Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adguard' = '%ProgramFiles(x86)%\Adguard\Adguard.exe /nosplash'
Создает следующие сервисы
- [<HKLM>\System\CurrentControlSet\Services\Adguard Service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Adguard Service] 'ImagePath' = '%ProgramFiles(x86)%\Adguard\AdguardSvc.exe'
- [<HKLM>\System\CurrentControlSet\Services\adgnetworktdidrv] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\adgnetworktdidrv] 'ImagePath' = 'system32\drivers\adgnetworktdidrv.sys'
Вредоносные функции
Запускает на исполнение
- '%WINDIR%\syswow64\net.exe' stop "Adguard Service"
Изменения в файловой системе
Создает следующие файлы
- %CommonProgramFiles(x86)%\~jjztxuz.tmp
- %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\uninstall.lnk
- %PROGRAMDATA%\microsoft\windows\start menu\programs\adguard\adguard.lnk
- %PROGRAMDATA%\adguard\is-rk39j.tmp
- %ProgramFiles(x86)%\adguard\langs\is-3gkg9.tmp
- %ProgramFiles(x86)%\adguard\langs\is-0th6f.tmp
- %ProgramFiles(x86)%\adguard\langs\is-o3vgb.tmp
- %ProgramFiles(x86)%\adguard\langs\is-6vs2p.tmp
- %ProgramFiles(x86)%\adguard\langs\is-7995t.tmp
- %ProgramFiles(x86)%\adguard\langs\is-7eus6.tmp
- %ProgramFiles(x86)%\adguard\langs\is-tnjgg.tmp
- %ProgramFiles(x86)%\adguard\langs\is-bcqik.tmp
- %ProgramFiles(x86)%\adguard\langs\is-8hcss.tmp
- %ProgramFiles(x86)%\adguard\langs\is-3ga31.tmp
- %ProgramFiles(x86)%\adguard\langs\is-rmh26.tmp
- %ProgramFiles(x86)%\adguard\langs\is-k4gdb.tmp
- %ProgramFiles(x86)%\adguard\langs\is-nhece.tmp
- %ProgramFiles(x86)%\adguard\langs\is-7r2mm.tmp
- %ProgramFiles(x86)%\adguard\langs\is-0f2td.tmp
- %ProgramFiles(x86)%\adguard\langs\is-u0mb6.tmp
- %ProgramFiles(x86)%\adguard\langs\is-cngvq.tmp
- %ProgramFiles(x86)%\adguard\langs\is-sgirv.tmp
- %ProgramFiles(x86)%\adguard\langs\is-f0jgl.tmp
- %ProgramFiles(x86)%\adguard\langs\is-u9e8e.tmp
- %ProgramFiles(x86)%\adguard\langs\is-ba6m8.tmp
- %ProgramFiles(x86)%\adguard\langs\is-78mo8.tmp
- %ProgramFiles(x86)%\adguard\langs\is-503i4.tmp
- %ProgramFiles(x86)%\adguard\langs\is-9g8n3.tmp
- %ProgramFiles(x86)%\adguard\langs\is-7s55b.tmp
- %ProgramFiles(x86)%\adguard\unins000.dat
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworkwfpdrv.sys
- %PROGRAMDATA%\adguard\ssl\cert.db-journal
- %WINDIR%\temp\udd1a02.tmp
- <DRIVERS>\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworkwfpdrv.sys
- %PROGRAMDATA%\adguard\core\version
- %PROGRAMDATA%\adguard\logs\service\service_11-06-2020-14_05_39.092-2020-06-11.log
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworktdidrv.sys
- %PROGRAMDATA%\microsoft\windows\caches\{2843ada2-0f67-4f78-92e2-b7a4ab26a670}.2.ver0x0000000000000002.db
- %PROGRAMDATA%\microsoft\network\admngr.dat
- %WINDIR%\ehome\usrsts..dll
- %WINDIR%\syswow64\d3dx9_11.dll.tmp
- %WINDIR%\syswow64\drivers\vwifikerneldrv.sys
