Skip to content

Instantly share code, notes, and snippets.

@W3ndige

W3ndige/e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60-decoded-strings.md

Last active November 8, 2020 15:23
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save W3ndige/0e741c4e04555e67b2219b1a2885852c to your computer and use it in GitHub Desktop.
Save W3ndige/0e741c4e04555e67b2219b1a2885852c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60-decoded-strings.md

Script and the decoded strings from the EKANS/Snake ransomware. Original script written by @sysopfb - I've only modified the regexp to cover all cases where decryption was used in the sample.

Script:

import re
import sys
import pefile
import struct
import binascii


data = open(sys.argv[1], 'rb').read()

pe = pefile.PE(data=data)
base = pe.OPTIONAL_HEADER.ImageBase
memdata = pe.get_memory_mapped_image()

t = re.findall('''8d05......0089442404c7442408......00e8....e.ff8b44240c.{34,70}89542404c7442408......00e8''', str(binascii.hexlify(data))) 

all = []

for val in t:
    off1 = struct.unpack_from('<I', binascii.unhexlify(val)[2:])[0] - base
    l = struct.unpack_from('<I', binascii.unhexlify(val)[14:])[0]
    off2 = struct.unpack_from('<I', binascii.unhexlify(val)[-17:])[0] - base
	
    d1 = bytearray(memdata[off1:off1+l])
    d2 = bytearray(memdata[off2:off2+l])

    for i in range(len(d1)):
        d1[i] ^= d2[i]
    
    all.append(str(d1))
    print(hex(base + off1) + ' ' + d1.decode('UTF-8'))

Strings:

0x5f09e3 EKANS
0x5f5cb2 kernel32.dll
0x5f71ee CreateMutexW
0x607626 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
0x5fcaa3 already encrypted!

0x60093c worker %s started job %s

0x600b17 error encrypting %v : %v

0x5fee88 There can be only one

0x608c5b -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAyQ+M5ve829umuy9+BSsUX/krgdF83L3m8/uxRvKX5EZbSh1+buON
ZYr5MjfhrdiOGnrbB1j0Fy31U/uzvWcy7VvK/zcsO/5aAhujhHB/qMAVpZ8zT5BB
ujT1Bvsith/BXgtM99MixD8oZ67VDZaRM9TPE89WuAjnaBZORrk48wFcn1DOAAHD
Z9z9komtqIH1fm3Y0Q6P76nUscLsYOme082L217Th/lTMoqqs4cF2rn9O9Vp4V9U
aCs4XVxGSpcuqbIscfpf0cm44P2eOEk+sbZdahO9C6fezt7YF4OCJ4Vz3qqMD6z4
+6d7FRxUu6k3Te2T2bWBZnsDO30pYFi/gwIDAQAB
-----END RSA PUBLIC KEY-----

0x5f1907 bad pem

0x5f04cc %v

0x5f0427 %v

0x6018ab WbemScripting.SWbemLocator
0x5f052c %v

0x5f0478 %v

0x5f7a26 ConnectServer
0x5f0520 %v

0x5f26a1 ExecQuery
0x602fe7 SELECT * FROM Win32_ShadowCopy
0x5f050b %v

0x5f085d Count
0x5f0502 %v

0x5f20ef ItemIndex
0x5f0535 %v

0x5f02f5 ID
0x5f0529 %v

0x5f1254 Delete_
0x5f0523 %v

0x5f0984 \temp
0x5faaba total lengt: %v

0x5f09d4 .docx
0x5f06c1 .dll
0x5f06c5 .exe
0x5f06f9 .sys
0x5f06e5 .mui
0x5f06a5 .tmp
0x5f0785 .lnk
0x5f120e .config
0x5f2314 .manifest
0x5f06e9 .tlb
0x5f05f5 .olb
0x5f05f9 .blf
0x5f06d1 .ico
0x5f7302 .regtrans-ms
0x5fbdc7 .devicemetadata-ms
0x5fbf2f .settingcontent-ms
0x5f06dd .bat
0x5f0629 .cmd
0x5f0659 .ps1
0x5f3a7c desktop.ini
0x5f5ffa iconcache.db
0x5f2a42 ntuser.dat
0x5f32e4 ntuser.ini
0x5f96a1 ntuser.dat.log1
0x5f9ff2 ntuser.dat.log2
0x5f74fa usrclass.dat
0x5fb65b usrclass.dat.log1
0x5fba13 usrclass.dat.log2
0x5f1350 bootmgr
0x5f12a1 bootnxt
0x5f0bdc windir
0x5f4fed SystemDrive
0x5f8702 :\$Recycle.Bin
0x5f797d :\ProgramData
0x5fb14f :\Users\All Users
0x5fa286 :\Program Files
0x5fabda :\Local Settings
0x5f0cc0 :\Boot
0x601b63 :\System Volume Information
0x5f3640 :\Recovery
0x5f2539 \AppData\
0x5f0867 ntldr
0x5f5316 NTDETECT.COM
0x5f188f boot.ini
0x5f73da bootfont.bin
0x5f715e bootsect.bak
0x5f4b12 desktop.ini
0x5f2772 ctfmon.exe
0x5f721e iconcache.db
0x5f319a ntuser.dat
0x5f8cb2 ntuser.dat.log
0x5f31f4 ntuser.ini
0x5f2233 thumbs.db
0x608713 .+\\Microsoft\\(User Account Pictures|Windows\\(Explorer|Caches)|Device Stage\\Device|Windows)\\
0x5f038b \

0x5f02b7 \
0x602966 files: %v
priority files: %v

0x5fbc17 priorityFiles: %v

0x5fb36f Toatal files: %v

0x6094ef --------------------------------------------

| What happened to your files? 

--------------------------------------------

We breached your corporate network and encrypted the data on your computers. The encrypted data includes documents, databases, photos and more -

all were encrypted using a military grade encryption algorithms (AES-256 and RSA-2048). You cannot access those files right now. But dont worry!

You can still get those files back and be up and running again in no time. 


---------------------------------------------

| How to contact us to get your files back?

---------------------------------------------

The only way to restore your files is by purchasing a decryption tool loaded with a private key we created specifically for your network. 

Once run on an effected computer, the tool will decrypt all encrypted files - and you can resume day-to-day operations, preferably with

better cyber security in mind. If you are interested in purchasing the decryption tool contact us at %s


-------------------------------------------------------

| How can you be certain we have the decryption tool?

-------------------------------------------------------

In your mail to us attach up to 3 files (up to 3MB, no databases or spreadsheets).

We will send them back to you decrypted.
0x5fbf1d Fix-Your-Files.txt
0x5f0cea public
0x5f4ad0 systemdrive
0x5fb2a3 pub: %v
root: %v

