VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-07-15 18:53:09 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 2
avast 150725-1 4.7.4 2015-07-25 Found nothing 60
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
clamav 19861 0.97.5 2014-12-31 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
gdata 25.7374 25.7374 2016-07-14 Found nothing 9
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 43
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Found nothing 5
mcafee 7638 5400.1158 2014-11-30 Found nothing 60
nod32 0920 3.0.21 2014-12-23 Found nothing 60
panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
quickheal 14.00 14.00 2015-07-25 Found nothing 3
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 5
sophos 5.08 3.55.0 2014-12-01 Found nothing 60
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 8
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 3
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 15
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.EXPAND_STATUS_BAR 操控状态栏
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CALL_PHONE 拨打电话
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.READ_LOGS 读取系统日志
android.permission.INTERNET 连接网络(2G或3G)
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.VIBRATE 允许设备震动
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.CAMERA 访问照相机设备
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.MODIFY_PHONE_STATE 修改电话状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.PACKAGE_USAGE_STATS
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
android.permission.USE_FINGERPRINT
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:b47d13dcd45841e01668a324e8698cf6
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.sp.protector.free
最低运行环境:Android 2.3, 2.3.1, 2.3.2
版权:逆向爱好者
关键行为
VirSCANVirSCAN
行为描述: 在桌面创建快捷方式
详情信息: C:\Documents and Settings\Administrator\桌面\P2PSearcher.lnk
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 5355659, SleepMilliseconds = 50.
TickCount = 5355753, SleepMilliseconds = 50.
TickCount = 5355768, SleepMilliseconds = 50.
TickCount = 5355784, SleepMilliseconds = 50.
TickCount = 5355800, SleepMilliseconds = 50.
TickCount = 5355815, SleepMilliseconds = 50.
TickCount = 5356143, SleepMilliseconds = 50.
TickCount = 5356159, SleepMilliseconds = 50.
TickCount = 5356190, SleepMilliseconds = 50.
TickCount = 5356206, SleepMilliseconds = 50.
TickCount = 5356237, SleepMilliseconds = 50.
TickCount = 5356253, SleepMilliseconds = 50.
TickCount = 5356284, SleepMilliseconds = 50.
TickCount = 5356300, SleepMilliseconds = 50.
TickCount = 5356315, SleepMilliseconds = 50.
进程行为
VirSCANVirSCAN
行为描述: 在桌面创建快捷方式
详情信息: C:\Documents and Settings\Administrator\桌面\P2PSearcher.lnk
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 5355659, SleepMilliseconds = 50.
TickCount = 5355753, SleepMilliseconds = 50.
TickCount = 5355768, SleepMilliseconds = 50.
TickCount = 5355784, SleepMilliseconds = 50.
TickCount = 5355800, SleepMilliseconds = 50.
TickCount = 5355815, SleepMilliseconds = 50.
TickCount = 5356143, SleepMilliseconds = 50.
TickCount = 5356159, SleepMilliseconds = 50.
TickCount = 5356190, SleepMilliseconds = 50.
TickCount = 5356206, SleepMilliseconds = 50.
TickCount = 5356237, SleepMilliseconds = 50.
TickCount = 5356253, SleepMilliseconds = 50.
TickCount = 5356284, SleepMilliseconds = 50.
TickCount = 5356300, SleepMilliseconds = 50.
