VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:47fed516909627a7c99d527f01f18117
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:com.tj.tjcty07761
Minimum operating environment:Android 2.3, 2.3.1, 2.3.2
copyright:()

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0x277eaf8b, EDX = 0x000000b7
EAX = 0x277eafd7, EDX = 0x000000b7
EAX = 0x277eb023, EDX = 0x000000b7
EAX = 0x277eb06f, EDX = 0x000000b7
EAX = 0x277eb0bb, EDX = 0x000000b7
EAX = 0x277eb107, EDX = 0x000000b7
EAX = 0x277eb153, EDX = 0x000000b7
EAX = 0x277eb19f, EDX = 0x000000b7
EAX = 0x277eb1eb, EDX = 0x000000b7
EAX = 0x277eb237, EDX = 0x000000b7
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010378, DC = 0x01010669.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010055.
Foreground window Info: HWND = 0x0001037c, DC = 0x01010055.
Foreground window Info: HWND = 0x00010376, DC = 0x0a010375.
Foreground window Info: HWND = 0x0001036e, DC = 0x01010669.
Foreground window Info: HWND = 0x0001036c, DC = 0x01010055.
Behavior description: 获取TickCount值
details: TickCount = 279296, SleepMilliseconds = 60000.
TickCount = 280078, SleepMilliseconds = 60000.
TickCount = 280546, SleepMilliseconds = 60000.
TickCount = 280796, SleepMilliseconds = 60000.
TickCount = 280812, SleepMilliseconds = 60000.
TickCount = 280875, SleepMilliseconds = 60000.
TickCount = 281062, SleepMilliseconds = 60000.
TickCount = 281125, SleepMilliseconds = 60000.
TickCount = 281140, SleepMilliseconds = 60000.
TickCount = 281156, SleepMilliseconds = 60000.
TickCount = 282750, SleepMilliseconds = 60000.
TickCount = 287687, SleepMilliseconds = 60000.
TickCount = 287703, SleepMilliseconds = 60000.
TickCount = 291843, SleepMilliseconds = 60000.
TickCount = 292140, SleepMilliseconds = 60000.

Process behavior

Behavior description: 创建本地线程
details: TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2636, ThreadID = 3008, StartAddress = 77C0A341, Parameter = 009369D8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2636, ThreadID = 3024, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2636, ThreadID = 3028, StartAddress = 77E56C7D, Parameter = 001B04F0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2636, ThreadID = 3032, StartAddress = 769AE43B, Parameter = 001B3A18

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext2.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Comdlg32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\IPHLPAPI.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\imm32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shdocvw.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shlwapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Psapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\atl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Powrprof.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\oleaut32.dll
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext2.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Comdlg32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\IPHLPAPI.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\imm32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shdocvw.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shlwapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Psapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\atl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Powrprof.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\oleaut32.dll
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext2.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Comdlg32.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\IPHLPAPI.DLL ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\imm32.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shdocvw.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shlwapi.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Psapi.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\atl.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Powrprof.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\oleaut32.dll ---> Offset = 0

