Техническая информация
- '%PROGRAM_FILES%\Vid-Saver\Vid-Saver-codedownloader.exe' /updateapp /dontsenddaily /agentregpath='Vid-Saver' /appid=3491 /srcid='70036' /subid='default' /zdata='70036&amp;&amp;&amp;&amp;subid;=&amp;&amp;&amp;&amp;pid;=1250' /bic=2B17F4F7E7554DF0B47EF368FFADFA0CIE /verifier=5cce0feae3cbfbf8df1816f5686168a6 /installerversion=1_36_01_22 /installerfullversion=1.36.01.22 /installationtime=1429637402 /statsdomain=http://st###.##datastatssrv.com /errorsdomain=http://er####.#ydatastatssrv.com /codedownloaddomain=https://w9u6a2p6.ssl.hwcdn.net /defbro=opera /crregname='Vid-Saver' /f<Служебное имя>downloaddomain=https://w9u6a2p6.ssl.hwcdn.net /50verifier=fa820d4d3aa319dbb58eb4f60a8630db /sid=S-1-5-21-2832440558-3064306045-1455513625-1000 /runfrom=installer-update /externallog='%TEMP%\Vid-SaverInstaller_1429637402.log'
- '%PROGRAM_FILES%\Vid-Saver\Vid-Saver-chromiuminstaller.exe' /rawdata=pwpJBYYpcZix4P9nq8Up58cRWofyA9VcoCIEm5ozLjHCaHyudY4VcajlNc2F1/YtMyiOQGULTwRBbJs73hkV+kVwEJOo+m7dB5fqLLQJwhPuu+oBpxP5RXXibZCTvAOYVdNGgJD+7W8jRW5gv1Pv6ValKCm1i3wS0/vKimHJ/qlKIRvLT9D4lnWZ1uPZuIXM2+KiGKgJy+80t7xFo0sIh3geHwbVPm1rMzXGAqOefPpYeeRQIZP4GwfRI0GD3VKRqRyEknYC4r9svUYtMIHnRUZ5XB6Sn5YTwd69kPqjUo/chaBDC5b6uRsWETpJLFZKXfxjRy04KpJQ2+VmiKR+m6YHIZiCu3flNLQlfXreQVi5iyybPSeDIsGCQa33HmIh8kxoJbjaq1jZhyHA8WpD534VNodQFSKnul/1TybMQUUsVOtiQLAiDAYmm2x78+m26QCId+PK8UEIprNrxmMz7pmXiNPCVfY9iDsgkWAbndfbHqYlVas0KleDKtBOyEjjcPOIO2qE32jmbOQdg27ere514H+R40vjl+eQp+0G9phhAR1/Zj5Sb0S7tz4ddItXewGZwbgkLDgZ8yeCNcg9+pXxg1XLlRnoWH91v6pol+0bEKm4wfhym+aoygKIkiJT9yv5xzA2UWtskq9Eq/5ok2HiTa08uGxvFWemqh9KMDgEJ1I4oJbxHleHBB7BSWwonpWsLz/8Vx+h5xcviAP1GEvelTEJ34q3Ktc9JzyNrtL9DKLCxgvUxZ1XGW6SzbkoCMRErmpjxF81OOgY75KUpCNiiCyN/heM9eKx5q36GCtaWevUzDKM2zeR7vaM1VOYREO9EbE1JdKrr+QJcoJ1E00cb8j5csVRjKTwsK7JlX+v5F+yTsaJkmyZEW8AJwV63iwhutgMxndlbzzV5HpKxRPFFOYfcVGMEfJmOPJMR071BM09Ukb9yCnpIm3YqMq0REUWR+FF6orP86CN8lsJrr3JzMSB5zrMe1RhIuy3+KCE0bmfvUU4FZvVTgASZtnvWXyCXr95Bzf9s8DoFWEaOcNryValN6ckyoEGMKw8mGdiHMzpaYAafCc0bU7yY2scIHHFcEfo0lnyRTsyXgT2waOCVNbu+WXZQnIuvJMMf4m899Ya02FkSkMjUPoPpHDI7OFTU30NjrbtIMmZIMcVGr1in1dE2HoqCp9bD1y0aLtFQRfQVr9Oyen2q1vrR/b066uuKhj4Aeah84d9j017yZQASzkCqQ0kyc3NDsqyPY7HfM1DbyoxzysIxwudxlShymjHwwhMAA/aVW7Z+zOkDAKoRoOlXnxLrIjuOkBlEPtC1tR6u+VYg+jnDtloOyGBl+sfqYOtvwVnBdRFSdqYYarvGDODbf8YPOrlSI4UOkLdS9k+jmevS4EovIK8BsN8wCkTtil/NI6RXsn0bQqgw5jbSxYmcf+ND2lS5GUV5sm8/Y6e1mfCPVaG7d4McGotLO09d74mJNI08ath/a4Y8S9jvffi5oR244XVotHH9FJHTWh1w5fQVpL0bDruQLjIqs34Qtmq8slxtb283Ao2BwJhukEX8gcFSdcfXM5ZoBUHA7NejsGfdY/qPGqtOftTINjWhJp7g+8DBdff4mgiFIQf909+7u4DT8u7UP+FfRYl1AtdKvBblp0uGu3PzKsWrbtZENQpPLGELuQYNuPE679XCjByWwJ44LbW6AZVojkqaD+KIKr1jfEeiemuiFiI8Glp4h1YO+JdZVwLCcDDaA16U79NqStLgngFa8zHJXbtLDRmRGJwZ+yDWTatQpA0KkOsjqKRvhmF4+PHOSzUpzHiO9SFgWcfGUtZfZmiNR/nJEGtbc7drcAeCiT2A8kaijfycZg0GLWdlQ1nHHehzSjS5bP6kO7Whc0kuu2Oa7MKeu3NX0TiYvLoTQTgwgL9+Mtkw9z+a9tS9CvRcqfT8h0ynbnnTG8d5onHOzLS4TLzrnXFra9OclSeqd+T5QelNljhNrXxo4tPh8p1TXox9wjzpl/uPcn96D6lV4rF21MAX1pa3xGvt4/flOdRjvBj
- '%TEMP%\nsxA860.tmp\Kwnlznta.exe'
- '<SYSTEM32>\conhost.exe' /installapp /agentregpath='Vid-Saver' /appid=3491 /srcid='70036' /subid='default' /zdata='70036&amp;&amp;&amp;&amp;subid;=&amp;&amp;&amp;&amp;pid;=1250' /bic=2B17F4F7E7554DF0B47EF368FFADFA0CIE /verifier=5cce0feae3cbfbf8df1816f5686168a6 /installerversion=1_36_01_22 /installerfullversion=1.36.01.22 /installationtime=1429637402 /statsdomain=http://st###.##datastatssrv.com /errorsdomain=http://er####.#ydatastatssrv.com /codedownloaddomain=https://w9u6a2p6.ssl.hwcdn.net /defbro=opera /crregname='Vid-Saver' /f<Служебное имя>downloaddomain=https://w9u6a2p6.ssl.hwcdn.net /50verifier=fa820d4d3aa319dbb58eb4f60a8630db /sid=S-1-5-21-2832440558-3064306045-1455513625-1000 /runfrom=installer /externallog='%TEMP%\Vid-SaverInstaller_1429637402.log' /downloadfromlocalpath='file://%TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}'
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Vid-Saver\Vid-Saver-bho.dll"
- iexplore.exe
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\userCode\extension.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\userCode\background.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\Settings.json
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\207.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\1000015.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\47.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\13.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\1000015.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\13.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\14.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\1000014.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Cookies-journal
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\manifest.xml
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins.json
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\182.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\19.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\14.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\1000014.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins.json
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\manifest.xml
