Technical Information
- [<HKLM>\SOFTWARE\Classes\olkfile\Shell\Open\Command] '' = '%PROGRAM_FILES%\TFG\Agent\IgAgent.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IgAgent' = '"%PROGRAM_FILES%\TFG\Agent\IgAgent.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\IGSvc] 'Start' = '00000002'
- '%PROGRAM_FILES%\TFG\Agent\IgSvc.exe'
- '%PROGRAM_FILES%\TFG\Agent\IgAgent.exe'
- '%PROGRAM_FILES%\TFG\Agent\IgSvc.exe' -start
- '%TEMP%\nsn3.tmp\ns4.tmp' %PROGRAM_FILES%\TFG\Agent\Update\EveryonePurview.exe
- '%PROGRAM_FILES%\TFG\Agent\Update\EveryonePurview.exe'
- '%PROGRAM_FILES%\TFG\Agent\Update\TFGInstallTool.exe'
- '<SYSTEM32>\cmd.exe' /c ""%PROGRAM_FILES%\TFG\Agent\Patchs\Adobe_Reader(X-XI)_ProtectedMode.bat""
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Privileged" /v bProtectedMode /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Privileged" /v bProtectedMode /t REG_DWORD /d 0 /f
- '<SYSTEM32>\cacls.exe' "%PROGRAM_FILES%\TFG\Agent\Log\*" /G everyone:F
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\TFG\Agent\IgIcon.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\TFG\Agent\IgMenu.dll"
- '<SYSTEM32>\cacls.exe' "%PROGRAM_FILES%\TFG\Agent\Log" /G everyone:F
- Handler for all processes: %PROGRAM_FILES%\TFG\Agent\IgAgent.dll
- NtOpenProcess, handler: SecuFile.sys
- %PROGRAM_FILES%\TFG\Agent\Update\AST\Viruskill.dll
- %PROGRAM_FILES%\TFG\Agent\Update\AST\msvcp60.dll
- %PROGRAM_FILES%\TFG\Agent\Update\Log\log.ini
- %PROGRAM_FILES%\TFG\Agent\Update\AST\SetupScan.exe
- %PROGRAM_FILES%\TFG\Agent\Update\BackUpFile\TFGFileBackup.exe
- %PROGRAM_FILES%\TFG\Agent\Update\Mixin\Mixin_Setup.exe
- %PROGRAM_FILES%\TFG\Agent\Update\AST\msvcr71.dll
- %PROGRAM_FILES%\TFG\Agent\Update\AST\base\Trojan.avd
- %PROGRAM_FILES%\TFG\Agent\Update\Log\LogConfig.ini
- %PROGRAM_FILES%\TFG\Agent\Update\XML.dll
- %PROGRAM_FILES%\TFG\Agent\Update\language\lang_ch.xml
- %PROGRAM_FILES%\TFG\Agent\Update\xerces-c_2_6.dll
- %PROGRAM_FILES%\TFG\Agent\Update\xerces-depdom_2_6.dll
- %PROGRAM_FILES%\TFG\Agent\Update\language\lang_tw.xml
- %PROGRAM_FILES%\TFG\Agent\Update\gdiplus.dll
- %PROGRAM_FILES%\TFG\Agent\Update\language\lang_en.xml
- %PROGRAM_FILES%\TFG\Agent\Update\language\lang_jp.xml
- %TEMP%\~TF9.tmp
- %TEMP%\~TFA.tmp
- %TEMP%\~TF6.tmp
- %APPDATA%\TFG\InfoGuard.lang
- %TEMP%\~TFD.tmp
- %TEMP%\~TFE.tmp
- %TEMP%\~TFB.tmp
- %TEMP%\~TFC.tmp
- %APPDATA%\TFG\igcfg.dat
- %PROGRAM_FILES%\TFG\Agent\Update\Patchs\Patch.ini
- %TEMP%\nsn3.tmp\nsExec.dll
- %PROGRAM_FILES%\TFG\Agent\Update\EveryonePurview.exe
- %PROGRAM_FILES%\TFG\Agent\Update\Patchs\Adobe_Reader(X-XI)_ProtectedMode.bat
- %PROGRAM_FILES%\TFG\Agent\Log\IgSvc.log
- %PROGRAM_FILES%\TFG\Agent\Log\IgAgent.log
- %TEMP%\nsn3.tmp\ns4.tmp
- %TEMP%\~TF5.tmp
- %PROGRAM_FILES%\TFG\Agent\Update\IgAgentSimp.dll
- %PROGRAM_FILES%\TFG\Agent\Update\igcfg.dat
- %PROGRAM_FILES%\TFG\Agent\Update\IgAgent.dll
- %PROGRAM_FILES%\TFG\Agent\Update\IgAgent.exe
- %PROGRAM_FILES%\TFG\Agent\Update\IgToken.dll
- %PROGRAM_FILES%\TFG\Agent\Update\FT_ND_API.dll
- %PROGRAM_FILES%\TFG\Agent\Update\IgDetour.dll
- %PROGRAM_FILES%\TFG\Agent\Update\IgSvc.exe
- %PROGRAM_FILES%\TFG\Agent\Update\IgAce.dll
- %TEMP%\nsn3.tmp\System.dll
- %PROGRAM_FILES%\TFG\Agent\Update\IgIcon.dll
- %TEMP%\nsw2.tmp
- %PROGRAM_FILES%\TFG\Agent\Update\TFGInstallTool.exe
- %PROGRAM_FILES%\TFG\Agent\Update\dmssleay.dll
- %PROGRAM_FILES%\TFG\Agent\Update\esfp_api.dll
- %PROGRAM_FILES%\TFG\Agent\Update\IgMenu.dll
- %PROGRAM_FILES%\TFG\Agent\Update\About.bmp