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AFK
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = MSCTF.SendReceiveConection.Event.AFK.IC
EventName = MSCTF.SendReceive.Event.AFK.IC
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2636
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 获取TickCount值
details: TickCount = 279296, SleepMilliseconds = 60000.
TickCount = 280078, SleepMilliseconds = 60000.
TickCount = 280546, SleepMilliseconds = 60000.
TickCount = 280796, SleepMilliseconds = 60000.
TickCount = 280812, SleepMilliseconds = 60000.
TickCount = 280875, SleepMilliseconds = 60000.
TickCount = 281062, SleepMilliseconds = 60000.
TickCount = 281125, SleepMilliseconds = 60000.
TickCount = 281140, SleepMilliseconds = 60000.
TickCount = 281156, SleepMilliseconds = 60000.
TickCount = 282750, SleepMilliseconds = 60000.
TickCount = 287687, SleepMilliseconds = 60000.
TickCount = 287703, SleepMilliseconds = 60000.
TickCount = 291843, SleepMilliseconds = 60000.
TickCount = 292140, SleepMilliseconds = 60000.
Behavior description: 获取光标位置
details: CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
Behavior description: 窗口信息
details: Pid = 2636, Hwnd=0x1037c, Text = 剧名:, ClassName = Afx:1f40000:b:10011:1900015:0.
Pid = 2636, Hwnd=0x10378, Text = 关于作者, ClassName = Button.
Pid = 2636, Hwnd=0x1036e, Text = 剧集:, ClassName = Afx:1f40000:b:10011:1900015:0.
Pid = 2636, Hwnd=0x1036c, Text = 选择播放源:, ClassName = Afx:1f40000:b:10011:1900015:0.
Pid = 2636, Hwnd=0x10362, Text = 视频简介:, ClassName = Edit.
Pid = 2636, Hwnd=0x1035c, Text = 搜索结果:, ClassName = Afx:1f40000:b:10011:1900015:0.
Pid = 2636, Hwnd=0x1034e, Text = 搜索一下, ClassName = Button.
Pid = 2636, Hwnd=0x20346, Text = Howe影视 - 破解vip视频免费观看 QQ949643229, ClassName = WTWindow.
Pid = 2636, Hwnd=0x1034c, Text = 123456, ClassName = Edit.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010378, DC = 0x01010669.
Foreground window Info: HWND = 0x0001034e, DC = 0x01010055.
Foreground window Info: HWND = 0x0001037c, DC = 0x01010055.
Foreground window Info: HWND = 0x00010376, DC = 0x0a010375.
Foreground window Info: HWND = 0x0001036e, DC = 0x01010669.
Foreground window Info: HWND = 0x0001036c, DC = 0x01010055.
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext2.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Comdlg32.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\IPHLPAPI.DLL(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\imm32.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shdocvw.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shlwapi.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Psapi.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\atl.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Powrprof.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\oleaut32.dll(签名验证: 通过)
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,_EL_DrawPanel]
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr ---> b3b09f4a3a6704000c3a0c6acc825e9d
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr ---> 856495a1605bfc7f62086d482b502c6f
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext2.fne ---> dba5fdbe7ec94463b3f6fdf2162c9f95
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne ---> 206396257b97bd275a90ce6c2c0c37fd
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne ---> f9a994df4d407bc79f7c84886fe7a654
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne ---> bd6eef5ea9a52a412a8f57490d8bd8e4
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Comdlg32.dll ---> c7479e84869fd0ad3cc675bc82d359a8
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\IPHLPAPI.DLL ---> 12c0990ecf799eea874c260eb185d763
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\imm32.dll ---> 7645b57df463e4dfaa2c6e99420060da
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shdocvw.dll ---> ba6b9cd9b20780d17261defc1df2cebe
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shlwapi.dll ---> c3a8d3a3f594d1d6da2017e996b7766f
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Psapi.dll ---> 00c607f43b7f986c51b22dd4cf0a3ae1
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\atl.dll ---> daf9a0e44128b79125cf9c69ca5254db
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\Powrprof.dll ---> 46b536fc727208f37f0e3fcd2e27183a
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\oleaut32.dll ---> 87073fc631c14d82c0b162118b3923aa
Behavior description: 直接获取CPU时钟
details: EAX = 0x277eaf8b, EDX = 0x000000b7
EAX = 0x277eafd7, EDX = 0x000000b7
EAX = 0x277eb023, EDX = 0x000000b7
EAX = 0x277eb06f, EDX = 0x000000b7
EAX = 0x277eb0bb, EDX = 0x000000b7
EAX = 0x277eb107, EDX = 0x000000b7
EAX = 0x277eb153, EDX = 0x000000b7
EAX = 0x277eb19f, EDX = 0x000000b7
EAX = 0x277eb1eb, EDX = 0x000000b7
EAX = 0x277eb237, EDX = 0x000000b7
Behavior description: 加载新释放的文件
details: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\iext2.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\iext.fnr.

Activities

com.boyous.biyi.AppActivity android.intent.action.MAIN
com.boyous.biyi.AppActivity android.intent.category.LAUNCHER

Dangerous function

ContentResolver;->query 读取联系人、短信等数据库
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getSimSerialNumber 获取SIM序列号
TelephonyManager;->getLine1Number 获取手机号
HttpClient;->execute 请求远程服务器
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
ContentResolver;->delete 删除短信、联系人
SmsManager;->sendDataMessage 发送二进制消息
SmsManager;->sendTextMessage 发送普通短信
DefaultHttpClient;->execute 发送HTTP请求
LocationManager;->getLastKnownLocation 获取地址位置
java/net/URL;->openConnection 连接URL
java/net/HttpURLConnection;->connect 连接URL

