Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adguard' = '%ProgramFiles(x86)%\Adguard\Adguard.exe /nosplash'
- [<HKLM>\System\CurrentControlSet\Services\Adguard Service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Adguard Service] 'ImagePath' = '%ProgramFiles(x86)%\Adguard\AdguardSvc.exe'
- [<HKLM>\System\CurrentControlSet\Services\adgnetworktdidrv] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\adgnetworktdidrv] 'ImagePath' = 'system32\drivers\adgnetworktdidrv.sys'
- '%WINDIR%\syswow64\net.exe' stop "Adguard Service"
- C:\cyberspace\cyberspace.exe
- %PROGRAMDATA%\fontcacheev1.dat
- %PROGRAMDATA%\adguard\adguard.db
- %PROGRAMDATA%\adguard\adguard.db-journal
- %PROGRAMDATA%\adguard\core\gm.db
- %PROGRAMDATA%\adguard\core\gm.db-journal
- %PROGRAMDATA%\adguard\core\version
- %PROGRAMDATA%\adguard\logs\service\service_22-10-2019-23_46_54.241-2019-10-22.log
- %ProgramFiles(x86)%\adguard\unins000.dat
- C:\users\public\desktop\adguard.lnk
- %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\uninstall.lnk
- %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard.lnk
- %PROGRAMDATA%\adguard\is-gb5vd.tmp
- %ProgramFiles(x86)%\adguard\nss\is-vng9d.tmp
- %ProgramFiles(x86)%\adguard\nss\is-qabse.tmp
- %ProgramFiles(x86)%\adguard\nss\is-gbq13.tmp
- %ProgramFiles(x86)%\adguard\nss\is-grl9s.tmp
- %ProgramFiles(x86)%\adguard\nss\is-sru1m.tmp
- %ProgramFiles(x86)%\adguard\nss\is-l4urg.tmp
- %ProgramFiles(x86)%\adguard\nss\is-fd12a.tmp
- %WINDIR%\syswow64\drivers\vwifikerneldrv.sys
- %WINDIR%\syswow64\d3dx9_11.dll.tmp
- %WINDIR%\ehome\usrsts..dll
- %PROGRAMDATA%\microsoft\network\admngr.dat
- %PROGRAMDATA%\adguard\ssl\cert.db
- %PROGRAMDATA%\adguard\ssl\cert.db-journal
- %WINDIR%\temp\udddef8.tmp
- <DRIVERS>\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworktdidrv.sys
- %WINDIR%\temp\adguard-38.dat
- %WINDIR%\temp\3c37006ae930460d8ea92a3b3e277ef2\adguard personal ca.cer
- %WINDIR%\temp\2e70257d5b7c42f0b2c299f4d493f9c6\adguard personal ca.cer
- %PROGRAMDATA%\microsoft\windows\caches\{2843ada2-0f67-4f78-92e2-b7a4ab26a670}.2.ver0x0000000000000002.db
- %PROGRAMDATA%\adguard\ssl\adguard personal ca.cer
- %ProgramFiles(x86)%\adguard\nss\is-b82sa.tmp
- %ProgramFiles(x86)%\adguard\nss\is-p25oc.tmp
- %ProgramFiles(x86)%\adguard\nss\is-q66gk.tmp
- %ProgramFiles(x86)%\adguard\is-n4et3.tmp
- %ProgramFiles(x86)%\adguard\is-88un4.tmp
- %ProgramFiles(x86)%\adguard\is-k2enp.tmp
- %ProgramFiles(x86)%\adguard\is-n5dpi.tmp
- %ProgramFiles(x86)%\adguard\is-npuc6.tmp
- %ProgramFiles(x86)%\adguard\is-6qipu.tmp
- %ProgramFiles(x86)%\adguard\is-vn82i.tmp
- %ProgramFiles(x86)%\adguard\is-qfupu.tmp
- %ProgramFiles(x86)%\adguard\is-4u5ee.tmp
- %ProgramFiles(x86)%\adguard\is-12ttd.tmp
- %TEMP%\is-fvdgl.tmp\wizardform.bitmapimage1.bmp
- %TEMP%\is-fvdgl.tmp\metroblue.vsf
- %TEMP%\is-fvdgl.tmp\vclstylesinno.dll
- %TEMP%\is-fvdgl.tmp\istask.dll
- %TEMP%\is-fvdgl.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-fvdgl.tmp\_isetup\_setup64.tmp
- %TEMP%\is-fvdgl.tmp\_isetup\_regdll.tmp
- %TEMP%\is-5nsu1.tmp\cyberspace.tmp
- C:\cyberspace\silent.exe
- %ProgramFiles(x86)%\adguard\is-g6997.tmp
- %ProgramFiles(x86)%\adguard\is-iv4d3.tmp