- %PROGRAM_FILES%\TFG\Agent\Update\ExceptionProc.dll
- %PROGRAM_FILES%\TFG\Agent\Update\RestartProcess.exe
- %PROGRAM_FILES%\TFG\Agent\Update\libcurl.dll
- %PROGRAM_FILES%\TFG\Agent\Update\dbghelp.dll
- %PROGRAM_FILES%\TFG\Agent\Update\typetrait.dat
- %PROGRAM_FILES%\TFG\Agent\Update\ExportAgentConfig.dll
- %PROGRAM_FILES%\TFG\Agent\Update\agentfile.list
- %PROGRAM_FILES%\TFG\Agent\Update\msvcp60.dll
- %PROGRAM_FILES%\TFG\Agent\Update\zlib1.dll
- %PROGRAM_FILES%\TFG\Agent\Update\InfoGuard.lang
- %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64.inf
- %PROGRAM_FILES%\TFG\Agent\Update\IGToken_ePass.dll
- %PROGRAM_FILES%\TFG\Agent\Update\IGToken_eSafe.dll
- %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64_5.sys
- %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64Installer.exe
- %PROGRAM_FILES%\TFG\Agent\Update\SecuFile.sys
- %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64_6.sys
- %TEMP%\~TFB.tmp
- %TEMP%\~TFA.tmp
- %TEMP%\~TF9.tmp
- %TEMP%\~TFE.tmp
- %TEMP%\~TFD.tmp
- %TEMP%\~TFC.tmp
- %TEMP%\~TF5.tmp
- %TEMP%\nsn3.tmp\nsExec.dll
- %TEMP%\nsn3.tmp\ns4.tmp
- %TEMP%\~TF6.tmp
- %PROGRAM_FILES%\TFG\Agent\Log\IgSvc.log
- %TEMP%\nsn3.tmp\System.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\Log\LogConfig.ini to %PROGRAM_FILES%\TFG\Agent\Log\LogConfig.ini
- from %PROGRAM_FILES%\TFG\Agent\Update\Log\log.ini to %PROGRAM_FILES%\TFG\Agent\Log\log.ini
- from %PROGRAM_FILES%\TFG\Agent\Update\libcurl.dll to %PROGRAM_FILES%\TFG\Agent\libcurl.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\Patchs\Adobe_Reader(X-XI)_ProtectedMode.bat to %PROGRAM_FILES%\TFG\Agent\Patchs\Adobe_Reader(X-XI)_ProtectedMode.bat
- from %PROGRAM_FILES%\TFG\Agent\Update\msvcp60.dll to %PROGRAM_FILES%\TFG\Agent\msvcp60.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\Mixin\Mixin_Setup.exe to %PROGRAM_FILES%\TFG\Agent\Mixin\Mixin_Setup.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\language\lang_tw.xml to %PROGRAM_FILES%\TFG\Agent\language\lang_tw.xml
- from %PROGRAM_FILES%\TFG\Agent\Update\InfoGuard.lang to %PROGRAM_FILES%\TFG\Agent\InfoGuard.lang
- from %PROGRAM_FILES%\TFG\Agent\Update\IGToken_eSafe.dll to %PROGRAM_FILES%\TFG\Agent\IGToken_eSafe.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\IGToken_ePass.dll to %PROGRAM_FILES%\TFG\Agent\IGToken_ePass.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\language\lang_jp.xml to %PROGRAM_FILES%\TFG\Agent\language\lang_jp.xml
- from %PROGRAM_FILES%\TFG\Agent\Update\language\lang_en.xml to %PROGRAM_FILES%\TFG\Agent\language\lang_en.xml
- from %PROGRAM_FILES%\TFG\Agent\Update\language\lang_ch.xml to %PROGRAM_FILES%\TFG\Agent\language\lang_ch.xml
- from %PROGRAM_FILES%\TFG\Agent\Update\xerces-c_2_6.dll to %PROGRAM_FILES%\TFG\Agent\xerces-c_2_6.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\typetrait.dat to %PROGRAM_FILES%\TFG\Agent\typetrait.dat
- from %PROGRAM_FILES%\TFG\Agent\Update\TFGInstallTool.exe to %PROGRAM_FILES%\TFG\Agent\TFGInstallTool.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\zlib1.dll to %PROGRAM_FILES%\TFG\Agent\zlib1.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\XML.dll to %PROGRAM_FILES%\TFG\Agent\XML.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\xerces-depdom_2_6.dll to %PROGRAM_FILES%\TFG\Agent\xerces-depdom_2_6.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64_6.sys to %PROGRAM_FILES%\TFG\Agent\SecuFileX64_6.sys
- from %PROGRAM_FILES%\TFG\Agent\Update\SecuFile.sys to %PROGRAM_FILES%\TFG\Agent\SecuFile.sys
