Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [<HKCU>\Software\Classes\kinship\shell\open\command] '' = '"%LOCALAPPDATA%\Programs\Kinship\Kinship.exe" "%1"'
Создает или изменяет следующие файлы
- %APPDATA%\microsoft\windows\start menu\programs\startup\kinship sync.lnk
Изменения в файловой системе
Создает следующие файлы
- %LOCALAPPDATA%\kinship\logs\sync.log
- %LOCALAPPDATA%\programs\kinship\2020\is-0lib0.tmp
- %LOCALAPPDATA%\programs\kinship\is-1b57o.tmp
- %LOCALAPPDATA%\programs\kinship\2019\is-6i5bv.tmp
- %LOCALAPPDATA%\programs\kinship\2019\is-us9f2.tmp
- %LOCALAPPDATA%\programs\kinship\2019\is-rg9g4.tmp
- %LOCALAPPDATA%\programs\kinship\2019\is-1locj.tmp
- %LOCALAPPDATA%\programs\kinship\2020\is-6d0ke.tmp
- %LOCALAPPDATA%\programs\kinship\2019\is-blmb4.tmp
- %LOCALAPPDATA%\programs\kinship\is-8052s.tmp
- %LOCALAPPDATA%\programs\kinship\2018\is-jhjto.tmp
- %LOCALAPPDATA%\programs\kinship\2018\is-0cn9i.tmp
- %LOCALAPPDATA%\programs\kinship\2018\is-c00m6.tmp
- %LOCALAPPDATA%\programs\kinship\2018\is-5he7i.tmp
- %LOCALAPPDATA%\programs\kinship\2018\is-nno2f.tmp
- %LOCALAPPDATA%\programs\kinship\2019\is-rvcts.tmp
- %LOCALAPPDATA%\programs\kinship\2021\is-07n6o.tmp
- %LOCALAPPDATA%\programs\kinship\2022\is-l132q.tmp
- %LOCALAPPDATA%\programs\kinship\2020\is-l4jj8.tmp
- %LOCALAPPDATA%\programs\kinship\2022\is-cabac.tmp
- %LOCALAPPDATA%\programs\kinship\2022\is-esd6u.tmp
- %LOCALAPPDATA%\programs\kinship\2022\is-udslt.tmp
- %LOCALAPPDATA%\programs\kinship\2022\is-11hqo.tmp
- %LOCALAPPDATA%\programs\kinship\2022\is-mr8mv.tmp
- %LOCALAPPDATA%\programs\kinship\is-d0pl8.tmp
- %LOCALAPPDATA%\programs\kinship\2018\is-7u6lg.tmp
- %LOCALAPPDATA%\programs\kinship\2021\is-vvkuv.tmp
- %LOCALAPPDATA%\programs\kinship\2021\is-vkdni.tmp
- %LOCALAPPDATA%\programs\kinship\2021\is-8lmap.tmp
- %LOCALAPPDATA%\programs\kinship\2021\is-7qscl.tmp
- %LOCALAPPDATA%\programs\kinship\2021\is-bdqa3.tmp
- %LOCALAPPDATA%\programs\kinship\is-idq6e.tmp
- %LOCALAPPDATA%\programs\kinship\2020\is-mgeco.tmp
- %LOCALAPPDATA%\programs\kinship\2020\is-akg1q.tmp
- %LOCALAPPDATA%\programs\kinship\2020\is-frcs0.tmp
- %LOCALAPPDATA%\programs\kinship\is-clm15.tmp
- %LOCALAPPDATA%\programs\kinship\2015\is-b8pli.tmp
- %LOCALAPPDATA%\programs\kinship\is-u7f16.tmp
- %LOCALAPPDATA%\programs\kinship\is-5kl80.tmp
- %LOCALAPPDATA%\programs\kinship\is-k1ef0.tmp
- %LOCALAPPDATA%\programs\kinship\is-drg9s.tmp
- %LOCALAPPDATA%\programs\kinship\is-v29a3.tmp
- %LOCALAPPDATA%\programs\kinship\is-igcgp.tmp
- %LOCALAPPDATA%\programs\kinship\2015\is-k7fcd.tmp
- %LOCALAPPDATA%\programs\kinship\is-8ldoi.tmp
- %TEMP%\is-532ms.tmp\_isetup\_setup64.tmp
- %LOCALAPPDATA%\kinship\logs\sync-update.log.log
- %TEMP%\is-31p24.tmp\kinshipsetup.tmp
- %LOCALAPPDATA%\kinship\kinshipsetup.exe
- %ALLUSERSPROFILE%\kinship\kinshiptemp-1.42.1.0\kinshipsetup.exe
- unc\shnvbcn*\mailslot\net\netlogon
- %LOCALAPPDATA%\programs\kinship\is-2lpap.tmp