TickCount = 5356315, SleepMilliseconds = 50.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\SB360.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\p2psearcher_V6.4.8.exe
C:\Program Files\AppPatch\4.dll
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\4[1].dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Internet.dll
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\baidu_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\qq_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\GetVersion.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\FindProcDLL.dll
行为描述: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息: C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearcher.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearcher\P2PSearcher.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearcher\卸载P2PSearcher.lnk
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\SB360.exe
C:\Program Files\AppPatch\4.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\p2psearcher_V6.4.8.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Internet.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\GetVersion.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\FindProcDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Base64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\name2ip.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\InstallOptions.dll
C:\Program Files\P2PSearcher\Adbrier.dll
C:\Program Files\P2PSearcher\HttpRq.dll
C:\Program Files\P2PSearcher\P2PSearcher.exe
行为描述: 覆盖已有文件
详情信息: C:\Program Files\AppPatch\4.dll
行为描述: 查找文件
详情信息: FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SB360.exe
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
行为描述: 在桌面创建快捷方式
详情信息: C:\Documents and Settings\Administrator\桌面\P2PSearcher.lnk
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\4[1].dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\baidu_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\qq_com[1]
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\SB360.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\p2psearcher_V6.4.8.exe ---> Offset = 0
C:\Program Files\AppPatch\4.dll ---> Offset = 0
C:\Program Files\AppPatch\4.dll ---> Offset = 1024
C:\Program Files\AppPatch\4.dll ---> Offset = 2048
C:\Program Files\AppPatch\4.dll ---> Offset = 3072
C:\Program Files\AppPatch\4.dll ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Internet.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\GetVersion.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\FindProcDLL.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Base64.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\name2ip.dll ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://**.126.132.**:3895/4.dll, hInternet = 0x00cc0004, Flags = 0x80000000
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0008, Flags = 0x00000010
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x00000010
InternetConnectA: ServerName = **.126.132.**, PORT = 3895, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000000
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0008
InternetOpenA: UserAgent: Lobo Lunar, hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
行为描述: 建立到一个指定的套接字连接
详情信息: URL: wpad, IP: **.133.40.**:128, SOCKET = 0x0000054c
URL: , IP: **.126.132.**:3895, SOCKET = 0x00000540
URL: wpad, IP: **.133.40.**:128, SOCKET = 0x0000051c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000518
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000051c
URL: , IP: **.126.132.**:3895, SOCKET = 0x0000054c
URL: , IP: **.126.132.**:3895, SOCKET = 0x000005e4
行为描述: 读取网络文件
详情信息: hFile = 0x00cc0010, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
行为描述: 发送HTTP包
详情信息: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET /4.dll HTTP/1.1 User-Agent: Mozilla/4.0 (compatible) Host: **.126.132.**:3895 Cache-Control: no-cache
GET / HTTP/1.1 User-Agent: Lobo Lunar Host: ww****om
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: **.126.132.**:3895/4.dll, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x00000010
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: ww****om
gethostbyname: p2****cc
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\SB360\DEBUG\Trace Level
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\p2psearcher_V6.4.8\DEBUG\Trace Level
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\BuildTime
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\Contact
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\Copyright
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\DisplayNameEn
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\HelpLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\InstallDate
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\ProgramPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearcher\Publisher
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\SB360\DEBUG\Trace Level
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\p2psearcher_V6.4.8\DEBUG\Trace Level
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
P2PSearcherMutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABI
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Wait For Buffer Return
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.ABI.IC
EventName = MSCTF.SendReceiveConection.Event.ABI.IC
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 窗口信息
详情信息: Pid = 2060, Hwnd=0xb0370, Text = 下一步(&N) >, ClassName = Button.
Pid = 2060, Hwnd=0x1802f8, Text = 取消(&C), ClassName = Button.
Pid = 2060, Hwnd=0xb0372, Text = http://www.p2psearcher.com , ClassName = Static.
Pid = 2060, Hwnd=0x110306, Text = http://www.p2psearcher.com, ClassName = Static.
Pid = 2060, Hwnd=0xc0336, Text = 欢迎使用“P2PSearcher 6.4.8”安装向导, ClassName = Static.
Pid = 2060, Hwnd=0xa0366, Text = 这个向导将指引你完成“P2PSearcher 6.4.8”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定, ClassName = Static.
Pid = 2060, Hwnd=0x7038e, Text = P2PSearcher 6.4.8 安装, ClassName = #32770.
Pid = 2060, Hwnd=0x10030a, Text = < 上一步(&P), ClassName = Button.
Pid = 2060, Hwnd=0xb0370, Text = 我接受(&I), ClassName = Button.
Pid = 2060, Hwnd=0x8036a, Text = 许可证协议, ClassName = Static.
