Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [<HKCU>\Software\Classes\grvOpen\shell\open\command] '' = '%ProgramFiles%\Siber Systems\GoodSync\GoodSync.exe /office365-handler="%1"'
Устанавливает следующие настройки сервисов
- [<HKLM>\System\CurrentControlSet\Services\GsServer] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\GsServer] 'ImagePath' = '"C:/Program Files/Siber Systems/GoodSync/gs-server.exe" /service'
Создает следующие сервисы
- 'GsServer' "C:/Program Files/Siber Systems/GoodSync/gs-server.exe" /service
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\7zipsfx.000\goodsync-setup.exe
- %ProgramFiles%\siber systems\goodsync\sibres\gs-common\gs_dlg_bg_s.jpg
- %ProgramFiles%\siber systems\goodsync\sibres\gs-common\gs_watermark_bg.bmp
- %ProgramFiles%\siber systems\goodsync\gsexplorer.exe
- %ProgramFiles%\siber systems\goodsync\gs-server.exe
- %ProgramFiles%\siber systems\goodsync\gs-server.crt
- %ProgramFiles%\siber systems\goodsync\gs-server.key
- %ProgramFiles%\siber systems\goodsync\html-templates\access.html
- %ProgramFiles%\siber systems\goodsync\html-templates\add_user.html
- %ProgramFiles%\siber systems\goodsync\html-templates\btn_active.png
- %ProgramFiles%\siber systems\goodsync\html-templates\btn_gray_active.png
- %ProgramFiles%\siber systems\goodsync\html-templates\btn_gray_normal.png
- %ProgramFiles%\siber systems\goodsync\html-templates\btn_gray_pressed.png
- %ProgramFiles%\siber systems\goodsync\html-templates\btn_normal.png
- %ProgramFiles%\siber systems\goodsync\html-templates\btn_pressed.png
- %ProgramFiles%\siber systems\goodsync\html-templates\change_password.html
- %ProgramFiles%\siber systems\goodsync\html-templates\connect_status.html
- %ProgramFiles%\siber systems\goodsync\html-templates\delete_user.html
- %ProgramFiles%\siber systems\goodsync\sibres\gs-common\gsexplorer.ico
- %ProgramFiles%\siber systems\goodsync\html-templates\edit_user.html
- %ProgramFiles%\siber systems\goodsync\sibres\gs-common\goodsync2go.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\warning.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_sftp.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_skydrive.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_wm.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\go.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\info.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\listsrv.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\new_folder.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\passwd.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\refresh.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\select-folder.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\servers.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\settings.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\stop.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\success.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\time.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\tree.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\user.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gs-common\goodsync.ico
- %ProgramFiles%\siber systems\goodsync\html-templates\error.html
- %ProgramFiles%\siber systems\goodsync\html-templates\expert_settings.html
- %ProgramFiles%\siber systems\goodsync\html-templates\favicon.ico
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\goodsync\uninstall goodsync.lnk
- C:\users\public\desktop\goodsync.lnk
- C:\users\public\desktop\goodsync explorer.lnk
- %APPDATA%\microsoft\internet explorer\quick launch\goodsync.lnk
- %APPDATA%\microsoft\internet explorer\quick launch\goodsync explorer.lnk
- %APPDATA%\goodsync\goodsync-201123-1551-992.log
- %APPDATA%\goodsync\options.tic
- %TEMP%\is-q2na9.tmp\_isetup\_shfoldr.dll
- %ALLUSERSPROFILE%\goodsync\license.dat
- %ALLUSERSPROFILE%\goodsync\server\settings.tix
- %ALLUSERSPROFILE%\goodsync\server\users.tix
- %APPDATA%\goodsync\bookmarks\gsonlineacct.gsb