0x5f2377 \Desktop\
0x5f02b9 \
0x5f10b0 Global\
0x5f4708 ccflic0.exe
0x5f460b ccflic4.exe
0x5fb1f9 healthservice.exe
0x5f9809 ilicensesvc.exe
0x5f374e nimbus.exe
0x5fa58a prlicensemgr.exe
0x5ff909 certificateprovider.exe
0x601c20 proficypublisherservice.exe
0x5f91f2 proficysts.exe
0x5f37b2 erlsrv.exe
0x5f6fc6 vmtoolsd.exe
0x5ff965 managementagenthost.exe
0x5fb33c vgauthservice.exe
0x5f14b7 epmd.exe
0x5f3faf hasplmv.exe
0x5f4734 spooler.exe
0x5f0e95 hdb.exe
0x5f8c42 ntservices.exe
0x5f0a97 n.exe
0x5fc1a5 monitoringhost.exe
0x5fa8ca win32sysinfo.exe
0x5fa8da inet_gethost.exe
0x5f7a5a taskhostw.exe
0x600dec proficy administrator.exe
0x5f224e ntevl.exe
0x5fa55a prproficymgr.exe
0x5f200e prrds.exe
0x5f6642 prrouter.exe
0x5f9ec6 prconfigmgr.exe
0x5f8552 prgateway.exe
0x5fb5b1 premailengine.exe
0x5f905c pralarmmgr.exe
0x5f9dc7 prftpengine.exe
0x5fd66e prcalculationmgr.exe
0x5fb617 prprintserver.exe
0x5fb4b2 prdatabasemgr.exe
0x5f91ac preventmgr.exe
0x5f7356 prreader.exe
0x5f6756 prwriter.exe
0x5faf2a prsummarymgr.exe
0x5f7d25 prstubber.exe
0x5fb7c0 prschedulemgr.exe
0x5f119e cdm.exe
0x5fe4d4 musnotificationux.exe
0x5f8287 npmdagent.exe
0x5f76da client64.exe
0x5f310e keysvc.exe
0x5fca0b server_eventlog.exe
0x5fb5c2 proficyserver.exe
0x5fbfbf server_runtime.exe
0x5feaaa config_api_service.exe
0x5fff0e fnplicensingservice.exe
0x5fd592 workflowresttest.exe
0x5fb0fa proficyclient.exe
0x5f70c2 vmacthlp.exe
0x5f8427 msdtssrvr.exe
0x5f613e sqlservr.exe
0x5f3bdc msmdsrv.exe
0x602709 reportingservicesservice.exe
0x5f4ac5 dsmcsvc.exe
0x5f4637 winvnc4.exe
0x5f3046 client.exe
0x5f6eb2 collwrap.exe
0x5ff9ef bluestripecollector.exe
0x5f8772 sqlbrowser.exe
0x5f346a dsmcad.exe
0x5f9350 nimcluster.exe
0x5faeba googleupdate.exe
0x5f115f smc.exe
0x5f8668 bcrservice.exe
0x5f3456 dbsrv9.exe
0x5f41f6 rtvscan.exe
0x5f8f60 bcreporter.exe
0x5f4e4b csadmin.exe
0x5f712e csdbsync.exe
0x5f24a0 csmon.exe
0x5f353c csauth.exe
0x5f2032 cslog.exe
0x5f577e csradius.exe
0x5f674a cstacacs.exe
0x5faf6a url_response.exe
0x5ff02a vmware-converter-a.exe
0x5fd9ca vmware-converter.exe
0x5f4a2b avagent.exe
0x6029a0 paxton.net2.clientservice.exe
0x6043dc paxton.net2.commsserverservice.exe
0x5f1cd2 avscc.exe
0x5f40d8 prunsrv.exe
0x5fefd2 googlecrashhandler.exe
0x6002e1 googlecrashhandler64.exe
0x5f8cc0 vmwaretray.exe
0x5f2916 nd2svc.exe
0x5f3b84 tnslsnr.exe
0x5f62d6 omtsreco.exe
0x5f3726 oracle.exe
0x5f9bf6 patrolagent.exe
0x5f9f7a scfagent_64.exe
0x5f8c34 patrolperf.exe
0x5f3a92 rscdsvc.exe
0x5f1747 rscd.exe
0x5f7e43 pmgreader.exe
0x5f476b firefox.exe
0x5f38fc chrome.exe
0x5fc4f3 netsession_win.exe
0x5f2674 pcsws.exe
0x5f1e43 pcscm.exe
0x5f7032 cwbunnav.exe
0x5f2fce rdrcef.exe
0x5f2434 ndrvx.exe
0x5f22f9 ndrvs.exe
0x5fd5ce dr_serviceengine.exe
0x5fee46 teamviewer_service.exe
0x5f5c6a sqlagent.exe
0x5f2d6c dwrcst.exe
0x5fb490 ccm messaging.exe
0x5f2245 zoolz.exe
0x5f3d73 agntsvc.exe
0x5f4f1c dbeng50.exe
0x5f31d6 dbsnmp.exe
0x5f26c8 encsvc.exe
0x5f1ea6 excel.exe
0x5fb9f1 firefoxconfig.exe
0x5f5c52 infopath.exe
0x5f9e30 isqlplussvc.exe
0x5f6522 msaccess.exe
0x5f6dce msftesql.exe
0x5f2101 mspub.exe
0x5faa8a mydesktopqos.exe
0x5fd89e mydesktopservice.exe
0x5f2e5c mysqld.exe
0x5f7ce4 mysqld-nt.exe
0x5f8c7a mysqld-opt.exe
0x5f953a ocautoupds.exe
0x5f21f4 ocomm.exe
0x5f203b ocssd.exe
0x5f4243 onenote.exe
0x5f5100 outlook.exe
0x5f6f06 powerpnt.exe
0x5fc30d sqbcoreservice.exe
0x5f8183 sqlwriter.exe
0x5f2503 steam.exe
0x5f565e synctime.exe
0x5f9fd4 tbirdconfig.exe
0x5f2d30 thebat.exe
0x5f6612 thebat64.exe
0x5f96fb thunderbird.exe
0x5f1fab visio.exe
0x5f43c4 winword.exe
0x5f50d4 wordpad.exe
0x5f79a4 xfssvccon.exe
0x5f6b0a tmlisten.exe
0x5f5c8e pccntmon.exe
0x5f7ef9 cntaosmgr.exe
0x5f5436 ntrtscan.exe
0x5f5a96 mbamtray.exe
0x5fcd4f qhactivedefense.exe
0x5f8b62 qhwatchdog.exe
0x5f8940 qhsafetray.exe
0x5f38e8 avgsvc.exe
0x5f216d avgui.exe
0x5f2a74 v3lite.exe
0x5f337a v3main.exe
0x5f18af v3sp.exe
0x5f3b0b avastui.exe
0x5f542a avastsvc.exe
0x5f448a avguard.exe
0x5f6cde avshadow.exe
0x5f1bcd avgnt.exe
0x5fe4bf avira.servicehost.exe
0x5fb408 avira.systray.exe
0x5f503a bdagent.exe
0x5f800a bdredline.exe
0x5f1867 bdss.exe
0x5ff8db bullguardbhvscanner.exe
0x5fdeca bullguardscanner.exe
0x5fb4f6 bullguardtray.exe
0x5fcede bullguardupdate.exe
0x5f82a1 bullguard.exe
0x5f614a cmdagent.exe
0x5f5137 cistray.exe
0x5f132d cis.exe
0x5fa3fd spideragent.exe
0x5f724e dwengine.exe
0x5f9a9d dwarkdaemon.exe
0x5f9728 dwnetfilter.exe
0x5f82ef a2service.exe
0x5ff851 a2guard.exe.a2start.exe
0x5f16af egui.exe
0x5f179f ekrn.exe
0x5f90da fshoster32.exe
0x5f86ca fshoster64.exe
0x5fe306 fortisslvpndaemon.exe
0x5f93f8 fortiesnac.exe
0x5f410f fortiwf.exe
0x5f8504 fortitray.exe
0x5f8f98 fchelper64.exe
0x5f8c50 fortiproxy.exe
0x5f462c fcappdb.exe
0x5f3ad4 fcdblog.exe
0x5f116d avp.exe
0x5f2611 avpui.exe
0x5f9bba mbamservice.exe
0x5f6e16 mcsacore.exe
0x5f4550 mcapexe.exe
0x5f703e mcshield.exe
0x5f76fe mcsvhost.exe
0x5fc259 nortonsecurity.exe
0x5f9b15 psuaservice.exe
0x5f65ee psuamain.exe
