Strings decoded from the newer version of #EKANS ransomware.
import re
import sys
import pefile
import struct
import binascii
data = open(sys.argv[1], 'rb').read()
pe = pefile.PE(data=data)
base = pe.OPTIONAL_HEADER.ImageBase
memdata = pe.get_memory_mapped_image()
t = re.findall('''8d05......0089442404c7442408......00e8....e.ff8b44240c.{34,70}89542404c7442408......00e8''', str(binascii.hexlify(data)))
all = []
for val in t:
off1 = struct.unpack_from('<I', binascii.unhexlify(val)[2:])[0] - base
l = struct.unpack_from('<I', binascii.unhexlify(val)[14:])[0]
off2 = struct.unpack_from('<I', binascii.unhexlify(val)[-17:])[0] - base
d1 = bytearray(memdata[off1:off1+l])
d2 = bytearray(memdata[off2:off2+l])
out = []
for i in range(len(d1)):
out.append(((d1[i] + 0x2a) ^ d2[i]) % 256)
out_string = ''.join(chr(x) for x in out)
all.append(out_string)
print(out_string)kernel32.dll
SetEvent
WaitForSingleObject
advapi32.dll
RegisterServiceCtrlHandlerExW
kernel32.dll
CreateMutexW
Decrypt-Your-Files.txt
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
EKANS
--------------------------------------------
| What happened to your files?
--------------------------------------------
We breached your corporate network and encrypted the data on your computers. The encrypted data includes documents, databases, photos and more -
all were encrypted using a military grade encryption algorithms (AES-256 and RSA-2048). You cannot access those files right now. But dont worry!
You can still get those files back and be up and running again in no time.
---------------------------------------------
| How to contact us to get your files back?
---------------------------------------------
The only way to restore your files is by purchasing a decryption tool loaded with a private key we created specifically for your network.
Once run on an effected computer, the tool will decrypt all encrypted files - and you can resume day-to-day operations, preferably with
better cyber security in mind. If you are interested in purchasing the decryption tool contact us at %s
-------------------------------------------------------
| How can you be certain we have the decryption tool?
-------------------------------------------------------
In your mail to us attach up to 3 non critical files (up to 3MB, no databases or spreadsheets).
We will send them back to you decrypted.
-------------------------------------------------------
| What happens if you dont contact us within 48 hours or refuse payment?
-------------------------------------------------------
We publish sensitve databases and documents we collected from your network.
-------------------------------------------------------
public
systemdrive
pub: %v
root: %v
\Desktop\
\
Global\
select DomainRole FROM Win32_ComputerSystem
CoUninitialize %v
WbemScripting.SWbemNamedValueSet
CreateObject %v
QueryInterface %v
Add
__ProviderArchitecture
CallMethod architecture%v
WbemScripting.SWbemLocator
CreateObject %v
QueryInterface %v
ConnectServer
root\cimv2
CallMethod ConnectServer %v
