9e14582
assets/folder_app.zip 0x6096e7b2
res/drawable-xlarge-v4/main_titlebar_web_selected.png 0xbe6a912c
res/drawable-hdpi-v4/toolbar_setbg.png 0xcdfa1c5b
res/drawable-hdpi-v4/main_titlebar_tv.png 0x374aa75d
res/drawable-hdpi-v4/toolbar_edit_moveto.png 0x7b317a62
res/drawable-hdpi-v4/notification_backup.png 0x9cc7dcd
res/drawable-hdpi-v4/popupbox_content_bg.png 0xf1481935
res/drawable-hdpi-v4/home_sdcard.png 0xaa5a8995
res/drawable-hdpi-v4/sidebar_associate.png 0x2e759129
res/drawable/diskusage_round_square.xml 0xe5b1e06d
res/drawable-hdpi-v4/logo_pictures.png 0x3ea2701
res/raw/netdisk_s3 0xc01f6c8d
res/drawable/background_address_bar_right.xml 0x4e49b834
res/layout/app_permission_row.xml 0x25b6c6a7
res/drawable-hdpi-v4/ftp_ser_ind.png 0xc06153a9
res/drawable-hdpi-v4/gesture_button.png 0x222fa9a0
res/layout/grid_view_item.xml 0x604a34a2
res/layout-land-hdpi-v4/file_sharing.xml 0x11e4a6aa
res/xml/recycle_preference.xml 0x98525ddd
res/drawable-hdpi-v4/history_all_apk.png 0xe4065d36
res/drawable-hdpi-v4/remote_setting_icon.png 0x8c961e7b
res/drawable-hdpi-v4/switch_bg_holo_light.9.png 0xca54b884
res/layout/file_checksum.xml 0xe974e545
res/layout/content_web_view.xml 0x78f4d839
res/drawable-hdpi-v4/main_titlebar_music.png 0x3297d3a7
res/drawable-hdpi-v4/sd_operate_step.png 0xa74ea8ac
res/drawable-hdpi-v4/setting_icon_document.png 0x6d867a3
res/drawable-hdpi-v4/toolbar_chromecast.png 0xc860ec9b
res/drawable/background_globle_buttons.xml 0x9dd1f160
res/drawable-hdpi-v4/switch_thumb_holo_dark.9.png 0x8eab3b5d
res/drawable-hdpi-v4/sidebar_web_video.png 0xfc99fc98
res/drawable-hdpi-v4/toolbar_edit_done.png 0x23a7e2f6
res/layout/checkable_list_item.xml 0x325f0751
res/layout/grid_muti_window.xml 0x1865d784
res/layout/double_progress.xml 0x2fa24f41
res/drawable-hdpi-v4/sidebar_web_baidu.png 0xf12c733b
res/drawable/popupbox_button_copy_selector.xml 0x9107c94f
res/layout/task_item_copy.xml 0x69fc7580
res/layout/grid_view_item_horizontal_details_item_small.xml 0x77734ae0
res/drawable-xlarge-v4/main_titlebar_ftp_selected.png 0xc47de517
res/drawable-hdpi-v4/toolbar_redownload.png 0xfa1c048
res/drawable/btn_camera_arrow_right.xml 0x9f426b3c
res/drawable-hdpi-v4/sidebar_sdcard.png 0xafd90830
res/layout/recomm_list_item.xml 0x75102dbb
res/drawable-hdpi-v4/main_titlebar_phone.png 0x7141d8ab
res/drawable/audio_seekbar_progress.xml 0x59fa7f7f
res/drawable-hdpi-v4/pcs_drive_provisional.png 0xf4a99b8f
res/layout-xhdpi-v4/block_item_toolkit.xml 0xa892f33b
res/raw/netdisk_kuaipan 0xa6727f3d
res/layout/item_common_dialog_multi_choice.xml 0x4981fd34
res/drawable-hdpi-v4/home_progress_background.9.png 0xae84e7fb
res/drawable-hdpi-v4/toolbar_view_icon_m.png 0x982efb18
res/layout/wifi_ap_dialog.xml 0x518e7ca6
res/drawable-hdpi-v4/icon_flickr.png 0xf24c54c9
res/drawable-xlarge-v4/main_titlebar_disk_selected.png 0x9de61fa5
res/layout/custom_preference_category.xml 0x64f457c8
res/drawable-hdpi-v4/notification_compress.png 0x98eed3f
res/drawable-xlarge-v4/main_titlebar_media_selected.png 0x56132ef0