0x5f631e psanhost.exe
0x5f9492 sdrservice.exe
0x5f9d40 swc_service.exe
0x5f9a25 swi_service.exe
0x5f11a5 ssp.exe
0x5f5d72 ccsvchst.exe
0x5f38b6 smcgui.exe
0x5fdb46 coreserviceshell.exe
0x5fe70b coreframeworkhost.exe
0x5f8b54 uiwatchdog.exe
0x5f5e02 uiseagnt.exe
0x5f4a8e paamsrv.exe
0x5f3fa4 psh_svc.exe
0x5f495a aupdrun.exe
0x5f1d2c acaas.exe
0x5f5856 acaegmgr.exe
0x5f2206 acaif.exe
0x5f23bf acais.exe
0x5f1eaf ahnsd.exe
0x5f3c4a ahnsdsv.exe
0x5f2f7e autoup.exe
0x5f772e v3clnsrv.exe
0x5f46d1 v3medic.exe
0x5f1bf1 v3svc.exe
0x5f471e aflogvw.exe
0x5f2db2 ahnrpt.exe
0x5f652e atwsctsk.exe
0x5f2e2a v3exec.exe
0x5f44cc v3imscn.exe
0x5f6efa monsvcnt.exe
0x5f66c6 monsysnt.exe
0x5f9d31 aexnsrcvsvc.exe
0x5f32ee aexsvc.exe
0x5f57a2 atrshost.exe
0x5f8d30 ctdataload.exe
0x5fc1ed aexagentuihost.exe
0x5f87f0 aexnsagent.exe
0x5f667e aclntusr.exe
0x5f7a33 aexswdusr.exe
0x5f700e pxemtftp.exe
0x5f47e4 aclient.exe
0x5fbc95 securitycenter.exe
0x5f27a4 starta.exe
0x5f21a3 stopa.exe
0x5f222a anvir.exe
0x5f608a csrss_tc.exe
0x5f545a ashavast.exe
0x5f2c2c ashbug.exe
0x5f63de ashchest.exe
0x5f2c40 ashcmd.exe
0x5f4314 ashdisp.exe
0x5f67b6 ashenhcd.exe
0x5f4aaf ashlogv.exe
0x5f589e ashmaisv.exe
0x5f535e ashpopwz.exe
0x5f5ec2 ashquick.exe
0x5f3cc3 ashserv.exe
0x5f6f96 ashsimp2.exe
0x5f623a ashsimpl.exe
0x5f692a ashskpcc.exe
0x5f5562 ashskpck.exe
0x5f2dda ashupd.exe
0x5f70b6 ashwebsv.exe
0x5f4bf9 aswdisp.exe
0x5f8330 aswregsvr.exe
0x5f3d5d aswserv.exe
0x5f5ca6 aswupdsv.exe
0x5f58da aswwebsv.exe
0x5f6d9e avengine.exe
0x5f3c34 afwserv.exe
0x5fb061 avastemupdate.exe
0x5f76c2 unsecapp.exe
0x5f66ae avgamsvr.exe
0x5f2341 avgas.exe
0x5f3f15 avgcc32.exe
0x5f2140 avgcc.exe
0x5f4eae avgctrl.exe
0x5f4ec4 avgdiag.exe
0x5f317c avgemc.exe
0x5f51c6 avgfws8.exe
0x5f5b92 avgfwsrv.exe
0x5f3ab3 avginet.exe
0x5f4889 avgmsvr.exe
0x5f533a avgrssvc.exe
0x5f59fa avgscanx.exe
0x5f5b7a avgserv9.exe
0x5f4d38 avgserv.exe
0x5f3500 avgupd.exe
0x5f689a avgupdln.exe
0x5f6a92 avgupsvc.exe
0x5f21eb avgvv.exe
0x5f22d5 avgwb.dat
0x5f19bf avgw.exe
0x5f5e4a avgwizfw.exe
0x5f1dfb guard.exe
0x5f7512 avgcsrvx.exe
0x5fa376 avgidsagent.exe
0x5fb5e4 avgidsmonitor.exe
0x5f58aa avgidsui.exe
0x5fb3a2 avgidswatcher.exe
0x5f1c93 avgam.exe
0x5f32f8 avgnsx.exe
0x5f3ec8 avgfws9.exe
0x5f3474 avgrsx.exe
0x5f3e44 avgtray.exe
0x5f74ca avgwdsvc.exe
0x5f445e sidebar.exe
0x5f616e avgchsvx.exe
0x5f4bd8 avgcmgr.exe
0x5f4894 avgemcx.exe
0x5f3546 avgfws.exe
0x5f691e avgmfapx.exe
0x5f9078 avgcefrend.exe
0x5f6252 avgcsrva.exe
0x5f42bc avgemca.exe
0x5f31cc avgnsa.exe
0x5f37bc avgrsa.exe
0x5fb8e1 loggingserver.exe
0x5fc1ff toolbarupdater.exe
0x5fcd88 wtusystemsuport.exe
0x5f6546 avgregcl.exe
0x5f6bca avgsystx.exe
0x5f2020 vprot.exe
0x5f7026 avcenter.exe
0x5f6c12 avconfig.exe
0x5f2b5a avesvc.exe
0x5f3cb8 avmailc.exe
0x5f44b6 avmcdlg.exe
0x5f56fa avnotify.exe
0x5f2df8 avscan.exe
0x5f5fca guardgui.exe
0x5f4b1d avadmin.exe
0x5f45f5 avfwsvc.exe
0x5f7242 avwebgrd.exe
0x5f2fc4 fwinst.exe
0x5fcf50 sysoptenginesvc.exe
0x5f3abe bavtray.exe
0x5f6eca bhipssvc.exe
0x5f16b7 bmrt.exe
0x5f78e1 seccenter.exe
0x5f4a57 gziface.exe
0x5f347e gzserv.exe
0x5f124d bdc.exe
0x5f30c8 bdlite.exe
0x5f3262 bdmcon.exe
0x5f63c6 bdsubmit.exe
0x5f8cdc deloeminfs.exe
0x5f4c30 livesrv.exe
0x5fad2a setloadorder.exe
0x5f3492 vsserv.exe
0x5f5442 xcommsvr.exe
0x5f1293 bka.exe
0x5fd4f2 bkavsystemserver.exe
0x5f387a blupro.exe
0x5f29e8 blackd.exe
0x5f5dba blackice.exe
0x5f4fe2 proutil.exe
0x5f30b4 rapapp.exe
0x5f3d3c basfipm.exe
0x5f22e7 isafe.exe
0x5f289e cavrid.exe
0x5f3168 vetmsg.exe
0x5f16df amswmagt
0x5f10be caf.exe
0x5f1262 capmuam
0x5f1135 agt.exe
0x5f8017 ccnfagent.exe
0x5f6cd2 ccsmagtd.exe
0x5f8dd8 cfftplugin.exe
0x5f7f3a cfnotsrvd.exe
0x5f512c cfsmsmd.exe
0x5f2623 alert.exe
0x5f641a igateway.exe
0x5f4b49 inotask.exe
0x5fb58f caantispyware.exe
0x5fa40c caavcmdscan.exe
0x5f19b7 caav.exe
0x5fa3b2 caavguiscan.exe
0x5f17ef cafw.exe
0x5f7e9e calogdump.exe
0x5f4dfe capfaem.exe
0x5f4600 capfsem.exe
0x6003d1 cappactiveprotection.exe
0x5fd42a casecuritycenter.exe
0x5f338e caunst.exe
0x5f326c cavrep.exe
0x5f27d6 cctray.exe
0x5f745e ccupdate.exe
0x5f69d2 isafinst.exe
0x602725 itmrt_supportdiagnostics.exe
0x5f5652 itmrtsvc.exe
0x5fa3a3 itmrt_trace.exe
0x5f3e65 ppclean.exe
0x5f6a86 umxagent.exe
0x5f2ea2 umxcfg.exe
0x5f6336 umxfwhlp.exe
0x5f3938 umxpol.exe
0x5f4ca9 unvet32.exe
0x5f526e capfasem.exe
0x5f5d06 ccprovsp.exe
0x5f7fe3 ppctlpriv.exe
0x5f172f casc.exe
0x5fc4cf ccschedulersvc.exe
0x5fc04f ccsystemreport.exe
0x5f68a6 inonmsrv.exe
0x5f288a inoweb.exe
0x5f8169 auth8021x.exe
0x5f6dfe krbcc32s.exe
0x5f1047 pep.exe
0x5f464d realmon.exe
0x5f5e92 repmgr64.exe
0x5f856c csacontrol.exe
0x5f826d leventmgr.exe
0x5f6432 okclient.exe
0x5f64c2 clamscan.exe
0x5f706e clamtray.exe
0x5f4d2d clamwin.exe
0x5f737a ccemflsv.exe
0x5f4151 cssauth.exe
0x5f4cf6 cavscan.exe
0x5f182f clps.exe
0x5f2d58 clpsla.exe
0x5f2ce0 clpsls.exe
0x5f88d0 cmdinstall.exe
0x5f7ddb cfpconfig.exe
0x5f1166 cfp.exe
0x5f62be cfplogvw.exe
0x5f5dde cfpsbmit.exe