ExecQuery
SELECT * FROM Win32_ShadowCopy
CallMethod %v
Count
GetProperty Count %v
ItemIndex
CallMethod %v
ID
GetProperty ID %v
Delete_
already encrypted
worker %s started job %s
error encrypting %v : %v
\
\
There can be only one
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuMBx+hZWQFjyOGwHtb13JhGJS6FohQRzg4ouAuFPC59VydRSfcWp
0YCwSMR4NbJw38/527eGeG3vPeSg1aqz4fFEISm3GR9i2bLWxl7r7gQx2iuwQbZJ
jzSm7ymwc7P9rOERdgTHFltz+x1JIa/pUEUdjpSgJMrcEYeix4TDVUjKMPFZbvAo
wU/wTRJmb6/Cv0ibyEfyDNUazP+jdqojgI9egCmRTX56LmH41Q1Y3pQQFLFx0pge
MOizcr4c0HAqUJw9lu2/a4ATQ/DS/nk3J2DF+1RPhDXWrYJY3iIK6NldZTa2ZWx4
ZDfceIe2t/4GcgpBdSTU9Q+fBmbcyY3qvQIDAQAB
-----END RSA PUBLIC KEY-----
bad pem
%v
ccflic0.exe
ccflic4.exe
healthservice.exe
ilicensesvc.exe
nimbus.exe
prlicensemgr.exe
certificateprovider.exe
proficypublisherservice.exe
proficysts.exe
erlsrv.exe
vmtoolsd.exe
managementagenthost.exe
vgauthservice.exe
epmd.exe
hasplmv.exe
spooler.exe
hdb.exe
ntservices.exe
n.exe
monitoringhost.exe
win32sysinfo.exe
inet_gethost.exe
taskhostw.exe
proficy administrator.exe
ntevl.exe
prproficymgr.exe
prrds.exe
prrouter.exe
prconfigmgr.exe
prgateway.exe
premailengine.exe
pralarmmgr.exe
prftpengine.exe
prcalculationmgr.exe
prprintserver.exe
prdatabasemgr.exe
preventmgr.exe
prreader.exe
prwriter.exe
prsummarymgr.exe
prstubber.exe
prschedulemgr.exe
cdm.exe
musnotificationux.exe
npmdagent.exe
client64.exe
keysvc.exe
server_eventlog.exe
proficyserver.exe
server_runtime.exe
config_api_service.exe
fnplicensingservice.exe
workflowresttest.exe
proficyclient.exe
vmacthlp.exe
msdtssrvr.exe
sqlservr.exe
msmdsrv.exe
reportingservicesservice.exe
dsmcsvc.exe
winvnc4.exe
client.exe
collwrap.exe
bluestripecollector.exe
sqlbrowser.exe
dsmcad.exe
nimcluster.exe
googleupdate.exe
smc.exe
bcrservice.exe
dbsrv9.exe
rtvscan.exe
bcreporter.exe
csadmin.exe
csdbsync.exe
csmon.exe
csauth.exe
cslog.exe
csradius.exe
cstacacs.exe
url_response.exe
vmware-converter-a.exe
vmware-converter.exe
avagent.exe
paxton.net2.clientservice.exe
paxton.net2.commsserverservice.exe
avscc.exe
prunsrv.exe
googlecrashhandler.exe
googlecrashhandler64.exe
vmwaretray.exe
nd2svc.exe
tnslsnr.exe
omtsreco.exe
oracle.exe
patrolagent.exe
scfagent_64.exe
patrolperf.exe
rscdsvc.exe
rscd.exe
pmgreader.exe
firefox.exe
chrome.exe
netsession_win.exe
pcsws.exe
pcscm.exe
cwbunnav.exe
rdrcef.exe
ndrvx.exe
ndrvs.exe
dr_serviceengine.exe
teamviewer_service.exe
sqlagent.exe
dwrcst.exe
ccm messaging.exe
zoolz.exe
agntsvc.exe
dbeng50.exe
dbsnmp.exe
encsvc.exe
excel.exe
firefoxconfig.exe
infopath.exe
isqlplussvc.exe
msaccess.exe
msftesql.exe
mspub.exe
mydesktopqos.exe
mydesktopservice.exe
mysqld.exe
mysqld-nt.exe
mysqld-opt.exe
ocautoupds.exe
ocomm.exe
ocssd.exe
onenote.exe
outlook.exe
powerpnt.exe
sqbcoreservice.exe
sqlwriter.exe
steam.exe
synctime.exe
tbirdconfig.exe
thebat.exe
thebat64.exe
thunderbird.exe
visio.exe
winword.exe
wordpad.exe
xfssvccon.exe
tmlisten.exe
pccntmon.exe
cntaosmgr.exe
ntrtscan.exe
mbamtray.exe
qhactivedefense.exe
qhwatchdog.exe
qhsafetray.exe
avgsvc.exe
avgui.exe
v3lite.exe