- %PROGRAMDATA%\fontcacheev1.dat
- %PROGRAMDATA%\adguard\logs\console\console_11-06-2020-14_05_55.log
- %PROGRAMDATA%\adguard\adguard.db
- %PROGRAMDATA%\adguard\adguard.db-journal
- %PROGRAMDATA%\adguard\core\gm.db
- %PROGRAMDATA%\adguard\core\gm.db-journal
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\langs\is-2kblq.tmp
- %ProgramFiles(x86)%\adguard\langs\is-3ntn1.tmp
- %ProgramFiles(x86)%\adguard\langs\is-7bl64.tmp
- %ProgramFiles(x86)%\adguard\is-rbpn2.tmp
- %ProgramFiles(x86)%\adguard\is-fo0g1.tmp
- %ProgramFiles(x86)%\adguard\is-f8pss.tmp
- %ProgramFiles(x86)%\adguard\is-7gmlg.tmp
- %ProgramFiles(x86)%\adguard\is-m34ls.tmp
- %ProgramFiles(x86)%\adguard\is-24du0.tmp
- %ProgramFiles(x86)%\adguard\is-jkn52.tmp
- %ProgramFiles(x86)%\adguard\is-1fsmu.tmp
- %ProgramFiles(x86)%\adguard\is-gi76o.tmp
- %ProgramFiles(x86)%\adguard\is-dl35v.tmp
- %ProgramFiles(x86)%\adguard\is-mqb2f.tmp
- %ProgramFiles(x86)%\adguard\is-js2ok.tmp
- %ProgramFiles(x86)%\adguard\is-s2pj0.tmp
- %ProgramFiles(x86)%\adguard\is-o7r27.tmp
- %ProgramFiles(x86)%\adguard\is-isvqa.tmp
- %ProgramFiles(x86)%\adguard\is-6u0tv.tmp
- %ProgramFiles(x86)%\adguard\is-825vo.tmp
- %TEMP%\is-o92gv.tmp\wizardform.bitmapimage1.bmp
- %TEMP%\is-o92gv.tmp\metroblue.vsf
- %TEMP%\is-o92gv.tmp\vclstylesinno.dll
- %TEMP%\is-o92gv.tmp\istask.dll
- %TEMP%\is-o92gv.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-o92gv.tmp\_isetup\_setup64.tmp
- %TEMP%\is-o92gv.tmp\_isetup\_regdll.tmp
- %TEMP%\is-ko1fv.tmp\~jjztxuz.tmp
- %ProgramFiles(x86)%\adguard\is-1gfcv.tmp
- %ProgramFiles(x86)%\adguard\is-ji05q.tmp
- %ProgramFiles(x86)%\adguard\is-n4oue.tmp
- %ProgramFiles(x86)%\adguard\is-soor2.tmp
- %ProgramFiles(x86)%\adguard\langs\is-itodc.tmp
- %ProgramFiles(x86)%\adguard\nss\is-ma0hm.tmp
- %ProgramFiles(x86)%\adguard\langs\is-c692s.tmp
- %ProgramFiles(x86)%\adguard\langs\is-0eo8k.tmp
- %ProgramFiles(x86)%\adguard\nss\is-m97j1.tmp
- %ProgramFiles(x86)%\adguard\nss\is-9lbgi.tmp
- %ProgramFiles(x86)%\adguard\nss\is-l6ihn.tmp
- %ProgramFiles(x86)%\adguard\nss\is-5hv47.tmp
- %ProgramFiles(x86)%\adguard\nss\is-e6mob.tmp
- %ProgramFiles(x86)%\adguard\nss\is-2fjrr.tmp
- %ProgramFiles(x86)%\adguard\nss\is-a79oj.tmp
- %ProgramFiles(x86)%\adguard\nss\is-5ctqv.tmp
- %ProgramFiles(x86)%\adguard\nss\is-c1g6a.tmp
- %ProgramFiles(x86)%\adguard\nss\is-4miie.tmp
- %ProgramFiles(x86)%\adguard\nss\is-ot9i6.tmp
- %ProgramFiles(x86)%\adguard\is-djo5h.tmp
- %ProgramFiles(x86)%\adguard\libs\is-s6mh5.tmp
- %ProgramFiles(x86)%\adguard\langs\is-e6jbj.tmp
- %ProgramFiles(x86)%\adguard\langs\is-e6arb.tmp
- %ProgramFiles(x86)%\adguard\is-ckb34.tmp
- %ProgramFiles(x86)%\adguard\is-g03h4.tmp
- %ProgramFiles(x86)%\adguard\is-c46ij.tmp
- %ProgramFiles(x86)%\adguard\is-o1gnn.tmp
- %ProgramFiles(x86)%\adguard\is-6l8r0.tmp
- %ProgramFiles(x86)%\adguard\is-4qa2g.tmp