Pid = 2060, Hwnd=0x303c6, Text = 在安装“P2PSearcher 6.4.8”之前,请阅读授权协议。, ClassName = Static.
Pid = 2060, Hwnd=0xd0336, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 2060, Hwnd=0xa0332, Text = 如果你接受协议中的条款,单击 [我接受(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须接受协议才能安装“P2PSearcher 6.4., ClassName = Static.
Pid = 2060, Hwnd=0xb0370, Text = 安装(&I), ClassName = Button.
Pid = 2060, Hwnd=0x8036a, Text = 选择安装位置, ClassName = Static.
行为描述: 获取TickCount值
详情信息: TickCount = 5355659, SleepMilliseconds = 50.
TickCount = 5355753, SleepMilliseconds = 50.
TickCount = 5355768, SleepMilliseconds = 50.
TickCount = 5355784, SleepMilliseconds = 50.
TickCount = 5355800, SleepMilliseconds = 50.
TickCount = 5355815, SleepMilliseconds = 50.
TickCount = 5356143, SleepMilliseconds = 50.
TickCount = 5356159, SleepMilliseconds = 50.
TickCount = 5356190, SleepMilliseconds = 50.
TickCount = 5356206, SleepMilliseconds = 50.
TickCount = 5356237, SleepMilliseconds = 50.
TickCount = 5356253, SleepMilliseconds = 50.
TickCount = 5356284, SleepMilliseconds = 50.
TickCount = 5356300, SleepMilliseconds = 50.
TickCount = 5356315, SleepMilliseconds = 50.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceive.Event.ELH.IC
MSCTF.SendReceiveConection.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\SB360.exe(签名验证: 未通过)
C:\Program Files\AppPatch\4.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\p2psearcher_V6.4.8.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Internet.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\GetVersion.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\FindProcDLL.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Base64.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\name2ip.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\InstallOptions.dll(签名验证: 未通过)
C:\Program Files\P2PSearcher\Adbrier.dll(签名验证: 未通过)
C:\Program Files\P2PSearcher\HttpRq.dll(签名验证: 未通过)
C:\Program Files\P2PSearcher\P2PSearcher.exe(签名验证: 未通过)
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,Button]
[Window,Class] = [http://www.p2psearcher.com,Static]
[Window,Class] = [http://www.p2psearcher.com ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr ---> 97c8fe752e354b2945e4c593a87e4a8b
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne ---> d63851f89c7ad4615565ca300e8b8e27
C:\Documents and Settings\Administrator\Local Settings\Temp\SB360.exe ---> 744debcad99d756ee9cd8b03f104abfb
C:\Program Files\AppPatch\4.dll ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Local Settings\Temp\p2psearcher_V6.4.8.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Internet.dll ---> 78d026611a970fe14e983a6b9490ea34
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\System.dll ---> 81e29fbf2f99af17102b9415d33a8ddd
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\GetVersion.dll ---> 2e2412281a205ed8d53aafb3ef770a2d
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\FindProcDLL.dll ---> 8614c450637267afacad1645e23ba24a
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\Base64.dll ---> e334bd0d16c61163ef10ea0dc603ddc1
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\name2ip.dll ---> ba008d1d7c4632e08b265bb939630ae2
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4D.tmp\InstallOptions.dll ---> b9e864392f2e4f314cea06bd394ecf16
C:\Program Files\P2PSearcher\Adbrier.dll ---> 5c6859c7e0b1d01a78105132ab98bb4d
C:\Program Files\P2PSearcher\HttpRq.dll ---> 2b5bbc011f7dbcc38dbe14d502c5ef37
C:\Program Files\P2PSearcher\P2PSearcher.exe ---> 2669cf037b94adcfb35a194ab5798715
行为描述: 打开互斥体
详情信息: ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
行为描述: 加载新释放的文件
详情信息: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4D.tmp\Internet.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4D.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4D.tmp\GetVersion.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4D.tmp\FindProcDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4D.tmp\Base64.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4D.tmp\name2ip.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4D.tmp\InstallOptions.dll.
