Home » Virus List
Worm.Generic
Risk Level 1
 
File Size : 289792 KB
File Type : Portable Executable file
File Name

75703fc8bc66aa7b91d91cd01f6c5730.exe

MD5

75703fc8bc66aa7b91d91cd01f6c5730

SHA1

e1c1f379f9fe89ede763cae1054f164022cceb2a

SHA256

6b7c60893a802feec53839bcb3635a8e1ccc4f894653923a49

General information:

* File name: C:\Users\vmware\Desktop\malware\75703fc8bc66aa7b91d91cd01f6c5730.exe

Changes to registry :

* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASAPI32
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASAPI32
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASAPI32
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASAPI32
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASMANCS
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASMANCS
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASMANCS
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\rpeovvxwagem_RASMANCS
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "EnableLinkedConnections=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "data=3139553150394C34684573594B794D366B4A686D6D4D346F765A4D505A72526831470000000000000000000000000000049A26DEE0CC4E95E302D45E631C19D76595ADD9D3B6D29D409935196F01C61ED358ADC4A819728299BD583060390EE7CC0BED3C18547E3A0493CA22AD5D88104B354200EF2E532559B22DD6F1D2D616C543917DFA8F8BD15AEB815286F6131DD2000000000000000000000000000000000000000000000000000000000000000401C40EF07203B7D757DC347D00AD5B62BDA4813BFA9D5BF55D67234BF845E0A5C58A5EE4A5B83F61B27C3EACF64878743855BA1F2DAA639C4C0770B362747AF600000000000000400E555700000000" in key HKEY_CURRENT_USER\software\1617121FC89B86
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Modifies value "SavedLegacySettings=460000001600000009000000000000000000000000000000040000000000000050FDBCC56EB6D101000000000000000000000000020000001700000000000000FE8000000000000091B4647A012657FF0B0000001C00000000000000000000000000000000200000002000000010000001000000ED0300000906020008000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFFC0B0EAF9D426D011BBBF00AA006C34E402000000C0A8EE86000000000000000058652F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
old value "SavedLegacySettings=460000001500000009000000000000000000000000000000040000000000000050FDBCC56EB6D101000000000000000000000000020000001700000000000000FE8000000000000091B4647A012657FF0B0000001C00000000000000000000000000000000200000002000000010000001000000ED0300000906020008000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFFC0B0EAF9D426D011BBBF00AA006C34E402000000C0A8EE86000000000000000058652F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
* Creates value "uqnyjyo=C:\Windows\system32\CMD.EXE /c start C:\Windows\rpeovvxwagem.exe" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RUN
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C0043004D0044002E0045005800450020002F006300200073007400610072007400200043003A005C00570069006E0064006F00770073005C007200700065006F0076007600780077006100670065006D002E006500780065000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "ID=161701021FC89B86" in key HKEY_CURRENT_USER\software\zzzsys
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "rpeovvxwagem.exe=7200700065006F0076007600780077006100670065006D002E006500780065000000" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\drive\C\Windows
* Creates value "cmd.exe=Windows Command Processor" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=570069006E0064006F0077007300200043006F006D006D0061006E0064002000500072006F0063006500730073006F0072000000
* Creates value "WMIC.exe=WMI Commandline Utility" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32\wbem
binary data=57004D004900200043006F006D006D0061006E0064006C0069006E00650020005500740069006C006900740079000000

Changes to filesystem:

* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\_ReCoVeRy_+yvwgt.html
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\_ReCoVeRy_+yvwgt.png
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\_ReCoVeRy_+yvwgt.txt
* Creates file C:\$Recycle.Bin\_ReCoVeRy_+yvwgt.html
* Creates file C:\$Recycle.Bin\_ReCoVeRy_+yvwgt.png
* Creates file C:\$Recycle.Bin\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\cs-CZ\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\cs-CZ\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\cs-CZ\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\da-DK\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\da-DK\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\da-DK\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\de-DE\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\de-DE\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\de-DE\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\el-GR\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\el-GR\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\el-GR\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\en-US\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\en-US\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\en-US\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\es-ES\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\es-ES\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\es-ES\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\fi-FI\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\fi-FI\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\fi-FI\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\Fonts\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\Fonts\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\Fonts\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\fr-FR\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\fr-FR\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\fr-FR\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\hu-HU\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\hu-HU\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\hu-HU\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\it-IT\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\it-IT\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\it-IT\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\ja-JP\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\ja-JP\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\ja-JP\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\ko-KR\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\ko-KR\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\ko-KR\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\nb-NO\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\nb-NO\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\nb-NO\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\nl-NL\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\nl-NL\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\nl-NL\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\pl-PL\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\pl-PL\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\pl-PL\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\pt-BR\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\pt-BR\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\pt-BR\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\pt-PT\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\pt-PT\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\pt-PT\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\ru-RU\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\ru-RU\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\ru-RU\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\sv-SE\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\sv-SE\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\sv-SE\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\tr-TR\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\tr-TR\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\tr-TR\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\zh-CN\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\zh-CN\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\zh-CN\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\zh-HK\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\zh-HK\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\zh-HK\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\zh-TW\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\zh-TW\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\zh-TW\_ReCoVeRy_+yvwgt.txt
* Creates file C:\Boot\_ReCoVeRy_+yvwgt.html
* Creates file C:\Boot\_ReCoVeRy_+yvwgt.png
* Creates file C:\Boot\_ReCoVeRy_+yvwgt.txt
* Changes file attributes C:\BOOTSECT.BAK
* Modifies file (empty) C:\BOOTSECT.BAK
* Creates file (hidden) C:\BOOTSECT.BAK.mp3
* Modifies file (empty) C:\bsa\CONFIG\APIExclude.TXT
* Creates file C:\bsa\CONFIG\APIExclude.TXT.mp3
* Modifies file (empty) C:\bsa\CONFIG\RegistryExclude.TXT
* Creates file C:\bsa\CONFIG\RegistryExclude.TXT.mp3
* Modifies file (empty) C:\bsa\CONFIG\WindowMessages.TXT
* Creates file C:\bsa\CONFIG\WindowMessages.TXT.mp3
* Creates file C:\bsa\CONFIG\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\CONFIG\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\CONFIG\_ReCoVeRy_+yvwgt.txt
* Creates file C:\bsa\DATA\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\DATA\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\DATA\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\bsa\DOCS\Buster Sandbox Analyzer - English manual.PDF
* Creates file C:\bsa\DOCS\Buster Sandbox Analyzer - English manual.PDF.mp3
* Modifies file (empty) C:\bsa\DOCS\Quick Start Guide - English manual.PDF
* Creates file C:\bsa\DOCS\Quick Start Guide - English manual.PDF.mp3
* Creates file C:\bsa\DOCS\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\DOCS\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\DOCS\_ReCoVeRy_+yvwgt.txt
* Creates file C:\bsa\LANG\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\LANG\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\LANG\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\bsa\LEIAME.TXT
* Creates file C:\bsa\LEIAME.TXT.mp3
* Modifies file (empty) C:\bsa\LOG_API\README_ENGLISH.TXT
* Creates file C:\bsa\LOG_API\README_ENGLISH.TXT.mp3
* Modifies file (empty) C:\bsa\LOG_API\README_PORTUGUESE.TXT
* Creates file C:\bsa\LOG_API\README_PORTUGUESE.TXT.mp3
* Modifies file (empty) C:\bsa\LOG_API\README_RUSSIAN.TXT
* Creates file C:\bsa\LOG_API\README_RUSSIAN.TXT.mp3
* Creates file C:\bsa\LOG_API\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\LOG_API\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\LOG_API\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\bsa\MAEC\library.zip
* Creates file C:\bsa\MAEC\library.zip.mp3
* Creates file C:\bsa\MAEC\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\MAEC\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\MAEC\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\bsa\PCAP\Fingerprints\oui.txt
* Creates file C:\bsa\PCAP\Fingerprints\oui.txt.mp3
* Creates file C:\bsa\PCAP\Fingerprints\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\PCAP\Fingerprints\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\PCAP\Fingerprints\_ReCoVeRy_+yvwgt.txt
* Creates file C:\bsa\PCAP\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\PCAP\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\PCAP\_ReCoVeRy_+yvwgt.txt
* Creates file C:\bsa\PLUGINS\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\PLUGINS\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\PLUGINS\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\bsa\README.TXT
* Creates file C:\bsa\README.TXT.mp3
* Creates file C:\bsa\Reports\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\Reports\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\Reports\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\bsa\USERDB.TXT
* Creates file C:\bsa\USERDB.TXT.mp3
* Creates file C:\bsa\_ReCoVeRy_+yvwgt.html
* Creates file C:\bsa\_ReCoVeRy_+yvwgt.png
* Creates file C:\bsa\_ReCoVeRy_+yvwgt.txt
* Creates file (hidden) C:\Windows\rpeovvxwagem.exe
* Creates file C:\ProgramData\Application Data\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Application Data\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Application Data\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Documents\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Documents\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Documents\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Favorites\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Favorites\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Favorites\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Assistance\Client\1.0\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Assistance\Client\1.0\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Assistance\Client\1.0\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Assistance\Client\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Assistance\Client\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Assistance\Client\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Assistance\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Assistance\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Assistance\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Crypto\DSS\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Crypto\DSS\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Crypto\DSS\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Crypto\Keys\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Crypto\Keys\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Crypto\Keys\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Crypto\RSA\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Crypto\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Crypto\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Crypto\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.mp3
* Modifies file (empty) C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.mp3
* Modifies file (empty) C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.mp3
* Modifies file (empty) C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.mp3
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\_ReCoVeRy_+yvwgt.txt
* Modifies file (empty) C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.mp3
* Modifies file (empty) C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.mp3
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Device Stage\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Device Stage\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Device Stage\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\DeviceSync\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\DeviceSync\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\DeviceSync\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\DRM\Server\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\DRM\Server\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\DRM\Server\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\DRM\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\DRM\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\DRM\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\eHome\logs\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\eHome\logs\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\eHome\logs\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\eHome\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\eHome\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\eHome\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\IdentityCRL\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\IdentityCRL\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\IdentityCRL\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Media Player\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Media Player\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Media Player\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\MF\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\MF\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\MF\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Network\Connections\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Network\Connections\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Network\Connections\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Network\Downloader\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Network\Downloader\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Network\Downloader\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Network\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Network\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Network\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\RAC\Outbound\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\RAC\Outbound\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\RAC\Outbound\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\RAC\PublishedData\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\RAC\PublishedData\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\RAC\PublishedData\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\RAC\StateData\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\RAC\StateData\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\RAC\StateData\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\RAC\Temp\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\RAC\Temp\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\RAC\Temp\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\RAC\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\RAC\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\RAC\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Applications\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\Temp\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\Temp\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\Temp\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\Data\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\Data\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\Data\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Search\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Search\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Search\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\User Account Pictures\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\User Account Pictures\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\User Account Pictures\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Vault\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Vault\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Vault\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\AIT\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\AIT\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\AIT\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Caches\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Caches\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Caches\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\DRM\Cache\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\DRM\Cache\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\DRM\Cache\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\DRM\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\DRM\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\DRM\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\GameExplorer\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\GameExplorer\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\GameExplorer\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Ringtones\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Ringtones\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Ringtones\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Manifest\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Manifest\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Manifest\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Sessions\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Sessions\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Sessions\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Upload\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Upload\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\Upload\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Sqm\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\SDK\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\SDK\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\SDK\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\Tools\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\Tools\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\Tools\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\_ReCoVeRy_+yvwgt.html
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\_ReCoVeRy_+yvwgt.png
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\_ReCoVeRy_+yvwgt.txt
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+yvwgt.png
* Modifies file (empty) C:\Users\vmware\Desktop\malware\75703fc8bc66aa7b91d91cd01f6c5730.exe
* Creates file C:\Users\vmware\Documents\recover_file_exvoghuxf.txt

