VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-07-07 08:45:31 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 7
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 10
avast 150725-1 4.7.4 2015-07-25 Found nothing 60
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 2
baidusd 1.0 1.0 2014-04-02 Found nothing 11
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
clamav 19861 0.97.5 2014-12-31 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
gdata 25.7261 25.7261 2016-07-07 Found nothing 26
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Found nothing 26
mcafee 7638 5400.1158 2014-11-30 Found nothing 60
nod32 0920 3.0.21 2014-12-23 Found nothing 60
panda 9.05.01 9.05.01 2015-07-26 Found nothing 11
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
quickheal 14.00 14.00 2015-07-25 Found nothing 11
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 50
sophos 5.08 3.55.0 2014-12-01 Found nothing 60
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 26
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 27
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 53
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:8cc4bad9bec8082f861c5e03241adc5c
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:net.yoers.android.bible
最低运行环境:Android 2.3.3, 2.3.4
版权:yoers
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 获取TickCount值
详情信息: TickCount = 5353140, SleepMilliseconds = 2000.
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 获取TickCount值
详情信息: TickCount = 5353140, SleepMilliseconds = 2000.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\996E.txt
C:\Documents and Settings\Administrator\Application Data\Microsoft\WindowsUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9EBB48F2-43AC-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCF6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9EBB48F3-43AC-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3E29.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A2A9694E-43AC-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF60AF.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A9ACB404-43AC-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF95B4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\cracer_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\WindowsUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe
FileName = c:\windows
FileName = c:\windows\system32
FileName = c:\windows\system32\notepad.exe
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\notepad.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\996E.txt
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\www.cracer.com
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCF6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3E29.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF60AF.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF95B4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\cracer_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe ---> Offset = 5120
C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe ---> Offset = 10240
C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe ---> Offset = 15360
C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe ---> Offset = 20480
C:\Documents and Settings\Administrator\Local Settings\Temp\996E.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\WindowsUpdate.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9EBB48F2-43AC-11E6-91BE-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9EBB48F2-43AC-11E6-91BE-7B****28}.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCF6.tmp ---> Offset = 16383
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCF6.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9EBB48F2-43AC-11E6-91BE-7B****28}.dat ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9EBB48F2-43AC-11E6-91BE-7B****28}.dat ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9EBB48F3-43AC-11E6-91BE-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9EBB48F3-43AC-11E6-91BE-7B****28}.dat ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0004, Flags = 0x80000010
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://ww****om/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 打开指定IE网页
详情信息: ww****om
http://ww****om/
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000010
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
行为描述: 建立到一个指定的套接字连接
详情信息: URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000004c4
URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000004c8
URL: wpad, IP: **.133.40.**:128, SOCKET = 0x0000053c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000548
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000057c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000005f0
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x0000060c
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
行为描述: 发送HTTP包
详情信息: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128 Cache-Control: no-cache
GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: ww****om Connection: Keep-Alive
GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000010
HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: ww****om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=vdvedm4wokgybx688pukbw%3d%3d&msurs-patented-lock=wp4dzauh93g%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: ww****om
GetAddrInfoW: ur****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{9EBB48F2-43AC-11E6-91BE-7B****28}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{A2A9694E-43AC-11E6-91BE-7B****28}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\!BrowserEmulation!SharedMemory!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
ConnHashTable<1388>_HashTable_Mutex
MSCTF.Shared.MUTEX.MLH
Local\ZonesCounterMutex
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [Windows Internet Explorer,IEFrame]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [IEFrame,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Isolation Signal Registry Event (9EBB48EF-43AC-11E6-91BE-7B****28, 0)
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Isolation Signal Registry Event (9EBB48F0-43AC-11E6-91BE-7B****28, 0)
IE_EarlyTabStart_0x710
_fCanRegisterWithShellService
MSFT.VSA.COM.DISABLE.1388
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
行为描述: 获取TickCount值
详情信息: TickCount = 5353140, SleepMilliseconds = 2000.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 444, Hwnd=0xa02da, Text = C:\Documents and Settings\Administrator\Application Data\Microsoft\WindowsUpdate.exe, ClassName = ConsoleWindowClass.
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\Microsoft\WindowsUpdate.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 2000.
