Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IgAgent' = '"%ProgramFiles%\TFG\Agent\IgAgent.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\IGSvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\IGSvc] 'ImagePath' = '%ProgramFiles%\TFG\Agent\IgSvc.exe -start'
- [<HKLM>\SYSTEM\ControlSet001\Services\SecuFile] 'ImagePath' = '%ProgramFiles%\TFG\Agent\SecuFile.sys'
- NtOpenProcess, драйвер-обработчик: SecuFile.sys
- %TEMP%\nsh2.tmp
- %ProgramFiles%\TFG\Agent\Update\AST\SetupScan.exe
- %ProgramFiles%\TFG\Agent\Update\Log\log.ini
- %ProgramFiles%\TFG\Agent\Update\Log\LogConfig.ini
- %ProgramFiles%\TFG\Agent\Update\Log\IgAgent_2016-04-18.log
- %ProgramFiles%\TFG\Agent\Update\Log\IgAgent_2016-04-12.log
- %ProgramFiles%\TFG\Agent\Update\gdiplus.dll
- %ProgramFiles%\TFG\Agent\Update\language\lang_tw.xml
- %ProgramFiles%\TFG\Agent\Update\language\lang_jp.xml
- %ProgramFiles%\TFG\Agent\Update\language\lang_en.xml
- %ProgramFiles%\TFG\Agent\Update\language\lang_ch.xml
- %ProgramFiles%\TFG\Agent\Update\XML.dll
- %ProgramFiles%\TFG\Agent\Update\xerces-depdom_2_6.dll
- %ProgramFiles%\TFG\Agent\Update\xerces-c_2_6.dll
- %ProgramFiles%\TFG\Agent\Update\ExportAgentConfig.dll
- %ProgramFiles%\TFG\Agent\Update\IELauncher.exe
- %ProgramFiles%\TFG\Agent\Update\AST\Viruskill.dll
- %ProgramFiles%\TFG\Agent\Update\AST\msvcp60.dll
- %ProgramFiles%\TFG\Agent\Update\AST\msvcr71.dll
- %ProgramFiles%\TFG\Agent\Update\AST\base\Trojan.avd
- %HOMEPATH%\Templates\~TF5.tmp
- %ProgramFiles%\TFG\Agent\Update\TFGInstallTool.log
- %TEMP%\nst3.tmp\ns4.tmp
- %TEMP%\nst3.tmp\nsExec.dll
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_uedit32.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_office.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_acad.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\Patch.ini
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_AcroRd32.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\Office2010(2013)_ProtectedView.bat
- %ProgramFiles%\TFG\Agent\Update\Patchs\Foxit_MultiInstance.bat
- %ProgramFiles%\TFG\Agent\Update\Patchs\Adobe_Reader(X-XI)_ProtectedMode.bat
- %ProgramFiles%\TFG\Agent\Update\Patchs\Adobe_Reader&&Acrobat(X-XI)_ProtectedMode.bat
- %ProgramFiles%\TFG\Agent\Update\FileTypeAnalyze.dll
- %ProgramFiles%\TFG\Agent\Update\EveryonePurview.exe
- %ProgramFiles%\TFG\Agent\Update\Mixin\Mixin_Setup.exe
- %ProgramFiles%\TFG\Agent\Log\IgSvc.log
- %ProgramFiles%\TFG\Agent\Update\UserInfoQueryLib_ForTieJuan.dll
- %ProgramFiles%\TFG\Agent\Update\ssleay32.dll
- %ProgramFiles%\TFG\Agent\Update\libeay32.dll
- %ProgramFiles%\TFG\Agent\Update\igcfg.dat
- %ProgramFiles%\TFG\Agent\Update\IgAgentSimp.dll
- %ProgramFiles%\TFG\Agent\Update\IgAgent.exe
- %ProgramFiles%\TFG\Agent\Update\IgAgent.dll
- %ProgramFiles%\TFG\Agent\Update\IgAce.dll
- %ProgramFiles%\TFG\Agent\Update\esfp_api.dll
- %ProgramFiles%\TFG\Agent\Update\dmssleay.dll
- %ProgramFiles%\TFG\Agent\Update\About.bmp
- %ProgramFiles%\TFG\Agent\Update\hkprint.ini
- %ProgramFiles%\TFG\Agent\Update\IgIconEx.dll
