VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:c1e58c3aaeafe66f9e59a35a1d30fa3a
Package names:com.gvrehtiqt.kebm
Minimum operating environment:Android 1.5
copyright:
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x46d2650f, EDX = 0x000000b6
EAX = 0x46d2655b, EDX = 0x000000b6
EAX = 0x597752fb, EDX = 0x000000b6
EAX = 0x669fef51, EDX = 0x000000b6
EAX = 0x669fef9d, EDX = 0x000000b6
EAX = 0x669fefe9, EDX = 0x000000b6
EAX = 0x669ff035, EDX = 0x000000b6
EAX = 0x669ff081, EDX = 0x000000b6
EAX = 0x669ff0cd, EDX = 0x000000b6
EAX = 0x669ff119, EDX = 0x000000b6
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\SIWVID
\??\NTICE
Behavior description:获取TickCount值
details:TickCount = 220034, SleepMilliseconds = 50.
TickCount = 220831, SleepMilliseconds = 50.
TickCount = 220846, SleepMilliseconds = 50.
TickCount = 285437, SleepMilliseconds = 60000.
TickCount = 225553, SleepMilliseconds = 100.
TickCount = 225600, SleepMilliseconds = 100.
TickCount = 225709, SleepMilliseconds = 100.
TickCount = 225740, SleepMilliseconds = 100.
TickCount = 225850, SleepMilliseconds = 100.
TickCount = 225881, SleepMilliseconds = 100.
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description:查找指定内核模块
details:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2492, StartAddress = 79F0237F, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2496, StartAddress = 79F91FCF, Parameter = 001A5780
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2664, StartAddress = 1002C5D7, Parameter = 1017F2B6
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2668, StartAddress = 1002C5D7, Parameter = 1017FD77
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2672, StartAddress = 1002C5D7, Parameter = 10180F6B
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2676, StartAddress = 1002C5D7, Parameter = 101819A9
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2680, StartAddress = 1002C5D7, Parameter = 1018247A
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2684, StartAddress = 1002C5D7, Parameter = 10182F25
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2688, StartAddress = 1002C5D7, Parameter = 10183BAC
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2692, StartAddress = 1002C5D7, Parameter = 10184723
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2696, StartAddress = 1002C5D7, Parameter = 10186181
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2700, StartAddress = 1002C5D7, Parameter = 101873F3
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2704, StartAddress = 1002C5D7, Parameter = 101884FF
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2708, StartAddress = 1002C5D7, Parameter = 1018949B
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2456, ThreadID = 2712, StartAddress = 1002C5D7, Parameter = 1018A590
Behavior description:创建新文件进程
details:[0x00000b08]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\670f6169-1857-4ecc-bf5a-e975385cf43e\AgileDotNetRT.dll
C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\4a92a7b3-7600-409a-9f35-2095bc00466a\AgileDotNetRT.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\670f6169-1857-4ecc-bf5a-e975385cf43e\AgileDotNetRT.dll
C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\4a92a7b3-7600-409a-9f35-2095bc00466a\AgileDotNetRT.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\670f6169-1857-4ecc-bf5a-e975385cf43e\AgileDotNetRT.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\4a92a7b3-7600-409a-9f35-2095bc00466a\AgileDotNetRT.dll ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.INI
FileName = C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
FileName = C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: ha****om, IP: **.133.40.**:443, SOCKET = 0x00000354
Behavior description:按名称获取主机地址
details:gethostbyname: ha****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.IOH
RasPbFile
Global\.net clr networking
MSCTF.Shared.MUTEX.MJJ
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_DES (0x00006601), Data: 0x00288658, DataLen: 20, Flags: 0x00000001
Behavior description:创建事件对象
details:EventName = Global\CorDBIPCSetupSyncEvent_2456
EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = Global\CorDBIPCSetupSyncEvent_2824
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MJJ.IC
EventName = MSCTF.SendReceiveConection.Event.MJJ.IC
Behavior description:窗口信息
details:Pid = 2456, Hwnd=0x10342, Text = Form1, ClassName = WindowsForms10.Window.8.app.0.33c0d9d.
Behavior description:打开互斥体
details:ShimCacheMutex
Global\CLR_CASOFF_MUTEX
DBWinMutex
Local\!IETld!Mutex
RasPbFile
Global\.net clr networking
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:加密数据
details:[CryptEncrypt] Data: 0x00288CB8, PlainTextLen: 16, CipherTextLen: 16, Flags: 0x00000000
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\SIWVID
\??\NTICE
Behavior description:获取TickCount值
details:TickCount = 220034, SleepMilliseconds = 50.
TickCount = 220831, SleepMilliseconds = 50.
TickCount = 220846, SleepMilliseconds = 50.
TickCount = 285437, SleepMilliseconds = 60000.
TickCount = 225553, SleepMilliseconds = 100.
TickCount = 225600, SleepMilliseconds = 100.
TickCount = 225709, SleepMilliseconds = 100.
TickCount = 225740, SleepMilliseconds = 100.
TickCount = 225850, SleepMilliseconds = 100.
TickCount = 225881, SleepMilliseconds = 100.