- %ProgramFiles(x86)%\adguard\is-gmr6l.tmp
- %ProgramFiles(x86)%\adguard\is-c70d5.tmp
- %ProgramFiles(x86)%\adguard\is-o0gr3.tmp
- %PROGRAMDATA%\adguard\ssl\cert.db
- %PROGRAMDATA%\adguard\ssl\adguard personal ca.cer
Присваивает атрибут 'скрытый' для следующих файлов
- %CommonProgramFiles(x86)%\~jjztxuz.tmp
Удаляет следующие файлы
- %TEMP%\is-o92gv.tmp\istask.dll
- %WINDIR%\temp\udd1a02.tmp
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x86\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetreg.exe
- %ProgramFiles(x86)%\adguard\drivers\x64\adguardnetlib.dll
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\x64\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x86\adgnetworktdidrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworkwfpdrv.sys
- %ProgramFiles(x86)%\adguard\drivers\win10\x64\adgnetworktdidrv.sys
- %PROGRAMDATA%\adguard\adguard.db-journal
- %PROGRAMDATA%\adguard\core\gm.db-journal
- %CommonProgramFiles(x86)%\~jjztxuz.tmp
- %TEMP%\is-ko1fv.tmp\~jjztxuz.tmp
- %TEMP%\is-o92gv.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-o92gv.tmp\_isetup\_setup64.tmp
- %TEMP%\is-o92gv.tmp\_isetup\_regdll.tmp
- %TEMP%\is-o92gv.tmp\wizardform.bitmapimage1.bmp
- %TEMP%\is-o92gv.tmp\vclstylesinno.dll
- %TEMP%\is-o92gv.tmp\metroblue.vsf
- %PROGRAMDATA%\adguard\ssl\cert.db-journal
- %PROGRAMDATA%\adguard\ssl\cert.db
Перемещает следующие файлы
- %ProgramFiles(x86)%\adguard\is-825vo.tmp в %ProgramFiles(x86)%\adguard\unins000.exe
- %ProgramFiles(x86)%\adguard\langs\is-78mo8.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.he.dll
- %ProgramFiles(x86)%\adguard\langs\is-503i4.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.fr.dll
- %ProgramFiles(x86)%\adguard\langs\is-7s55b.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.fa.dll
- %ProgramFiles(x86)%\adguard\langs\is-3ga31.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.es.dll
- %ProgramFiles(x86)%\adguard\langs\is-2kblq.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.de.dll
- %ProgramFiles(x86)%\adguard\langs\is-3ntn1.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.da.dll
- %ProgramFiles(x86)%\adguard\langs\is-7bl64.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.cs.dll
- %ProgramFiles(x86)%\adguard\langs\is-c692s.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.be.dll
- %ProgramFiles(x86)%\adguard\langs\is-u9e8e.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.hu.dll
- %ProgramFiles(x86)%\adguard\langs\is-0eo8k.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.ar.dll
- %ProgramFiles(x86)%\adguard\nss\is-m97j1.tmp в %ProgramFiles(x86)%\adguard\nss\sqlite3.dll
- %ProgramFiles(x86)%\adguard\nss\is-9lbgi.tmp в %ProgramFiles(x86)%\adguard\nss\softokn3.dll
- %ProgramFiles(x86)%\adguard\nss\is-l6ihn.tmp в %ProgramFiles(x86)%\adguard\nss\smime3.dll