- %ProgramFiles%\TFG\Agent\Update\IgMenu.dll
- %ProgramFiles%\TFG\Agent\Update\IgIcon.dll
- %TEMP%\nst3.tmp\System.dll
- %ProgramFiles%\TFG\Agent\Update\TFGInstallTool.exe
- %ProgramFiles%\TFG\Agent\Update\BackupFile\BackUpFile\TFGFileBackup.exe
- %ProgramFiles%\TFG\Agent\Update\IgDetour.dll
- %ProgramFiles%\TFG\Agent\Update\IgSvc.exe
- %ProgramFiles%\TFG\Agent\Update\IgToken.dll
- %ProgramFiles%\TFG\Agent\Update\FT_ND_API.dll
- %ProgramFiles%\TFG\Agent\Update\typetrait.dat
- %ProgramFiles%\TFG\Agent\Update\msvcp60.dll
- %ProgramFiles%\TFG\Agent\Update\agentfile.list
- %ProgramFiles%\TFG\Agent\Update\RestartProcess.exe
- %ProgramFiles%\TFG\Agent\Update\ExceptionProc.dll
- %ProgramFiles%\TFG\Agent\Update\dbghelp.dll
- %ProgramFiles%\TFG\Agent\Update\libcurl.dll
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64Installer.exe
- %ProgramFiles%\TFG\Agent\Update\zlib1.dll
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64_5.sys
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64_6.sys
- %ProgramFiles%\TFG\Agent\Update\SecuFile.sys
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64.inf
- %ProgramFiles%\TFG\Agent\Update\InfoGuard.lang
- %ProgramFiles%\TFG\Agent\Update\IGToken_eSafe.dll
- %ProgramFiles%\TFG\Agent\Update\IGToken_ePass.dll
- %ProgramFiles%\TFG\Agent\Update\msvcr100.dll
- %ProgramFiles%\TFG\Agent\Log\IgAgent_2018-06-26.log
- %TEMP%\nst3.tmp\ns4.tmp
- %TEMP%\nst3.tmp\nsExec.dll
- %TEMP%\nst3.tmp\System.dll
- %HOMEPATH%\Templates\~TF5.tmp
- %ProgramFiles%\TFG\Agent\Log\IgSvc.log
- %ProgramFiles%\TFG\Agent\Update\About.bmp в %ProgramFiles%\TFG\Agent\About.bmp
- %ProgramFiles%\TFG\Agent\Update\language\lang_tw.xml в %ProgramFiles%\TFG\Agent\language\lang_tw.xml
- %ProgramFiles%\TFG\Agent\Update\libcurl.dll в %ProgramFiles%\TFG\Agent\libcurl.dll
- %ProgramFiles%\TFG\Agent\Update\libeay32.dll в %ProgramFiles%\TFG\Agent\libeay32.dll
- %ProgramFiles%\TFG\Agent\Update\Log\IgAgent_2016-04-12.log в %ProgramFiles%\TFG\Agent\Log\IgAgent_2016-04-12.log
- %ProgramFiles%\TFG\Agent\Update\Log\IgAgent_2016-04-18.log в %ProgramFiles%\TFG\Agent\Log\IgAgent_2016-04-18.log
- %ProgramFiles%\TFG\Agent\Update\Log\log.ini в %ProgramFiles%\TFG\Agent\Log\log.ini
- %ProgramFiles%\TFG\Agent\Update\Log\LogConfig.ini в %ProgramFiles%\TFG\Agent\Log\LogConfig.ini
- %ProgramFiles%\TFG\Agent\Update\Mixin\Mixin_Setup.exe в %ProgramFiles%\TFG\Agent\Mixin\Mixin_Setup.exe
- %ProgramFiles%\TFG\Agent\Update\msvcp60.dll в %ProgramFiles%\TFG\Agent\msvcp60.dll
- %ProgramFiles%\TFG\Agent\Update\msvcr100.dll в %ProgramFiles%\TFG\Agent\msvcr100.dll
- %ProgramFiles%\TFG\Agent\Update\Patchs\Adobe_Reader&&Acrobat(X-XI)_ProtectedMode.bat в %ProgramFiles%\TFG\Agent\Patchs\Adobe_Reader&&Acrobat(X-XI)_ProtectedMode.bat
- %ProgramFiles%\TFG\Agent\Update\Patchs\Adobe_Reader(X-XI)_ProtectedMode.bat в %ProgramFiles%\TFG\Agent\Patchs\Adobe_Reader(X-XI)_ProtectedMode.bat
- %ProgramFiles%\TFG\Agent\Update\Patchs\Foxit_MultiInstance.bat в %ProgramFiles%\TFG\Agent\Patchs\Foxit_MultiInstance.bat