0x5f5ece cfpupdat.exe
0x5f686a crashrep.exe
0x5f1120 cpf.exe
0x5f69ba cfpconfg.exe
0x5fd047 csfalconservice.exe
0x5f7dce cylanceui.exe
0x5f88c2 cylancesvc.exe
0x5f725a cramtray.exe
0x5f274a crssvc.exe
0x5f2554 amsvc.exe
0x5f865a frzstate2k.exe
0x5f6dc2 drwagnui.exe
0x5f4a20 drweb32.exe
0x5f5dae drweb32w.exe
0x5f73f2 drweb386.exe
0x5f6a56 drwebcgp.exe
0x5f42c7 drwebdc.exe
0x5f1c42 drweb.exe
0x5f557a drwebmng.exe
0x5f6b6a drwebscd.exe
0x5f5aea drwebupw.exe
0x5f5f82 drwebwcl.exe
0x5f7386 drwebwin.exe
0x5f5234 drwinst.exe
0x5f635a spiderml.exe
0x5f67e6 spidernt.exe
0x5f6ed6 spiderui.exe
0x5f5b1a drwagntd.exe
0x5f928c drwupgrade.exe
0x5f53d6 drwebcom.exe
0x5f626a eeyeevnt.exe
0x5faa0a retinaengine.exe
0x5f518f a2guard.exe
0x5f4406 a2start.exe
0x5fb6b0 administrator.exe
0x5fb66c control_panel.exe
0x5f6d26 usergate.exe
0x5f61f2 esmagent.exe
0x5f114a era.exe
0x5ff132 ppmcativedetection.exe
0x5f5050 vettray.exe
0x5f41d5 cavtray.exe
0x5f30d2 inorpc.exe
0x5f234a inort.exe
0x5f0b46 ca.exe
0x5f44d7 caissdt.exe
0x5f3a9d etagent.exe
0x5fb050 etloganalyzer.exe
0x5f9406 etrssfeeds.exe
0x5f58c2 evtarmgr.exe
0x5f35c8 evtmgr.exe
0x5f8898 etreporter.exe
0x5f8b9a etconsole3.exe
0x5fcb9a etwcontrolpanel.exe
0x5fa7aa useranalysis.exe
0x5f54f6 etcorrel.exe
0x5fdf2e evtprocessecfile.exe
0x5f99f8 etscheduler.exe
0x5faa1a useractivity.exe
0x5fbeb1 traptrackermgr.exe
0x5f84dd ewidoctrl.exe
0x5f90b0 ewidoguard.exe
0x600419 nslocollectorservice.exe
0x5f1877 fmon.exe
0x5f415c fortifw.exe
0x5fa277 update_task.exe
0x5f93ea fpavserver.exe
0x5f81aa fprottray.exe
0x5f4519 fameh32.exe
0x5f2272 fspex.exe
0x5f1447 fsaa.exe
0x5f1a9f bwgo0000
0x5f1ced fch32.exe
0x5f1de0 fih32.exe
0x5f1d8f fsaua.exe
0x5f35d2 fsav32.exe
0x5f2bdc fscuif.exe
0x5f3316 fsdfwd.exe
0x5f38c0 fsgk32.exe
0x5f53e2 fsgk32st.exe
0x5f63ea fsguidll.exe
0x5f5ade fsguiexe.exe
0x5f6126 fshdll32.exe
0x5f1edc fsm32.exe
0x5f31e0 fsma32.exe
0x5f2e7a fsmb32.exe
0x5f3668 fsorsp.exe
0x5f17b7 fspc.exe
0x5f1acf fsqh.exe
0x5f36fe fssm32.exe
0x5fa97a setupguimngr.exe
0x5f4125 tnbutil.exe
0x5f4c9e fsavgui.exe
0x5f2b32 gdscan.exe
0x5f56ca avkproxy.exe
0x5f8a04 avkservice.exe
0x5f4d17 avktray.exe
0x5f51fd avkwctl.exe
0x5fbaaf gdfirewalltray.exe
0x5f43f0 gdfwsvc.exe
0x5fdb32 endpointsecurity.exe
0x5f9935 esecservice.exe
0x5fef22 gfireporterservice.exe
0x5fca7d esecagntservice.exe
0x5f658e rcsvcmon.exe
0x5f9e3f dolphincharge.e
0x5fb43b dolphincharge.exe
0x5f6006 loggetor.exe
0x5fbda3 netalertclient.exe
0x5f9bd8 printdevice.exe
0x5f97af pwdfilthelp.exe
0x5f6cc6 pthosttr.exe
0x5f54ea hpqwmiex.exe
0x5f855f ntcaagent.exe
0x5f864c ntcadaemon.exe
0x5f9b60 ntcaservice.exe
0x5fe513 privacyiconclient.exe
0x5f6dda rapuisvc.exe
0x5f3744 vpatch.exe
0x5f4e98 tclproc.exe
0x5f3820 isscsf.exe
0x5f8142 issdaemon.exe
0x5f6e0a kvdetech.exe
0x5f8212 kvmonxp_2.kxp
0x5f4b96 kvmonxp.kxp
0x5f6c7e kvolself.exe
0x5f7c7c kvsrvxp_1.exe
0x5f411a kvsrvxp.exe
0x5f18ef kvxp.kxp
0x5f9ea8 ppppwallrun.exe
0x5f2149 avpcc.exe
0x5f4238 avpexec.exe
0x5f14bf avpm.exe
0x5f2d08 avpncc.exe
0x5f1547 avps.exe
0x5f392e avpupd.exe
0x5f1040 kav.exe
0x5f6762 kavisarv.exe
0x5f20f8 kavmm.exe
0x5f205f kavss.exe
0x5f2fa6 kavsvc.exe
0x5f0f91 kis.exe
0x5f6972 klnagent.exe
0x5f1ff3 klswd.exe
0x5f6ab6 klwtblfs.exe
0x5f4d01 kwsprod.exe
0x5f514d up2date.exe
0x5f760e klserver.exe
0x5f90be oespamtest.exe
0x5fb44c kavadapterexe.exe
0x5fcbd3 kavlotsingleton.exe
0x5f4503 kavfsgt.exe
0x5f580e kavfsrcn.exe
0x5f1cff kavfs.exe
0x5f48aa kavfswp.exe
0x5f56be kavshell.exe
0x5f9683 klnacserver.exe
0x5f56ee avpdtagt.exe
0x5f3442 netcfg.exe
0x5f755a kavfsscs.exe
0x5f3cad kavtray.exe
0x5f2d4e persfw.exe
0x5f61aa avserver.exe
0x5f55aa winroute.exe
0x5f28da wrctrl.exe
0x5faa7a kabackreport.exe
0x5f473f kaccore.exe
0x5f7be0 kanmcmain.exe
0x5f398a kastray.exe
0x5f3a71 kislive.exe
0x5f66d2 kmailmon.exe
0x5fa6fa knupdatemain.exe
0x5fa0a6 kswebshield.exe
0x5f4285 kxeserv.exe
0x5f2b64 uplive.exe
0x5f4432 kansgui.exe
0x5f28d0 kansvr.exe
0x5f647a kavstart.exe
0x5f4bb7 kpfwsvc.exe
0x5f28b2 kwatch.exe
0x5f22c3 kav32.exe
0x5f2f42 kissvc.exe
0x5f33e8 kpfw32.exe
0x5f3294 system.exe
0x5f6b8e wssfcmai.exe
0x5f8e1e aawservice.exe
0x5faa6a ad-aware2007.exe
0x5f1e67 nlsvc.exe
0x5fab4a engineserver.exe
0x5f99da eventparser.exe
0x5f786c log_qtine.exe
0x5f31c2 mfeann.exe
0x5f7506 nailgpip.exe
0x5f47ef rpcserv.exe
0x5f3096 srvmon.exe
0x5f4b5f mcagent.exe
0x5f610e mfemactl.exe
0x5f6fba macmnsvc.exe
0x5f219a masvc.exe
0x5f746a masalert.exe
0x5f34f6 msssrv.exe
0x5f3604 massrv.exe
0x5f2f56 msscli.exe
0x5f5b9e mcshld9x.exe
0x5f701a mgavrtcl.exe
0x5f60ea mcappins.exe
0x5f7bed mfecanary.exe
0x5f9a52 macompatsvc.exe
0x5f48ec mcvsrte.exe
0x5f4ba1 mfefire.exe
0x5f3e7b dao_log.exe
0x5f4f11 firesvc.exe
0x5f6246 firetray.exe
0x5f27e0 mfeesp.exe
0x5f68b2 naprdmgr.exe
0x5f1197 cpd.exe
0x5f1ba0 mfefw.exe
0x5f9b33 frameworkservic
0x5f6f1e cmgrdian.exe
0x5f4259 mcshell.exe
0x5f324e mfehcs.exe
0x5f34ce mcinfo.exe
0x5f2302 hwapi.exe
0x5fda92 mcafeedatabackup.exe
0x5f5682 mcmscsvc.exe
