VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:e0a5e2974d767bb27a365bdf7cff8683
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:InstallShield 2003 Stub [Overlay]
Subfile information:使用说明.url / 23b272aeb266ec954619d6a9a0e600af / Unknown
风刑软件站-一个优秀的软件下载平台.url / c2776ee61896b5644deaf16231853540 / Unknown
QSS.exe / big file / EXE
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ISWndImgCls]
[Window,Class] = [,Static]
[Window,Class] = [,DlgcacClsName]
[Window,Class] = [,SetupWndImgCls]
[Window,Class] = [,#32770]
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\QSS快速安全设置.lnk
Behavior description:关机或重启
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Program Files\InstallShield Installation Information
Behavior description:创建系统服务
details:[服务创建成功]: jswpsapi, C:\Program Files\TP-LINK\QSS\jswpsapi.exe
[服务创建成功]: jswpbapi, C:\Program Files\TP-LINK\QSS\jswpbapi.exe
[服务创建成功]: JSWSCIMD, system32\DRIVERS\jswscimd.sys
[服务已存在]: JSWSCIMD, system32\DRIVERS\jswscimd.sys
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jswtrayutil
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = c:\windows\temp\temp\batcmd.bat
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = C:\WINDOWS\system32\regsvr32.exe /s /u C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\InstallHelper.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = C:\WINDOWS\system32\regsvr32.exe /s C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\InstallHelper.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\TP-LINK\QSS\jswnwstore.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\TP-LINK\QSS\jswwzcstore.dll"
ImagePath = C:\WINDOWS\system32\runonce.exe, CmdLine = runonce -r
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c C:\WINDOWS\Temp\temp\batcmd.bat
ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net start jswpbapi
ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 start jswpbapi
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\TP-LINK\QSS\jswpsapi.exe, CmdLine = "C:\Program Files\TP-LINK\QSS\jswpsapi.exe" /Service
ImagePath = C:\Program Files\TP-LINK\QSS\jswpbapi.exe, CmdLine = "C:\Program Files\TP-LINK\QSS\jswpbapi.exe" /Service
ImagePath = C:\Program Files\TP-LINK\QSS\jswpbapi.exe, CmdLine = "C:\Program Files\TP-LINK\QSS\jswpbapi.exe"
ImagePath = C:\Program Files\TP-LINK\QSS\jswtrayutil.exe, CmdLine = "C:\Program Files\TP-LINK\QSS\jswtrayutil.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\TP-LINK\QSS快速安全设置.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\ISSetup.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\_Setup.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\_Setup.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Insta3ef.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Insta42e.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa44d.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Firsa508.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\msvca547.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Pluga5d3.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\_ISUa660.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\dotna68f.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\isrta6ed.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\_IsRa7b8.rra
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{2daf8227-3a78-4b8c-8790-4cd9dd14dd4c}\Isrta7f6.rra
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\QSS快速安全设置.lnk
Behavior description:写权限映射文件
details:DfSharedHeapBEA79
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a2b7.rra
DfRoot0000BEA79
DfSharedHeapC5C16
DfRoot0000C5C16
DfSharedHeapC5C30
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\0
DfRoot0000C5C30
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF5C57.tmp
DfSharedHeapC5D0B
DfRoot0000C5D0B
DfSharedHeapC5D18
DfRoot0000C5D18
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF5DCC.tmp
\WINDOWS\setupapi.log
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\setua3c0.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\setup.inx
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\licea3df.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\license.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Insta3ef.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\InstallHelper.dl
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Insta42e.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\InstallIMD64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa44d.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswscimdx.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa49b.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswscimdpx.cat
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa4ab.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswscimdpx.inf
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa4d9.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswscimdx.cat
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa4e9.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswscimdx.inf
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Diska4f9.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\DiskList.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Firsa508.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\FirstRemove.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\msvca547.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\msvcp60.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Pluga5d3.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\PlugPlayPCIDevic