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_acad.exe в %ProgramFiles%\TFG\Agent\Patchs\mi_acad.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_AcroRd32.exe в %ProgramFiles%\TFG\Agent\Patchs\mi_AcroRd32.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_office.exe в %ProgramFiles%\TFG\Agent\Patchs\mi_office.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\mi_uedit32.exe в %ProgramFiles%\TFG\Agent\Patchs\mi_uedit32.exe
- %ProgramFiles%\TFG\Agent\Update\xerces-depdom_2_6.dll в %ProgramFiles%\TFG\Agent\xerces-depdom_2_6.dll
- %ProgramFiles%\TFG\Agent\Update\xerces-c_2_6.dll в %ProgramFiles%\TFG\Agent\xerces-c_2_6.dll
- %ProgramFiles%\TFG\Agent\Update\UserInfoQueryLib_ForTieJuan.dll в %ProgramFiles%\TFG\Agent\UserInfoQueryLib_ForTieJuan.dll
- %ProgramFiles%\TFG\Agent\Update\typetrait.dat в %ProgramFiles%\TFG\Agent\typetrait.dat
- %ProgramFiles%\TFG\Agent\Update\TFGInstallTool.exe в %ProgramFiles%\TFG\Agent\TFGInstallTool.exe
- %ProgramFiles%\TFG\Agent\Update\ssleay32.dll в %ProgramFiles%\TFG\Agent\ssleay32.dll
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64_5.sys в %ProgramFiles%\TFG\Agent\SecuFileX64_5.sys
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64_6.sys в %ProgramFiles%\TFG\Agent\SecuFileX64_6.sys
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64Installer.exe в %ProgramFiles%\TFG\Agent\SecuFileX64Installer.exe
- %ProgramFiles%\TFG\Agent\Update\SecuFileX64.inf в %ProgramFiles%\TFG\Agent\SecuFileX64.inf
- %ProgramFiles%\TFG\Agent\Update\SecuFile.sys в %ProgramFiles%\TFG\Agent\SecuFile.sys
- %ProgramFiles%\TFG\Agent\Update\RestartProcess.exe в %ProgramFiles%\TFG\Agent\RestartProcess.exe
- %ProgramFiles%\TFG\Agent\Update\Patchs\Patch.ini в %ProgramFiles%\TFG\Agent\Patchs\Patch.ini
- %ProgramFiles%\TFG\Agent\Update\Patchs\Office2010(2013)_ProtectedView.bat в %ProgramFiles%\TFG\Agent\Patchs\Office2010(2013)_ProtectedView.bat
- %ProgramFiles%\TFG\Agent\Update\XML.dll в %ProgramFiles%\TFG\Agent\XML.dll
- %ProgramFiles%\TFG\Agent\Update\language\lang_jp.xml в %ProgramFiles%\TFG\Agent\language\lang_jp.xml
- %ProgramFiles%\TFG\Agent\Update\language\lang_en.xml в %ProgramFiles%\TFG\Agent\language\lang_en.xml
- %ProgramFiles%\TFG\Agent\Update\language\lang_ch.xml в %ProgramFiles%\TFG\Agent\language\lang_ch.xml
- %ProgramFiles%\TFG\Agent\Update\agentfile.list в %ProgramFiles%\TFG\Agent\agentfile.list
- %ProgramFiles%\TFG\Agent\Update\AST\base\Trojan.avd в %ProgramFiles%\TFG\Agent\AST\base\Trojan.avd
- %ProgramFiles%\TFG\Agent\Update\AST\msvcp60.dll в %ProgramFiles%\TFG\Agent\AST\msvcp60.dll
- %ProgramFiles%\TFG\Agent\Update\AST\msvcr71.dll в %ProgramFiles%\TFG\Agent\AST\msvcr71.dll
- %ProgramFiles%\TFG\Agent\Update\AST\SetupScan.exe в %ProgramFiles%\TFG\Agent\AST\SetupScan.exe
- %ProgramFiles%\TFG\Agent\Update\AST\Viruskill.dll в %ProgramFiles%\TFG\Agent\AST\Viruskill.dll
- %ProgramFiles%\TFG\Agent\Update\BackupFile\BackUpFile\TFGFileBackup.exe в %ProgramFiles%\TFG\Agent\BackupFile\BackUpFile\TFGFileBackup.exe