- %ProgramFiles(x86)%\adguard\is-ep84n.tmp
- %ProgramFiles(x86)%\adguard\is-3tfg0.tmp
- %ProgramFiles(x86)%\adguard\nss\is-85h7v.tmp
- %ProgramFiles(x86)%\adguard\libs\is-jfvtn.tmp
- %ProgramFiles(x86)%\adguard\langs\is-e6iv3.tmp
- %ProgramFiles(x86)%\adguard\langs\is-htj91.tmp
- %ProgramFiles(x86)%\adguard\is-r2si2.tmp
- %ProgramFiles(x86)%\adguard\is-usa5u.tmp
- %ProgramFiles(x86)%\adguard\is-a4eu5.tmp
- %ProgramFiles(x86)%\adguard\is-2fq71.tmp
- %ProgramFiles(x86)%\adguard\is-p24js.tmp
- %ProgramFiles(x86)%\adguard\is-3hpp1.tmp
- %ProgramFiles(x86)%\adguard\is-5k999.tmp
- %ProgramFiles(x86)%\adguard\is-kg2dq.tmp
- %ProgramFiles(x86)%\adguard\is-4emqk.tmp
- %ProgramFiles(x86)%\adguard\is-bpb41.tmp
- %ProgramFiles(x86)%\adguard\is-e71ev.tmp
- %ProgramFiles(x86)%\adguard\is-g0d3j.tmp
- %ProgramFiles(x86)%\adguard\is-00o7j.tmp
- %ProgramFiles(x86)%\adguard\is-v88me.tmp
- %ProgramFiles(x86)%\adguard\is-dasj8.tmp
- %ProgramFiles(x86)%\adguard\is-to3il.tmp
- %ProgramFiles(x86)%\adguard\nss\is-8b2hh.tmp
- %PROGRAMDATA%\adguard\logs\tools\tools_22-10-2019-23_47_36.055-2019-10-22.log
- %TEMP%\is-fvdgl.tmp\istask.dll
- %WINDIR%\temp\udddef8.tmp
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworktdidrv.sys
- %WINDIR%\temp\3c37006ae930460d8ea92a3b3e277ef2\adguard personal ca.cer
- %WINDIR%\temp\adguard-38.dat
- %WINDIR%\temp\2e70257d5b7c42f0b2c299f4d493f9c6\adguard personal ca.cer
- %PROGRAMDATA%\adguard\adguard.db-journal
- %PROGRAMDATA%\adguard\core\gm.db-journal
- C:\cyberspace\silent.exe
- C:\cyberspace\cyberspace.exe
- %TEMP%\is-5nsu1.tmp\cyberspace.tmp
- %TEMP%\is-fvdgl.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-fvdgl.tmp\_isetup\_setup64.tmp
- %TEMP%\is-fvdgl.tmp\_isetup\_regdll.tmp
- %TEMP%\is-fvdgl.tmp\wizardform.bitmapimage1.bmp
- %TEMP%\is-fvdgl.tmp\vclstylesinno.dll
- %TEMP%\is-fvdgl.tmp\metroblue.vsf
- %PROGRAMDATA%\adguard\ssl\cert.db-journal
- %PROGRAMDATA%\adguard\ssl\cert.db
- from %ProgramFiles(x86)%\adguard\is-12ttd.tmp to %ProgramFiles(x86)%\adguard\unins000.exe
- from %ProgramFiles(x86)%\adguard\is-2fq71.tmp to %ProgramFiles(x86)%\adguard\sharpraven.dll
- from %ProgramFiles(x86)%\adguard\is-a4eu5.tmp to %ProgramFiles(x86)%\adguard\sqlite.interop.dll
- from %ProgramFiles(x86)%\adguard\is-usa5u.tmp to %ProgramFiles(x86)%\adguard\system.data.sqlite.dll
- from %ProgramFiles(x86)%\adguard\is-r2si2.tmp to %ProgramFiles(x86)%\adguard\system.windows.interactivity.dll
- from %ProgramFiles(x86)%\adguard\langs\is-htj91.tmp to %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.ru.dll
- from %ProgramFiles(x86)%\adguard\langs\is-e6iv3.tmp to %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.uk.dll
- from %ProgramFiles(x86)%\adguard\libs\is-jfvtn.tmp to %ProgramFiles(x86)%\adguard\libs\inststlib64.dll
- from %ProgramFiles(x86)%\adguard\nss\is-85h7v.tmp to %ProgramFiles(x86)%\adguard\nss\certutil.exe
- from %ProgramFiles(x86)%\adguard\is-iv4d3.tmp to %ProgramFiles(x86)%\adguard\adguard.service.dll
- from %ProgramFiles(x86)%\adguard\nss\is-8b2hh.tmp to %ProgramFiles(x86)%\adguard\nss\freebl3.dll
- from %ProgramFiles(x86)%\adguard\nss\is-p25oc.tmp to %ProgramFiles(x86)%\adguard\nss\libplc4.dll