行为描述: 创建事件对象
详情信息: EventName = Isolation Signal Registry Event (9EBB48EF-43AC-11E6-91BE-7B****28, 0)
EventName = IE_EarlyTabStart_0x710
EventName = Isolation Signal Registry Event (9EBB48F0-43AC-11E6-91BE-7B****28, 0)
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = Local\IEDDEExecuteEvent
EventName = MSCTF.SendReceive.Event.MLH.IC
EventName = MSCTF.SendReceiveConection.Event.MLH.IC
EventName = Isolation Signal Registry Event (A2A9694B-43AC-11E6-91BE-7B****28, 0)
EventName = IE_EarlyTabStart_0x868
EventName = Local\RSS Eventing Event Event 0000056c
EventName = Isolation Signal Registry Event (A2A9694C-43AC-11E6-91BE-7B****28, 0)
EventName = MSCTF.SendReceive.Event.ABH.IC
EventName = MSCTF.SendReceiveConection.Event.ABH.IC
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\519fff.exe ---> 6dffe1144410a89a5786d33c93590120
C:\Documents and Settings\Administrator\Application Data\Microsoft\WindowsUpdate.exe ---> f3c607a55d44e666d22e23b073fe7d70
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
行为描述: 打开互斥体
详情信息: ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!BrowserEmulation!SharedMemory!Mutex
RasPbFile
CtfmonInstMutexDefaultS-*
Local\RSS Eventing Connection Database Mutex 0000056c
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
Local\RSS Eventing Connection Database Mutex 00000860
Activities
VirSCANVirSCAN
活动名 类型
net.yoers.android.bible.MainFragmentActivity android.intent.action.MAIN
net.yoers.android.bible.MainFragmentActivity android.intent.category.DEFAULT
net.yoers.android.bible.MainFragmentActivity android.intent.category.LAUNCHER
net.yoers.android.bible.PostToFacebook android.intent.action.SEND
net.yoers.android.bible.PostToFacebook android.intent.category.DEFAULT
危险函数
VirSCANVirSCAN
函数名称 信息
java/net/URL;->openConnection 连接URL
ContentResolver;->query 读取联系人、短信等数据库
java/net/HttpURLConnection;->connect 连接URL
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
Providers
VirSCANVirSCAN
名称 信息
文件列表
VirSCANVirSCAN
文件名 校验码
assets/kj/1.txt 0x6c693b54
assets/kj/10.txt 0x37825829
assets/kj/100.txt 0xb36d2ec9
assets/kj/101.txt 0x99acb2f2
assets/kj/102.txt 0x88ac426e
assets/kj/103.txt 0xc769dff4
assets/kj/104.txt 0x3233ef1e
assets/kj/105.txt 0x9cc2c9ec
assets/kj/106.txt 0x4af48a31
assets/kj/107.txt 0x3501481d
assets/kj/108.txt 0x4e56da79
assets/kj/109.txt 0xc6c90cf
assets/kj/11.txt 0xc9588a6a
assets/kj/110.txt 0xd29dc3c4
assets/kj/111.txt 0xd587260c
assets/kj/112.txt 0xbeecb940
assets/kj/113.txt 0x9eb56b7
assets/kj/114.txt 0xad10f04f
assets/kj/115.txt 0x87f56222
assets/kj/116.txt 0x85ea8a1b
assets/kj/117.txt 0x56c56130
assets/kj/118.txt 0xc4d09765
