Technical Information
- [<HKLM>\Software\Classes\Symantec.Encrypt.symtxt\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symdoc\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symdocx\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.sympdf\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symppt\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.sympptx\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symhtml\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symhwp\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symxls\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symxlsx\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symhtm\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- [<HKLM>\Software\Classes\Symantec.Encrypt.symx\Shell\Open\Command] '' = '"C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"'
- %ALLUSERSPROFILE%\start menu\programs\startup\symantec ᤺¸º¸è£ ¼ö·ç¼ç.lnk
- User Account Control (UAC)
- %TEMP%\nsk2.tmp\system.dll
- C:\programdata\hsscan\hsstringtable.ini
- C:\programdata\hsscan\scsvcst.dll
- C:\programdata\hsscan\_flexiscan_exclude.ead
- C:\programdata\hsscan\_flexiscan_include.ead
- C:\programdata\hsscan\_flexiscan_quarantine.ead
- C:\programdata\hsscan\hscryptgen.exe
- C:\programdata\hsscan\hsencodefile.exe
- C:\programdata\hsscan\hsencryptload.exe
- C:\programdata\hsscan\hsinireg.exe
- C:\programdata\hsscan\hspasswordzip.exe
- C:\programdata\hsscan\installhscontextmenu.exe
- C:\programdata\hsscan\installhscontextmenupwdzip.exe
- C:\programdata\hsscan\scregreload.exe
- C:\programdata\hsscan\uninstallhscontextmenupwdzip.exe
- C:\programdata\hsscan\uninstallhscontextmenu.exe
- %TEMP%\nsk2.tmp\ns4.tmp
- %TEMP%\nsk2.tmp\ns5.tmp
- %ALLUSERSPROFILE%\start menu\programs\symantec ᤺¸º¸è£ ¼ö·ç¼ç\powerpack tools\encryptload.lnk
- %ALLUSERSPROFILE%\start menu\programs\symantec ᤺¸º¸è£ ¼ö·ç¼ç\powerpack tools\plug-in check.lnk
- %ALLUSERSPROFILE%\start menu\programs\symantec ᤺¸º¸è£ ¼ö·ç¼ç\powerpack tools\agent restart.lnk
- %ALLUSERSPROFILE%\start menu\programs\symantec ᤺¸º¸è£ ¼ö·ç¼ç\symantec ᤺¸º¸è£ ¼ö·ç¼ç.lnk
- %ALLUSERSPROFILE%\desktop\symantec ᤺¸º¸è£ ¼ö·ç¼ç.lnk
- C:\programdata\hsscan\scppa2003
- C:\programdata\hsscan\hsuninstall.exe
- %TEMP%\nsk2.tmp\ns6.tmp
- %ALLUSERSPROFILE%\start menu\programs\symantec ᤺¸º¸è£ ¼ö·ç¼ç\powerpack tools\user registration.lnk
- C:\programdata\hsscan\scgetuac
- C:\programdata\hsscan\hsscanschedule.ini
- %TEMP%\nsv8.tmp\nsexec.dll
- C:\programdata\hsscan\hsscandisk.ini
- C:\programdata\hsscan\hsnotify.ini
- C:\installscppa.log
- %TEMP%\nsk2.tmp\getversion.dll
- %TEMP%\nsk2.tmp\nsexec.dll
- %TEMP%\nsk2.tmp\ns3.tmp
- C:\programdata\hsscan\7z.dll
- C:\programdata\hsscan\7z.exe
- C:\programdata\hsscan\hsautocollect.exe
- C:\programdata\hsscan\hsmsgf.exe
- C:\programdata\hsscan\hsregdevice.exe
- C:\programdata\hsscan\hsreg_help.pdf
- C:\programdata\hsscan\hsrephost.exe
- C:\programdata\hsscan\hsscandisk.exe
- C:\programdata\hsscan\hsscan_help.pdf
- C:\programdata\hsscan\hstxsrv.exe
- C:\programdata\hsscan\scflashinst.exe
- C:\programdata\hsscan\scflexinst.exe
- C:\programdata\hsscan\scplugincheck.exe
- C:\programdata\hsscan\scprokill.exe
- C:\programdata\hsscan\scregdevice.exe
- C:\programdata\hsscan\scsethost.exe
- C:\programdata\hsscan\scseturl.exe
- C:\programdata\hsscan\scsvcst.exe
- C:\programdata\hsscan\turbodll.dll
- C:\programdata\hsscan\win7complayer.exe
- C:\programdata\hsscan\ifilereader.exe
- C:\programdata\hsscan\hsauthdll.dll
- C:\programdata\hsscan\hsencodeprofile.ini
- C:\programdata\hsscan\hsprintguard.ini
- %TEMP%\nsv8.tmp\ns9.tmp
- %TEMP%\nsk2.tmp\ns3.tmp
- %TEMP%\nsk2.tmp\ns4.tmp
- %TEMP%\nsk2.tmp\ns5.tmp
- C:\programdata\hsscan\installhscontextmenu.exe
- C:\programdata\hsscan\installhscontextmenupwdzip.exe
- %TEMP%\nsk2.tmp\ns6.tmp
- %TEMP%\nsk2.tmp\getversion.dll
- %TEMP%\nsk2.tmp\nsexec.dll
- %TEMP%\nsk2.tmp\system.dll
- '%TEMP%\nsk2.tmp\ns3.tmp' attrib +h C:\ProgramData
- '%TEMP%\nsv8.tmp\ns9.tmp' "HSRegDevice.exe" /i
- 'C:\programdata\hsscan\scregdevice.exe'
- '%TEMP%\nsk2.tmp\ns6.tmp' cacls C:\ProgramData\HSScan /e /t /g users:f
- 'C:\programdata\hsscan\hsencryptload.exe'
- '%TEMP%\nsk2.tmp\ns5.tmp' "HSEncryptLoad.exe"