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\183.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\80.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\78.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\17.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\72.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\177.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\97.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\extensionData\plugins\64.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\64.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\72.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\78.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\47.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\44.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\45.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\46.js
- %PROGRAM_FILES%\Vid-Saver\background.html
- %PROGRAM_FILES%\Vid-Saver\Vid-Saver-bg.exe
- %PROGRAM_FILES%\Vid-Saver\Vid-Saver-codedownloader.exe
- %PROGRAM_FILES%\Vid-Saver\Vid-Saver-bho.dll
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\94.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\userCode\background.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\userCode\extension.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\207.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\35.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\36.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\183.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\17.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\177.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\182.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\41.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\42.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\43.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\40.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\37.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\38.js
- %TEMP%\nsmAE88.tmp\{77192B0F-654F-4FD7-AA08-CD8BAEE342F0}\plugins\39.js
- %PROGRAM_FILES%\Vid-Saver\c326530b-3db7-4350-9939-e25ce6347bcc.crx
- %PROGRAM_FILES%\Vid-Saver\Vid-Saver-chromiuminstaller.exe
- %TEMP%\nsmAE88.tmp\ExecDos.dll
- %TEMP%\nsmAE88.tmp\346002
- %TEMP%\nsmAE88.tmp\md5dll.dll
- %PROGRAM_FILES%\Vid-Saver\Uninstall.exe
- %TEMP%\nsmAE88.tmp\298546
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\logging.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\popupResource\popup.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\popupResource\newPopup.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\xhr.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\platformVersion.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\background.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\main.js
- %TEMP%\nsxA860.tmp\StdUtils.dll
- %TEMP%\nscAE49.tmp
- %TEMP%\nsmAE88.tmp\StdUtils.dll
- %TEMP%\nsxA860.tmp\Kwnlznta.exe
- %TEMP%\nsxA860.tmp\System.dll
- %TEMP%\nsxA860.tmp\Jevolmpim.tmp
- %TEMP%\nsxA860.tmp\FacebookIsGod.dll
- %TEMP%\nsmAE88.tmp\UserInfo.dll
- %TEMP%\nsmAE88.tmp\nsisos.dll
- %TEMP%\nsmAE88.tmp\InstallerUtils.dll
- %TEMP%\nsmAE88.tmp\InstallerUtils2.dll
- %TEMP%\nsmAE88.tmp\System.dll
- %TEMP%\nsmAE88.tmp\nsislog.dll
- %TEMP%\Vid-SaverInstaller_1429637402.log
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\api\monitor.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\api\pageActionBG.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\popup.html
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\api\chrome.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\api\message.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\api\pageAction.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\api\cookie.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\icons\icon16.png
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\icons\icon128.png
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\manifest.json
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\icons\actions\1.png
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\chromeCoreFilesIndex.txt
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\background.html
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\icons\icon48.png
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\app_api.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\util.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\delegate.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\updateManager.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\logFile.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\bg_app_api.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\cookie_store.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\events.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\extensionDataStore.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\storageWrapper.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\onBGDocumentLoad.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\consts.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\reports.js
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.26.118_0\js\lib\installer.js
- %TEMP%\nsmAE88.tmp\346002
- DNS ASK w9#####6.ssl.hwcdn.net
- DNS ASK er####.#ydatastatssrv.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK st###.##datastatssrv.com
- DNS ASK www.in####lping2.info
- ClassName: 'Shell_TrayWnd' WindowName: ''