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\smala622.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\small_logo.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\licea650.rra ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\license.txt
Behavior description:设置特殊文件夹属性
details:C:\Program Files\InstallShield Installation Information
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\data1.cab---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\data1.hdr---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\layout.bin---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\setup.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\Disk1\setup.inx---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\MsiStub\{958C5A60-2E6F-4745-9ED0-AD6DD7300E7D}\QSS快速安全设置.msi---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6E5406BC-3922-4D76-8D4E-20A199DBFE98}\setup.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\setua3c0.rra---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\licea3df.rra---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa49b.rra---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa4ab.rra---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa4d9.rra---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\jswsa4e9.rra---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\Diska4f9.rra---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\smala622.rra---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner\
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.HardwareItem.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.HardwareItem.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.HardwareItem\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0D3DB963-A4ED-4E83-987B-93B447EB671C}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B403A89C-2CA8-43AD-911E-BC8429BCB418}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5F4B69EF-1A7C-4FDD-8F61-31ACD03A95B3}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7F411237-8CB3-4812-B934-D1CF7F60403B}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C5C6830E-806F-4F28-863B-C01B1B41AB98}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{77594188-FA62-45ee-A6D6-77FEBAE0AA77}\LocalService
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3353838A-8653-4E12-9540-EB1789EC3156}\LocalService
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\InfSectionExt
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage\BindPath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage\Bind
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage\Route
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage\BindPath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage\Bind
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage\Route
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner.1\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner.1
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner\CurVer
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.InfScanner
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\Programmable
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99}
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.HardwareItem.1\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.HardwareItem.1
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.HardwareItem\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\InstallHelper.HardwareItem\CurVer
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jswtrayutil
Other behavior
Behavior description:创建驱动文件镜像
details:C:\WINDOWS\system32\drivers\jswscimd.sys
Behavior description:创建互斥体
details:04B30114-CEF8-4424-A71C-5484A46BC882
SHIMLIB_LOG_MUTEX
WBEMPROVIDERSTATICMUTEX
Global\_MSIExecute
Global\NetCfgWriteLock
Global\{84b06608-8026-11d2-b1f2-00c04fd912b2}
RasPbFile
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ISWndImgCls]
[Window,Class] = [,Static]
[Window,Class] = [,DlgcacClsName]
[Window,Class] = [,SetupWndImgCls]
[Window,Class] = [,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, JumpStart Push-Button Service, C:\Program Files\TP-LINK\QSS\jswpbapi.exe
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\small_logo.bmp
Behavior description:窗口信息
details:Pid = 1972, Hwnd=0xd01c8, Text = 取消, ClassName = Button.
Pid = 1972, Hwnd=0xb01c6, Text = InstallShield Wizard 准备安装程序时,请等待。, ClassName = Static.
Pid = 1972, Hwnd=0xb0184, Text = 准备安装, ClassName = Static.
Pid = 1972, Hwnd=0xd01a4, Text = QSS快速安全设置 安装程序正在准备 InstallShield Wizard,它可指导您完成安装过程的其余部分。 请稍候。, ClassName = Static.
Pid = 1972, Hwnd=0xc01e8, Text = C, ClassName = Button.
Pid = 1972, Hwnd=0xb01ce, Text = < 上一步(&B), ClassName = Button.
Pid = 1972, Hwnd=0xd0180, Text = QSS快速安全设置 - InstallShield Wizard, ClassName = #32770.
Pid = 1972, Hwnd=0xe0180, Text = QSS快速安全设置, ClassName = InstallShield_Win.
Pid = 1972, Hwnd=0xc01ce, Text = 下一步(&N) >, ClassName = Button.
Pid = 1972, Hwnd=0xc0170, Text = 取消, ClassName = Button.
Pid = 1972, Hwnd=0xd01b4, Text = < 上一步(&B), ClassName = Button.
Pid = 1972, Hwnd=0xc01be, Text = 此程序会安装 QSS快速安全设置 应用程序。 , ClassName = Static.
Pid = 1972, Hwnd=0xd01e8, Text = C, ClassName = Button.