Permission list

android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.SEND_SMS 发送短信
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_MMS 接收彩信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS 访问额外的定位指令
android.permission.ACCESS_MTK_MMHW
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.CAMERA 访问照相机设备
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.READ_SETTINGS
android.permission.READ_INTERNAL_STORAGE
android.permission.READ_USER_DICTIONARY 读取用户字典
android.permission.SAMSUNG_TUNTAP
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.UPDATE_APP_OPS_STATS
android.permission.WRITE_INTERNAL_STORAGE

Service list

com.amaz.onib.FSrvi
com.core.main.pay.plugmain.service.SyService
com.core.tools.sms.SmsPlugKeppLiveService
com.wyzf.service.InitService

File List

META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA
assets/btn_life.png
assets/photo/6/8.jpg
assets/box/num_money.png
assets/photo/2/9.jpg
assets/photo/7/5.jpg
assets/btn_main.png
assets/tip_jiao4.png
assets/box/title_lifeget.png
assets/photo/1/1.jpg
assets/photo/4/siyi.jpg
assets/tip_jiao11.png
assets/box/btn_ok.png
assets/icon_quan2.png
assets/box/title_jipin.png
assets/photo/2/dress.jpg
assets/photo/2/2.jpg
assets/btn_tool1.png
assets/p3Pic/xx03.png
assets/box/text_siyi.png
assets/photo/1/dress.jpg
assets/box/text_paidfailed.png
assets/photo/7/thumb_opened.png
assets/photo/3/6.jpg
resources.arsc
assets/photo/4/3.jpg
assets/btn_caiquan.png
assets/photo/touchhole2.png
assets/audio/bg.ogg
AndroidManifest.xml
assets/slider_quan2.png
assets/photo/3/2.jpg
assets/photo/1/8.jpg
assets/photo/4/12.jpg
assets/photo/6/siyi.jpg
assets/photo/6/11.jpg
assets/photo/7/1.jpg
assets/photo/2/6.jpg
assets/photo/2/11.jpg
assets/tip_jiao1.png
assets/icon_tool1.png
assets/photo/5/7.jpg
assets/btn_quan3.png
assets/btn_tiaojiao.png
assets/photo/3/10.jpg
assets/box/btn_close.png
assets/btn_siyip1.png
assets/anim.plist
assets/photo/2/thumb.png
assets/p3Pic/xx07.png
assets/photo/1/siyi.jpg
assets/photo/6/1.jpg
assets/photo/7/10.jpg
assets/photo/3/9.jpg
assets/tip_jiao8.png
assets/audio/jiao1.mp3
assets/btn_quit.png
assets/box/btn_close2.png
assets/photo/4/7.jpg
assets/box/text_yuan.png
assets/box/text_unlockAll.png
assets/photo/7/8.jpg
assets/photo/4/4.jpg
assets/photo/1/2.jpg
res/drawable-hdpi-v4/icon.png
assets/box/title_rule.png
assets/photo/3/7.jpg
assets/photo/5/dress.jpg
assets/photo/6/9.jpg
lib/armeabi/libcrypt_sign.so
assets/photo/7/siyi.jpg
assets/photo/5/3.jpg
assets/photo/3/thumb.png
assets/tip_jiao5.png
assets/btn_return.png
assets/box/text_unlock.png
assets/tip_jiao10.png
assets/photo/6/5.jpg
assets/box/bg_box.png
assets/box/btn_siyi.png
assets/box/text_rule.png
assets/box/num_zifei2.png
assets/tip_quan_lose.png
assets/icon_quan3.png
assets/photo/5/8.jpg
lib/armeabi/libcocos2dcpp.so
res/drawable-xhdpi-v4/icon.png
assets/icon_quang1.png
assets/btn_tool2.png
assets/photo/2/8.jpg
assets/box/num_zifei.png
assets/p3Pic/xx02.png
assets/photo/4/thumb.png
assets/photo/7/4.jpg
assets/photo/3/siyi.jpg
assets/photo/5/12.jpg
assets/ep/rsp
assets/photo/4/8.jpg
assets/audio/win.ogg
assets/btn_gift.png
assets/photo/7/9.jpg