0x5f4873 mcnasvc.exe
0x5f1e4c mcods.exe
0x5f71fa mcpromgr.exe
0x5f3c29 mcproxy.exe
0x5f424e mcuimgr.exe
0x5f358c mpfsrv.exe
0x5f3370 mpsevh.exe
0x5f11ba mps.exe
0x5f5f8e msksrver.exe
0x5f5fa6 redirsvc.exe
0x5f83a5 saservice.exe
0x5f3dec siteadv.exe
0x5f350a mfemms.exe
0x5f749a neotrace.exe
0x5f5766 vshwin32.exe
0x5f7752 mpfagent.exe
0x5f951e mpfconsole.exe
0x5f104e mpf.exe
0x5f8c96 mpfservice.exe
0x5f4776 mpftray.exe
0x5f6042 mscifapp.exe
0x5f4923 mfevtps.exe
0x5f29ca qclean.exe
0x5f6852 mcregwiz.exe
0x5f5b3e rssensor.exe
0x5fa367 safeservice.exe
0x5f619e ncdaemon.exe
0x5f2e84 mcdash.exe
0x5f5706 mcdetect.exe
0x5f9908 ssscheduler.exe
0x5f9254 sahookmain.exe
0x5f6ba6 mskdetct.exe
0x5f4453 msksrvr.exe
0x5f61e6 mskagent.exe
0x5f51a5 stinger.exe
0x5f53ca mcsysmon.exe
0x5f6666 mctskshd.exe
0x5f2017 mfetp.exe
0x5f59ca myagttry.exe
0x5f727e mcupdmgr.exe
0x5f67fe rulaunch.exe
0x5f6d6e mcvsshld.exe
0x5f211c tbmon.exe
0x5f6af2 alogserv.exe
0x5f6306 mcmnhdlr.exe
0x5f2dd0 mghtml.exe
0x5f20a7 edisk.exe
0x5f34d8 scan32.exe
0x5fde3e frameworkservice.exe
0x5f757e mcconsol.exe
0x5fc0a9 mcscript_inuse.exe
0x5f3334 mctray.exe
0x5f6096 mcupdate.exe
0x5f3118 shstat.exe
0x5f64b6 udaterui.exe
0x5f7db4 updaterui.exe
0x5f3802 mcepoc.exe
0x5f54ba mcepocfg.exe
0x5f7e36 mcpalmcfg.exe
0x5f6816 mcwcecfg.exe
0x5f220f mcwce.exe
0x5fcb74 frameworkservic.exe
0x5f3154 vsmain.exe
0x5f45ea oasclnt.exe
0x5f3906 vsstat.exe
0x5f6f12 mcvsftsn.exe
0x5f6462 avconsol.exe
0x5f656a avsynmgr.exe
0x5f58fe vstskmgr.exe
0x5f59ee webscanx.exe
0x5f21fd mfewc.exe
0x5f2bf0 mfewch.exe
0x600371 giantantispywaremain.exe
0x601aa6 giantantispywareupdater.exe
0x5fb75a gcasservalert.exe
0x5f9e5d gcascleaner.exe
0x5fea14 gcasinstallhelper.exe
0x5f9158 gcasnotice.exe
0x5f89da gcasdtserv.exe
0x5f5aba gcasserv.exe
0x5fb716 gcasswupdater.exe
0x5f2176 fcsms.exe
0x5f33d4 fcssas.exe
0x5f2dee nissrv.exe
0x5f215b dpmra.exe
0x5f4621 msseces.exe
0x5f4729 wscntfy.exe
0x5fc973 securitymanager.exe
0x5fdfe8 aesecurityservice.exe
0x5fafba deteqt.agent.exe
0x5f7b9f omniagent.exe
0x5f468f nerosvc.exe
0x5fc211 seanalyzertool.exe
0x5fa8ba spyemergency.exe
0x5fcb15 spyemergencysrv.exe
0x5f7746 nlclient.exe
0x5f1927 crdm.exe
0x5f4b28 nmagent.exe
0x5f560a ehttpsrv.exe
0x5f20cb nod32.exe
0x5f60c6 nod32krn.exe
0x5f6d92 nod32kui.exe
0x5f7e1c nod32view.exe
0x5f208c cclaw.exe
0x5f4fc1 elogsvc.exe
0x5f1094 nip.exe
0x5f2b0a nipsvc.exe
0x5f47ad njeeves.exe
0x5f4c46 npfmsg2.exe
0x5f3190 npfmsg.exe
0x5f60f6 npfsvice.exe
0x5f5cbe nrmenctb.exe
0x5f2e0c nvcoas.exe
0x5f5262 nvcsched.exe
0x5f1fe1 nymse.exe
0x5f1c6f zanda.exe
0x5f1143 zlh.exe
0x5f695a ixaptsvc.exe
0x5f3ce4 ixavsvc.exe
0x5f43ae ixfwsvc.exe
0x5f6c72 emlproui.exe
0x5f6726 emlproxy.exe
0x5f1d6b mpsvc.exe
0x5f6912 onlinent.exe
0x5f4566 onlnsvc.exe
0x5f3e0d scanmsg.exe
0x5f6606 scanwscs.exe
0x5f4d6f tsansrf.exe
0x5f455b tsatisy.exe
0x5f5e26 tscutynt.exe
0x5f3514 tsmpnt.exe
0x5f31fe upschd.exe
0x5f3ac9 xfilter.exe
0x5f1318 aps.exe
0x5f12c4 aus.exe
0x5f4aba outpost.exe
0x5f9b42 adminserver.exe
0x5f2f9c avtask.exe
0x5f6f36 clshield.exe
0x5f3ee9 console.exe
0x5f3d31 cpntsrv.exe
0x5f4aa4 padfsvr.exe
0x5fa7ba pasystemtray.exe
0x5f574e pavfnsvr.exe
0x5f27c2 pavkre.exe
0x5f3df7 pavprot.exe
0x5f785f pavreport.exe
0x5f35b4 pnmsrv.exe
0x5f3fdb psimsvc.exe
0x5f2984 pavupg.exe
0x5f3212 remupd.exe
0x5f20b0 iface.exe
0x5f5fd6 pavfires.exe
0x5f47ce pavmail.exe
0x5f673e pavprsrv.exe
0x5f68fa pavsched.exe
0x5f6e2e pavsrv50.exe
0x5f5a12 pavsrv51.exe
0x5f5d12 pavsrv52.exe
0x5f40ee prevsrv.exe
0x5f204d tpsrv.exe
0x5f32b2 pagent.exe
0x5f622e pagentwd.exe
0x5f4049 psctris.exe
0x5f644a apvxdwin.exe
0x5f27cc inicio.exe
0x5f6a3e pavbckpt.exe
0x5f3d7e pavjobs.exe
0x5f5213 psctrls.exe
0x5f3460 pshost.exe
0x5f6a0e psimreal.exe
0x5f6d1a pskmssvc.exe
0x5f49c8 srvload.exe
0x5f73ce webproxy.exe
0x5f55e6 avltmain.exe
0x5f9638 firewallgui.exe
0x5f4a41 pviewer.exe
0x5f21c7 pview.exe
0x5f1777 pmon.exe
0x5f7f20 qoeloader.exe
0x5f1024 fws.exe
0x5f459d ccenter.exe
0x5f20dd ravxp.exe
0x5f662a rfwproxy.exe
0x5f43cf rfwstub.exe
0x5f76e6 knownsvr.exe
0x5f1334 ras.exe
0x5f3366 rasupd.exe
0x5f2ace upfile.exe
0x5f2be6 rstray.exe
0x5f6cf6 ravalert.exe
0x5f1189 rav.exe
0x5f46c6 ravmond.exe
0x5f3064 ravmon.exe
0x5f8630 ravservice.exe
0x5f48d6 ravstub.exe
0x5f4bac ravtask.exe
0x5f4fa0 ravtray.exe
0x5f7acf ravupdate.exe
0x5f75ae rnreport.exe
0x5f5f3a rsnetsvr.exe
0x5f4f7f scanfrm.exe
0x5f4ee5 rfwmain.exe
0x5f38d4 rfwsrv.exe
0x5f2a2e winlog.exe
0x5fb47f omslogmanager.exe
0x5f4587 snhwsrv.exe
0x5f9a7f snicheckadm.exe
0x5f97fa snichecksrv.exe
0x5f2e70 snicon.exe
0x5f2593 snsrv.exe
0x5f17af smsx.exe
0x5f5ac6 svcharge.exe
0x5f5892 svdealer.exe
0x5f3f4c svframe.exe
0x5f2a88 svtray.exe
0x5f1f90 sschk.exe
0x5f4356 trjscan.exe
0x5f25f6 trupd.exe
0x5fd7c2 ssecuritymanager.exe
0x5f2790 dltray.exe
0x5f7da7 dlservice.exe
0x5f24fa almon.exe
0x5f1897 lmon.exe
0x5fcde7 savadminservice.exe
0x5f8f1a savservice.exe
0x5f6cea sweepsrv.sys
0x5f620a swnetsup.exe
0x5f23da alsvc.exe