assets/kj/119.txt 0xd084b87a
assets/kj/12.txt 0x212c1775
assets/kj/120.txt 0x4ddcd046
assets/kj/121.txt 0xa8c3c48
assets/kj/122.txt 0xd310f066
assets/kj/123.txt 0xf746844e
assets/kj/124.txt 0x1453da6e
assets/kj/125.txt 0x7adbf2aa
assets/kj/126.txt 0xd25b35e9
assets/kj/127.txt 0xce68fe61
assets/kj/128.txt 0x216a089b
assets/kj/129.txt 0xc9ab189b
assets/kj/13.txt 0x313d9bcc
assets/kj/130.txt 0xdd5ba55
assets/kj/131.txt 0x7f6000c2
assets/kj/132.txt 0x9c964359
assets/kj/133.txt 0xfcf91107
assets/kj/134.txt 0x61beddb2
assets/kj/135.txt 0x9006becd
assets/kj/136.txt 0xe088553f
assets/kj/137.txt 0x9799ee7d
assets/kj/138.txt 0xdf23b3f
assets/kj/139.txt 0xca4a3396
assets/kj/14.txt 0xbffd2e97
assets/kj/140.txt 0x8804c920
assets/kj/141.txt 0x9a630608
assets/kj/142.txt 0x6624e71e
assets/kj/143.txt 0x5a4536d3
assets/kj/144a.txt 0xfbdfe190
assets/kj/144b.txt 0x5bd13266
assets/kj/145.txt 0xf564dd1e
assets/kj/146a.txt 0x6a52d3b5
assets/kj/146b.txt 0x62e6bf27
assets/kj/147.txt 0x8eb7be2a
assets/kj/148.txt 0x3cf9db56
assets/kj/149.txt 0xb9eb45ae
assets/kj/15.txt 0xcd70147e
assets/kj/150.txt 0xbf93df04
assets/kj/151.txt 0xf2b2137a
assets/kj/152.txt 0x5532886a
assets/kj/153.txt 0xdcb9f27f
assets/kj/154.txt 0xe90988c0
assets/kj/155.txt 0x13332f65
assets/kj/156.txt 0xf695eb35
assets/kj/157.txt 0x63aa237e
assets/kj/158.txt 0xfde09c71
assets/kj/159.txt 0x679fb687
assets/kj/16.txt 0xd4d85ec3
assets/kj/160.txt 0xe1435796
assets/kj/161.txt 0x38dbb757
assets/kj/162.txt 0xb205e43e
assets/kj/163.txt 0x75d7d8c0
assets/kj/164.txt 0xc93b4383
assets/kj/165.txt 0x2907e4f
assets/kj/166.txt 0x409f55a6
assets/kj/167.txt 0x8a78cfd9
assets/kj/168a.txt 0x50caf1b3
assets/kj/168b.txt 0xfc078a5f
assets/kj/168c.txt 0xd482966a
assets/kj/169.txt 0x29d23a31
assets/kj/17.txt 0x12194184
assets/kj/170.txt 0xf6d67ce0
assets/kj/171.txt 0x3e989f64
assets/kj/172.txt 0x5a7fc6ac
assets/kj/173.txt 0xf6a03962
assets/kj/174a.txt 0x2ec6594f
assets/kj/174b.txt 0x13e80ca6
assets/kj/175.txt 0x3d793ab5
assets/kj/176.txt 0x9be13fc3
assets/kj/177.txt 0x33c2c3af
assets/kj/178.txt 0x5305c8c6
assets/kj/179.txt 0x4fcfd78
assets/kj/18.txt 0x533055f3
assets/kj/180.txt 0x6683255f
assets/kj/181.txt 0x41156e6f
assets/kj/182.txt 0xc32aa883
assets/kj/183.txt 0xa8943d7e
assets/kj/184.txt 0x4f38f380
assets/kj/185.txt 0x4b953829
assets/kj/186.txt 0x233aaa4c
assets/kj/187.txt 0x87159282
assets/kj/188.txt 0xe6f75210
assets/kj/189.txt 0xf9888aa5
assets/kj/19.txt 0x88fae0be
assets/kj/190.txt 0x7d27a9cc
assets/kj/191.txt 0xb77e694c
assets/kj/192.txt 0xa4158fcc
assets/kj/193.txt 0x42cf0aac
assets/kj/194.txt 0xaa17b30d
assets/kj/195.txt 0x30606e60