v3main.exe
v3sp.exe
avastui.exe
avastsvc.exe
avguard.exe
avshadow.exe
avgnt.exe
avira.servicehost.exe
avira.systray.exe
bdagent.exe
bdredline.exe
bdss.exe
bullguardbhvscanner.exe
bullguardscanner.exe
bullguardtray.exe
bullguardupdate.exe
bullguard.exe
cmdagent.exe
cistray.exe
cis.exe
spideragent.exe
dwengine.exe
dwarkdaemon.exe
dwnetfilter.exe
a2service.exe
a2guard.exe.a2start.exe
egui.exe
ekrn.exe
fshoster32.exe
fshoster64.exe
fortisslvpndaemon.exe
fortiesnac.exe
fortiwf.exe
fortitray.exe
fchelper64.exe
fortiproxy.exe
fcappdb.exe
fcdblog.exe
avp.exe
avpui.exe
mbamservice.exe
mcsacore.exe
mcapexe.exe
mcshield.exe
mcsvhost.exe
nortonsecurity.exe
psuaservice.exe
psuamain.exe
psanhost.exe
sdrservice.exe
swc_service.exe
swi_service.exe
ssp.exe
ccsvchst.exe
smcgui.exe
coreserviceshell.exe
coreframeworkhost.exe
uiwatchdog.exe
uiseagnt.exe
paamsrv.exe
psh_svc.exe
aupdrun.exe
acaas.exe
acaegmgr.exe
acaif.exe
acais.exe
ahnsd.exe
ahnsdsv.exe
autoup.exe
v3clnsrv.exe
v3medic.exe
v3svc.exe
aflogvw.exe
ahnrpt.exe
atwsctsk.exe
v3exec.exe
v3imscn.exe
monsvcnt.exe
monsysnt.exe
aexnsrcvsvc.exe
aexsvc.exe
atrshost.exe
ctdataload.exe
aexagentuihost.exe
aexnsagent.exe
aclntusr.exe
aexswdusr.exe
pxemtftp.exe
aclient.exe
securitycenter.exe
starta.exe
stopa.exe
anvir.exe
csrss_tc.exe
ashavast.exe
ashbug.exe
ashchest.exe
ashcmd.exe
ashdisp.exe
ashenhcd.exe
ashlogv.exe
ashmaisv.exe
ashpopwz.exe
ashquick.exe
ashserv.exe
ashsimp2.exe
ashsimpl.exe
ashskpcc.exe
ashskpck.exe
ashupd.exe
ashwebsv.exe
aswdisp.exe
aswregsvr.exe
aswserv.exe
aswupdsv.exe
aswwebsv.exe
avengine.exe
afwserv.exe
avastemupdate.exe
unsecapp.exe
avgamsvr.exe
avgas.exe
avgcc32.exe
avgcc.exe
avgctrl.exe
avgdiag.exe
avgemc.exe
avgfws8.exe
avgfwsrv.exe
avginet.exe
avgmsvr.exe
avgrssvc.exe
avgscanx.exe
avgserv9.exe
avgserv.exe
avgupd.exe
avgupdln.exe
avgupsvc.exe
avgvv.exe
avgwb.dat
avgw.exe
avgwizfw.exe
guard.exe
avgcsrvx.exe
avgidsagent.exe
avgidsmonitor.exe
avgidsui.exe
avgidswatcher.exe
avgam.exe
avgnsx.exe
avgfws9.exe
avgrsx.exe
avgtray.exe
avgwdsvc.exe
sidebar.exe
avgchsvx.exe
avgcmgr.exe
avgemcx.exe
avgfws.exe
avgmfapx.exe
avgcefrend.exe
avgcsrva.exe
avgemca.exe
avgnsa.exe
avgrsa.exe
loggingserver.exe
toolbarupdater.exe
wtusystemsuport.exe
avgregcl.exe
avgsystx.exe
vprot.exe
avcenter.exe
avconfig.exe
avesvc.exe
avmailc.exe
avmcdlg.exe
avnotify.exe
avscan.exe
guardgui.exe
avadmin.exe
avfwsvc.exe
avwebgrd.exe
fwinst.exe
sysoptenginesvc.exe
bavtray.exe
bhipssvc.exe
bmrt.exe
seccenter.exe
gziface.exe
gzserv.exe
bdc.exe
bdlite.exe
bdmcon.exe
bdsubmit.exe
deloeminfs.exe
livesrv.exe
setloadorder.exe
vsserv.exe
xcommsvr.exe
bka.exe
bkavsystemserver.exe
blupro.exe
blackd.exe
blackice.exe
proutil.exe
rapapp.exe
basfipm.exe
isafe.exe
cavrid.exe
vetmsg.exe
amswmagt
caf.exe
capmuam
agt.exe
ccnfagent.exe
ccsmagtd.exe
cfftplugin.exe
cfnotsrvd.exe
cfsmsmd.exe
alert.exe
igateway.exe
inotask.exe
caantispyware.exe
caavcmdscan.exe
caav.exe
caavguiscan.exe
cafw.exe
calogdump.exe
capfaem.exe
capfsem.exe
cappactiveprotection.exe
casecuritycenter.exe
caunst.exe