0x5f770a alupdate.exe
0x5f429b savmain.exe
0x5f5b86 sav32cli.exe
0x603ef4 certificationmanagerservicent.exe
0x5ff06c emlibupdateagentnt.exe
0x5fe330 managementagentnt.exe
0x5f51d1 mgntsvc.exe
0x5f581a routernt.exe
0x5f7722 schdsrvc.exe
0x5f8be0 scfmanager.exe
0x5f9326 scfservice.exe
0x5f519a scftray.exe
0x5f8031 op_viewer.exe
0x5f232f sgbhp.exe
0x5f6696 pctsauxs.exe
0x5f4663 pctsgui.exe
0x5f4545 pctssvc.exe
0x5f6066 pctstray.exe
0x5f4f8a regmech.exe
0x5f7f2d sdtrayapp.exe
0x5f7146 svcntaux.exe
0x5f371c swdsvc.exe
0x5f20d4 swnxt.exe
0x5f575a execstat.exe
0x5f4a99 seestat.exe
0x5f5772 swserver.exe
0x5f2ff6 slee81.exe
0x5f46a5 kpf4gui.exe
0x5f38de kpf4ss.exe
0x5f91e4 wrspysetup.exe
0x5f46dc acctmgr.exe
0x5f75f6 alertsvc.exe
0x5f79be alunotify.exe
0x5fcbc0 aluschedulersvc.exe
0x5f69c6 appsvc32.exe
0x5f1af7 ccap.exe
0x5f2392 ccapp.exe
0x5f5c2e ccevtmgr.exe
0x5f49f4 ccproxy.exe
0x5f6f8a ccpxysvc.exe
0x5f605a ccsetmgr.exe
0x5f44c1 checkup.exe
0x5f1016 cka.exe
0x5f4ea3 comhost.exe
0x5f4de8 cpdclnt.exe
0x5f65b2 csinject.exe
0x5f5ee6 csinsm32.exe
0x5f538e csinsmnt.exe
0x5f382a dbserv.exe
0x5f6eee defwatch.exe
0x5f14d7 defwatch
0x5f4e56 diskmon.exe
0x5f5c16 djsnetcn.exe
0x5f385c doscan.exe
0x5f6e6a dwhwizrd.exe
0x5f236e fwcfg.exe
0x5f3b21 ghost_2.exe
0x5f8128 ghosttray.exe
0x5f3a2f icepack.exe
0x5f46fd idsinst.exe
0x5f56a6 ispwdsvc.exe
0x5f1d1a issvc.exe
0x5f2152 isuac.exe
0x5f2485 luall.exe
0x5fd2ba lucallbackproxy.exe
0x5f58e6 lucoms~1.exe
0x5f2e98 lucoms.exe
0x5f3032 mcui32.exe
0x5f677a navapsvc.exe
0x5f629a navapw32.exe
0x5f6d0e navectrl.exe
0x5f40b7 navelog.exe
0x5f34c4 navesp.exe
0x5f6fea navshcom.exe
0x5f2812 navw32.exe
0x5f3410 navwnt.exe
0x5f3f83 ndetect.exe
0x5f43fb ngctw32.exe
0x5f5e6e ngserver.exe
0x5f566a nisoptui.exe
0x5f3c55 nisserv.exe
0x5f1fcf nisum.exe
0x5f1b97 nmain.exe
0x5f6d4a npfmntor.exe
0x5f63a2 nprotect.exe
0x5f682e npscheck.exe
0x5f301e npssvc.exe
0x5f728a nscsrvce.exe
0x5f3302 nsctop.exe
0x5f300a nsmdtr.exe
0x5f5d2a olfsnt40.exe
0x5f2d1c opscan.exe
0x5f3c81 poproxy.exe
0x5f8cea pqibrowser.exe
0x5f776a pqv2isvc.exe
0x5f8bee pxeservice.exe
0x5f2f4c qdcsfs.exe
0x5f4222 qserver.exe
0x5fa3ee reportersvc.exe
0x5f18b7 rnav.exe
0x5f808c savfmsesp.exe
0x5f4ce0 savroam.exe
0x5f4bee savscan.exe
0x5f1c78 savui.exe
0x5f2934 sbserv.exe
0x5f0635 scan
0x5f6bbe explicit.exe
0x5f2dc6 semsvc.exe
0x5f36e0 sesclu.exe
0x5f4944 sevinst.exe
0x5f5322 smsectrl.exe
0x5f4495 smselog.exe
0x5f420c smsesjm.exe
0x5f2ad8 smsesp.exe
0x5f3b6e smsesrv.exe
0x5f5676 smsetask.exe
0x5f355a smseui.exe
0x5f1127 sms.exe
0x5f2bbe sndmon.exe
0x5f4167 sndsrvc.exe
0x5f6aaa spbbcsvc.exe
0x5f5796 symlcsvc.exe
0x5f96dd symproxysvc.exe
0x5f5b62 symsport.exe
0x5f3d47 symtray.exe
0x5f2a06 symwsc.exe
0x5f758a sysdoc32.exe
0x5f7a40 ucservice.exe
0x5f704a updtnv28.exe
0x5f5f6a urllstck.exe
0x5f5406 usrprmpt.exe
0x5f8a4a v2iconsole.exe
0x5f1f63 vpc32.exe
0x5f49bd vpdn_lu.exe
0x5f46b0 vprosvc.exe
0x5f761a wfxctl32.exe
0x5f57c6 wfxmod32.exe
0x5f5c22 wfxsnt40.exe
0x5f9d13 lucomserver.exe
0x5f8a3c savfmselog.exe
0x5f8d06 savfmsesjm.exe
0x5fa358 savfmsectrl.exe
0x601ac1 savfmsespamstatsmanager.exe
0x5f8b7e savfmsesrv.exe
0x5fa1f0 savfmsetask.exe
0x5f7a19 savfmseui.exe
0x5f185f snac.exe
0x5f11c1 ssm.exe
0x5f7852 reportsvc.exe
0x5f3258 vptray.exe
0x5f3e86 procexp.exe
0x5f2c54 tdimon.exe
0x5f177f tfun.exe
0x5f1d50 tfgui.exe
0x5f819d tfservice.exe
0x5f369a tftray.exe
0x5f6b16 tiaspn~1.exe
0x5f670e traflnsp.exe
0x5f7632 asupport.exe
0x5f659a isntsmtp.exe
0x5f3fc5 nsmdemf.exe
0x5f3c1e nsmdmon.exe
0x5f5736 nsmdreal.exe
0x5f523f nsmdsch.exe
0x5f2858 ofcdog.exe
0x5f20e6 pccnt.exe
0x5f63f6 pccntupd.exe
0x5f551a pcctlcom.exe
0x5f66f6 pcscnsrv.exe
0x5f35aa schupd.exe
0x5f3b79 tmntsrv.exe
0x5f1bfa tmpfw.exe
0x5f3d94 tmproxy.exe
0x5f1857 tmas.exe
0x5f8a74 entitymain.exe
0x5f2aa6 aphost.exe
0x5f8c5e lwdmserver.exe
0x5f1158 mrf.exe
0x5f9502 isntsysmonitor
0x5f7eab ofcpfwsvc.exe
0x5f2353 dwwin.exe
0x5f1d23 patch.exe
0x5f7df5 pccclient.exe
0x5f5a42 pccguide.exe
0x5f6d62 pcclient.exe
0x5f33c0 pccpfw.exe
0x5f341a pcscan.exe
0x5f5ce2 pntiomon.exe
0x5f6f4e pop3pack.exe
0x5f6c2a pop3trap.exe
0x5fd365 scanmailoutlook.exe
0x5fb67d smoutlookpack.exe
0x5f7a67 webtrapnt.exe
0x5f8c18 euqmonitor.exe
0x5fa0b5 smex_activeupda
0x5fa010 smex_master.exe
0x5f9926 smex_remoteconf
0x5f9e7b smex_systemwatc
0x5f904e svcgenerichost
0x5f4c7d spntsvc.exe
0x5f2071 stopp.exe
0x5f8e10 stwatchdog.exe
0x5f5f2e usbguard.exe
0x5fae7a uploadrecord.exe
0x5f3b63 sbamsvc.exe
0x5f4096 vrvmail.exe
0x5f3564 vrvmon.exe
0x5f3708 vrvnet.exe
0x5f130a vrv.exe
0x5f17d7 wrsa.exe
0x5fa9ca networkagent.exe
0x6014cf websensecontrolservice.exe
0x5f6afe mpcmdrun.exe
0x5f49a7 msascui.exe
0x5f4427 msmpeng.exe
0x5f63ae mspmspsv.exe
0x5f767a kb891711.exe
0x5f2e52 zavaux.exe
0x5f426f zavcore.exe
0x5f30be zillya.exe
0x5f5ef2 zlclient.exe
0x5f1cb7 vsmon.exe
0x5f8f6e forcefield.exe
0x5f2ec0 iswmgr.exe
0x5f24df zapro.exe
0x5f833d zonealarm.exe
0x5f676e mantispm.exe
0x6013cb faild to get process list