- from %PROGRAM_FILES%\TFG\Agent\Update\RestartProcess.exe to %PROGRAM_FILES%\TFG\Agent\RestartProcess.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\Patchs\Patch.ini to %PROGRAM_FILES%\TFG\Agent\Patchs\Patch.ini
- from %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64_5.sys to %PROGRAM_FILES%\TFG\Agent\SecuFileX64_5.sys
- from %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64Installer.exe to %PROGRAM_FILES%\TFG\Agent\SecuFileX64Installer.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\SecuFileX64.inf to %PROGRAM_FILES%\TFG\Agent\SecuFileX64.inf
- from %PROGRAM_FILES%\TFG\Agent\Update\dmssleay.dll to %PROGRAM_FILES%\TFG\Agent\dmssleay.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\dbghelp.dll to %PROGRAM_FILES%\TFG\Agent\dbghelp.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\BackUpFile\TFGFileBackup.exe to %PROGRAM_FILES%\TFG\Agent\BackUpFile\TFGFileBackup.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\ExceptionProc.dll to %PROGRAM_FILES%\TFG\Agent\ExceptionProc.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\EveryonePurview.exe to %PROGRAM_FILES%\TFG\Agent\EveryonePurview.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\esfp_api.dll to %PROGRAM_FILES%\TFG\Agent\esfp_api.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\AST\Viruskill.dll to %PROGRAM_FILES%\TFG\Agent\AST\Viruskill.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\AST\base\Trojan.avd to %PROGRAM_FILES%\TFG\Agent\AST\base\Trojan.avd
- from %PROGRAM_FILES%\TFG\Agent\Update\agentfile.list to %PROGRAM_FILES%\TFG\Agent\agentfile.list
- from %PROGRAM_FILES%\TFG\Agent\Update\About.bmp to %PROGRAM_FILES%\TFG\Agent\About.bmp
- from %PROGRAM_FILES%\TFG\Agent\Update\AST\SetupScan.exe to %PROGRAM_FILES%\TFG\Agent\AST\SetupScan.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\AST\msvcr71.dll to %PROGRAM_FILES%\TFG\Agent\AST\msvcr71.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\AST\msvcp60.dll to %PROGRAM_FILES%\TFG\Agent\AST\msvcp60.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\IgIcon.dll to %PROGRAM_FILES%\TFG\Agent\IgIcon.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\IgDetour.dll to %PROGRAM_FILES%\TFG\Agent\IgDetour.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\igcfg.dat to %PROGRAM_FILES%\TFG\Agent\igcfg.dat
- from %PROGRAM_FILES%\TFG\Agent\Update\IgToken.dll to %PROGRAM_FILES%\TFG\Agent\IgToken.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\IgSvc.exe to %PROGRAM_FILES%\TFG\Agent\IgSvc.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\IgMenu.dll to %PROGRAM_FILES%\TFG\Agent\IgMenu.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\IgAgentSimp.dll to %PROGRAM_FILES%\TFG\Agent\IgAgentSimp.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\gdiplus.dll to %PROGRAM_FILES%\TFG\Agent\gdiplus.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\FT_ND_API.dll to %PROGRAM_FILES%\TFG\Agent\FT_ND_API.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\ExportAgentConfig.dll to %PROGRAM_FILES%\TFG\Agent\ExportAgentConfig.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\IgAgent.exe to %PROGRAM_FILES%\TFG\Agent\IgAgent.exe
- from %PROGRAM_FILES%\TFG\Agent\Update\IgAgent.dll to %PROGRAM_FILES%\TFG\Agent\IgAgent.dll
- from %PROGRAM_FILES%\TFG\Agent\Update\IgAce.dll to %PROGRAM_FILES%\TFG\Agent\IgAce.dll
- 'tf#.##dea.com.cn':80
- tf#.##dea.com.cn/WebCenterSvc/index.php
- DNS ASK tf#.##dea.com.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'