cavrep.exe
cctray.exe
ccupdate.exe
isafinst.exe
itmrt_supportdiagnostics.exe
itmrtsvc.exe
itmrt_trace.exe
ppclean.exe
umxagent.exe
umxcfg.exe
umxfwhlp.exe
umxpol.exe
unvet32.exe
capfasem.exe
ccprovsp.exe
ppctlpriv.exe
casc.exe
ccschedulersvc.exe
ccsystemreport.exe
inonmsrv.exe
inoweb.exe
auth8021x.exe
krbcc32s.exe
pep.exe
realmon.exe
repmgr64.exe
csacontrol.exe
leventmgr.exe
okclient.exe
clamscan.exe
clamtray.exe
clamwin.exe
ccemflsv.exe
cssauth.exe
cavscan.exe
clps.exe
clpsla.exe
clpsls.exe
cmdinstall.exe
cfpconfig.exe
cfp.exe
cfplogvw.exe
cfpsbmit.exe
cfpupdat.exe
crashrep.exe
cpf.exe
cfpconfg.exe
csfalconservice.exe
cylanceui.exe
cylancesvc.exe
cramtray.exe
crssvc.exe
amsvc.exe
frzstate2k.exe
drwagnui.exe
drweb32.exe
drweb32w.exe
drweb386.exe
drwebcgp.exe
drwebdc.exe
drweb.exe
drwebmng.exe
drwebscd.exe
drwebupw.exe
drwebwcl.exe
drwebwin.exe
drwinst.exe
spiderml.exe
spidernt.exe
spiderui.exe
drwagntd.exe
drwupgrade.exe
drwebcom.exe
eeyeevnt.exe
retinaengine.exe
a2guard.exe
a2start.exe
administrator.exe
control_panel.exe
usergate.exe
esmagent.exe
era.exe
ppmcativedetection.exe
vettray.exe
cavtray.exe
inorpc.exe
inort.exe
ca.exe
caissdt.exe
etagent.exe
etloganalyzer.exe
etrssfeeds.exe
evtarmgr.exe
evtmgr.exe
etreporter.exe
etconsole3.exe
etwcontrolpanel.exe
useranalysis.exe
etcorrel.exe
evtprocessecfile.exe
etscheduler.exe
useractivity.exe
traptrackermgr.exe
ewidoctrl.exe
ewidoguard.exe
nslocollectorservice.exe
fmon.exe
fortifw.exe
update_task.exe
fpavserver.exe
fprottray.exe
fameh32.exe
fspex.exe
fsaa.exe
bwgo0000
fch32.exe
fih32.exe
fsaua.exe
fsav32.exe
fscuif.exe
fsdfwd.exe
fsgk32.exe
fsgk32st.exe
fsguidll.exe
fsguiexe.exe
fshdll32.exe
fsm32.exe
fsma32.exe
fsmb32.exe
fsorsp.exe
fspc.exe
fsqh.exe
fssm32.exe
setupguimngr.exe
tnbutil.exe
fsavgui.exe
gdscan.exe
avkproxy.exe
avkservice.exe
avktray.exe
avkwctl.exe
gdfirewalltray.exe
gdfwsvc.exe
endpointsecurity.exe
esecservice.exe
gfireporterservice.exe
esecagntservice.exe
rcsvcmon.exe
dolphincharge.e
dolphincharge.exe
loggetor.exe
netalertclient.exe
printdevice.exe
pwdfilthelp.exe
pthosttr.exe
hpqwmiex.exe
ntcaagent.exe
ntcadaemon.exe
ntcaservice.exe
privacyiconclient.exe
rapuisvc.exe
vpatch.exe
tclproc.exe
isscsf.exe
issdaemon.exe
kvdetech.exe
kvmonxp_2.kxp
kvmonxp.kxp
kvolself.exe
kvsrvxp_1.exe
kvsrvxp.exe
kvxp.kxp
ppppwallrun.exe
avpcc.exe
avpexec.exe
avpm.exe
avpncc.exe
avps.exe
avpupd.exe
kav.exe
kavisarv.exe
kavmm.exe
kavss.exe
kavsvc.exe
kis.exe
klnagent.exe
klswd.exe
klwtblfs.exe
kwsprod.exe
up2date.exe
klserver.exe
oespamtest.exe
kavadapterexe.exe
kavlotsingleton.exe
kavfsgt.exe
kavfsrcn.exe
kavfs.exe
kavfswp.exe
kavshell.exe
klnacserver.exe
avpdtagt.exe
netcfg.exe
kavfsscs.exe
kavtray.exe
persfw.exe
avserver.exe
winroute.exe
wrctrl.exe
kabackreport.exe
kaccore.exe
kanmcmain.exe
kastray.exe
kislive.exe
kmailmon.exe
knupdatemain.exe
kswebshield.exe
kxeserv.exe
uplive.exe
kansgui.exe
kansvr.exe
kavstart.exe
kpfwsvc.exe
kwatch.exe
kav32.exe
kissvc.exe
kpfw32.exe
system.exe
wssfcmai.exe
aawservice.exe
ad-aware2007.exe
nlsvc.exe