Activities
VirSCANVirSCAN
活动名 类型
.StartActivity android.intent.action.MAIN
.StartActivity android.intent.category.LAUNCHER
.LockOnOffWidgetConfiguratonActivity android.appwidget.action.APPWIDGET_CONFIGURE
.SAProtectorHomeActivity android.intent.action.MAIN
.SAProtectorHomeActivity android.intent.category.HOME
.SAProtectorHomeActivity android.intent.category.DEFAULT
.ShortcutLockOnOffActivity android.intent.action.CREATE_SHORTCUT
启动方式
VirSCANVirSCAN
名称 信息
com.sp.protector.free.receiver.BootReceiver 开机启动服务
com.sp.protector.free.receiver.BootReceiver
com.sp.protector.free.receiver.BootReceiver
com.sp.protector.free.receiver.BootReceiver2 开机启动服务
com.sp.protector.free.receiver.BootReceiver2
com.sp.protector.free.receiver.BootReceiver3 开机启动服务
com.sp.protector.free.receiver.BootReceiver3
com.sp.protector.free.receiver.ServiceRestartingReceiver
com.sp.protector.free.receiver.ServiceRestartingReceiver 屏幕解锁启动服务
com.sp.protector.free.receiver.ProtectorWidget 更新应用小部件时启动服务
com.sp.protector.free.receiver.ProtectorRunningWidget 更新应用小部件时启动服务
com.sp.protector.free.receiver.SMSReceiver 监控短信(收到短信)启动服务
com.sp.protector.free.receiver.OutgoingCallsReceiver
com.sp.protector.free.receiver.ProtectorWidgetApps 更新应用小部件时启动服务
com.sp.protector.free.receiver.ProtectorDeviceAdminReceiver
com.sp.protector.free.receiver.PackageAddedReceiver 应用安装时启动服务
com.sp.protector.free.receiver.ProtectorWidgetProfile 更新应用小部件时启动服务
com.sp.protector.free.receiver.PackageReceiver
com.sp.protector.free.receiver.PackageReceiver
com.inmobi.commons.core.utilities.uid.ImIdShareBroadCastReceiver
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.EXPAND_STATUS_BAR 操控状态栏
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CALL_PHONE 拨打电话
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.READ_LOGS 读取系统日志
android.permission.INTERNET 连接网络(2G或3G)
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.VIBRATE 允许设备震动
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.CAMERA 访问照相机设备
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.MODIFY_PHONE_STATE 修改电话状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.PACKAGE_USAGE_STATS
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
android.permission.USE_FINGERPRINT
服务列表
VirSCANVirSCAN
名称