- %LOCALAPPDATA%\programs\kinship\2016\is-fpjqk.tmp
- %LOCALAPPDATA%\programs\kinship\2017\is-qthm1.tmp
- %LOCALAPPDATA%\programs\kinship\2015\is-h4pnu.tmp
- %LOCALAPPDATA%\programs\kinship\2017\is-klv17.tmp
- %LOCALAPPDATA%\programs\kinship\2017\is-j83s3.tmp
- %LOCALAPPDATA%\programs\kinship\2017\is-odbbh.tmp
- %LOCALAPPDATA%\programs\kinship\2017\is-2jk7l.tmp
- %LOCALAPPDATA%\programs\kinship\is-dh92u.tmp
- %LOCALAPPDATA%\programs\kinship\2016\is-hugo8.tmp
- %LOCALAPPDATA%\programs\kinship\2017\is-fid6b.tmp
- %LOCALAPPDATA%\programs\kinship\2016\is-gbl7c.tmp
- %LOCALAPPDATA%\programs\kinship\2016\is-asdku.tmp
- %LOCALAPPDATA%\programs\kinship\2016\is-lbsqr.tmp
- %LOCALAPPDATA%\programs\kinship\2016\is-hhse3.tmp
- %LOCALAPPDATA%\programs\kinship\is-lmv66.tmp
- %LOCALAPPDATA%\programs\kinship\2015\is-nh7le.tmp
- %LOCALAPPDATA%\programs\kinship\2015\is-s8bt5.tmp
- %LOCALAPPDATA%\programs\kinship\2015\is-a6m6n.tmp
- %LOCALAPPDATA%\programs\kinship\unins000.dat
Удаляет следующие файлы
- %TEMP%\is-532ms.tmp\_isetup\_setup64.tmp
- %TEMP%\is-31p24.tmp\kinshipsetup.tmp
- %LOCALAPPDATA%\kinship\kinshipsetup.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\kinship sync.lnk
Перемещает следующие файлы
- %LOCALAPPDATA%\programs\kinship\is-2lpap.tmp в %LOCALAPPDATA%\programs\kinship\unins000.exe
- %LOCALAPPDATA%\programs\kinship\is-8052s.tmp в %LOCALAPPDATA%\programs\kinship\plugin2019.addin
- %LOCALAPPDATA%\programs\kinship\2019\is-rvcts.tmp в %LOCALAPPDATA%\programs\kinship\2019\kinship2019.dll
- %LOCALAPPDATA%\programs\kinship\2019\is-blmb4.tmp в %LOCALAPPDATA%\programs\kinship\2019\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\2019\is-1locj.tmp в %LOCALAPPDATA%\programs\kinship\2019\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2019\is-rg9g4.tmp в %LOCALAPPDATA%\programs\kinship\2019\e.rvt
- %LOCALAPPDATA%\programs\kinship\2019\is-us9f2.tmp в %LOCALAPPDATA%\programs\kinship\2019\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2019\is-6i5bv.tmp в %LOCALAPPDATA%\programs\kinship\2019\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\programs\kinship\is-1b57o.tmp в %LOCALAPPDATA%\programs\kinship\plugin2020.addin
- %LOCALAPPDATA%\programs\kinship\2020\is-0lib0.tmp в %LOCALAPPDATA%\programs\kinship\2020\kinship2020.dll
- %LOCALAPPDATA%\programs\kinship\2020\is-6d0ke.tmp в %LOCALAPPDATA%\programs\kinship\2020\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\2020\is-akg1q.tmp в %LOCALAPPDATA%\programs\kinship\2020\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2020\is-frcs0.tmp в %LOCALAPPDATA%\programs\kinship\2020\e.rvt
- %LOCALAPPDATA%\programs\kinship\2018\is-0cn9i.tmp в %LOCALAPPDATA%\programs\kinship\2018\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2018\is-jhjto.tmp в %LOCALAPPDATA%\programs\kinship\2018\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\programs\kinship\2020\is-l4jj8.tmp в %LOCALAPPDATA%\programs\kinship\2020\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2021\is-bdqa3.tmp в %LOCALAPPDATA%\programs\kinship\2021\kinship2021.dll