engineserver.exe
eventparser.exe
log_qtine.exe
mfeann.exe
nailgpip.exe
rpcserv.exe
srvmon.exe
mcagent.exe
mfemactl.exe
macmnsvc.exe
masvc.exe
masalert.exe
msssrv.exe
massrv.exe
msscli.exe
mcshld9x.exe
mgavrtcl.exe
mcappins.exe
mfecanary.exe
macompatsvc.exe
mcvsrte.exe
mfefire.exe
dao_log.exe
firesvc.exe
firetray.exe
mfeesp.exe
naprdmgr.exe
cpd.exe
mfefw.exe
frameworkservic
cmgrdian.exe
mcshell.exe
mfehcs.exe
mcinfo.exe
hwapi.exe
mcafeedatabackup.exe
mcmscsvc.exe
mcnasvc.exe
mcods.exe
mcpromgr.exe
mcproxy.exe
mcuimgr.exe
mpfsrv.exe
mpsevh.exe
mps.exe
msksrver.exe
redirsvc.exe
saservice.exe
siteadv.exe
mfemms.exe
neotrace.exe
vshwin32.exe
mpfagent.exe
mpfconsole.exe
mpf.exe
mpfservice.exe
mpftray.exe
mscifapp.exe
mfevtps.exe
qclean.exe
mcregwiz.exe
rssensor.exe
safeservice.exe
ncdaemon.exe
mcdash.exe
mcdetect.exe
ssscheduler.exe
sahookmain.exe
mskdetct.exe
msksrvr.exe
mskagent.exe
stinger.exe
mcsysmon.exe
mctskshd.exe
mfetp.exe
myagttry.exe
mcupdmgr.exe
rulaunch.exe
mcvsshld.exe
tbmon.exe
alogserv.exe
mcmnhdlr.exe
mghtml.exe
edisk.exe
scan32.exe
frameworkservice.exe
mcconsol.exe
mcscript_inuse.exe
mctray.exe
mcupdate.exe
shstat.exe
udaterui.exe
updaterui.exe
mcepoc.exe
mcepocfg.exe
mcpalmcfg.exe
mcwcecfg.exe
mcwce.exe
frameworkservic.exe
vsmain.exe
oasclnt.exe
vsstat.exe
mcvsftsn.exe
avconsol.exe
avsynmgr.exe
vstskmgr.exe
webscanx.exe
mfewc.exe
mfewch.exe
giantantispywaremain.exe
giantantispywareupdater.exe
gcasservalert.exe
gcascleaner.exe
gcasinstallhelper.exe
gcasnotice.exe
gcasdtserv.exe
gcasserv.exe
gcasswupdater.exe
fcsms.exe
fcssas.exe
nissrv.exe
dpmra.exe
msseces.exe
wscntfy.exe
securitymanager.exe
aesecurityservice.exe
deteqt.agent.exe
omniagent.exe
nerosvc.exe
seanalyzertool.exe
spyemergency.exe
spyemergencysrv.exe
nlclient.exe
crdm.exe
nmagent.exe
ehttpsrv.exe
nod32.exe
nod32krn.exe
nod32kui.exe
nod32view.exe
cclaw.exe
elogsvc.exe
nip.exe
nipsvc.exe
njeeves.exe
npfmsg2.exe
npfmsg.exe
npfsvice.exe
nrmenctb.exe
nvcoas.exe
nvcsched.exe
nymse.exe
zanda.exe
zlh.exe
ixaptsvc.exe
ixavsvc.exe
ixfwsvc.exe
emlproui.exe
emlproxy.exe
mpsvc.exe
onlinent.exe
onlnsvc.exe
scanmsg.exe
scanwscs.exe
tsansrf.exe
tsatisy.exe
tscutynt.exe
tsmpnt.exe
upschd.exe
xfilter.exe
aps.exe
aus.exe
outpost.exe
adminserver.exe
avtask.exe
clshield.exe
console.exe
cpntsrv.exe
padfsvr.exe
pasystemtray.exe
pavfnsvr.exe
pavkre.exe
pavprot.exe
pavreport.exe
pnmsrv.exe
psimsvc.exe
pavupg.exe
remupd.exe
iface.exe
pavfires.exe
pavmail.exe
pavprsrv.exe
pavsched.exe
pavsrv50.exe
pavsrv51.exe
pavsrv52.exe
prevsrv.exe
tpsrv.exe
pagent.exe
pagentwd.exe
psctris.exe
apvxdwin.exe
inicio.exe
pavbckpt.exe
pavjobs.exe
psctrls.exe
pshost.exe
psimreal.exe
pskmssvc.exe
srvload.exe
webproxy.exe
avltmain.exe
firewallgui.exe
pviewer.exe
pview.exe
pmon.exe
qoeloader.exe
fws.exe
ccenter.exe
ravxp.exe
rfwproxy.exe
rfwstub.exe
knownsvr.exe
ras.exe
rasupd.exe
upfile.exe
rstray.exe
ravalert.exe
rav.exe
ravmond.exe
ravmon.exe
ravservice.exe
ravstub.exe
ravtask.exe
ravtray.exe
ravupdate.exe
rnreport.exe
rsnetsvr.exe
scanfrm.exe
rfwmain.exe