com.sp.protector.free.engine.SAPService
com.sp.protector.free.engine.SAPServiceRemote
com.sp.protector.free.engine.SAPServiceTemp
com.sp.protector.free.engine.SAPLockScreenService
com.sp.protector.free.engine.AppChangeDetectingAccessibilityService
com.sp.protector.free.PurchaseCheckService
Providers
VirSCANVirSCAN
名称 信息
com.sp.protector.free.engine.SAPService
com.sp.protector.free.engine.SAPServiceRemote
com.sp.protector.free.engine.SAPServiceTemp
com.sp.protector.free.engine.SAPLockScreenService
com.sp.protector.free.engine.AppChangeDetectingAccessibilityService
com.sp.protector.free.PurchaseCheckService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x195b3f99
META-INF/JessicaAlba.SF 0x3e80a3f2
META-INF/JessicaAlba.RSA 0x306ed217
AndroidManifest.xml 0xfd51401e
aliprotect.dat 0x8e67a2e6
assets/Roboto-Thin.ttf 0x39af9e11
assets/alarm.mp3 0xcd724bc4
classes.dex 0x86e93e22
com/sun/mail/dsn/mailcap 0x7605dc17
dsn.mf 0x1e4e9355
j/a/a.xml 0x6f345c4c
j/a/b.xml 0x5ca071f5
j/a/c.xml 0x8a06589b
j/a/d.xml 0xee6bf3e6
j/a/e.xml 0xfce82877
j/a/f.xml 0xf274ddd0
j/a/g.xml 0x822525e5
j/a/h.xml 0xadf666d7
j/a/i.xml 0x970d083c
j/b/a.xml 0x189c2dc0
j/b/a0.xml 0x63b2b5dd
j/b/b.xml 0x5775b8b0
j/b/c.xml 0xf8f27b5b
j/b/d.xml 0x85f9b2cf
j/b/e.xml 0xdbb6cfe8
j/b/f.xml 0xdbb6cfe8
j/b/g.xml 0xdbb6cfe8
j/b/h.xml 0xdbb6cfe8
j/b/i.xml 0x33471bb9
j/b/j.xml 0x917ae6ed
j/b/k.xml 0xb66d8243
j/b/l.xml 0xcb0a2ad0
j/b/m.xml 0x34fe4e41
j/b/n.xml 0xac679a76
j/b/o.xml 0x1bfe3fe9
j/b/p.xml 0xc4dc3ace
j/b/q.xml 0x3d7352ec
j/b/r.xml 0x4a7dc296
j/b/s.xml 0xe1ee18b8
j/b/t.xml 0xb8634d85
j/b/u.xml 0xa54c56bd
j/b/v.xml 0xda3f1e42
j/b/w.xml 0xc50c8409
j/b/x.xml 0xcc4238c
j/b/y.xml 0xf1f90e45
j/b/z.xml 0x2b60085d
j/c/a3.png 0x8a40390
j/c/a4.png 0xdf8bbb88
j/c/a5.png 0x324b4652
j/c/a6.png 0xe88bb228
j/c/a7.png 0x70803d5b
j/c/a8.png 0x4363a1c8
j/c/a9.png 0x4335bdcf
j/c/a_.9.png 0x8f65d9e2
j/c/aa.9.png 0x9f5ee0e9
j/c/ab.9.png 0xeaba307c
j/c/ac.png 0x9a65b6a4
j/c/ad.png 0xe8e24f91
j/c/ae.jpg 0xb2878f0d
j/c/af.jpg 0xd3431b26
j/c/ag.png 0xfd7d56a2
j/c/ah.png 0xe37dc14c
j/c/ai.png 0xce861103
j/c/aj.jpg 0xa26d4e39
j/c/ak.jpg 0x4d2d159
j/c/al.9.png 0xc7822cc3
j/c/am.png 0x60fb9a89
j/c/an.png 0x3a207023
j/c/ao.png 0xd7e22640
j/c/ap.png 0xe255aa27
j/c/aq.png 0xa954a22b