assets/kj/196.txt 0xd65af6be
assets/kj/197.txt 0xeda43fa5
assets/kj/198.txt 0xa4d1a085
assets/kj/199.txt 0x2ccaa160
assets/kj/2.txt 0xf69b2fbf
assets/kj/20.txt 0x8b748841
assets/kj/200.txt 0xf1be4c98
assets/kj/201.txt 0xcc4aae16
assets/kj/202.txt 0x9a00a84
assets/kj/203.txt 0x5f9db042
assets/kj/204.txt 0x118cc275
assets/kj/205.txt 0xae4808d
assets/kj/206.txt 0x730314f4
assets/kj/207.txt 0x65f20a81
assets/kj/208.txt 0xfde6dca7
assets/kj/209.txt 0x9becced
assets/kj/21.txt 0x6fea9f85
assets/kj/210.txt 0xb24b1a35
assets/kj/211.txt 0xaf4d4e
assets/kj/212.txt 0x55d4744f
assets/kj/213.txt 0xec262c4c
assets/kj/214.txt 0x5f791622
assets/kj/215.txt 0x92c360e2
assets/kj/216.txt 0xefcda4b5
assets/kj/217.txt 0xf12a9f3b
assets/kj/218.txt 0x8ae1ec85
assets/kj/219.txt 0x61913b69
assets/kj/22.txt 0x5bda6c2
assets/kj/220.txt 0xa067dfb6
assets/kj/221.txt 0x2d6dfb00
assets/kj/222a.txt 0xb51ab5
assets/kj/222b.txt 0x1079d1b5
assets/kj/223.txt 0x8dbb9114
assets/kj/224.txt 0x3f524d6a
assets/kj/225.txt 0xa40f3994
assets/kj/226.txt 0x97e29e8f
assets/kj/227.txt 0x2622a42f
assets/kj/228.txt 0x8e61e6fa
assets/kj/229a.txt 0x34517a2c
assets/kj/229b.txt 0xaa6d7552
assets/kj/23.txt 0x7f8d1e0f
assets/kj/230.txt 0xcf3dbd9a
assets/kj/231.txt 0x2666bbe
assets/kj/232.txt 0xe0ac0260
assets/kj/233.txt 0x366d24fc
assets/kj/234.txt 0xa381dd39
assets/kj/235.txt 0x884942a9
assets/kj/236.txt 0xfacd9652
assets/kj/237.txt 0x78500bb6
assets/kj/238.txt 0x6b185ad3
assets/kj/239.txt 0x4106e04d
assets/kj/240a.txt 0x9961cf91
assets/kj/240b.txt 0x867b0905
assets/kj/241.txt 0x16552241
assets/kj/242.txt 0xafe04e8
assets/kj/243.txt 0x29d9ae99
assets/kj/244.txt 0x46b5eac4
assets/kj/245.txt 0x184b1097
assets/kj/246.txt 0xbf87197c
assets/kj/247.txt 0xeb3c84e6
assets/kj/248a.txt 0xc6aca29a
assets/kj/248b.txt 0x56a51a60
assets/kj/249.txt 0x3fbcfff1
assets/kj/24a.txt 0x951c5823
assets/kj/24b.txt 0x57894caf
assets/kj/25.txt 0x9c76357f
assets/kj/250a.txt 0x26238aa3
assets/kj/250b.txt 0xa2b6c11a
assets/kj/251.txt 0xe905c17f
assets/kj/252.txt 0xb2e1fb14
assets/kj/253.txt 0xb76815ca
assets/kj/254.txt 0xdfad72bd
assets/kj/255.txt 0xc92f5b5
assets/kj/256.txt 0x2fea2d16
assets/kj/257.txt 0x6303c884
assets/kj/258.txt 0xd4b624e9
assets/kj/259.txt 0xb148bc2b
assets/kj/26.txt 0x6e630883
assets/kj/260.txt 0xfcc8c65d
assets/kj/261.txt 0xf1c381e3
assets/kj/262.txt 0x3a912648
assets/kj/263.txt 0xb18f1e24
assets/kj/264.txt 0xf9238d08
assets/kj/265.txt 0x66a66843
assets/kj/266.txt 0x75bfaeb8
assets/kj/267.txt 0x45e8e1da
assets/kj/268.txt 0x2be45775
assets/kj/269.txt 0xdd45bdd3
assets/kj/27.txt 0xd2614e11
assets/kj/270.txt 0xc539b58c