rfwsrv.exe
winlog.exe
omslogmanager.exe
snhwsrv.exe
snicheckadm.exe
snichecksrv.exe
snicon.exe
snsrv.exe
smsx.exe
svcharge.exe
svdealer.exe
svframe.exe
svtray.exe
sschk.exe
trjscan.exe
trupd.exe
ssecuritymanager.exe
dltray.exe
dlservice.exe
almon.exe
lmon.exe
savadminservice.exe
savservice.exe
sweepsrv.sys
swnetsup.exe
alsvc.exe
alupdate.exe
savmain.exe
sav32cli.exe
certificationmanagerservicent.exe
emlibupdateagentnt.exe
managementagentnt.exe
mgntsvc.exe
routernt.exe
schdsrvc.exe
scfmanager.exe
scfservice.exe
scftray.exe
op_viewer.exe
sgbhp.exe
pctsauxs.exe
pctsgui.exe
pctssvc.exe
pctstray.exe
regmech.exe
sdtrayapp.exe
svcntaux.exe
swdsvc.exe
swnxt.exe
execstat.exe
seestat.exe
swserver.exe
slee81.exe
kpf4gui.exe
kpf4ss.exe
wrspysetup.exe
acctmgr.exe
alertsvc.exe
alunotify.exe
aluschedulersvc.exe
appsvc32.exe
ccap.exe
ccapp.exe
ccevtmgr.exe
ccproxy.exe
ccpxysvc.exe
ccsetmgr.exe
checkup.exe
cka.exe
comhost.exe
cpdclnt.exe
csinject.exe
csinsm32.exe
csinsmnt.exe
dbserv.exe
defwatch.exe
defwatch
diskmon.exe
djsnetcn.exe
doscan.exe
dwhwizrd.exe
fwcfg.exe
ghost_2.exe
ghosttray.exe
icepack.exe
idsinst.exe
ispwdsvc.exe
issvc.exe
isuac.exe
luall.exe
lucallbackproxy.exe
lucoms~1.exe
lucoms.exe
mcui32.exe
navapsvc.exe
navapw32.exe
navectrl.exe
navelog.exe
navesp.exe
navshcom.exe
navw32.exe
navwnt.exe
ndetect.exe
ngctw32.exe
ngserver.exe
nisoptui.exe
nisserv.exe
nisum.exe
nmain.exe
npfmntor.exe
nprotect.exe
npscheck.exe
npssvc.exe
nscsrvce.exe
nsctop.exe
nsmdtr.exe
olfsnt40.exe
opscan.exe
poproxy.exe
pqibrowser.exe
pqv2isvc.exe
pxeservice.exe
qdcsfs.exe
qserver.exe
reportersvc.exe
rnav.exe
savfmsesp.exe
savroam.exe
savscan.exe
savui.exe
sbserv.exe
scan
explicit.exe
semsvc.exe
sesclu.exe
sevinst.exe
smsectrl.exe
smselog.exe
smsesjm.exe
smsesp.exe
smsesrv.exe
smsetask.exe
smseui.exe
sms.exe
sndmon.exe
sndsrvc.exe
spbbcsvc.exe
symlcsvc.exe
symproxysvc.exe
symsport.exe
symtray.exe
symwsc.exe
sysdoc32.exe
ucservice.exe
updtnv28.exe
urllstck.exe
usrprmpt.exe
v2iconsole.exe
vpc32.exe
vpdn_lu.exe
vprosvc.exe
wfxctl32.exe
wfxmod32.exe
wfxsnt40.exe
lucomserver.exe
savfmselog.exe
savfmsesjm.exe
savfmsectrl.exe
savfmsespamstatsmanager.exe
savfmsesrv.exe
savfmsetask.exe
savfmseui.exe
snac.exe
ssm.exe
reportsvc.exe
vptray.exe
procexp.exe
tdimon.exe
tfun.exe
tfgui.exe
tfservice.exe
tftray.exe
tiaspn~1.exe
traflnsp.exe
asupport.exe
isntsmtp.exe
nsmdemf.exe
nsmdmon.exe
nsmdreal.exe
nsmdsch.exe
ofcdog.exe
pccnt.exe
pccntupd.exe
pcctlcom.exe
pcscnsrv.exe
schupd.exe
tmntsrv.exe
tmpfw.exe
tmproxy.exe
tmas.exe
entitymain.exe
aphost.exe
lwdmserver.exe
mrf.exe
isntsysmonitor
ofcpfwsvc.exe
dwwin.exe
patch.exe
pccclient.exe
pccguide.exe
pcclient.exe
pccpfw.exe
pcscan.exe
pntiomon.exe
pop3pack.exe
pop3trap.exe
scanmailoutlook.exe
smoutlookpack.exe
webtrapnt.exe
euqmonitor.exe
smex_activeupda
smex_master.exe
smex_remoteconf
smex_systemwatc
svcgenerichost
spntsvc.exe
stopp.exe
stwatchdog.exe
usbguard.exe
uploadrecord.exe
sbamsvc.exe
vrvmail.exe
vrvmon.exe
vrvnet.exe
vrv.exe
wrsa.exe
networkagent.exe
websensecontrolservice.exe