- %ALLUSERSPROFILE%\goodsync\server\bookmarks\gslocalacct.gsb
- %ALLUSERSPROFILE%\goodsync\server\gserver-201123-1551.log
- %TEMP%\is-s3c38.tmp\license.tmp
- %TEMP%\is-q2na9.tmp\_isetup\_setup64.tmp
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\goodsync\goodsync.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\goodsync\goodsync explorer.lnk
- %ProgramFiles%\siber systems\goodsync\un-goodsync.exe
- %ProgramFiles%\siber systems\goodsync\html-templates\style.css
- %ProgramFiles%\siber systems\goodsync\html-templates\settings.html
- %ProgramFiles%\siber systems\goodsync\html-templates\i_add.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_connect_status.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_delete.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_download.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_edit.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_logs.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_no.png
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_s3.ico
- %ProgramFiles%\siber systems\goodsync\html-templates\i_users.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_settings.png
- %ProgramFiles%\siber systems\goodsync\html-templates\logout.html
- %ProgramFiles%\siber systems\goodsync\html-templates\logs.html
- %ProgramFiles%\siber systems\goodsync\html-templates\nas_error.html
- %ProgramFiles%\siber systems\goodsync\html-templates\nas_restart.html
- %ProgramFiles%\siber systems\goodsync\html-templates\nas_setup.html
- %ProgramFiles%\siber systems\goodsync\html-templates\restart.html
- %ProgramFiles%\siber systems\goodsync\html-templates\server_header.png
- %ProgramFiles%\siber systems\goodsync\html-templates\gslogo64.png
- %ProgramFiles%\siber systems\goodsync\html-templates\i_yes.png
- %APPDATA%\goodsync\license.dat
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_remote.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_dropbox.ico
- %ProgramFiles%\siber systems\goodsync\de-german.rfi
- %ProgramFiles%\siber systems\goodsync\default.rfi
- %ProgramFiles%\siber systems\goodsync\el-greek.rfi
- %ProgramFiles%\siber systems\goodsync\es-spanish.rfi
- %ProgramFiles%\siber systems\goodsync\fa-persian.rfi
- %ProgramFiles%\siber systems\goodsync\fr-french.rfi
- %ProgramFiles%\siber systems\goodsync\ga-galego.rfi
- %ProgramFiles%\siber systems\goodsync\he-hebrew.rfi
- %ProgramFiles%\siber systems\goodsync\hr-croatian.rfi
- %ProgramFiles%\siber systems\goodsync\hu-hungarian.rfi
- %ProgramFiles%\siber systems\goodsync\id-indonesian.rfi
- %ProgramFiles%\siber systems\goodsync\is-icelandic.rfi
- %ProgramFiles%\siber systems\goodsync\it-italian.rfi
- %ProgramFiles%\siber systems\goodsync\jp-japanese.rfi
- %ProgramFiles%\siber systems\goodsync\ko-korean.rfi
- %ProgramFiles%\siber systems\goodsync\nl-dutch.rfi
- %ProgramFiles%\siber systems\goodsync\nn-norwegiannynorsk.rfi
- %ProgramFiles%\siber systems\goodsync\da-danish.rfi
- %ProgramFiles%\siber systems\goodsync\no-norwegian.rfi
- %ProgramFiles%\siber systems\goodsync\cz-czech.rfi
- %ProgramFiles%\siber systems\goodsync\ca-catalan.rfi
- %TEMP%\7zipsfx.000\license.exe
- %TEMP%\nsg620d.tmp
- %TEMP%\nsm622e.tmp\system.dll
- %ProgramFiles%\siber systems\goodsync\goodsync-inst.exe
- %APPDATA%\goodsync\goodsync-201123-1551-1532.log
- %ProgramFiles%\siber systems\goodsync\goodsync.exe
- %ProgramFiles%\siber systems\goodsync\gsync.exe
- %ProgramFiles%\siber systems\goodsync\gscp.exe
- %ProgramFiles%\siber systems\goodsync\gsshadow.dll
- %ProgramFiles%\siber systems\goodsync\logview.exe
- %ProgramFiles%\siber systems\goodsync\clout.exe
- %ProgramFiles%\siber systems\goodsync\diff.exe
- %ProgramFiles%\siber systems\goodsync\dbghelp.dll
- %TEMP%\nsm622e.tmp\simplefc.dll
- %ProgramFiles%\siber systems\goodsync\be-belarusian.rfi
- %ProgramFiles%\siber systems\goodsync\bg-bulgarian.rfi
- %ProgramFiles%\siber systems\goodsync\br-portuguesebr.rfi
- %ProgramFiles%\siber systems\goodsync\cn-simpchinese.rfi