- %ProgramFiles(x86)%\adguard\nss\is-5hv47.tmp в %ProgramFiles(x86)%\adguard\nss\nssutil3.dll
- %ProgramFiles(x86)%\adguard\nss\is-e6mob.tmp в %ProgramFiles(x86)%\adguard\nss\nssdbm3.dll
- %ProgramFiles(x86)%\adguard\langs\is-itodc.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.bg.dll
- %ProgramFiles(x86)%\adguard\is-c46ij.tmp в %ProgramFiles(x86)%\adguard\sqlite.interop.dll
- %ProgramFiles(x86)%\adguard\langs\is-f0jgl.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.hy.dll
- %ProgramFiles(x86)%\adguard\langs\is-0th6f.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.zh-tw.dll
- %ProgramFiles(x86)%\adguard\langs\is-o3vgb.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.vi.dll
- %ProgramFiles(x86)%\adguard\langs\is-6vs2p.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.tr.dll
- %ProgramFiles(x86)%\adguard\langs\is-7995t.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.sv.dll
- %ProgramFiles(x86)%\adguard\langs\is-7eus6.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.sr.dll
- %ProgramFiles(x86)%\adguard\langs\is-tnjgg.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.sl.dll
- %ProgramFiles(x86)%\adguard\langs\is-bcqik.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.sk.dll
- %ProgramFiles(x86)%\adguard\nss\is-2fjrr.tmp в %ProgramFiles(x86)%\adguard\nss\nssckbi.dll
- %ProgramFiles(x86)%\adguard\langs\is-ba6m8.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.hr.dll
- %ProgramFiles(x86)%\adguard\langs\is-9g8n3.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.pt-pt.dll
- %ProgramFiles(x86)%\adguard\langs\is-k4gdb.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.pl.dll
- %ProgramFiles(x86)%\adguard\langs\is-nhece.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.no.dll
- %ProgramFiles(x86)%\adguard\langs\is-7r2mm.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.nl.dll
- %ProgramFiles(x86)%\adguard\langs\is-0f2td.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.ko.dll
- %ProgramFiles(x86)%\adguard\langs\is-u0mb6.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.ja.dll
- %ProgramFiles(x86)%\adguard\langs\is-cngvq.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.it.dll
- %ProgramFiles(x86)%\adguard\langs\is-rmh26.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.pt.dll
- %ProgramFiles(x86)%\adguard\langs\is-sgirv.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.id.dll
- %ProgramFiles(x86)%\adguard\nss\is-a79oj.tmp в %ProgramFiles(x86)%\adguard\nss\nss3.dll
- %ProgramFiles(x86)%\adguard\nss\is-5ctqv.tmp в %ProgramFiles(x86)%\adguard\nss\libplds4.dll
- %ProgramFiles(x86)%\adguard\nss\is-c1g6a.tmp в %ProgramFiles(x86)%\adguard\nss\libplc4.dll
- %ProgramFiles(x86)%\adguard\is-gi76o.tmp в %ProgramFiles(x86)%\adguard\adguard.exe.manifest
- %ProgramFiles(x86)%\adguard\is-fo0g1.tmp в %ProgramFiles(x86)%\adguard\adguard.ui.dll