mpcmdrun.exe
msascui.exe
msmpeng.exe
mspmspsv.exe
kb891711.exe
zavaux.exe
zavcore.exe
zillya.exe
zlclient.exe
vsmon.exe
forcefield.exe
iswmgr.exe
zapro.exe
zonealarm.exe
mantispm.exe
GDDServer.exe
xagt.exe
faild to get process list
%v
cant kill process %v : %v
%v
\temp
.docx
.accdb
.accde
.accdr
.accdt
.asp
.aspx
.back
.backup
.backupdb
.bak
.mdb
.mdc
.mdf
.war
.xls
.xlsx
.xlsm
.xlr
.zip
.rar
.sqlitedb
.sql
.py
.ppam
.pps
.ppsm
.ppsx
.ppt
pptm
.pptx
.hpp
.java
.jsp
.php
.doc
.docm
.pst
.psd
.dot
dotm
.cpp
.cs
.csv
.bkp
.db
.db-journal
.csproj
.sln
.md
.pl
.js
.html
.htm
.dbf
.rdo
.arc
.vhd
.vmdk
.vdi
.vhdx
.edb
.c
.h
.dll
.exe
.sys
.mui
.tmp
.lnk
.config
.manifest
.tlb
.olb
.blf
.ico
.regtrans-ms
.devicemetadata-ms
.settingcontent-ms
.bat
.cmd
.ps1
desktop.ini
iconcache.db
ntuser.dat
ntuser.ini
ntuser.dat.log1
ntuser.dat.log2
usrclass.dat
usrclass.dat.log1
usrclass.dat.log2
bootmgr
bootnxt
windir
SystemDrive
:\$Recycle.Bin
:\ProgramData
:\Users\All Users
:\Program Files
:\Local Settings
:\Boot
:\System Volume Information
:\Recovery
\AppData\
ntldr
NTDETECT.COM
boot.ini
bootfont.bin
bootsect.bak
desktop.ini
ctfmon.exe
iconcache.db
ntuser.dat
ntuser.dat.log
ntuser.ini
thumbs.db
.+\\Microsoft\\(User Account Pictures|Windows\\(Explorer|Caches)|Device Stage\\Device|Windows)\\
could not access service: %v
could not send control=%d: %v
timeout waiting for service to go to state=%d
could not retrieve service status: %v
Acronis VSS Provider
Enterprise Client Service
Sophos Agent
Sophos AutoUpdate Service
Sophos Clean Service
Sophos Device Control Service
Sophos File Scanner Service
Sophos Health Service
Sophos MCS Agent
Sophos MCS Client
Sophos Message Router
Sophos Safestore Service
Sophos System Protection Service
Sophos Web Control Service
SQLsafe Backup Service
SQLsafe Filter Service
Symantec System Recovery
Veeam Backup Catalog Data Service
AcronisAgent
AcrSch2Svc
Antivirus
ARSM
BackupExecAgentAccelerator
BackupExecAgentBrowser
BackupExecDeviceMediaService
BackupExecJobEngine
BackupExecManagementService
BackupExecRPCService
BackupExecVSSProvider
bedbg
DCAgent
EPSecurityService
EPUpdateService
EraserSvc11710
EsgShKernel
FA_Scheduler
IISAdmin
IMAP4Svc
macmnsvc
masvc
MBAMService
MBEndpointAgent
McAfeeEngineService
McAfeeFramework
McAfeeFrameworkMcAfeeFramework
McShield
McTaskManager
mfemms
mfevtp
mozyprobackup
MsDtsServer
MsDtsServer100
MsDtsServer110
MSExchangeES
MSExchangeIS
MSExchangeMGMT
MSExchangeMTA
MSExchangeSA
MSExchangeSRS
MSOLAP$SQL_2008
MSOLAP$SYSTEM_BGC
MSOLAP$TPS
MSOLAP$TPSAMA
MSSQL$BKUPEXEC
MSSQL$ECWDB2
MSSQL$PRACTICEMGT
MSSQL$PRACTTICEBGC
MSSQL$PROFXENGAGEMENT
MSSQL$SBSMONITORING
MSSQL$SHAREPOINT
MSSQL$SQL_2008
MSSQL$SYSTEM_BGC
MSSQL$TPS
MSSQL$TPSAMA
MSSQL$VEEAMSQL2008R2
MSSQL$VEEAMSQL2012
MSSQLFDLauncher
MSSQLFDLauncher$PROFXENGAGEMENT
MSSQLFDLauncher$SBSMONITORING
MSSQLFDLauncher$SHAREPOINT
MSSQLFDLauncher$SQL_2008
MSSQLFDLauncher$SYSTEM_BGC
MSSQLFDLauncher$TPS
MSSQLFDLauncher$TPSAMA
MSSQLSERVER
MSSQLServerADHelper100
MSSQLServerOLAPService
MySQL57
ntrtscan
OracleClientCache80