- from %ProgramFiles(x86)%\adguard\nss\is-b82sa.tmp to %ProgramFiles(x86)%\adguard\nss\libplds4.dll
- from %ProgramFiles(x86)%\adguard\nss\is-fd12a.tmp to %ProgramFiles(x86)%\adguard\nss\nss3.dll
- from %ProgramFiles(x86)%\adguard\nss\is-l4urg.tmp to %ProgramFiles(x86)%\adguard\nss\nssckbi.dll
- from %ProgramFiles(x86)%\adguard\nss\is-sru1m.tmp to %ProgramFiles(x86)%\adguard\nss\nssdbm3.dll
- from %ProgramFiles(x86)%\adguard\nss\is-grl9s.tmp to %ProgramFiles(x86)%\adguard\nss\nssutil3.dll
- from %ProgramFiles(x86)%\adguard\nss\is-gbq13.tmp to %ProgramFiles(x86)%\adguard\nss\smime3.dll
- from %ProgramFiles(x86)%\adguard\nss\is-qabse.tmp to %ProgramFiles(x86)%\adguard\nss\softokn3.dll
- from %ProgramFiles(x86)%\adguard\is-5k999.tmp to %ProgramFiles(x86)%\adguard\microsoft.expression.interactions.dll
- from %ProgramFiles(x86)%\adguard\is-p24js.tmp to %ProgramFiles(x86)%\adguard\newtonsoft.json.dll
- from %ProgramFiles(x86)%\adguard\is-3hpp1.tmp to %ProgramFiles(x86)%\adguard\icsharpcode.avalonedit.dll
- from %ProgramFiles(x86)%\adguard\is-kg2dq.tmp to %ProgramFiles(x86)%\adguard\drivers.bin
- from %ProgramFiles(x86)%\adguard\is-4emqk.tmp to %ProgramFiles(x86)%\adguard\default.adg
- from %ProgramFiles(x86)%\adguard\is-qfupu.tmp to %ProgramFiles(x86)%\adguard\adguard.core.common.dll
- from %ProgramFiles(x86)%\adguard\is-vn82i.tmp to %ProgramFiles(x86)%\adguard\adguard.core.dll
- from %ProgramFiles(x86)%\adguard\is-6qipu.tmp to %ProgramFiles(x86)%\adguard\adguard.core.tools.exe
- from %ProgramFiles(x86)%\adguard\is-npuc6.tmp to %ProgramFiles(x86)%\adguard\adguard.exe
- from %ProgramFiles(x86)%\adguard\is-n5dpi.tmp to %ProgramFiles(x86)%\adguard\adguard.exe.config
- from %ProgramFiles(x86)%\adguard\is-k2enp.tmp to %ProgramFiles(x86)%\adguard\adguard.exe.manifest
- from %ProgramFiles(x86)%\adguard\is-88un4.tmp to %ProgramFiles(x86)%\adguard\adguard.global.dll
- from %ProgramFiles(x86)%\adguard\is-n4et3.tmp to %ProgramFiles(x86)%\adguard\adguard.ipc.dll
- from %ProgramFiles(x86)%\adguard\nss\is-vng9d.tmp to %ProgramFiles(x86)%\adguard\nss\sqlite3.dll
- from %ProgramFiles(x86)%\adguard\nss\is-q66gk.tmp to %ProgramFiles(x86)%\adguard\nss\libnspr4.dll
- from %ProgramFiles(x86)%\adguard\is-g6997.tmp to %ProgramFiles(x86)%\adguard\adguard.network.dll
- from %ProgramFiles(x86)%\adguard\is-3tfg0.tmp to %ProgramFiles(x86)%\adguard\adguard.tools.exe.manifest
- from %ProgramFiles(x86)%\adguard\is-to3il.tmp to %ProgramFiles(x86)%\adguard\adguard.ui.dll
- from %ProgramFiles(x86)%\adguard\is-dasj8.tmp to %ProgramFiles(x86)%\adguard\adguardcore.dll
- from %ProgramFiles(x86)%\adguard\is-v88me.tmp to %ProgramFiles(x86)%\adguard\adguardcoretools.dll
- from %ProgramFiles(x86)%\adguard\is-00o7j.tmp to %ProgramFiles(x86)%\adguard\adguardcoretools64.dll
- from %ProgramFiles(x86)%\adguard\is-g0d3j.tmp to %ProgramFiles(x86)%\adguard\adguardsvc.exe
- from %ProgramFiles(x86)%\adguard\is-e71ev.tmp to %ProgramFiles(x86)%\adguard\adguardsvc.exe.config
- from %ProgramFiles(x86)%\adguard\is-bpb41.tmp to %ProgramFiles(x86)%\adguard\adguardsvc.exe.manifest
- from %ProgramFiles(x86)%\adguard\is-4u5ee.tmp to %ProgramFiles(x86)%\adguard\adguard.commons.dll