- %ProgramFiles(x86)%\adguard\is-f8pss.tmp в %ProgramFiles(x86)%\adguard\adguard.tools.exe.manifest
- %ProgramFiles(x86)%\adguard\is-7gmlg.tmp в %ProgramFiles(x86)%\adguard\adguard.tools.exe
- %ProgramFiles(x86)%\adguard\is-m34ls.tmp в %ProgramFiles(x86)%\adguard\adguard.service.dll
- %ProgramFiles(x86)%\adguard\is-24du0.tmp в %ProgramFiles(x86)%\adguard\adguard.network.dll
- %ProgramFiles(x86)%\adguard\is-jkn52.tmp в %ProgramFiles(x86)%\adguard\adguard.ipc.dll
- %ProgramFiles(x86)%\adguard\langs\is-3gkg9.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.zh.dll
- %ProgramFiles(x86)%\adguard\is-n4oue.tmp в %ProgramFiles(x86)%\adguard\adguardcoretools.dll
- %ProgramFiles(x86)%\adguard\is-dl35v.tmp в %ProgramFiles(x86)%\adguard\adguard.exe.config
- %ProgramFiles(x86)%\adguard\is-mqb2f.tmp в %ProgramFiles(x86)%\adguard\adguard.exe
- %ProgramFiles(x86)%\adguard\is-s2pj0.tmp в %ProgramFiles(x86)%\adguard\adguard.core.tools.exe
- %ProgramFiles(x86)%\adguard\is-1gfcv.tmp в %ProgramFiles(x86)%\adguard\adguard.core.dll
- %ProgramFiles(x86)%\adguard\is-o7r27.tmp в %ProgramFiles(x86)%\adguard\adguard.core.common.dll
- %ProgramFiles(x86)%\adguard\is-isvqa.tmp в %ProgramFiles(x86)%\adguard\adguard.commons.dll
- %ProgramFiles(x86)%\adguard\is-6u0tv.tmp в %ProgramFiles(x86)%\adguard\adguard.browserextensionhost.exe
- %ProgramFiles(x86)%\adguard\is-1fsmu.tmp в %ProgramFiles(x86)%\adguard\adguard.global.dll
- %ProgramFiles(x86)%\adguard\langs\is-8hcss.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.ro.dll
- %ProgramFiles(x86)%\adguard\is-js2ok.tmp в %ProgramFiles(x86)%\adguard\adguardcoretools64.dll
- %ProgramFiles(x86)%\adguard\is-djo5h.tmp в %ProgramFiles(x86)%\adguard\adguardsvc.exe.manifest
- %ProgramFiles(x86)%\adguard\is-ji05q.tmp в %ProgramFiles(x86)%\adguard\adguardsvc.exe
- %ProgramFiles(x86)%\adguard\nss\is-4miie.tmp в %ProgramFiles(x86)%\adguard\nss\libnspr4.dll
- %ProgramFiles(x86)%\adguard\nss\is-ma0hm.tmp в %ProgramFiles(x86)%\adguard\nss\freebl3.dll
- %ProgramFiles(x86)%\adguard\nss\is-ot9i6.tmp в %ProgramFiles(x86)%\adguard\nss\certutil.exe
- %ProgramFiles(x86)%\adguard\libs\is-s6mh5.tmp в %ProgramFiles(x86)%\adguard\libs\inststlib64.dll
- %ProgramFiles(x86)%\adguard\langs\is-e6jbj.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.uk.dll
- %ProgramFiles(x86)%\adguard\langs\is-e6arb.tmp в %ProgramFiles(x86)%\adguard\langs\adguard.ui.resources.ru.dll
- %ProgramFiles(x86)%\adguard\is-soor2.tmp в %ProgramFiles(x86)%\adguard\adguardsvc.exe.config
- %ProgramFiles(x86)%\adguard\is-ckb34.tmp в %ProgramFiles(x86)%\adguard\system.windows.interactivity.dll
- %ProgramFiles(x86)%\adguard\is-rbpn2.tmp в %ProgramFiles(x86)%\adguard\adguardcore.dll
- %ProgramFiles(x86)%\adguard\is-o1gnn.tmp в %ProgramFiles(x86)%\adguard\sharpraven.dll
- %ProgramFiles(x86)%\adguard\is-6l8r0.tmp в %ProgramFiles(x86)%\adguard\newtonsoft.json.dll