- %LOCALAPPDATA%\programs\kinship\2021\is-7qscl.tmp в %LOCALAPPDATA%\programs\kinship\2021\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\2021\is-8lmap.tmp в %LOCALAPPDATA%\programs\kinship\2021\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2021\is-vkdni.tmp в %LOCALAPPDATA%\programs\kinship\2021\e.rvt
- %LOCALAPPDATA%\programs\kinship\2021\is-07n6o.tmp в %LOCALAPPDATA%\programs\kinship\2021\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2021\is-vvkuv.tmp в %LOCALAPPDATA%\programs\kinship\2021\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\programs\kinship\is-d0pl8.tmp в %LOCALAPPDATA%\programs\kinship\plugin2022.addin
- %LOCALAPPDATA%\programs\kinship\2022\is-mr8mv.tmp в %LOCALAPPDATA%\programs\kinship\2022\kinship2022.dll
- %LOCALAPPDATA%\programs\kinship\2022\is-11hqo.tmp в %LOCALAPPDATA%\programs\kinship\2022\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\2022\is-udslt.tmp в %LOCALAPPDATA%\programs\kinship\2022\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2022\is-esd6u.tmp в %LOCALAPPDATA%\programs\kinship\2022\e.rvt
- %LOCALAPPDATA%\programs\kinship\2022\is-cabac.tmp в %LOCALAPPDATA%\programs\kinship\2022\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2020\is-mgeco.tmp в %LOCALAPPDATA%\programs\kinship\2020\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\programs\kinship\is-idq6e.tmp в %LOCALAPPDATA%\programs\kinship\plugin2021.addin
- %LOCALAPPDATA%\programs\kinship\2018\is-c00m6.tmp в %LOCALAPPDATA%\programs\kinship\2018\e.rvt
- %LOCALAPPDATA%\programs\kinship\2018\is-5he7i.tmp в %LOCALAPPDATA%\programs\kinship\2018\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2018\is-nno2f.tmp в %LOCALAPPDATA%\programs\kinship\2018\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\is-igcgp.tmp в %LOCALAPPDATA%\programs\kinship\whatsnew.txt
- %LOCALAPPDATA%\programs\kinship\is-v29a3.tmp в %LOCALAPPDATA%\programs\kinship\shortcuts.xml
- %LOCALAPPDATA%\programs\kinship\is-drg9s.tmp в %LOCALAPPDATA%\programs\kinship\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\is-k1ef0.tmp в %LOCALAPPDATA%\programs\kinship\kinship.exe
- %LOCALAPPDATA%\programs\kinship\is-5kl80.tmp в %LOCALAPPDATA%\programs\kinship\microsoft.identitymodel.clients.activedirectory.dll
- %LOCALAPPDATA%\programs\kinship\is-u7f16.tmp в %LOCALAPPDATA%\programs\kinship\plugin2015.addin
- %LOCALAPPDATA%\programs\kinship\2015\is-k7fcd.tmp в %LOCALAPPDATA%\programs\kinship\2015\kinship2015.dll
- %LOCALAPPDATA%\programs\kinship\2015\is-a6m6n.tmp в %LOCALAPPDATA%\programs\kinship\2015\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\2015\is-b8pli.tmp в %LOCALAPPDATA%\programs\kinship\2015\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2015\is-h4pnu.tmp в %LOCALAPPDATA%\programs\kinship\2015\e.rvt