Behavior description:解密数据
details:[CryptDecrypt] Data: 0x05AC0020, CipherTextLen: 540672, PlainTextLen: 540672, Flags: 0x00000000
[CryptDecrypt] Data: 0x001EEB78, CipherTextLen: 8, PlainTextLen: 8, Flags: 0x00000000
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\SvcctrlStartEvent_A3752DX
MSFT.VSA.COM.DISABLE.2824
MSFT.VSA.IEC.STATUS.6c736db0
MSFT.VSA.COM.DISABLE.2456
Behavior description:加载新释放的文件
details:Image: C:\Documents and Settings\Administrator\Local Settings\Temp\670f6169-1857-4ecc-bf5a-e975385cf43e\AgileDotNetRT.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\Temp\4a92a7b3-7600-409a-9f35-2095bc00466a\AgileDotNetRT.dll.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\670f6169-1857-4ecc-bf5a-e975385cf43e\AgileDotNetRT.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\4a92a7b3-7600-409a-9f35-2095bc00466a\AgileDotNetRT.dll(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 50.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
[1]: MilliSeconds = 60000.
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\670f6169-1857-4ecc-bf5a-e975385cf43e\AgileDotNetRT.dll ---> 2b454cd29caa0ba5adc22c7ac008bba0
C:\Documents and Settings\Administrator\Local Settings\Tempwindowsservice.exe ---> e90b99abbd5b36d8b80c381dfff2b663
C:\Documents and Settings\Administrator\Local Settings\Temp\4a92a7b3-7600-409a-9f35-2095bc00466a\AgileDotNetRT.dll ---> 9af5eb006bb0bab7f226272d82c896c7
Behavior description:直接获取CPU时钟
details:EAX = 0x46d2650f, EDX = 0x000000b6
EAX = 0x46d2655b, EDX = 0x000000b6
EAX = 0x597752fb, EDX = 0x000000b6
EAX = 0x669fef51, EDX = 0x000000b6
EAX = 0x669fef9d, EDX = 0x000000b6
EAX = 0x669fefe9, EDX = 0x000000b6
EAX = 0x669ff035, EDX = 0x000000b6
EAX = 0x669ff081, EDX = 0x000000b6
EAX = 0x669ff0cd, EDX = 0x000000b6
EAX = 0x669ff119, EDX = 0x000000b6
Behavior description:查找指定内核模块
details:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Activities
Activity nameTypes of
com.PdAJIjDNK.wwltBMCpandroid.intent.action.MAIN
com.PdAJIjDNK.wwltBMCpandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
java/net/URL;->openConnection连接URL
java/net/HttpURLConnection;->connect连接URL
HttpClient;->execute请求远程服务器
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getSimSerialNumber获取SIM序列号
TelephonyManager;->getLine1Number获取手机号
android/app/NotificationManager;->notify信息通知栏
LocationManager;->getLastKnownLocation获取地址位置
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
ContentResolver;->query读取联系人、短信等数据库
DefaultHttpClient;->execute发送HTTP请求
Camera;->open开启相机
Startup mode
nameinformation
com.gamevisa8.fish.Widget更新应用小部件时启动服务
com.nd.dianjin.broadcastreceiver.PackagedChangedBroadcastReceiver应用安装时启动服务
Advertising information
nameinformation
com.google.adsAdMob
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.READ_PHONE_STATE读取电话状态
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
File List
file name Check code
AndroidManifest.xml 0x302850dd
assets/ 0x0
assets/raw/ 0x0
assets/raw/myassets 0x47714fe
assets/files/ 0x0
assets/files/installer_file.00 0x2e741097
assets/files/installer_file.01 0xbdf4ffb2
assets/files/installer_file.02 0xa78e9730
classes.dex 0xf446c0f
lib/ 0x0
lib/armeabi/ 0x0
lib/armeabi/libgamevisa8.so 0x75c5bba9
META-INF/ 0x0
META-INF/ANDROID.RSA 0x77d4f51d
META-INF/MANIFEST.MF 0x74949fb6
META-INF/ANDROID.SF 0xd36494ea
res/ 0x0
res/drawable-hdpi/ 0x0
res/drawable-hdpi/intaller_icon.png 0xb4871d9a
res/layout/ 0x0
res/layout/profile.xml 0x5b109218
res/layout/wvkdhetds.xml 0x6b7ee4cd
res/layout/ksviec.xml 0x592cdd74
res/layout/main.xml 0x90a1abee
res/layout/widget.xml 0x3f2948ce
res/layout/ranking.xml 0x432b3be1
res/layout/featured.xml 0x2ff601ae
res/menu/ 0x0
res/menu/rankmenu.xml 0x81891ad7
res/drawable-ldpi/ 0x0
res/drawable-ldpi/lpjhclw.png 0xb4871d9a
res/drawable-mdpi/ 0x0
res/drawable-mdpi/lpjhclw.png 0xb4871d9a
res/xml/ 0x0
res/xml/livewallpaper.xml 0x628f0d6a
res/xml/app_widget.xml 0xd05911b7
res/drawable/ 0x0
res/drawable/icon.png 0xb70ccd
res/drawable/dianjin_logo.png 0x7d8f8a34
res/drawable/dianjin_more_normal.png 0xd7cb271f
res/drawable/dianjin_backnavigationbg.png 0xee991071
res/drawable/dianjin_line.png 0xed3deca3
res/drawable/dianjin_back_normal.png 0xbb4883ad
res/drawable/dianjin_back_press.png 0x12ce5960
res/drawable/dianjin_more_press.png 0xc8e3119e
res/drawable/dianjin_listviewbackground.png 0x1f90bb1b
res/drawable/dianjin_uninstalled_normal.png 0xd1d8fc44
res/drawable/dianjin_uninstalled_press.png 0xbe4e560f
res/drawable/dianjin_installed.png 0x41a92ca0
res/drawable/rankingland.png 0x78ef3011
resources.arsc 0x6f4353ea
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号