- %ProgramFiles%\TFG\Agent\Update\dbghelp.dll в %ProgramFiles%\TFG\Agent\dbghelp.dll
- %ProgramFiles%\TFG\Agent\Update\dmssleay.dll в %ProgramFiles%\TFG\Agent\dmssleay.dll
- %ProgramFiles%\TFG\Agent\Update\esfp_api.dll в %ProgramFiles%\TFG\Agent\esfp_api.dll
- %ProgramFiles%\TFG\Agent\Update\EveryonePurview.exe в %ProgramFiles%\TFG\Agent\EveryonePurview.exe
- %ProgramFiles%\TFG\Agent\Update\ExceptionProc.dll в %ProgramFiles%\TFG\Agent\ExceptionProc.dll
- %ProgramFiles%\TFG\Agent\Update\ExportAgentConfig.dll в %ProgramFiles%\TFG\Agent\ExportAgentConfig.dll
- %ProgramFiles%\TFG\Agent\Update\FileTypeAnalyze.dll в %ProgramFiles%\TFG\Agent\FileTypeAnalyze.dll
- %ProgramFiles%\TFG\Agent\Update\FT_ND_API.dll в %ProgramFiles%\TFG\Agent\FT_ND_API.dll
- %ProgramFiles%\TFG\Agent\Update\gdiplus.dll в %ProgramFiles%\TFG\Agent\gdiplus.dll
- %ProgramFiles%\TFG\Agent\Update\hkprint.ini в %ProgramFiles%\TFG\Agent\hkprint.ini
- %ProgramFiles%\TFG\Agent\Update\IGToken_eSafe.dll в %ProgramFiles%\TFG\Agent\IGToken_eSafe.dll
- %ProgramFiles%\TFG\Agent\Update\IGToken_ePass.dll в %ProgramFiles%\TFG\Agent\IGToken_ePass.dll
- %ProgramFiles%\TFG\Agent\Update\IgToken.dll в %ProgramFiles%\TFG\Agent\IgToken.dll
- %ProgramFiles%\TFG\Agent\Update\IgSvc.exe в %ProgramFiles%\TFG\Agent\IgSvc.exe
- %ProgramFiles%\TFG\Agent\Update\IgMenu.dll в %ProgramFiles%\TFG\Agent\IgMenu.dll
- %ProgramFiles%\TFG\Agent\Update\IgIconEx.dll в %ProgramFiles%\TFG\Agent\IgIconEx.dll
- %ProgramFiles%\TFG\Agent\Update\IgDetour.dll в %ProgramFiles%\TFG\Agent\IgDetour.dll
- %ProgramFiles%\TFG\Agent\Update\IgIcon.dll в %ProgramFiles%\TFG\Agent\IgIcon.dll
- %ProgramFiles%\TFG\Agent\Update\igcfg.dat в %ProgramFiles%\TFG\Agent\igcfg.dat
- %ProgramFiles%\TFG\Agent\Update\IgAgentSimp.dll в %ProgramFiles%\TFG\Agent\IgAgentSimp.dll
- %ProgramFiles%\TFG\Agent\Update\IgAgent.exe в %ProgramFiles%\TFG\Agent\IgAgent.exe
- %ProgramFiles%\TFG\Agent\Update\IgAgent.dll в %ProgramFiles%\TFG\Agent\IgAgent.dll
- %ProgramFiles%\TFG\Agent\Update\IgAce.dll в %ProgramFiles%\TFG\Agent\IgAce.dll
- %ProgramFiles%\TFG\Agent\Update\IELauncher.exe в %ProgramFiles%\TFG\Agent\IELauncher.exe
- %ProgramFiles%\TFG\Agent\Update\InfoGuard.lang в %ProgramFiles%\TFG\Agent\InfoGuard.lang
- %ProgramFiles%\TFG\Agent\Update\zlib1.dll в %ProgramFiles%\TFG\Agent\zlib1.dll
- %ProgramFiles%\TFG\Agent\Log\IgSvc.log
- '%TEMP%\nst3.tmp\ns4.tmp' %ProgramFiles%\TFG\Agent\Update\EveryonePurview.exe
- '%ProgramFiles%\TFG\Agent\Update\EveryonePurview.exe'
- '%ProgramFiles%\TFG\Agent\Update\TFGInstallTool.exe'
- '%ProgramFiles%\TFG\Agent\IgSvc.exe'
- '%ProgramFiles%\TFG\Agent\IgSvc.exe' -start
- '%ProgramFiles%\TFG\Agent\IgAgent.exe'
- '<SYSTEM32>\cmd.exe' /c echo Y|"<SYSTEM32>\cacls.exe" "%ProgramFiles%\TFG\Agent" /G everyone:F
- '<SYSTEM32>\cmd.exe' /c echo Y|"<SYSTEM32>\cacls.exe" "%ProgramFiles%\TFG\Agent\*" /G everyone:F
- '<SYSTEM32>\cmd.exe' /S /D /c" echo Y"
- '<SYSTEM32>\cacls.exe' "%ProgramFiles%\TFG\Agent\*" /G everyone:F
- '<SYSTEM32>\cacls.exe' "%ProgramFiles%\TFG\Agent" /G everyone:F