j/c/ar.png 0xde98689b
j/c/as.png 0x3a4b4477
j/c/at.png 0xa6a7aba0
j/c/au.png 0xa6a7aba0
j/c/av.png 0xb2a5a5cc
j/c/aw.png 0xf5fd0604
j/c/ax.png 0x3391ad2b
j/c/ay.png 0x28d6ff8
j/c/az.png 0x26fd8955
j/c/b0.png 0x9eafd4b2
j/c/b1.png 0x1e6e5e66
j/c/b2.png 0xadb7017a
j/c/b3.png 0xe30d0632
j/c/b4.png 0x7747df8
j/c/b5.png 0xa3cae92
j/c/b6.png 0x1723ea2f
j/c/b7.png 0x8603cd27
j/c/b8.png 0xf8d5655
j/c/b9.png 0xc0f5d17
j/c/b_.png 0xc7722619
j/c/ba.png 0x99ff00cd
j/c/bb.png 0xa82efdc2
j/c/bc.png 0xe58d0585
j/c/bd.png 0x4939aa63
j/c/be.png 0xbb557627
j/c/bf.png 0x5b3dead0
j/c/bg.png 0x1f9e825b
j/c/bh.png 0x48e3a518
j/c/bi.png 0xddd5c073
j/c/bj.png 0x4f5437b2
j/c/bk.png 0xcfa63d2e
j/c/bl.png 0x7e42a8d9
j/c/bm.png 0xa606de99
j/c/bn.png 0x31f170a
j/c/bo.png 0xddb90824
j/c/bp.png 0x6ad7a790
j/c/bq.png 0x3d33c4b
j/c/br.png 0x68cc20f7
j/c/bs.png 0x853d7b8d
j/c/bt.jpg 0x11fcad0f
j/c/bu.png 0x3ab8530f
j/c/bv.png 0xc7ade417
j/c/bw.png 0x5000e0a1
j/c/bx.png 0xfcfb5952
j/c/by.png 0xd79998ac
j/c/bz.png 0xe88bb228
j/c/c0.png 0x524d46bb
j/c/c1.png 0xe215dcd
j/c/c2.png 0x4650a269
j/c/c3.png 0x1281e630
j/c/c4.png 0xb29b4854
j/c/c5.png 0xacfd4b6f
j/c/c6.png 0xbec27a93
j/c/c7.png 0x9cce6219
j/c/c8.png 0x3509b7a9
j/c/c9.png 0x8887aae0
j/c/c_.png 0x41681ca9
j/c/ca.png 0xb8aabbbf
j/c/cb.png 0x338957
j/c/cc.png 0x4e9eb3c0
j/c/cd.png 0x442fe8e1
j/c/ce.png 0x4a6f1057
j/c/cf.png 0xbeefaac3
j/c/cg.png 0xdb14d025
j/c/ch.png 0xf4b1db15
j/c/ci.png 0xa524b3f3
j/c/cj.png 0x10336e71
j/c/ck.png 0x42f1fa54
j/c/cl.png 0xe17367bb
j/c/cm.png 0x38450bfd
j/c/cn.png 0x4da5f279
j/c/co.png 0xc43dbdeb
j/c/cp.png 0x66fe7e1a
j/c/cq.png 0x8ff38274
j/c/cr.png 0x263a7762
j/c/cs.png 0x263a7762
j/c/ct.9.png 0xdeed6c12
j/c/cu.png 0x5b5fca2a
j/c/cv.png 0x4109beda
j/c/cw.png 0xb7eccd39
j/d/b.xml 0x4280fdaa
j/e/a1.xml 0xcbc8a81e
j/e/a2.xml 0x56fd0f49
j/e/b.xml 0xe80b3e2f
j/e/c.xml 0x350ac982
j/e/e.xml 0x8e44ec82
j/e/f.xml 0x815291ec
j/e/g.xml 0xe80b3e2f
j/e/h.xml 0xec1b5ed7
j/e/j.xml 0x8f9f36d3
j/f/a6.png 0xa4addb1d
j/f/a9.png 0x584d5a55
j/f/ap.png 0xe255aa27
j/f/aq.png 0xa954a22b
j/f/b3.png 0xe30d0632
j/f/bz.png 0xa4addb1d
j/f/c0.png 0xbc58175f
j/f/c3.png 0xb05e03b8
j/f/c4.png 0xc3625503
j/f/c7.png 0xcb790d00
j/f/c8.png 0x2c7e078e
j/f/cx.png 0xeaeb4a8
j/f/cy.png 0xeaeb4a8