- %LOCALAPPDATA%\programs\kinship\2015\is-s8bt5.tmp в %LOCALAPPDATA%\programs\kinship\2015\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2015\is-nh7le.tmp в %LOCALAPPDATA%\programs\kinship\2015\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\programs\kinship\is-lmv66.tmp в %LOCALAPPDATA%\programs\kinship\plugin2016.addin
- %LOCALAPPDATA%\programs\kinship\is-8ldoi.tmp в %LOCALAPPDATA%\programs\kinship\license.txt
- %LOCALAPPDATA%\programs\kinship\2016\is-hhse3.tmp в %LOCALAPPDATA%\programs\kinship\2016\kinship2016.dll
- %LOCALAPPDATA%\programs\kinship\2016\is-asdku.tmp в %LOCALAPPDATA%\programs\kinship\2016\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2016\is-fpjqk.tmp в %LOCALAPPDATA%\programs\kinship\2016\e.rvt
- %LOCALAPPDATA%\programs\kinship\2016\is-gbl7c.tmp в %LOCALAPPDATA%\programs\kinship\2016\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2016\is-hugo8.tmp в %LOCALAPPDATA%\programs\kinship\2016\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\programs\kinship\is-dh92u.tmp в %LOCALAPPDATA%\programs\kinship\plugin2017.addin
- %LOCALAPPDATA%\programs\kinship\2017\is-2jk7l.tmp в %LOCALAPPDATA%\programs\kinship\2017\kinship2017.dll
- %LOCALAPPDATA%\programs\kinship\2017\is-odbbh.tmp в %LOCALAPPDATA%\programs\kinship\2017\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\2017\is-j83s3.tmp в %LOCALAPPDATA%\programs\kinship\2017\ncalc.dll
- %LOCALAPPDATA%\programs\kinship\2017\is-klv17.tmp в %LOCALAPPDATA%\programs\kinship\2017\e.rvt
- %LOCALAPPDATA%\programs\kinship\2017\is-qthm1.tmp в %LOCALAPPDATA%\programs\kinship\2017\microsoft.windowsapicodepack.shell.dll
- %LOCALAPPDATA%\programs\kinship\2017\is-fid6b.tmp в %LOCALAPPDATA%\programs\kinship\2017\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\programs\kinship\is-clm15.tmp в %LOCALAPPDATA%\programs\kinship\plugin2018.addin
- %LOCALAPPDATA%\programs\kinship\2018\is-7u6lg.tmp в %LOCALAPPDATA%\programs\kinship\2018\kinship2018.dll
- %LOCALAPPDATA%\programs\kinship\2016\is-lbsqr.tmp в %LOCALAPPDATA%\programs\kinship\2016\lucene.net.dll
- %LOCALAPPDATA%\programs\kinship\2022\is-l132q.tmp в %LOCALAPPDATA%\programs\kinship\2022\microsoft.windowsapicodepack.dll
- %LOCALAPPDATA%\kinship\logs\sync.log в %LOCALAPPDATA%\kinship\logs\sync.bak.log
Подменяет следующие файлы
- %LOCALAPPDATA%\kinship\logs\sync.log
Сетевая активность
Подключается к
- 'ap#.#inship.io':443
- 'microsoft.com':80
TCP
Другие
- 'ap#.#inship.io':443
UDP
- DNS ASK ap#.#inship.io
- DNS ASK microsoft.com
Другое
Создает и запускает на исполнение
- '%LOCALAPPDATA%\kinship\kinshipsetup.exe' /VERYSILENT /LOG="%LOCALAPPDATA%\Kinship\Logs\sync-update.log.log"
- '%TEMP%\is-31p24.tmp\kinshipsetup.tmp' /SL5="$15021A,5611768,978432,%LOCALAPPDATA%\Kinship\KinshipSetup.exe" /VERYSILENT /LOG="%LOCALAPPDATA%\Kinship\Logs\sync-update.log.log"
- '%TEMP%\is-532ms.tmp\_isetup\_setup64.tmp' 105 0x270
- '%LOCALAPPDATA%\programs\kinship\kinship.exe' /install /msi=0