- 'C:\programdata\hsscan\hsregdevice.exe' /i
- 'C:\programdata\hsscan\win7complayer.exe'
- '%TEMP%\nsk2.tmp\ns4.tmp' "InstallHSContextMenu.exe"
- 'C:\programdata\hsscan\installhscontextmenu.exe'
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symxls="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symhtml="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symxlsx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symxlsx=Symantec.Encrypt.symxlsx' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symhtm="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '%TEMP%\nsk2.tmp\ns3.tmp' attrib +h C:\ProgramData' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symx=Symantec.Encrypt.symx' (with hidden window)
- '%TEMP%\nsk2.tmp\ns6.tmp' cacls C:\ProgramData\HSScan /e /t /g users:f' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symhwp=Symantec.Encrypt.symhwp' (with hidden window)
- '%TEMP%\nsk2.tmp\ns5.tmp' "HSEncryptLoad.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symhtm=Symantec.Encrypt.symhtm' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symhwp="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '%TEMP%\nsv8.tmp\ns9.tmp' "HSRegDevice.exe" /i' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .sympptx=Symantec.Encrypt.sympptx' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symdocx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '%TEMP%\nsk2.tmp\ns4.tmp' "InstallHSContextMenu.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symhtml=Symantec.Encrypt.symhtml' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symtxt=Symantec.Encrypt.symtxt' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symdoc="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symdoc=Symantec.Encrypt.symdoc' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symtxt="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symdocx=Symantec.Encrypt.symdocx' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.sympdf="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .sympdf=Symantec.Encrypt.sympdf' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symppt="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symppt=Symantec.Encrypt.symppt' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c assoc .symxls=Symantec.Encrypt.symxls' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.sympptx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"' (with hidden window)
- '<SYSTEM32>\attrib.exe' +h C:\ProgramData
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symhtm=Symantec.Encrypt.symhtm
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symhtm="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symxlsx=Symantec.Encrypt.symxlsx
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symxlsx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symxls=Symantec.Encrypt.symxls
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symxls="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symhwp=Symantec.Encrypt.symhwp
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symhwp="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symhtml=Symantec.Encrypt.symhtml
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symhtml="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .sympptx=Symantec.Encrypt.sympptx
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.sympptx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symppt=Symantec.Encrypt.symppt
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symppt="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .sympdf=Symantec.Encrypt.sympdf
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.sympdf="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symdocx=Symantec.Encrypt.symdocx
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symdocx="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symdoc=Symantec.Encrypt.symdoc
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symdoc="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symtxt=Symantec.Encrypt.symtxt
- '<SYSTEM32>\cmd.exe' /c ftype Symantec.Encrypt.symtxt="C:\ProgramData\HSScan\HSEncryptLoad.exe" "%1"
- '<SYSTEM32>\cmd.exe' /c assoc .symx=Symantec.Encrypt.symx
- '<SYSTEM32>\cacls.exe' C:\ProgramData\HSScan /e /t /g users:f