ikmnet测试android,celes_install_flash_player_ics115.81.apk

文件行为

行为描述:写权限映射文件

详情信息:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500

MSCTF.MarshalInterface.FileMap.IMI..NEIIG

MSCTF.MarshalInterface.FileMap.IMI.B.MGIIG

MSCTF.MarshalInterface.FileMap.IMI.C.MGIIG

MSCTF.MarshalInterface.FileMap.IMI.D.MGIIG

MSCTF.MarshalInterface.FileMap.IMI.E.MHIIG

MSCTF.MarshalInterface.FileMap.IMI.F.MHIIG

MSCTF.MarshalInterface.FileMap.IMI.G.MHIIG

MSCTF.Shared.SFM.IMI

MSCTF.MarshalInterface.FileMap.IKM..FFNMG

MSCTF.MarshalInterface.FileMap.IKM.B.EGNMG

MSCTF.MarshalInterface.FileMap.IKM.C.EGNMG

MSCTF.MarshalInterface.FileMap.IKM.D.EGNMG

MSCTF.MarshalInterface.FileMap.IKM.E.EGNMG

MSCTF.MarshalInterface.FileMap.IKM.F.EGNMG

行为描述:重命名文件

详情信息:C:\Program Files\Worksnaps\is-9GUNF.tmp ---> C:\Program Files\Worksnaps\unins000.exe

C:\Program Files\Worksnaps\is-R6NSQ.tmp ---> C:\Program Files\Worksnaps\AWSSDK.dll

C:\Program Files\Worksnaps\is-0J2TP.tmp ---> C:\Program Files\Worksnaps\capserv.dll

C:\Program Files\Worksnaps\is-JS41R.tmp ---> C:\Program Files\Worksnaps\captureDesktop.exe

C:\Program Files\Worksnaps\is-B93IB.tmp ---> C:\Program Files\Worksnaps\processImage.exe

C:\Program Files\Worksnaps\is-DDAI4.tmp ---> C:\Program Files\Worksnaps\procUpload.exe

C:\Program Files\Worksnaps\is-484J8.tmp ---> C:\Program Files\Worksnaps\config.ini.xml

C:\Program Files\Worksnaps\is-GL244.tmp ---> C:\Program Files\Worksnaps\noscreen.jpg

C:\Program Files\Worksnaps\is-CB6GR.tmp ---> C:\Program Files\Worksnaps\noscreen_thumb.jpg

C:\Program Files\Worksnaps\is-O5O9J.tmp ---> C:\Program Files\Worksnaps\procUploadDirect.net20.exe

C:\Program Files\Worksnaps\is-3743N.tmp ---> C:\Program Files\Worksnaps\procUploadDirect.net45.exe

C:\Program Files\Worksnaps\is-V35TG.tmp ---> C:\Program Files\Worksnaps\screen_1000.jpg

C:\Program Files\Worksnaps\is-JOOIN.tmp ---> C:\Program Files\Worksnaps\SkinH.dll

C:\Program Files\Worksnaps\is-BFE22.tmp ---> C:\Program Files\Worksnaps\skinh.she

C:\Program Files\Worksnaps\is-53Q8V.tmp ---> C:\Program Files\Worksnaps\WebCam.dll

行为描述:创建可执行文件

详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-TPN0C.tmp\sample.tmp

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-1P09R.tmp\_isetup\_shfoldr.dll

C:\Program Files\Worksnaps\is-9GUNF.tmp

C:\Program Files\Worksnaps\is-R6NSQ.tmp

C:\Program Files\Worksnaps\is-0J2TP.tmp

C:\Program Files\Worksnaps\is-JS41R.tmp

C:\Program Files\Worksnaps\is-B93IB.tmp

C:\Program Files\Worksnaps\is-DDAI4.tmp

C:\Program Files\Worksnaps\is-O5O9J.tmp

C:\Program Files\Worksnaps\is-3743N.tmp

C:\Program Files\Worksnaps\is-JOOIN.tmp

C:\Program Files\Worksnaps\is-53Q8V.tmp

C:\Program Files\Worksnaps\is-JR3EN.tmp

C:\Program Files\Worksnaps\is-9HLRO.tmp

C:\Program Files\Worksnaps\is-B5GE7.tmp

行为描述:修改文件内容

详情信息:C:\Program Files\Worksnaps\is-484J8.tmp---> Offset = 0

C:\Program Files\Worksnaps\is-GL244.tmp---> Offset = 0

C:\Program Files\Worksnaps\is-CB6GR.tmp---> Offset = 0

C:\Program Files\Worksnaps\is-V35TG.tmp---> Offset = 0

C:\Program Files\Worksnaps\is-BFE22.tmp---> Offset = 0

C:\Program Files\Worksnaps\res\is-0GM0N.tmp---> Offset = 0

C:\Documents and Settings\All Users\「开始」菜单\程序\Worksnaps Client\Worksnaps Client.lnk---> Offset = 0

C:\Documents and Settings\All Users\「开始」菜单\程序\Worksnaps Client\Uninstall .lnk---> Offset = 0

C:\Program Files\Worksnaps\unins000.dat---> Offset = 460

C:\Documents and Settings\Administrator\My Documents\worksnaps\config.xml---> Offset = 0

C:\Documents and Settings\Administrator\My Documents\worksnaps\screenrecord_trace.log---> Offset = 0

C:\Documents and Settings\Administrator\My Documents\worksnaps\screenrecord_trace.log---> Offset = 256

行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式

详情信息:C:\Documents and Settings\All Users\「开始」菜单\程序\Worksnaps Client\Worksnaps Client.lnk

C:\Documents and Settings\All Users\「开始」菜单\程序\Worksnaps Client\Uninstall .lnk