assets/kj/271.txt 0x8bb6b501
assets/kj/272.txt 0x3c693adf
assets/kj/273.txt 0xa77755ee
assets/kj/274.txt 0x55432149
assets/kj/275.txt 0x9250c196
assets/kj/276.txt 0xf562a931
assets/kj/277.txt 0x9edb0f9e
assets/kj/278.txt 0x5f20a85f
assets/kj/279.txt 0x7c90d20e
assets/kj/28.txt 0x8699cc2e
assets/kj/280.txt 0xc503242
assets/kj/281.txt 0xc8ca71d3
assets/kj/282.txt 0xd4c17b00
assets/kj/283.txt 0x9bf43536
assets/kj/284.txt 0x44d27e75
assets/kj/285.txt 0xe1f58a36
assets/kj/286.txt 0x49823a50
assets/kj/287a.txt 0x7e60dbbc
assets/kj/287b.txt 0x9b3d837e
assets/kj/288.txt 0xfd7eba83
assets/kj/289.txt 0xc582ac47
assets/kj/29.txt 0x662e7677
assets/kj/290.txt 0xc9ce0e2d
assets/kj/291.txt 0x2a69d
assets/kj/292.txt 0x1cd529bf
assets/kj/293.txt 0xd1f0c0f2
assets/kj/294.txt 0x8f3f8676
assets/kj/295.txt 0x59f934d8
assets/kj/296.txt 0xeb102b12
assets/kj/297.txt 0x96cc6c5c
assets/kj/298.txt 0xd5d006a2
assets/kj/299.txt 0x2c73fcf7
assets/kj/3.txt 0x5fac5229
assets/kj/300.txt 0x785c69d2
assets/kj/301.txt 0x7829b74f
assets/kj/302.txt 0x413a11a2
assets/kj/303a.txt 0x5f94de1
assets/kj/303b.txt 0x23a7d2c3
assets/kj/304.txt 0xb55dfe56
assets/kj/305.txt 0x58270ac4
assets/kj/306.txt 0x9ec3fd5c
assets/kj/307.txt 0x272c9f83
assets/kj/308.txt 0xe5fb0695
assets/kj/309.txt 0x9d5f872d
assets/kj/30a.txt 0x6f24b9e8
assets/kj/30b.txt 0x781e5cbe
assets/kj/310.txt 0x54823743
assets/kj/311a.txt 0x451dcb75
assets/kj/311b.txt 0xcc584c27
assets/kj/312a.txt 0xa121a426
assets/kj/312b.txt 0xe6ae1e14
assets/kj/313.txt 0xba9acf1b
assets/kj/314.txt 0xcf659fa2
assets/kj/315.txt 0x329f84e0
assets/kj/316.txt 0x3b2cebf
assets/kj/317.txt 0xb55e252b
assets/kj/318.txt 0x805011de
assets/kj/319.txt 0x50b04a48
assets/kj/31a.txt 0x59a0ee0
assets/kj/31b.txt 0x9457a7bb
assets/kj/32.txt 0x8c73c806
assets/kj/320.txt 0x38c47ff
assets/kj/321.txt 0x3054555e
assets/kj/322.txt 0x5ac67965
assets/kj/323.txt 0xdf83436f
assets/kj/324.txt 0xad2550dc
assets/kj/325.txt 0xd62e03c0
assets/kj/326.txt 0x9b83eb8
assets/kj/327.txt 0xebe9ecfb
assets/kj/328.txt 0x84ba7aee
assets/kj/329.txt 0xa96e1754
assets/kj/33.txt 0x3c22bd46
assets/kj/330.txt 0x3c6c8426
assets/kj/331.txt 0xced61d3a
assets/kj/332.txt 0x23f30cf9
assets/kj/333.txt 0xfe34c8cb
assets/kj/334.txt 0xefd194b6
assets/kj/335.txt 0xe7b1804e
assets/kj/336.txt 0xba2b7bab
assets/kj/337.txt 0x79dca5b4
assets/kj/338.txt 0x6ce16c8a
assets/kj/339.txt 0xabef6d68
assets/kj/34.txt 0xc37435e0
assets/kj/340.txt 0x9dae0f64
assets/kj/341.txt 0x948df1d0
assets/kj/342.txt 0xa585a391
assets/kj/343.txt 0x8709766c
assets/kj/344.txt 0xd56093fc
assets/kj/345.txt 0x48bc3125
assets/kj/346.txt 0xf7bf643b