j/f/cz.png 0x15e8b3dd
j/f/d0.png 0x15e8b3dd
j/f/d1.png 0x967c80e9
j/f/d2.png 0x4aa188f2
j/f/d3.png 0xb914ab35
j/f/d4.png 0x663dd773
j/f/d5.png 0xb6b76e08
j/f/d6.png 0xd9ae8761
j/f/d7.png 0x1349e880
j/f/d8.png 0x9cef9563
j/f/d9.png 0x53f5ce6
j/f/d_.png 0x320ce9c
j/f/da.png 0xca2dd339
j/f/db.png 0x6f8d148
j/f/dc.png 0xa2e31ae6
j/f/dd.png 0xe9ab05ea
j/f/de.png 0x8936fe30
j/f/df.png 0x6cf95a7b
j/f/dg.png 0xd48160c1
j/f/dh.png 0xacbf1d2c
j/f/di.png 0x301cd450
j/f/dj.png 0x849c0c83
j/f/dk.png 0xc71094f6
j/f/dl.png 0xc45c615d
j/f/dm.png 0x150155e0
j/f/dn.png 0x77f21f99
j/f/do.png 0x2c20b8fe
j/f/dp.png 0xa7e40c64
j/f/dq.png 0xcf9e1b14
j/f/dr.png 0xc4861406
j/f/ds.png 0x416678d2
j/f/dt.png 0x5076da0e
j/f/du.png 0xd074d565
j/f/dv.png 0x9862a2ba
j/f/dw.png 0xa30f8a44
j/f/dx.png 0x60dfef76
j/f/dy.png 0xadde2760
j/f/dz.png 0x82ea2436
j/f/e0.png 0xfd6a6f
j/f/e1.png 0xc468be5a
j/f/e2.png 0x616611fd
j/f/e3.png 0xe7709b5e
j/f/e4.png 0x9074bd60
j/f/e5.png 0x5f0d3b39
j/f/e6.png 0x3427f638
j/f/e7.png 0x103213
j/f/e8.png 0xf3477e75
j/f/e9.9.png 0x735a466c
j/f/e_.9.png 0x658e1a42
j/f/ea.9.png 0x78ad230c
j/f/eb.9.png 0x67264a44
j/f/ec.png 0x767c1fea
j/f/ed.png 0x72b10371
j/f/ee.png 0xe2b9c683
j/g/a.xml 0x7dc22ebe
j/g/a0.xml 0xdd6d5d57
j/g/a1.xml 0x599ccf8d
j/g/a2.xml 0xbae24be6
j/g/a3.xml 0xac61cefd
j/g/a4.xml 0x27b975b0
j/g/a5.xml 0xf06a5282
j/g/a6.xml 0x32b89c63
j/g/a7.xml 0x2e32f913
j/g/a8.xml 0x74da88c6
j/g/a9.xml 0xeacc4e17
j/g/a_.xml 0x4210d1b5
j/g/aa.xml 0xa1716090
j/g/ab.xml 0xfc0748c8
j/g/ac.xml 0x2a152dbf
j/g/ad.xml 0x45efe3dd
j/g/ae.xml 0xf05d0e22
j/g/af.xml 0xd4bad429
j/g/ag.xml 0x64d0409e
j/g/ah.xml 0x8f82d1c3
j/g/ai.xml 0xa39066bd
j/g/aj.xml 0xa2d23553
j/g/ak.xml 0xbadbaf8c
j/g/al.xml 0x4e9e07c5
j/g/am.xml 0x842a693a
j/g/an.xml 0xecdcbcfe
j/g/ao.xml 0x9a38226c
j/g/ap.xml 0x535eae6f
j/g/aq.xml 0x457c26a4
j/g/ar.xml 0x316ae191
j/g/as.xml 0xaf3ff8c0
j/g/at.xml 0xfad9ece4
j/g/au.xml 0x45c5b077
j/g/av.xml 0xa6d21b76
j/g/aw.xml 0x786ffaab
j/g/ax.xml 0x5a2bded5
j/g/ay.xml 0x7ec30c85
j/g/az.xml 0xaf78ba75
j/g/b.xml 0xebe1663b
j/g/b0.xml 0x51645058
j/g/b1.xml 0x97cb0d99
j/g/b2.xml 0x6869c49e
j/g/b3.xml 0xc2cae4ed
j/g/b4.xml 0xa95b6a73
j/g/b5.xml 0xa8976933
j/g/b6.xml 0xce6567d8
j/g/b7.xml 0x41c03230
j/g/b8.xml 0x23062494