- from %ProgramFiles(x86)%\adguard\is-ep84n.tmp to %ProgramFiles(x86)%\adguard\adguard.tools.exe
- from %PROGRAMDATA%\adguard\is-gb5vd.tmp to %PROGRAMDATA%\adguard\adguard.db
- %PROGRAMDATA%\adguard\adguard.db-journal
- %PROGRAMDATA%\adguard\core\gm.db-journal
- %PROGRAMDATA%\adguard\ssl\cert.db-journal
- %PROGRAMDATA%\adguard\ssl\cert.db
- 'localhost':49160
- 'localhost':49162
- 'localhost':49164
- 'localhost':49166
- 'localhost':49168
- 'localhost':49170
- 'localhost':49172
- 'localhost':49174
- DNS ASK ap#.#dguard.com
- DNS ASK lo###.adguard.org
- 'C:\cyberspace\silent.exe'
- '%ProgramFiles(x86)%\adguard\adguard.core.tools.exe' /cert_install "%WINDIR%\TEMP\3c37006ae930460d8ea92a3b3e277ef2\Adguard Personal CA.cer" "FIREFOX" "Root" "nss\certutil.exe"
- '%ProgramFiles(x86)%\adguard\drivers\x64\adguardnetreg.exe' adgnetworktdidrv
- '%ProgramFiles(x86)%\adguard\adguard.core.tools.exe' /drv_install tdi
- '%ProgramFiles(x86)%\adguard\nss\certutil.exe' -A -t TCu -i %WINDIR%\TEMP\adguard-38.dat -n "Adguard Personal CA" -d %APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default
- '%ProgramFiles(x86)%\adguard\nss\certutil.exe' -L -a -n "Adguard Personal CA" -o %WINDIR%\TEMP\adguard-38.txt -d %APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default
- '%ProgramFiles(x86)%\adguard\nss\certutil.exe' -D -n "Adguard Personal CA" -d %APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default
- '%ProgramFiles(x86)%\adguard\adguard.tools.exe'
- '%TEMP%\is-5nsu1.tmp\cyberspace.tmp' /SL5="$12021C,21115539,67072,C:\CyberSpace\cyberspace.exe" /VERYSILENT /TASKS=desktopicon
- 'C:\cyberspace\cyberspace.exe' /VERYSILENT /TASKS=desktopicon
- '%ProgramFiles(x86)%\adguard\adguardsvc.exe'
- '%ProgramFiles(x86)%\adguard\adguard.tools.exe' /f
- '%ProgramFiles(x86)%\adguard\adguard.core.tools.exe' /cert_install "%WINDIR%\TEMP\2e70257d5b7c42f0b2c299f4d493f9c6\Adguard Personal CA.cer" "SYSTEM" "Root" "nss\certutil.exe"
- '%WINDIR%\syswow64\sc.exe' description "Adguard Service" "This service blocks ads, online counters and dangerous websites by filtering network traffic."' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' create "Adguard Service" binPath= "%ProgramFiles(x86)%\Adguard\AdguardSvc.exe" start= auto error= ignore DisplayName= "Adguard Service"' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' start "Adguard Service"' (with hidden window)
- '%WINDIR%\syswow64\net.exe' stop "Adguard Service"' (with hidden window)
- '%WINDIR%\syswow64\net1.exe' stop "Adguard Service"
- '%WINDIR%\syswow64\sc.exe' create "Adguard Service" binPath= "%ProgramFiles(x86)%\Adguard\AdguardSvc.exe" start= auto error= ignore DisplayName= "Adguard Service"
- '%WINDIR%\syswow64\sc.exe' description "Adguard Service" "This service blocks ads, online counters and dangerous websites by filtering network traffic."
- '%WINDIR%\syswow64\sc.exe' start "Adguard Service"
- '<SYSTEM32>\sc.exe' query adgnetworktdidrv
- '%WINDIR%\syswow64\sc.exe' sdshow "Adguard Service"
- '%WINDIR%\syswow64\sc.exe' sdset "Adguard Service" D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCRPLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)