- %ProgramFiles%\siber systems\goodsync\pl-polish.rfi
- %ProgramFiles%\siber systems\goodsync\pt-portuguese.rfi
- %ProgramFiles%\siber systems\goodsync\ro-romanian.rfi
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_selroot.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\decrypted.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\encrypted.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\error.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\folder.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_azure.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_cloud.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_onedrivepro.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_dav.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_ftp.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_gdocs.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_gstp.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_mtp.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_oexpress.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_office365.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_onedrive.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_selbox.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_selected.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_graysel.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_grayexcl.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_graybox.ico
- %ProgramFiles%\siber systems\goodsync\sb-serbianlatin.rfi
- %ProgramFiles%\siber systems\goodsync\sk-slovak.rfi
- %ProgramFiles%\siber systems\goodsync\sr-serbiancyril.rfi
- %ProgramFiles%\siber systems\goodsync\sv-swedish.rfi
- %ProgramFiles%\siber systems\goodsync\test-l10n-ru-russian.rfi
- %ProgramFiles%\siber systems\goodsync\tr-turkish.rfi
- %ProgramFiles%\siber systems\goodsync\uk-ukrainian.rfi
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\fs_outlook.ico
- %ProgramFiles%\siber systems\goodsync\zh-tradchinese.rfi
- %ProgramFiles%\siber systems\goodsync\va-valencian.rfi
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\goodsynconline.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\accounts.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\adv_opt_hide.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\adv_opt_show.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\bookmark.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_excluded.ico
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\chk_forbidden.ico
- %ProgramFiles%\siber systems\goodsync\ru-russian.rfi
- %ProgramFiles%\siber systems\goodsync\sibres\gsfilesys\goodsync2go.ico
- %APPDATA%\goodsync\is-ma8ms.tmp
Удаляет следующие файлы
- %TEMP%\nsm622e.tmp\simplefc.dll
- %TEMP%\nsm622e.tmp\system.dll
- %APPDATA%\goodsync\license.dat
- %TEMP%\is-q2na9.tmp\_isetup\_setup64.tmp
- %TEMP%\is-q2na9.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-s3c38.tmp\license.tmp
- %TEMP%\7zipsfx.000\goodsync-setup.exe
- %TEMP%\7zipsfx.000\license.exe
Подменяет следующие файлы
- %APPDATA%\goodsync\license.dat
Сетевая активность
Подключается к
- 'localhost':33334
TCP
- 'localhost':49173
Другое
Ищет следующие окна
- ClassName: '{B26B00DA-2E5D-4CF2-83C5-911198C0F010}' WindowName: ''
- ClassName: '{B26B00DA-2E5D-4CF2-83C5-911198C0F00E}' WindowName: ''
- ClassName: '{B26B00DA-2E5D-4CF2-83C5-911198C0F00A}' WindowName: ''
- ClassName: '{B26B00DA-2E5D-4CF2-83C5-911198C0F009}' WindowName: ''
Создает и запускает на исполнение
- '%TEMP%\7zipsfx.000\goodsync-setup.exe' /S
- '%ProgramFiles%\siber systems\goodsync\goodsync-inst.exe' /stop-services
- '%ProgramFiles%\siber systems\goodsync\goodsync.exe' /install="%TEMP%\7ZipSfx.000\GoodSync-Setup.exe" /lang=1033 /server-setup /S
- '%ProgramFiles%\siber systems\goodsync\gs-server.exe' /service
- '%TEMP%\7zipsfx.000\license.exe' /VERYSILENT
- '%TEMP%\is-s3c38.tmp\license.tmp' /SL5="$D01E6,141448,140800,%TEMP%\7ZipSfx.000\License.exe" /VERYSILENT