0x5f0538 %v

0x60149b cant kill process %v : %v

0x60275d could not access service: %v
0x602983 could not send control=%d: %v
0x6068ef timeout waiting for service to go to state=%d
0x604e68 could not retrieve service status: %v
0x5fd7ae Acronis VSS Provider
0x600acc Enterprise Client Service
0x5f5cd6 Sophos Agent
0x600a36 Sophos AutoUpdate Service
0x5fdf42 Sophos Clean Service
0x6027b3 Sophos Device Control Service
0x601c05 Sophos File Scanner Service
0x5fe345 Sophos Health Service
0x5fa5ba Sophos MCS Agent
0x5fb3e6 Sophos MCS Client
0x5fe663 Sophos Message Router
0x600101 Sophos Safestore Service
0x603a51 Sophos System Protection Service
0x6015ed Sophos Web Control Service
0x5ff014 SQLsafe Backup Service
0x5fee9e SQLsafe Filter Service
0x6003e9 Symantec System Recovery
0x603f57 Veeam Backup Catalog Data Service
0x5f6b2e AcronisAgent
0x5f33a2 AcrSch2Svc
0x5f251e Antivirus
0x5f0679 ARSM
0x601141 BackupExecAgentAccelerator
0x5fefe8 BackupExecAgentBrowser
0x602009 BackupExecDeviceMediaService
0x5fce6c BackupExecJobEngine
0x601a8b BackupExecManagementService
0x5fda6a BackupExecRPCService
0x5fe5d0 BackupExecVSSProvider
0x5f0907 bedbg
0x5f129a DCAgent
0x5fb2f8 EPSecurityService
0x5fa41b EPUpdateService
0x5f91d6 EraserSvc11710
0x5f40ac EsgShKernel
0x5f5382 FA_Scheduler
0x5f174f IISAdmin
0x5f150f IMAP4Svc
0x5f17c7 macmnsvc
0x5f08c6 masvc
0x5f4cca MBAMService
0x5f9db8 MBEndpointAgent
0x5fcd29 McAfeeEngineService
0x5f9b51 McAfeeFramework
0x603023 McAfeeFrameworkMcAfeeFramework
0x5f16f7 McShield
0x5f82ae McTaskManager
0x5f0ce4 mfemms
0x5f0d56 mfevtp
0x5f7fd6 mozyprobackup
0x5f4c51 MsDtsServer
0x5f8dca MsDtsServer100
0x5f8b00 MsDtsServer110
0x5f74ee MSExchangeES
0x5f718e MSExchangeIS
0x5f8986 MSExchangeMGMT
0x5f78c7 MSExchangeMTA
0x5f764a MSExchangeSA
0x5f7b51 MSExchangeSRS
0x5fa14b MSOLAP$SQL_2008
0x5fb507 MSOLAP$SYSTEM_BGC
0x5f33f2 MSOLAP$TPS
0x5f7e6a MSOLAP$TPSAMA
0x5f86f4 MSSQL$BKUPEXEC
0x5f722a MSSQL$ECWDB2
0x5fb419 MSSQL$PRACTICEMGT
0x5fbd6d MSSQL$PRACTTICEBGC
0x5fe64e MSSQL$PROFXENGAGEMENT
0x5fcd75 MSSQL$SBSMONITORING
0x5fac4a MSSQL$SHAREPOINT
0x5f8a82 MSSQL$SQL_2008
0x5fa9aa MSSQL$SYSTEM_BGC
0x5f1c5d MSSQL$TPS
0x5f6ee2 MSSQL$TPSAMA
0x5fdaa6 MSSQL$VEEAMSQL2008R2
0x5fc1db MSSQL$VEEAMSQL2012
0x5f9827 MSSQLFDLauncher
0x603552 MSSQLFDLauncher$PROFXENGAGEMENT
0x6028b8 MSSQLFDLauncher$SBSMONITORING
0x6014e9 MSSQLFDLauncher$SHAREPOINT
0x600269 MSSQLFDLauncher$SQL_2008
0x6014b5 MSSQLFDLauncher$SYSTEM_BGC
0x5fce33 MSSQLFDLauncher$TPS
0x5ff44a MSSQLFDLauncher$TPSAMA
0x5f4130 MSSQLSERVER
0x5feeca MSSQLServerADHelper100
0x5fea68 MSSQLServerOLAPService
0x5f12a8 MySQL57
0x5f18df ntrtscan
0x5fc67b OracleClientCache80
0x5f61ce PDVFSService
0x5f1269 POP3Svc
0x5f70aa ReportServer
0x5fe480 ReportServer$SQL_2008
0x5ff920 ReportServer$SYSTEM_BGC
0x5fa93a ReportServer$TPS
0x5fcef1 ReportServer$TPSAMA
0x5f09e8 RESvc
0x5f0b28 sacsvr
0x5f09c0 SamSs
0x5f9de5 SAVAdminService
0x5f2e66 SAVService
0x5f0d62 SDRSVC
0x5fac7a SepMasterService
0x5f2260 ShMonitor
0x5f1357 Smcinst
0x5f38ca SmcService
0x5f12fc SMTPSvc
0x5f06fd SNAC
0x5f4cd5 SntpService
0x5f2407 sophossps
0x5fb56d SQLAgent$BKUPEXEC
0x5fa03d SQLAgent$ECWDB2
0x5fe79e SQLAgent$PRACTTICEBGC
0x5fe846 SQLAgent$PRACTTICEMGT
0x600329 SQLAgent$PROFXENGAGEMENT
0x5fed54 SQLAgent$SBSMONITORING
0x5fca1e SQLAgent$SHAREPOINT
0x5fb4c3 SQLAgent$SQL_2008
0x5fcc0c SQLAgent$SYSTEM_BGC
0x5f62e2 SQLAgent$TPS
0x5f9a70 SQLAgent$TPSAMA
0x5ff823 SQLAgent$VEEAMSQL2008R2
0x5fe735 SQLAgent$VEEAMSQL2012
0x5f2e02 SQLBrowser
0x5fb10b SQLSafeOLRService
0x5f90e8 SQLSERVERAGENT
0x5f671a SQLTELEMETRY
0x5fd0df SQLTELEMETRY$ECWDB2
0x5f2005 SQLWriter
0x5f12e7 SstpSvc
0x5f91c8 svcGenericHost
0x5f29ac swi_filter
0x5f4335 swi_service