assets/tip_siyi3.png
assets/bg_main.jpg
assets/tip_jiao9.png
assets/btn_siyip2.png
assets/photo/6/4.jpg
assets/photo/3/3.jpg
assets/photo/7/11.jpg
assets/photo/4/11.jpg
assets/photo/2/12.jpg
assets/qshp_3001_2278
assets/photo/6/dress.jpg
assets/box/text_jiao.png
assets/photo/5/4.jpg
assets/photo/1/10.jpg
assets/photo/2/3.jpg
assets/icon_tool4.png
assets/p3Pic/xx06.png
assets/box/btn_lifeget.png
assets/audio/jiao2.mp3
assets/photo/1/7.jpg
assets/box/text_jipin.png
assets/audio/select.ogg
assets/btn_tool3.png
assets/tip_jiao6.png
assets/p3Pic/xx01.png
assets/photo/6/thumb.png
assets/box/bg_new.png
assets/photo/4/5.jpg
assets/photo/5/2.jpg
assets/title_yunyu.png
assets/box/text_lifeget.png
assets/p3Pic/xx08.png
assets/yfbb/plugin
assets/photo/3/8.jpg
assets/please_jiao.png
assets/icon_quang2.png
assets/photo/2/7.jpg
assets/photo/3/4.jpg
assets/photo/4/10.jpg
assets/photo/6/10.jpg
assets/photo/7/3.jpg
assets/photo/2/10.jpg
assets/tip_quan_draw.png
assets/text_yunyu.png
assets/anim2.plist
assets/photo/7/thumb.png
assets/tip_jiao2.png
assets/box/text_zifei.png
assets/photo/6/6.jpg
assets/p3Pic/xxxx
assets/photo/1/3.jpg
assets/photo/5/9.jpg
assets/photo/7/12.jpg
assets/p3Pic/xx05.png
assets/photo/6/3.jpg
assets/btn_soundClose.png
assets/photo/4/9.jpg
assets/please_quan.png
assets/photo/3/12.jpg
assets/touchhole2.png
assets/audio/jiao3.mp3
assets/photo/5/11.jpg
assets/please_siyi.png
assets/box/btn_unlockone.png
assets/tip_siyi2.png
assets/photo/5/thumb.png
assets/box/text_zifei2.png
assets/photo/1/11.jpg
assets/box/btn_newok.png
assets/photo/7/dress.jpg
assets/btn_quan1.png
assets/num_life.png
assets/audio/btn.ogg
assets/photo/7/thumb_closed.png
assets/tip_quan_win.png
assets/photo/1/6.jpg
assets/icon_lock.png
res/drawable-mdpi-v4/icon.png
assets/photo/5/5.jpg
assets/photo/2/4.jpg
assets/icon_tool3.png
assets/photo/5/1.jpg
assets/eplus/utils
assets/btn_tool4.png
assets/tip_jiao12.png
assets/btn_soundOpen.png
assets/bg_game.jpg
assets/icon_quan1.png
assets/audio/clear.mp3
assets/photo/1/4.jpg
assets/p3Pic/xx09.png
assets/audio/lose.ogg
assets/photo/7/6.jpg
assets/tip_siyi1.png
assets/photo/4/dress.jpg
assets/tip_jiao3.png
assets/anim2.png
assets/photo/7/thumb_title.png
assets/photo/4/2.jpg
assets/photo/3/5.jpg
assets/icon_quang3.png
assets/photo/2/siyi.jpg
assets/photo/2/1.jpg
assets/anim.png
assets/photo/6/7.jpg
assets/box/btn_unlockall.png
assets/onib_clz.jar
assets/photo/1/thumb.png
assets/photo/6/12.jpg
assets/sypayinfo/UI_PAY_CODE
assets/photo/3/1.jpg
assets/icon_tool2.png
assets/slider_quan1.png
assets/photo/2/5.jpg
assets/photo/5/6.jpg
assets/btn_quan2.png
assets/p3Pic/xx04.png
assets/photo/1/12.jpg
assets/sypayinfo/UI_PAY_CODE_WC
assets/photo/3/11.jpg
assets/photo/7/2.jpg
assets/touchhole1.png
assets/photo/4/1.jpg
assets/audio/jiao4.mp3
assets/photo/1/9.jpg
assets/photo/touchhole1.png
assets/photo/4/6.jpg
assets/photo/1/5.jpg
assets/photo/5/10.jpg
assets/wyzf/res.bin
assets/p3Pic/xx10.png
assets/photo/7/7.jpg
assets/p3Pic/xxx
assets/photo/5/siyi.jpg
assets/audio/si.ogg
assets/box/btn_check.png
assets/box/title_siyi.png
assets/photo/3/dress.jpg
assets/photo/6/2.jpg
classes.dex
assets/tip_jiao7.png