Network services:

* Queries DNS "conspec.us".
* Queries DNS "tmfilms.net".
* Queries DNS "iqinternal.com".
* Queries DNS "goktugyeli.com".
* Queries DNS "saludaonline.com".
* Queries DNS "newculturemediablog.com".

Process/window/string information:

* Adds user.
* Gets user name information.
* Gets volume information.
* Gets computer name.
* Decrypts data.
* Checks for debuggers.
* Removes Zone.Identifier information.
* Enables privilege SeDebugPrivilege.
* Creates process "null, C:\Windows\rpeovvxwagem.exe, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\Windows\rpeovvxwagem.exe".
* Creates process "C:\Windows\system32\cmd.exe, "C:\Windows\system32\cmd.exe" /c DEL C:\Users\vmware\Desktop\malware\75703F~1.EXE, C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates a mutex "345432-123rvr4".
* Enumerates running processes.
* Creates process "C:\Windows\System32\wbem\WMIC.exe, "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive , C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Windows\System32\wbem\WMIC.exe".
* Enables privilege SeIncreaseQuotaPrivilege.
* Enables privilege SeSecurityPrivilege.
* Enables privilege SeTakeOwnershipPrivilege.
* Enables privilege SeSystemProfilePrivilege.
* Enables privilege SeProfileSingleProcessPrivilege.
* Enables privilege SeAuditPrivilege.
* Opens a service named "rasman".
* Opens a service named "Sens".
* Creates a mutex "IESQMMUTEX_0_208".
* Creates a mutex "Local\!IETld!Mutex".
* Enables process privileges.
* Sleeps 349 seconds.

Additional Information:

How To Remove 75703fc8bc66aa7b91d91cd01f6c5730.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 75703fc8bc66aa7b91d91cd01f6c5730.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top