- %ProgramFiles(x86)%\adguard\is-4qa2g.tmp в %ProgramFiles(x86)%\adguard\microsoft.expression.interactions.dll
- %ProgramFiles(x86)%\adguard\is-gmr6l.tmp в %ProgramFiles(x86)%\adguard\icsharpcode.avalonedit.dll
- %ProgramFiles(x86)%\adguard\is-c70d5.tmp в %ProgramFiles(x86)%\adguard\drivers.bin
- %ProgramFiles(x86)%\adguard\is-o0gr3.tmp в %ProgramFiles(x86)%\adguard\default.adg
- %ProgramFiles(x86)%\adguard\is-g03h4.tmp в %ProgramFiles(x86)%\adguard\system.data.sqlite.dll
- %PROGRAMDATA%\adguard\is-rk39j.tmp в %PROGRAMDATA%\adguard\adguard.db
Подменяет следующие файлы
- %PROGRAMDATA%\adguard\adguard.db-journal
- %PROGRAMDATA%\adguard\core\gm.db-journal
- %PROGRAMDATA%\adguard\ssl\cert.db-journal
- %PROGRAMDATA%\adguard\ssl\cert.db
Сетевая активность
Подключается к
- 'localhost':49172
- 'localhost':49174
- 'localhost':49176
- 'localhost':49178
- 'localhost':49180
- 'localhost':49182
- 'localhost':49184
- 'localhost':49186
TCP
- 'localhost':49173
- 'localhost':49181
- 'localhost':49175
UDP
- DNS ASK ap#.#dguard.com
- DNS ASK lo###.adguard.org
Другое
Добавляет корневой сертификат
Создает и запускает на исполнение
- '%CommonProgramFiles(x86)%\~jjztxuz.tmp' /VERYSILENT
- '%TEMP%\is-ko1fv.tmp\~jjztxuz.tmp' /SL5="$60236,26459794,67072,%CommonProgramFiles(x86)%\~jjztxuz.tmp" /VERYSILENT
- '%ProgramFiles(x86)%\adguard\adguardsvc.exe'
- '%ProgramFiles(x86)%\adguard\adguard.core.tools.exe' /cert_install "SYSTEM"
- '%ProgramFiles(x86)%\adguard\adguard.core.tools.exe' /drv_install tdi
- '%ProgramFiles(x86)%\adguard\drivers\x64\adguardnetreg.exe' adgnetworktdidrv
- '%WINDIR%\syswow64\net.exe' stop "Adguard Service"' (со скрытым окном)
- '%WINDIR%\syswow64\sc.exe' create "Adguard Service" binPath= "%ProgramFiles(x86)%\Adguard\AdguardSvc.exe" start= auto error= ignore DisplayName= "Adguard Service"' (со скрытым окном)
- '%WINDIR%\syswow64\sc.exe' description "Adguard Service" "This service blocks ads, online counters and dangerous websites by filtering network traffic."' (со скрытым окном)
- '%WINDIR%\syswow64\sc.exe' start "Adguard Service"' (со скрытым окном)
Запускает на исполнение
- '%WINDIR%\syswow64\net1.exe' stop "Adguard Service"
- '%WINDIR%\syswow64\sc.exe' create "Adguard Service" binPath= "%ProgramFiles(x86)%\Adguard\AdguardSvc.exe" start= auto error= ignore DisplayName= "Adguard Service"
- '%WINDIR%\syswow64\sc.exe' description "Adguard Service" "This service blocks ads, online counters and dangerous websites by filtering network traffic."
- '%WINDIR%\syswow64\sc.exe' start "Adguard Service"
- '<SYSTEM32>\sc.exe' query adgnetworktdidrv
- '%WINDIR%\syswow64\sc.exe' sdshow "Adguard Service"
- '%WINDIR%\syswow64\sc.exe' sdset "Adguard Service" D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCRPLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