assets/kj/347.txt 0xcc6853e8
assets/kj/348.txt 0x41f879c9
assets/kj/349.txt 0xe372d9bd
assets/kj/35.txt 0x9f9638f9
assets/kj/350.txt 0xe6578c85
assets/kj/351.txt 0x4b43e1fa
assets/kj/352.txt 0xca2c04be
assets/kj/353.txt 0x1b25a694
assets/kj/354.txt 0xe9b043ec
assets/kj/355.txt 0x29a32a84
assets/kj/356.txt 0xaa80b1ce
assets/kj/357.txt 0x3ead8cf0
assets/kj/358.txt 0x7b087084
assets/kj/359.txt 0x3ede1fa6
assets/kj/36.txt 0xf1b4551e
assets/kj/360.txt 0x5c83dfa9
assets/kj/361.txt 0xeb5222fe
assets/kj/362.txt 0x4aa59f14
assets/kj/363.txt 0x68c39457
assets/kj/364.txt 0x3c2b5221
assets/kj/365a.txt 0xcff81524
assets/kj/365b.txt 0x5a5c819d
assets/kj/365c.txt 0xf1dad4c5
assets/kj/366.txt 0x8d939905
assets/kj/367.txt 0x2030c1d4
assets/kj/368.txt 0xa19bb7b5
assets/kj/369a.txt 0xfbfcec13
assets/kj/369b.txt 0x41b325b
assets/kj/370.txt 0xebf56417
assets/kj/371.txt 0x33d386e2
assets/kj/372.txt 0xaa319988
assets/kj/373.txt 0x6a676af
assets/kj/374.txt 0xb4d524e1
assets/kj/375.txt 0x8bc93088
assets/kj/376.txt 0xf0243918
assets/kj/377.txt 0x92d27442
assets/kj/378.txt 0x63383cca
assets/kj/379.txt 0x583f576f
assets/kj/37a.txt 0x1395aff7
assets/kj/37b.txt 0x4c6efd24
assets/kj/38.txt 0xe4e4c4c9
assets/kj/380.txt 0x4e9580f6
assets/kj/381.txt 0xa0c27cf6
assets/kj/382.txt 0x84983d68
assets/kj/383.txt 0x22bb78a0
assets/kj/384.txt 0x1691e724
assets/kj/385.txt 0x7fc7c484
assets/kj/386.txt 0x948cc2ea
assets/kj/387.txt 0xd2aa2124
assets/kj/388.txt 0x858f205d
assets/kj/389.txt 0x984a7704
assets/kj/39.txt 0xd014e7fe
assets/kj/390.txt 0x4d0dcd3c
assets/kj/391.txt 0x3d5523b4
assets/kj/392.txt 0x268f7347
assets/kj/393.txt 0x96702431
assets/kj/394.txt 0x190fcd0e
assets/kj/395.txt 0xf9bb064e
assets/kj/396.txt 0x53a4fbb6
assets/kj/397.txt 0x4221b8dd
assets/kj/398.txt 0x7cf31d6b
assets/kj/399.txt 0xdfd771f
assets/kj/4.txt 0xeb5ed6
assets/kj/40.txt 0xcc67c26a
assets/kj/400.txt 0xc6875d00
assets/kj/401.txt 0xefd4e74a
assets/kj/402.txt 0x8b730aa1
assets/kj/403.txt 0x509c4e47
assets/kj/404.txt 0x916ff8a4
assets/kj/405.txt 0x760e8e78
assets/kj/406.txt 0xc73efb06
assets/kj/407.txt 0x790743b9
assets/kj/408.txt 0x5a51b335
assets/kj/409.txt 0x3c429dbf
assets/kj/41.txt 0xd5bfe3d
assets/kj/410.txt 0xd72365ca
assets/kj/411.txt 0x360e265a
assets/kj/412.txt 0x382c3c62
assets/kj/413.txt 0x9b70ae70
assets/kj/414.txt 0x84a46ed7
assets/kj/415.txt 0xf6e196ff
assets/kj/416.txt 0x5a49e20b
assets/kj/417.txt 0xe0580f0a
assets/kj/418.txt 0xfb7306c0
assets/kj/419.txt 0xfeab1436
assets/kj/42.txt 0x21f0897d
assets/kj/420.txt 0xa9fd1a77
assets/kj/421.txt 0x5d2eefad
assets/kj/422.txt 0xf257d4f1
assets/kj/423.txt 0x2e5ce7be
assets/kj/424.txt 0x4fa139b7