res/drawable/switch_track_holo_light.xml 0x10fc76e
res/drawable-xlarge-v4/sidebar_gesture.png 0x9697d540
res/drawable-hdpi-v4/app_pic_folder_bg.png 0x87e0de61
res/drawable-hdpi-v4/pcs_login_qq.png 0xf67f622c
res/drawable-hdpi-v4/toolbar_expansion.png 0x2156eb54
res/drawable-hdpi-v4/toolbar_local_play.png 0x97db6c6
res/layout/es_root_view.xml 0xf977d21f
res/drawable-hdpi-v4/content_button_bg.9.png 0x1710da21
res/drawable-xlarge-v4/format_lock.png 0xc6ddd982
res/drawable-hdpi-v4/toolbar_edit_privacy.png 0xa42fe21e
res/layout-land-hdpi-v4/window_history.xml 0x1b161b3e
res/layout/default_window_setting.xml 0xc1d2ffda
res/drawable-hdpi-v4/guideline_longpress.png 0xb680d38d
res/drawable-xlarge-v4/format_media.png 0xf7d944db
res/drawable-hdpi-v4/icon_app_imagebrowser.png 0x17a34089
res/drawable/home_button_dark_bg.xml 0xd4fad7e4
res/layout-land-hdpi-v4/drag_window_grid.xml 0x660f5815
res/layout/disk_simple_progress_dialog.xml 0xfe659110
res/drawable-hdpi-v4/setting_icon_privacy.png 0x9ac2e136
res/layout-xhdpi-v4/block_item_collection.xml 0xd5020245
res/layout-xlarge-v4/common_alert_dialog.xml 0x775d26d4
res/layout/dialog_new_gesture_page2.xml 0xe8d86d8a
res/drawable-hdpi-v4/logo_dcim.png 0x5e79c84e
res/drawable-hdpi-v4/toolbar_moveout.png 0x41611c05
res/drawable-xlarge-v4/main_titlebar_zip.png 0x20354374
res/layout-hdpi-v4/recomm.xml 0xedb5afb8
res/layout/archive_dialog.xml 0x1c6f99ea
res/drawable-hdpi-v4/history_other.png 0xf2dd2a00
res/xml/new_preference.xml 0x8152b6ff
res/drawable-hdpi-v4/networkdisk_gdrive.png 0x355d70de
res/drawable/indicator_icon_books.xml 0x61b1cbbf
res/drawable/popupbox_button_action_selector.xml 0x709900eb
res/drawable-hdpi-v4/app_new_audio_ctrl_repeat_sel_1.png 0xc0f398
res/layout-ldrtl/file_property.xml 0x214d7032
res/drawable-hdpi-v4/format_torrent.png 0x809145bf
res/drawable-hdpi-v4/setting_icon_help.png 0x1d0180cf
res/drawable/radio_button_drawable.xml 0x4a2a4dea
res/drawable-hdpi-v4/fex.png 0x71a309f8
res/drawable-hdpi-v4/theme_content_sp.9.png 0x8ed15590
res/drawable-xlarge-v4/sidebar_web_pic.png 0xd223b0e1
res/drawable-hdpi-v4/popupbox_radio_button_checked_disabled.png 0x2e99ab44
res/drawable-hdpi-v4/task_item_start.png 0xbfa3cd9
res/drawable/drag_action_zone2.xml 0xcd71902d
res/drawable/progress_drawable.xml 0xd3a05ced
res/layout/file_overwrite_option.xml 0x7fd3b742
res/drawable-hdpi-v4/taskcenter_content_delete_click.png 0x618532af
res/drawable-hdpi-v4/folder_associate.png 0xf9b33f
res/drawable-hdpi-v4/theme_content_bg_click.9.png 0x6586f1db
res/drawable-hdpi-v4/networkdisk_kanbox.png 0xc8cbd8a7
res/drawable-hdpi-v4/theme_setting.png 0x87fb6636
res/drawable-hdpi-v4/format_picture.png 0x3dab7a19
res/drawable-hdpi-v4/main_titlebar_playing_selected.png 0x4875cad4
res/drawable/seekbar_thumb_selector.xml 0xde76e79d
res/drawable-hdpi-v4/toolbar_edit_hidelist.png 0x967438e6
res/drawable-hdpi-v4/gesture_thumbnail_bg.9.png 0xa5bf17ed
res/layout/archive_extract_edit_dialog.xml 0xdb1a123
res/drawable-hdpi-v4/main_titlebar_web_selected.png 0xbe6