Technical Information
- '<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\GoSavE\EvcPQaQOm1OdCj.x64.dll"
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5b5a771-5537-43dc-ace5-6a7636384f97}']
- [<HKLM>\SOFTWARE\Classes\CLSID\{a5b5a771-5537-43dc-ace5-6a7636384f97}\InprocServer32] '' = '%ProgramFiles%\GoSavE\EvcPQaQOm1OdCj.dll'
- %ProgramFiles%\GoSavE\EvcPQaQOm1OdCj.x64.dll
- %ProgramFiles%\GoSavE\EvcPQaQOm1OdCj.dat
- %ALLUSERSPROFILE%\Application Data\GoSavE\Fdx8k5D6Aw1AnBg.exe
- %ALLUSERSPROFILE%\Application Data\6e958a80feb239af\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20170319160118
- %ALLUSERSPROFILE%\Application Data\GoSavE\Fdx8k5D6Aw1AnBg.dat
- %ProgramFiles%\GoSavE\EvcPQaQOm1OdCj.tlb
- %TEMP%\073d63c4\EvcPQaQOm1OdCj.dll
- %TEMP%\073d63c4\Fdx8k5D6Aw1AnBg.dat
- %TEMP%\073d63c4\EvcPQaQOm1OdCj.tlb
- %ProgramFiles%\GoSavE\EvcPQaQOm1OdCj.dll
- %TEMP%\073d63c4\EvcPQaQOm1OdCj.x64.dll
- %TEMP%\073d63c4\EvcPQaQOm1OdCj.tlb
- %TEMP%\073d63c4\EvcPQaQOm1OdCj.x64.dll
- %TEMP%\073d63c4\Fdx8k5D6Aw1AnBg.dat
- %TEMP%\073d63c4\EvcPQaQOm1OdCj.dll