assets/kj/425.txt 0x426b214a
assets/kj/426.txt 0xd3e999c4
assets/kj/427.txt 0x7b24e3ad
assets/kj/428.txt 0x4a4c78b5
assets/kj/429.txt 0xc98851ef
assets/kj/43.txt 0x77d5c3ea
assets/kj/430.txt 0xb4677f77
assets/kj/431.txt 0x1086aa09
assets/kj/432.txt 0x9d452f10
assets/kj/433.txt 0x8064931c
assets/kj/434.txt 0xad3afe15
assets/kj/435.txt 0x1ff514c4
assets/kj/436.txt 0xf2dcd4b0
assets/kj/437.txt 0x6eac4305
assets/kj/438.txt 0x7a340cb8
assets/kj/439.txt 0xe6188c2e
assets/kj/44.txt 0x4a9611b7
assets/kj/440.txt 0x1f37cc15
assets/kj/441.txt 0x96984736
assets/kj/442.txt 0xd2ff5013
assets/kj/443.txt 0x9eb6f985
assets/kj/444.txt 0xaef91815
assets/kj/445.txt 0x3dd0e1b6
assets/kj/446.txt 0xbd2519b4
assets/kj/447.txt 0x286002d4
assets/kj/448.txt 0x8e455d3
assets/kj/449.txt 0x18b8c927
assets/kj/45.txt 0x7557d2db
assets/kj/450.txt 0x8b8c568f
assets/kj/451.txt 0x2cabe048
assets/kj/452.txt 0xefced218
assets/kj/453.txt 0x48b2c0f7
assets/kj/454.txt 0xbb579ef4
assets/kj/455.txt 0x828dac4a
assets/kj/456.txt 0xb88199de
assets/kj/457.txt 0xdf3cad45
assets/kj/458.txt 0x70b506b0
assets/kj/459.txt 0xdabd8904
assets/kj/46.txt 0xc0d12edf
assets/kj/460.txt 0xdfc795a5
assets/kj/461.txt 0x4e6e29bc
assets/kj/462.txt 0x559dfad2
assets/kj/463.txt 0x7013cd01
assets/kj/464.txt 0x505fa55e
assets/kj/465.txt 0xb2f26feb
assets/kj/466a.txt 0x3ed93309
assets/kj/466b.txt 0x84cc6e7e
assets/kj/467.txt 0xa69b7937
assets/kj/468.txt 0xec068dfa
assets/kj/469.txt 0x3d4cdedb
assets/kj/47.txt 0xb7ab2a3d
assets/kj/470.txt 0x4175e536
assets/kj/471.txt 0x9265ffff
assets/kj/472.txt 0x24aa503e
assets/kj/473.txt 0xedf95630
assets/kj/474.txt 0x7696231b
assets/kj/475.txt 0xcb945823
assets/kj/476.txt 0x44842444
assets/kj/477.txt 0x74afef5e
assets/kj/478.txt 0x2411c903
assets/kj/48.txt 0x30915a6
assets/kj/49.txt 0xd65dace0
assets/kj/5.txt 0xb62cc1e9
assets/kj/50a.txt 0x2de74a60
assets/kj/50b.txt 0x8a84569c
assets/kj/51.txt 0xe2e523d0
assets/kj/52.txt 0xf174bad8
assets/kj/53.txt 0x8acf6949
assets/kj/54.txt 0xbc268998
assets/kj/55.txt 0xcdad836c
assets/kj/56.txt 0x3e61161f
assets/kj/57.txt 0x8c911908
assets/kj/58.txt 0x41b0b341
assets/kj/59.txt 0xbf1302f5
assets/kj/6.txt 0xc6f52eba
assets/kj/60.txt 0x1142cc62
assets/kj/61.txt 0xf3c87830
assets/kj/62.txt 0xd6f482c7
assets/kj/63.txt 0xb2a10b0f
assets/kj/64.txt 0x1ebfa6bf
assets/kj/65.txt 0x46fca158
assets/kj/66.txt 0xe89d596a
assets/kj/67.txt 0xa1a79a99
assets/kj/68.txt 0x31b9cd76
assets/kj/69.txt 0x188ca557
assets/kj/7.txt 0x189781cd
assets/kj/70.txt 0x7d5afaf9
assets/kj/71.txt 0xdc04ed89
assets/kj/72.txt 0x3c3f7991
assets/kj/73.txt 0x44c4bb8e
assets/kj/74.txt 0x1998b4ed