Pid = 1972, Hwnd=0xf016e, Text = QSS快速安全设置, ClassName = Static.
Pid = 1972, Hwnd=0xc01de, Text = QSS快速安全设置, ClassName = #32770.
Behavior description:关机或重启
details:N/A
Behavior description:创建系统服务
details:[服务创建成功]: jswpsapi, C:\Program Files\TP-LINK\QSS\jswpsapi.exe
[服务创建成功]: jswpbapi, C:\Program Files\TP-LINK\QSS\jswpbapi.exe
[服务创建成功]: JSWSCIMD, system32\DRIVERS\jswscimd.sys
[服务已存在]: JSWSCIMD, system32\DRIVERS\jswscimd.sys
Abnormal crash
Behavior description:创建驱动文件镜像
details:C:\WINDOWS\system32\drivers\jswscimd.sys
Behavior description:创建互斥体
details:04B30114-CEF8-4424-A71C-5484A46BC882
SHIMLIB_LOG_MUTEX
WBEMPROVIDERSTATICMUTEX
Global\_MSIExecute
Global\NetCfgWriteLock
Global\{84b06608-8026-11d2-b1f2-00c04fd912b2}
RasPbFile
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ISWndImgCls]
[Window,Class] = [,Static]
[Window,Class] = [,DlgcacClsName]
[Window,Class] = [,SetupWndImgCls]
[Window,Class] = [,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, JumpStart Push-Button Service, C:\Program Files\TP-LINK\QSS\jswpbapi.exe
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F0D4B1E-DF4F-474E-B25B-B1BB638A4A23}\{04B30114-CEF8-4424-A71C-5484A46BC882}\small_logo.bmp
Behavior description:窗口信息
details:Pid = 1972, Hwnd=0xd01c8, Text = 取消, ClassName = Button.
Pid = 1972, Hwnd=0xb01c6, Text = InstallShield Wizard 准备安装程序时,请等待。, ClassName = Static.
Pid = 1972, Hwnd=0xb0184, Text = 准备安装, ClassName = Static.
Pid = 1972, Hwnd=0xd01a4, Text = QSS快速安全设置 安装程序正在准备 InstallShield Wizard,它可指导您完成安装过程的其余部分。 请稍候。, ClassName = Static.
Pid = 1972, Hwnd=0xc01e8, Text = C, ClassName = Button.
Pid = 1972, Hwnd=0xb01ce, Text = < 上一步(&B), ClassName = Button.
Pid = 1972, Hwnd=0xd0180, Text = QSS快速安全设置 - InstallShield Wizard, ClassName = #32770.
Pid = 1972, Hwnd=0xe0180, Text = QSS快速安全设置, ClassName = InstallShield_Win.
Pid = 1972, Hwnd=0xc01ce, Text = 下一步(&N) >, ClassName = Button.
Pid = 1972, Hwnd=0xc0170, Text = 取消, ClassName = Button.
Pid = 1972, Hwnd=0xd01b4, Text = < 上一步(&B), ClassName = Button.
Pid = 1972, Hwnd=0xc01be, Text = 此程序会安装 QSS快速安全设置 应用程序。 , ClassName = Static.
Pid = 1972, Hwnd=0xd01e8, Text = C, ClassName = Button.
Pid = 1972, Hwnd=0xf016e, Text = QSS快速安全设置, ClassName = Static.
Pid = 1972, Hwnd=0xc01de, Text = QSS快速安全设置, ClassName = #32770.
Behavior description:关机或重启
details:N/A
Behavior description:创建系统服务
details:[服务创建成功]: jswpsapi, C:\Program Files\TP-LINK\QSS\jswpsapi.exe
[服务创建成功]: jswpbapi, C:\Program Files\TP-LINK\QSS\jswpbapi.exe
[服务创建成功]: JSWSCIMD, system32\DRIVERS\jswscimd.sys
[服务已存在]: JSWSCIMD, system32\DRIVERS\jswscimd.sys
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号