j/g/b9.xml 0x12b30b6c
j/g/b_.xml 0xa825cba1
j/g/ba.xml 0x71fad3aa
j/g/bb.xml 0xcc7f86af
j/g/bc.xml 0x1b39de5b
j/g/bd.xml 0x62fc1f5d
j/g/be.xml 0xecdc1fef
j/g/bf.xml 0xc62e8438
j/g/bg.xml 0x1c9ce920
j/g/bh.xml 0xa6b40cb4
j/g/bi.xml 0x9359757b
j/g/bj.xml 0x9e0d0f8b
j/g/bk.xml 0x631279a6
j/g/bl.xml 0xd507f11b
j/g/bm.xml 0x52187919
j/g/bn.xml 0x788162c9
j/g/bo.xml 0x48ffd3c1
j/g/bp.xml 0xa787ef0b
j/g/c.xml 0xa2d98c8a
j/g/d.xml 0x3232ba94
j/g/e.xml 0x3198c50
j/g/f.xml 0x5955737f
j/g/g.xml 0xec3a9c08
j/g/h.xml 0x362fa2fc
j/g/i.xml 0x5d0c3ab9
j/g/j.xml 0x5ebe929d
j/g/k.xml 0xa7a51072
j/g/l.xml 0xee1a59c1
j/g/m.xml 0xb9b47e2f
j/g/n.xml 0xef0f1e7d
j/g/o.xml 0x6efe68ba
j/g/p.xml 0xdbdab1d9
j/g/q.xml 0x70c30c6
j/g/r.xml 0xb8a53196
j/g/s.xml 0x8e8fa5a0
j/g/t.xml 0x75ea724
j/g/u.xml 0x68da965f
j/g/v.xml 0x51aa01dd
j/g/w.xml 0xaaf6f9dd
j/g/x.xml 0xe6897c4c
j/g/y.xml 0x502187e7
j/g/z.xml 0xe7de1d59
j/h/y.xml 0x919bed91
j/i/y.xml 0xee96b509
j/j/aq.xml 0x53068af3
j/j/ar.xml 0xeef5926b
j/j/y.xml 0x52910d1d
j/k/ao.xml 0x39ebc0c7
j/l/b0.xml 0xd921db8b
j/l/b1.xml 0x58c4333f
j/m/a4.xml 0xa2e13e27
j/m/a9.xml 0x1b8aa26c
j/m/bb.xml 0xdc6f5c11
j/m/bi.xml 0xad29ae8d
j/n/a.xml 0x3e0d387
j/n/b.xml 0x4262a2f7
j/n/c.xml 0xd8bb1135
j/o/b.xml 0x6bda40fc
j/p/a.xml 0x58615d82
j/p/b.xml 0xdbe614a5
j/p/c.xml 0x5174a133
j/p/d.xml 0x38c6021e
j/p/e.xml 0xcf94b41f
j/p/f.xml 0x417b9ce7
j/p/g.xml 0x5677ee3d
j/p/h.xml 0xc1821f30
j/p/i.xml 0x10a00e1d
j/p/j.xml 0x99829154
j/p/k.xml 0xdbcdc870
j/p/l.xml 0x4ea526df
j/p/m.xml 0xf7bec7ac
j/p/n.xml 0x19fbc45a
j/p/o.xml 0x70373857
j/q/a.xml 0xa662a3b6
javamail.charset.map 0xad0dfcee
javamail.default.address.map 0xf20496b
javamail.default.providers 0x45ea1b21
javamail.imap.provider 0x8934555a
javamail.pop3.provider 0xa23c9bc
javamail.smtp.address.map 0xf20496b
javamail.smtp.provider 0x990c469d
lib/armeabi/libmobisec.so 0x5f607fc8
lib/armeabi/libmobisecy1.so 0xc9182ef9
lib/armeabi/libmobisecz1.so 0x66e7c9d4
lib/armeabi/libsapdata.so 0xab888161
lib/x86/libmobisecx.so 0xd2af8838
lib/x86/libsapdata.so 0x5a32f856
mailcap 0xd7759e43
mailcap.default 0x6f616b6
mimetypes.default 0x97dd5cdb
org/apache/harmony/awt/internal/nls/messages.properties 0x5f88eb12
resources.arsc 0x7b029e8f
运行截图
VirSCANVirSCAN
VirSCAN