assets/kj/75.txt 0x72f28b08
assets/kj/76.txt 0xa549a212
assets/kj/77.txt 0x374daf90
assets/kj/78.txt 0x22b44a2f
assets/kj/79.txt 0x38d8c857
assets/kj/8.txt 0xec967be6
assets/kj/80.txt 0xf753ab4c
assets/kj/81.txt 0xf95d292a
assets/kj/82.txt 0x87cb0dbe
assets/kj/83.txt 0xc9f794c7
assets/kj/84.txt 0x40cd5730
assets/kj/85.txt 0xe1250b02
assets/kj/86.txt 0xfcce8129
assets/kj/87.txt 0xdff3d74f
assets/kj/88.txt 0xf3dd5c51
assets/kj/89.txt 0xfbdc067d
assets/kj/9.txt 0xe2d490a
assets/kj/90.txt 0x9b2e0058
assets/kj/91.txt 0xa2bcd3b7
assets/kj/92.txt 0x960a6e5f
assets/kj/93.txt 0x5a9be7d2
assets/kj/94.txt 0x44d1302a
assets/kj/95a.txt 0x88ffdee3
assets/kj/95b.txt 0x1a9c411e
assets/kj/96.txt 0x2a57e7bb
assets/kj/97.txt 0xb8f9273
assets/kj/98.txt 0x60349d53
assets/kj/99.txt 0x565f22cb
assets/kj/main.txt 0xa2afde93
assets/nkb/1.txt 0x954df50e
assets/nkb/10.txt 0xc087477b
assets/nkb/100.txt 0x6255a27d
assets/nkb/101.txt 0x7d1f414d
assets/nkb/102.txt 0x5a9c603f
assets/nkb/103.txt 0x42e2b920
assets/nkb/104.txt 0x1d706324
assets/nkb/105.txt 0x86eff155
assets/nkb/106.txt 0xf619cc36
assets/nkb/107.txt 0x817c3f19
assets/nkb/108.txt 0xd0707ca5
assets/nkb/109.txt 0xbfc56d3e
assets/nkb/11.txt 0xe0e281f8
assets/nkb/110.txt 0x35b2444f
assets/nkb/111.txt 0xd67c0d0c
assets/nkb/112.txt 0x4abfefc0
assets/nkb/113.txt 0x53624245
assets/nkb/114.txt 0x14fa8a21
assets/nkb/115.txt 0x1429aafa
assets/nkb/116.txt 0x66ed0126
assets/nkb/117.txt 0xe37e1098
assets/nkb/118.txt 0xfb206ace
assets/nkb/119.txt 0x7052075d
assets/nkb/12.txt 0x772e4732
assets/nkb/120.txt 0xc7c170f3
assets/nkb/121.txt 0xa7b57523
assets/nkb/122.txt 0x76dc3d35
assets/nkb/123.txt 0x342a8003
assets/nkb/124.txt 0x668501d8
assets/nkb/125.txt 0x15dc513
assets/nkb/126.txt 0xb7fb5e3
assets/nkb/127.txt 0xd069e4f4
assets/nkb/128.txt 0xce5f637d
assets/nkb/129.txt 0x2f647dc8
assets/nkb/13.txt 0xe42ac322
assets/nkb/130.txt 0xfd706c09
assets/nkb/131.txt 0xf3f2d213
assets/nkb/132.txt 0x461c7e44
assets/nkb/133.txt 0x4910fb2f
assets/nkb/134.txt 0xa902989c
assets/nkb/135.txt 0xd91cc123
assets/nkb/136.txt 0x9d837395
assets/nkb/137.txt 0xf17592e7
assets/nkb/138.txt 0x2bf907f4
assets/nkb/139.txt 0xf130f9ad
assets/nkb/14.txt 0xf6b9522
assets/nkb/140.txt 0x89fecb91
assets/nkb/141.txt 0xe05c73e5
assets/nkb/142.txt 0x74feb2e7
assets/nkb/143.txt 0x7af6f6b8
assets/nkb/144.txt 0xc8da0f2a
assets/nkb/145.txt 0x69b234e8
assets/nkb/146.txt 0xc93cc34f
assets/nkb/147.txt 0x6e123230
assets/nkb/148.txt 0x9320baa2
assets/nkb/149.txt 0x62be1071
assets/nkb/15.txt 0x29568be8
assets/nkb/150.txt 0x94b2fe3e
assets/nkb/151.txt 0x9f8280f5
assets/nkb/152.txt 0xc790dc77