PDVFSService
POP3Svc
ReportServer
ReportServer$SQL_2008
ReportServer$SYSTEM_BGC
ReportServer$TPS
ReportServer$TPSAMA
RESvc
sacsvr
SamSs
SAVAdminService
SAVService
SDRSVC
SepMasterService
ShMonitor
Smcinst
SmcService
SMTPSvc
SNAC
SntpService
sophossps
SQLAgent$BKUPEXEC
SQLAgent$ECWDB2
SQLAgent$PRACTTICEBGC
SQLAgent$PRACTTICEMGT
SQLAgent$PROFXENGAGEMENT
SQLAgent$SBSMONITORING
SQLAgent$SHAREPOINT
SQLAgent$SQL_2008
SQLAgent$SYSTEM_BGC
SQLAgent$TPS
SQLAgent$TPSAMA
SQLAgent$VEEAMSQL2008R2
SQLAgent$VEEAMSQL2012
SQLBrowser
SQLSafeOLRService
SQLSERVERAGENT
SQLTELEMETRY
SQLTELEMETRY$ECWDB2
SQLWriter
SstpSvc
svcGenericHost
swi_filter
swi_service
swi_update_64
TmCCSF
tmlisten
TrueKey
TrueKeyScheduler
TrueKeyServiceHelper
UI0Detect
VeeamBackupSvc
VeeamBrokerSvc
VeeamCatalogSvc
VeeamCloudSvc
VeeamDeploymentService
VeeamDeploySvc
VeeamEnterpriseManagerSvc
VeeamMountSvc
VeeamNFSSvc
VeeamRESTSvc
VeeamTransportSvc
W3Svc
wbengine
WRSVC
VeeamHvIntegrationSvc
swi_update
SQLAgent$CXDB
SQLAgent$CITRIX_METAFRAME
SQL Backups
MSSQL$PROD
Zoolz 2 Service
MSSQLServerADHelper
SQLAgent$PROD
msftesql$PROD
NetMsmqActivator
EhttpSrv
ekrn
ESHASRV
MSSQL$SOPHOS
SQLAgent$SOPHOS
klnagent
MSSQL$SQLEXPRESS
SQLAgent$SQLEXPRESS
kavfsslp
KAVFSGT
KAVFS
mfefire
avast! Antivirus
aswBcc
Avast Business Console Client Antivirus Service
mfewc
Telemetryserver
WdNisSvc
WinDefend
MCAFEETOMCATSRV530
MCAFEEEVENTPARSERSRV
MSSQLFDLauncher$ITRIS
MSSQL$EPOSERVER
MSSQL$ITRIS
SQLAgent$EPOSERVER
SQLAgent$ITRIS
SQLTELEMETRY$ITRIS
MsDtsServer130
SSISTELEMETRY130
MSSQLLaunchpad$ITRIS
BITS
BrokerInfrastructure
epag
EPIntegrationService
EPProtectedService
epredline
TmPfw
SentinelAgent
SentinelHelperService
LogProcessorService
SentinelStaticEngine
DB2GOVERNOR_DB2COPY1
DB2LICD_DB2COPY1
DB2MGMTSVC_DB2COPY1
DB2REMOTECMD_DB2COPY1
DB2DAS00
DB2-0
DB2INST2
IBMDataServerMgr
IBMDSServer41
MSSQL$CITRIX_METAFRAME
RumorServer
myAgtSvc
McAfee SiteAdvisor Enterprise Service
Alerter
ERSvc
Eventlog
ImapiService
NetDDE
NtLmSsp
NtmsSvc
odserv
SnowInventoryClient
TlntSvr
VMTools
VMware
WebClient
WinVNC4
BlueStripeCollector
Cissesrv
CpqRcmc3
gupdate
gupdatem
HealthService
NimbusWatcherService
ProLiantMonitor
SDD_Service
sysdown
System
GoogleChromeElevationService
bcrservice
ccEvtMgr
ccSetMgr
CSAdmin
CSAuth
CSDbSync
CSLog
CSMon
CSRadius
CSTacacs
Symantec
VGAuthService
SepMasterServiceMig
vmware-converter-agent
vmware-converter-server
vmware-converter-worker
avbackup
MSSQL$NET2
Net2ClientSvc
NetSvc
SQLAgent$NET2
tpautoconnsvc
TPVCGateway
VMwareCAFCommAmqpListener
VMwareCAFManagementAgentHost
AdobeARMservice
RSCDsvc
LRSDRVX
msvsmon90
IDriverT
MSMQ
MMS
MSSQLFDLauncher$PROFXENGAGEMENT
ReportServer$TPS
SQLBrowser
MSSQLServerADHelper
SQLAgent$PROD
msftesql$PROD
SQLAgent$SOPHOS
AVP
VeeamEnterpriseManagerSvc
MySQL80
MSSQL$ARCSERVE_APP
ArcserveUDPPS
CAARCAppSvc
CASDatastoreSvc
CASARPSWebSVC
CAARCUpdateSvc
ArcserveUDPPS
CASAD2DwebSvc
ASLogWatch
FireEye Endpoint Agent
nxlog
SplunkForwarder
SAP
MSSQL
MySQL
OracleService
oracleservice
mssql
Sophos
Veeam
Cylance
%v
%v
%v
%v
%v
%v