0x5f81f8 swi_update_64
0x5f0d44 TmCCSF
0x5f14e7 tmlisten
0x5f112e TrueKey
0x5fa95a TrueKeyScheduler
0x5fd452 TrueKeyServiceHelper
0x5f2221 UI0Detect
0x5f8a58 VeeamBackupSvc
0x5f8a9e VeeamBrokerSvc
0x5f95cf VeeamCatalogSvc
0x5f844e VeeamCloudSvc
0x5ff082 VeeamDeploymentService
0x5f8f7c VeeamDeploySvc
0x6007de VeeamEnterpriseManagerSvc
0x5f7d59 VeeamMountSvc
0x5f4592 VeeamNFSSvc
0x5f65fa VeeamRESTSvc
0x5fb2b4 VeeamTransportSvc
0x5f0975 W3Svc
0x5f1627 wbengine
0x5f09b1 WRSVC
0x5fe68d VeeamHvIntegrationSvc
0x5f2d76 swi_update
0x5f81de SQLAgent$CXDB
0x600c43 SQLAgent$CITRIX_METAFRAME
0x5f4411 SQL Backups
0x5f2b6e MSSQL$PROD
0x5f9755 Zoolz 2 Service
0x5fcbad MSSQLServerADHelper
0x5f7b78 SQLAgent$PROD
0x5f7d9a msftesql$PROD
0x5fa9ea NetMsmqActivator
0x5f1947 EhttpSrv
0x5f07f5 ekrn
0x5f128c ESHASRV
0x5f5b56 MSSQL$SOPHOS
0x5fa2fe SQLAgent$SOPHOS
0x5f194f klnagent
0x5fad3a MSSQL$SQLEXPRESS
0x5fc94d SQLAgent$SQLEXPRESS
0x5f16e7 kavfsslp
0x5f0f9f KAVFSGT
0x5f099d KAVFS
0x5f1215 mfefire
0x5faa9a avast! Antivirus
0x5f0db0 aswBcc
0x606dc1 Avast Business Console Client Antivirus Service
0x5f09f2 mfewc
0x5f9c9b Telemetryserver
0x5f16bf WdNisSvc
0x5f2515 WinDefend
0x5fbe9f MCAFEETOMCATSRV530
0x5fdaba MCAFEEEVENTPARSERSRV
0x5fe5a6 MSSQLFDLauncher$ITRIS
0x5fa079 MSSQL$EPOSERVER
0x5f3b8f MSSQL$ITRIS
0x5fc103 SQLAgent$EPOSERVER
0x5f8d5a SQLAgent$ITRIS
0x5fc193 SQLTELEMETRY$ITRIS
0x5f8bb6 MsDtsServer130
0x5fa4da SSISTELEMETRY130
0x5fdd3a MSSQLLaunchpad$ITRIS
0x5f070d BITS
0x5fda06 BrokerInfrastructure
0x5f06ad epag
0x5fdf56 EPIntegrationService
0x5fbb63 EPProtectedService
0x5f255d epredline
0x5f0970 TmPfw
0x5f80e7 SentinelAgent
0x5fe591 SentinelHelperService
0x5fcc45 LogProcessorService
0x5fd4de SentinelStaticEngine
0x5fd416 DB2GOVERNOR_DB2COPY1
0x5fac2a DB2LICD_DB2COPY1
0x5fd0a6 DB2MGMTSVC_DB2COPY1
0x5fe35a DB2REMOTECMD_DB2COPY1
0x5f18bf DB2DAS00
0x5f0a65 DB2-0
0x5f19e7 DB2INST2
0x5fa92a IBMDataServerMgr
0x5f7e0f IBMDSServer41
0x5feb44 MSSQL$CITRIX_METAFRAME
0x5f4918 RumorServer
0x5f19a7 myAgtSvc
0x604eb2 McAfee SiteAdvisor Enterprise Service
0x5f11f2 Alerter
0x5f08d5 ERSvc
0x5f175f Eventlog
0x5f6996 ImapiService
0x5f0c90 NetDDE
0x5f0e3a NtLmSsp
0x5f1174 NtmsSvc
0x5f0ca8 odserv
0x5fcc1f SnowInventoryClient
0x5f11cf TlntSvr
0x5f10ef VMTools
0x5f0cfc VMware
0x5f1cae WebClient
0x5f12e0 WinVNC4
0x5fca57 BlueStripeCollector
0x5f157f Cissesrv
0x5f16cf CpqRcmc3
0x5f0e48 gupdate
0x5f160f gupdatem
0x5f7e91 HealthService
0x5fda2e NimbusWatcherService
0x5f9f3e ProLiantMonitor
0x5f432a SDD_Service
0x5f1285 sysdown
0x5f0db6 System
0x6021e5 GoogleChromeElevationService
0x5f2966 bcrservice
0x5f195f ccEvtMgr
0x5f17ff ccSetMgr
0x5f1381 CSAdmin
0x5f0b40 CSAuth
0x5f146f CSDbSync
0x5f09de CSLog
0x5f09c5 CSMon
0x5f1717 CSRadius
0x5f197f CSTacacs
0x5f17cf Symantec
0x5f7cb0 VGAuthService
0x5fcc91 SepMasterServiceMig
0x5feef6 vmware-converter-agent
0x5ff993 vmware-converter-server
0x5ff87f vmware-converter-worker
0x5f1a67 avbackup
0x5f27b8 MSSQL$NET2
0x5f7d3f Net2ClientSvc
0x5f0b2e NetSvc
0x5f7a74 SQLAgent$NET2
0x5f852b tpautoconnsvc
0x5f481b TPVCGateway
0x600c8e VMwareCAFCommAmqpListener
0x602121 VMwareCAFManagementAgentHost
0x5f9ad9 AdobeARMservice
0x5f1326 RSCDsvc
0x5f1190 LRSDRVX
0x5f207a msvsmon90
0x5f192f IDriverT
0x5f0705 MSMQ
0x5f052f MMS
0x6035af MSSQLFDLauncher$PROFXENGAGEMENT
0x5faf1a ReportServer$TPS
0x5f328a SQLBrowser
0x5fc785 MSSQLServerADHelper
0x5f7b1d SQLAgent$PROD
0x5f79d8 msftesql$PROD
0x5f9647 SQLAgent$SOPHOS
0x5f057a AVP
0x600a9a VeeamEnterpriseManagerSvc
0x5f10e8 MySQL80
0x5f041e %v

0x5f053e %v

0x5f04f6 %v

0x5f0526 %v
@dwanhadiyanto
Copy link

Can you decrpyt my file infected ekans?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment