Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Malware-Misc-RE/2019-07-18-megacortex-ransomware-note.vk.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
1510 lines (1500 sloc)
21.7 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MegaCortex Ransomware: | |
| MD5: c12ab67f2835b3a867af6c91aa3d3039 | |
| mbedtls_cipher_setup | |
| ext: .megac0rtx | |
| July 15 build | |
| Exports: | |
| ss2 | |
| start | |
| Blacklisted Files & Folders: | |
| .dll | |
| .exe | |
| .sys | |
| .mui | |
| .tmp | |
| .lnk | |
| .config | |
| .manifest | |
| .tlb | |
| .olb | |
| .blf | |
| .ico | |
| .regtrans-ms | |
| .devicemetadata-ms | |
| .settingcontent-ms | |
| .bat | |
| .cmd | |
| .ps1 | |
| desktop.ini | |
| iconcache.db | |
| ntuser.dat | |
| ntuser.ini | |
| ntuser.dat.log1 | |
| ntuser.dat.log2 | |
| usrclass.dat | |
| usrclass.dat.log1 | |
| usrclass.dat.log2 | |
| bootmgr | |
| bootnxt | |
| temp\ | |
| .+\\Microsoft\\(User Account Pictures|Windows\\(Explorer|Caches)|Device Stage\\Device|Windows)\\ | |
| Service & Process Kill (taskkill, net.exe & sc config " start=disabled): | |
| ccflic0.exe | |
| ccflic4.exe | |
| healthservice.exe | |
| ilicensesvc.exe | |
| nimbus.exe | |
| prlicensemgr.exe | |
| certificateprovider.exe | |
| proficypublisherservice.exe | |
| proficysts.exe | |
| erlsrv.exe | |
| vmtoolsd.exe | |
| managementagenthost.exe | |
| vgauthservice.exe | |
| epmd.exe | |
| hasplmv.exe | |
| spooler.exe | |
| hdb.exe | |
| ntservices.exe | |
| n.exe | |
| monitoringhost.exe | |
| win32sysinfo.exe | |
| inet_gethost.exe | |
| taskhostw.exe | |
| proficy administrator.exe | |
| ntevl.exe | |
| prproficymgr.exe | |
| prrds.exe | |
| prrouter.exe | |
| prconfigmgr.exe | |
| prgateway.exe | |
| premailengine.exe | |
| pralarmmgr.exe | |
| prftpengine.exe | |
| prcalculationmgr.exe | |
| prprintserver.exe | |
| prdatabasemgr.exe | |
| preventmgr.exe | |
| prreader.exe | |
| prwriter.exe | |
| prsummarymgr.exe | |
| prstubber.exe | |
| prschedulemgr.exe | |
| cdm.exe | |
| musnotificationux.exe | |
| npmdagent.exe | |
| client64.exe | |
| keysvc.exe | |
| server_eventlog.exe | |
| proficyserver.exe | |
| server_runtime.exe | |
| config_api_service.exe | |
| fnplicensingservice.exe | |
| workflowresttest.exe | |
| proficyclient.exe | |
| vmacthlp.exe | |
| msdtssrvr.exe | |
| sqlservr.exe | |
| msmdsrv.exe | |
| reportingservicesservice.exe | |
| dsmcsvc.exe | |
| winvnc4.exe | |
| client.exe | |
| collwrap.exe | |
| bluestripecollector.exe | |
| sqlbrowser.exe | |
| dsmcad.exe | |
| nimcluster.exe | |
| googleupdate.exe | |
| smc.exe | |
| bcrservice.exe | |
| dbsrv9.exe | |
| rtvscan.exe | |
| bcreporter.exe | |
| csadmin.exe | |
| csdbsync.exe | |
| csmon.exe | |
| csauth.exe | |
| cslog.exe | |
| csradius.exe | |
| cstacacs.exe | |
| url_response.exe | |
| vmware-converter-a.exe | |
| vmware-converter.exe | |
| avagent.exe | |
| paxton.net2.clientservice.exe | |
| paxton.net2.commsserverservice.exe | |
| avscc.exe | |
| prunsrv.exe | |
| googlecrashhandler.exe | |
| googlecrashhandler64.exe | |
| vmwaretray.exe | |
| nd2svc.exe | |
| tnslsnr.exe | |
| omtsreco.exe | |
| oracle.exe | |
| patrolagent.exe | |
| scfagent_64.exe | |
| patrolperf.exe | |
| rscdsvc.exe | |
| rscd.exe | |
| pmgreader.exe | |
| firefox.exe | |
| chrome.exe | |
| netsession_win.exe | |
| pcsws.exe | |
| pcscm.exe | |
| cwbunnav.exe | |
| rdrcef.exe | |
| ndrvx.exe | |
| ndrvs.exe | |
| dr_serviceengine.exe | |
| teamviewer_service.exe | |
| sqlagent.exe | |
| dwrcst.exe | |
| ccm messaging.exe | |
| zoolz.exe | |
| agntsvc.exe | |
| dbeng50.exe | |
| dbsnmp.exe | |
| encsvc.exe | |
| excel.exe | |
| firefoxconfig.exe | |
| infopath.exe | |
| isqlplussvc.exe | |
| msaccess.exe | |
| msftesql.exe | |
| mspub.exe | |
| mydesktopqos.exe | |
| mydesktopservice.exe | |
| mysqld.exe | |
| mysqld-nt.exe | |
| mysqld-opt.exe | |
| ocautoupds.exe | |
| ocomm.exe | |
| ocssd.exe | |
| onenote.exe | |
| outlook.exe | |
| powerpnt.exe | |
| sqbcoreservice.exe | |
| sqlwriter.exe | |
| steam.exe | |
| synctime.exe | |
| tbirdconfig.exe | |
| thebat.exe | |
| thebat64.exe | |
| thunderbird.exe | |
| visio.exe | |
| winword.exe | |
| wordpad.exe | |
| xfssvccon.exe | |
| tmlisten.exe | |
| pccntmon.exe | |
| cntaosmgr.exe | |
| ntrtscan.exe | |
| mbamtray.exe | |
| qhactivedefense.exe | |
| qhwatchdog.exe | |
| qhsafetray.exe | |
| avgsvc.exe | |
| avgui.exe | |
| v3lite.exe | |
| v3main.exe | |
| v3sp.exe | |
| avastui.exe | |
| avastsvc.exe | |
| avguard.exe | |
| avshadow.exe | |
| avgnt.exe | |
| avira.servicehost.exe | |
| avira.systray.exe | |
| bdagent.exe | |
| bdredline.exe | |
| bdss.exe | |
| bullguardbhvscanner.exe | |
| bullguardscanner.exe | |
| bullguardtray.exe | |
| bullguardupdate.exe | |
| bullguard.exe | |
| cmdagent.exe | |
| cistray.exe | |
| cis.exe | |
| spideragent.exe | |
| dwengine.exe | |
| dwarkdaemon.exe | |
| dwnetfilter.exe | |
| a2service.exe | |
| a2guard.exe.a2start.exe | |
| egui.exe | |
| ekrn.exe | |
| fshoster32.exe | |
| fshoster64.exe | |
| fortisslvpndaemon.exe | |
| fortiesnac.exe | |
| fortiwf.exe | |
| fortitray.exe | |
| fchelper64.exe | |
| fortiproxy.exe | |
| fcappdb.exe | |
| fcdblog.exe | |
| avp.exe | |
| avpui.exe | |
| mbamservice.exe | |
| mcsacore.exe | |
| mcapexe.exe | |
| mcshield.exe | |
| mcsvhost.exe | |
| nortonsecurity.exe | |
| psuaservice.exe | |
| psuamain.exe | |
| psanhost.exe | |
| sdrservice.exe | |
| swc_service.exe | |
| swi_service.exe | |
| ssp.exe | |
| ccsvchst.exe | |
| smcgui.exe | |
| coreserviceshell.exe | |
| coreframeworkhost.exe | |
| uiwatchdog.exe | |
| uiseagnt.exe | |
| paamsrv.exe | |
| psh_svc.exe | |
| aupdrun.exe | |
| acaas.exe | |
| acaegmgr.exe | |
| acaif.exe | |
| acais.exe | |
| ahnsd.exe | |
| ahnsdsv.exe | |
| autoup.exe | |
| v3clnsrv.exe | |
| v3medic.exe | |
| v3svc.exe | |
| aflogvw.exe | |
| ahnrpt.exe | |
| atwsctsk.exe | |
| v3exec.exe | |
| v3imscn.exe | |
| monsvcnt.exe | |
| monsysnt.exe | |
| aexnsrcvsvc.exe | |
| aexsvc.exe | |
| atrshost.exe | |
| ctdataload.exe | |
| aexagentuihost.exe | |
| aexnsagent.exe | |
| aclntusr.exe | |
| aexswdusr.exe | |
| pxemtftp.exe | |
| aclient.exe | |
| securitycenter.exe | |
| starta.exe | |
| stopa.exe | |
| anvir.exe | |
| csrss_tc.exe | |
| ashavast.exe | |
| ashbug.exe | |
| ashchest.exe | |
| ashcmd.exe | |
| ashdisp.exe | |
| ashenhcd.exe | |
| ashlogv.exe | |
| ashmaisv.exe | |
| ashpopwz.exe | |
| ashquick.exe | |
| ashserv.exe | |
| ashsimp2.exe | |
| ashsimpl.exe | |
| ashskpcc.exe | |
| ashskpck.exe | |
| ashupd.exe | |
| ashwebsv.exe | |
| aswdisp.exe | |
| aswregsvr.exe | |
| aswserv.exe | |
| aswupdsv.exe | |
| aswwebsv.exe | |
| avengine.exe | |
| afwserv.exe | |
| avastemupdate.exe | |
| unsecapp.exe | |
| avgamsvr.exe | |
| avgas.exe | |
| avgcc32.exe | |
| avgcc.exe | |
| avgctrl.exe | |
| avgdiag.exe | |
| avgemc.exe | |
| avgfws8.exe | |
| avgfwsrv.exe | |
| avginet.exe | |
| avgmsvr.exe | |
| avgrssvc.exe | |
| avgscanx.exe | |
| avgserv9.exe | |
| avgserv.exe | |
| avgupd.exe | |
| avgupdln.exe | |
| avgupsvc.exe | |
| avgvv.exe | |
| avgwb.dat | |
| avgw.exe | |
| avgwizfw.exe | |
| guard.exe | |
| avgcsrvx.exe | |
| avgidsagent.exe | |
| avgidsmonitor.exe | |
| avgidsui.exe | |
| avgidswatcher.exe | |
| avgam.exe | |
| avgnsx.exe | |
| avgfws9.exe | |
| avgrsx.exe | |
| avgtray.exe | |
| avgwdsvc.exe | |
| sidebar.exe | |
| avgchsvx.exe | |
| avgcmgr.exe | |
| avgemcx.exe | |
| avgfws.exe | |
| avgmfapx.exe | |
| avgcefrend.exe | |
| avgcsrva.exe | |
| avgemca.exe | |
| avgnsa.exe | |
| avgrsa.exe | |
| loggingserver.exe | |
| toolbarupdater.exe | |
| wtusystemsuport.exe | |
| avgregcl.exe | |
| avgsystx.exe | |
| vprot.exe | |
| avcenter.exe | |
| avconfig.exe | |
| avesvc.exe | |
| avmailc.exe | |
| avmcdlg.exe | |
| avnotify.exe | |
| avscan.exe | |
| guardgui.exe | |
| avadmin.exe | |
| avfwsvc.exe | |
| avwebgrd.exe | |
| fwinst.exe | |
| sysoptenginesvc.exe | |
| bavtray.exe | |
| bhipssvc.exe | |
| bmrt.exe | |
| seccenter.exe | |
| gziface.exe | |
| gzserv.exe | |
| bdc.exe | |
| bdlite.exe | |
| bdmcon.exe | |
| bdsubmit.exe | |
| deloeminfs.exe | |
| livesrv.exe | |
| setloadorder.exe | |
| vsserv.exe | |
| xcommsvr.exe | |
| bka.exe | |
| bkavsystemserver.exe | |
| blupro.exe | |
| blackd.exe | |
| blackice.exe | |
| proutil.exe | |
| rapapp.exe | |
| basfipm.exe | |
| isafe.exe | |
| cavrid.exe | |
| vetmsg.exe | |
| amswmagt | |
| caf.exe | |
| capmuam | |
| agt.exe | |
| ccnfagent.exe | |
| ccsmagtd.exe | |
| cfftplugin.exe | |
| cfnotsrvd.exe | |
| cfsmsmd.exe | |
| alert.exe | |
| igateway.exe | |
| inotask.exe | |
| caantispyware.exe | |
| caavcmdscan.exe | |
| caav.exe | |
| caavguiscan.exe | |
| cafw.exe | |
| calogdump.exe | |
| capfaem.exe | |
| capfsem.exe | |
| cappactiveprotection.exe | |
| casecuritycenter.exe | |
| caunst.exe | |
| cavrep.exe | |
| cctray.exe | |
| ccupdate.exe | |
| isafinst.exe | |
| itmrt_supportdiagnostics.exe | |
| itmrtsvc.exe | |
| itmrt_trace.exe | |
| ppclean.exe | |
| umxagent.exe | |
| umxcfg.exe | |
| umxfwhlp.exe | |
| umxpol.exe | |
| unvet32.exe | |
| capfasem.exe | |
| ccprovsp.exe | |
| ppctlpriv.exe | |
| casc.exe | |
| ccschedulersvc.exe | |
| ccsystemreport.exe | |
| inonmsrv.exe | |
| inoweb.exe | |
| auth8021x.exe | |
| krbcc32s.exe | |
| pep.exe | |
| realmon.exe | |
| repmgr64.exe | |
| csacontrol.exe | |
| leventmgr.exe | |
| okclient.exe | |
| clamscan.exe | |
| clamtray.exe | |
| clamwin.exe | |
| ccemflsv.exe | |
| cssauth.exe | |
| cavscan.exe | |
| clps.exe | |
| clpsla.exe | |
| clpsls.exe | |
| cmdinstall.exe | |
| cfpconfig.exe | |
| cfp.exe | |
| cfplogvw.exe | |
| cfpsbmit.exe | |
| cfpupdat.exe | |
| crashrep.exe | |
| cpf.exe | |
| cfpconfg.exe | |
| csfalconservice.exe | |
| cylanceui.exe | |
| cylancesvc.exe | |
| cramtray.exe | |
| crssvc.exe | |
| amsvc.exe | |
| frzstate2k.exe | |
| drwagnui.exe | |
| drweb32.exe | |
| drweb32w.exe | |
| drweb386.exe | |
| drwebcgp.exe | |
| drwebdc.exe | |
| drweb.exe | |
| drwebmng.exe | |
| drwebscd.exe | |
| drwebupw.exe | |
| drwebwcl.exe | |
| drwebwin.exe | |
| drwinst.exe | |
| spiderml.exe | |
| spidernt.exe | |
| spiderui.exe | |
| drwagntd.exe | |
| drwupgrade.exe | |
| drwebcom.exe | |
| eeyeevnt.exe | |
| retinaengine.exe | |
| a2guard.exe | |
| a2start.exe | |
| administrator.exe | |
| control_panel.exe | |
| usergate.exe | |
| esmagent.exe | |
| era.exe | |
| ppmcativedetection.exe | |
| vettray.exe | |
| cavtray.exe | |
| inorpc.exe | |
| inort.exe | |
| ca.exe | |
| caissdt.exe | |
| etagent.exe | |
| etloganalyzer.exe | |
| etrssfeeds.exe | |
| evtarmgr.exe | |
| evtmgr.exe | |
| etreporter.exe | |
| etconsole3.exe | |
| etwcontrolpanel.exe | |
| useranalysis.exe | |
| etcorrel.exe | |
| evtprocessecfile.exe | |
| etscheduler.exe | |
| useractivity.exe | |
| traptrackermgr.exe | |
| ewidoctrl.exe | |
| ewidoguard.exe | |
| nslocollectorservice.exe | |
| fmon.exe | |
| fortifw.exe | |
| update_task.exe | |
| fpavserver.exe | |
| fprottray.exe | |
| fameh32.exe | |
| fspex.exe | |
| fsaa.exe | |
| bwgo0000 | |
| fch32.exe | |
| fih32.exe | |
| fsaua.exe | |
| fsav32.exe | |
| fscuif.exe | |
| fsdfwd.exe | |
| fsgk32.exe | |
| fsgk32st.exe | |
| fsguidll.exe | |
| fsguiexe.exe | |
| fshdll32.exe | |
| fsm32.exe | |
| fsma32.exe | |
| fsmb32.exe | |
| fsorsp.exe | |
| fspc.exe | |
| fsqh.exe | |
| fssm32.exe | |
| setupguimngr.exe | |
| tnbutil.exe | |
| fsavgui.exe | |
| gdscan.exe | |
| avkproxy.exe | |
| avkservice.exe | |
| avktray.exe | |
| avkwctl.exe | |
| gdfirewalltray.exe | |
| gdfwsvc.exe | |
| endpointsecurity.exe | |
| esecservice.exe | |
| gfireporterservice.exe | |
| esecagntservice.exe | |
| rcsvcmon.exe | |
| dolphincharge.e | |
| dolphincharge.exe | |
| loggetor.exe | |
| netalertclient.exe | |
| printdevice.exe | |
| pwdfilthelp.exe | |
| pthosttr.exe | |
| hpqwmiex.exe | |
| ntcaagent.exe | |
| ntcadaemon.exe | |
| ntcaservice.exe | |
| privacyiconclient.exe | |
| rapuisvc.exe | |
| vpatch.exe | |
| tclproc.exe | |
| isscsf.exe | |
| issdaemon.exe | |
| kvdetech.exe | |
| kvmonxp_2.kxp | |
| kvmonxp.kxp | |
| kvolself.exe | |
| kvsrvxp_1.exe | |
| kvsrvxp.exe | |
| kvxp.kxp | |
| ppppwallrun.exe | |
| avpcc.exe | |
| avpexec.exe | |
| avpm.exe | |
| avpncc.exe | |
| avps.exe | |
| avpupd.exe | |
| kav.exe | |
| kavisarv.exe | |
| kavmm.exe | |
| kavss.exe | |
| kavsvc.exe | |
| kis.exe | |
| klnagent.exe | |
| klswd.exe | |
| klwtblfs.exe | |
| kwsprod.exe | |
| up2date.exe | |
| klserver.exe | |
| oespamtest.exe | |
| kavadapterexe.exe | |
| kavlotsingleton.exe | |
| kavfsgt.exe | |
| kavfsrcn.exe | |
| kavfs.exe | |
| kavfswp.exe | |
| kavshell.exe | |
| klnacserver.exe | |
| avpdtagt.exe | |
| netcfg.exe | |
| kavfsscs.exe | |
| kavtray.exe | |
| persfw.exe | |
| avserver.exe | |
| winroute.exe | |
| wrctrl.exe | |
| kabackreport.exe | |
| kaccore.exe | |
| kanmcmain.exe | |
| kastray.exe | |
| kislive.exe | |
| kmailmon.exe | |
| knupdatemain.exe | |
| kswebshield.exe | |
| kxeserv.exe | |
| uplive.exe | |
| kansgui.exe | |
| kansvr.exe | |
| kavstart.exe | |
| kpfwsvc.exe | |
| kwatch.exe | |
| kav32.exe | |
| kissvc.exe | |
| kpfw32.exe | |
| system.exe | |
| wssfcmai.exe | |
| aawservice.exe | |
| ad-aware2007.exe | |
| nlsvc.exe | |
| engineserver.exe | |
| eventparser.exe | |
| log_qtine.exe | |
| mfeann.exe | |
| nailgpip.exe | |
| rpcserv.exe | |
| srvmon.exe | |
| mcagent.exe | |
| mfemactl.exe | |
| macmnsvc.exe | |
| masvc.exe | |
| masalert.exe | |
| msssrv.exe | |
| massrv.exe | |
| msscli.exe | |
| mcshld9x.exe | |
| mgavrtcl.exe | |
| mcappins.exe | |
| mfecanary.exe | |
| macompatsvc.exe | |
| mcvsrte.exe | |
| mfefire.exe | |
| dao_log.exe | |
| firesvc.exe | |
| firetray.exe | |
| mfeesp.exe | |
| naprdmgr.exe | |
| cpd.exe | |
| mfefw.exe | |
| frameworkservic | |
| cmgrdian.exe | |
| mcshell.exe | |
| mfehcs.exe | |
| mcinfo.exe | |
| hwapi.exe | |
| mcafeedatabackup.exe | |
| mcmscsvc.exe | |
| mcnasvc.exe | |
| mcods.exe | |
| mcpromgr.exe | |
| mcproxy.exe | |
| mcuimgr.exe | |
| mpfsrv.exe | |
| mpsevh.exe | |
| mps.exe | |
| msksrver.exe | |
| redirsvc.exe | |
| saservice.exe | |
| siteadv.exe | |
| mfemms.exe | |
| neotrace.exe | |
| vshwin32.exe | |
| mpfagent.exe | |
| mpfconsole.exe | |
| mpf.exe | |
| mpfservice.exe | |
| mpftray.exe | |
| mscifapp.exe | |
| mfevtps.exe | |
| qclean.exe | |
| mcregwiz.exe | |
| rssensor.exe | |
| safeservice.exe | |
| ncdaemon.exe | |
| mcdash.exe | |
| mcdetect.exe | |
| ssscheduler.exe | |
| sahookmain.exe | |
| mskdetct.exe | |
| msksrvr.exe | |
| mskagent.exe | |
| stinger.exe | |
| mcsysmon.exe | |
| mctskshd.exe | |
| mfetp.exe | |
| myagttry.exe | |
| mcupdmgr.exe | |
| rulaunch.exe | |
| mcvsshld.exe | |
| tbmon.exe | |
| alogserv.exe | |
| mcmnhdlr.exe | |
| mghtml.exe | |
| edisk.exe | |
| scan32.exe | |
| frameworkservice.exe | |
| mcconsol.exe | |
| mcscript_inuse.exe | |
| mctray.exe | |
| mcupdate.exe | |
| shstat.exe | |
| udaterui.exe | |
| updaterui.exe | |
| mcepoc.exe | |
| mcepocfg.exe | |
| mcpalmcfg.exe | |
| mcwcecfg.exe | |
| mcwce.exe | |
| frameworkservic.exe | |
| vsmain.exe | |
| oasclnt.exe | |
| vsstat.exe | |
| mcvsftsn.exe | |
| avconsol.exe | |
| avsynmgr.exe | |
| vstskmgr.exe | |
| webscanx.exe | |
| mfewc.exe | |
| mfewch.exe | |
| giantantispywaremain.exe | |
| giantantispywareupdater.exe | |
| gcasservalert.exe | |
| gcascleaner.exe | |
| gcasinstallhelper.exe | |
| gcasnotice.exe | |
| gcasdtserv.exe | |
| gcasserv.exe | |
| gcasswupdater.exe | |
| fcsms.exe | |
| fcssas.exe | |
| nissrv.exe | |
| dpmra.exe | |
| msseces.exe | |
| wscntfy.exe | |
| securitymanager.exe | |
| aesecurityservice.exe | |
| deteqt.agent.exe | |
| omniagent.exe | |
| nerosvc.exe | |
| seanalyzertool.exe | |
| spyemergency.exe | |
| spyemergencysrv.exe | |
| nlclient.exe | |
| crdm.exe | |
| nmagent.exe | |
| ehttpsrv.exe | |
| nod32.exe | |
| nod32krn.exe | |
| nod32kui.exe | |
| nod32view.exe | |
| cclaw.exe | |
| elogsvc.exe | |
| nip.exe | |
| nipsvc.exe | |
| njeeves.exe | |
| npfmsg2.exe | |
| npfmsg.exe | |
| npfsvice.exe | |
| nrmenctb.exe | |
| nvcoas.exe | |
| nvcsched.exe | |
| nymse.exe | |
| zanda.exe | |
| zlh.exe | |
| ixaptsvc.exe | |
| ixavsvc.exe | |
| ixfwsvc.exe | |
| emlproui.exe | |
| emlproxy.exe | |
| mpsvc.exe | |
| onlinent.exe | |
| onlnsvc.exe | |
| scanmsg.exe | |
| scanwscs.exe | |
| tsansrf.exe | |
| tsatisy.exe | |
| tscutynt.exe | |
| tsmpnt.exe | |
| upschd.exe | |
| xfilter.exe | |
| aps.exe | |
| aus.exe | |
| outpost.exe | |
| adminserver.exe | |
| avtask.exe | |
| clshield.exe | |
| console.exe | |
| cpntsrv.exe | |
| padfsvr.exe | |
| pasystemtray.exe | |
| pavfnsvr.exe | |
| pavkre.exe | |
| pavprot.exe | |
| pavreport.exe | |
| pnmsrv.exe | |
| psimsvc.exe | |
| pavupg.exe | |
| remupd.exe | |
| iface.exe | |
| pavfires.exe | |
| pavmail.exe | |
| pavprsrv.exe | |
| pavsched.exe | |
| pavsrv50.exe | |
| pavsrv51.exe | |
| pavsrv52.exe | |
| prevsrv.exe | |
| tpsrv.exe | |
| pagent.exe | |
| pagentwd.exe | |
| psctris.exe | |
| apvxdwin.exe | |
| inicio.exe | |
| pavbckpt.exe | |
| pavjobs.exe | |
| psctrls.exe | |
| pshost.exe | |
| psimreal.exe | |
| pskmssvc.exe | |
| srvload.exe | |
| webproxy.exe | |
| avltmain.exe | |
| firewallgui.exe | |
| pviewer.exe | |
| pview.exe | |
| pmon.exe | |
| qoeloader.exe | |
| fws.exe | |
| ccenter.exe | |
| ravxp.exe | |
| rfwproxy.exe | |
| rfwstub.exe | |
| knownsvr.exe | |
| ras.exe | |
| rasupd.exe | |
| upfile.exe | |
| rstray.exe | |
| ravalert.exe | |
| rav.exe | |
| ravmond.exe | |
| ravmon.exe | |
| ravservice.exe | |
| ravstub.exe | |
| ravtask.exe | |
| ravtray.exe | |
| ravupdate.exe | |
| rnreport.exe | |
| rsnetsvr.exe | |
| scanfrm.exe | |
| rfwmain.exe | |
| rfwsrv.exe | |
| winlog.exe | |
| omslogmanager.exe | |
| snhwsrv.exe | |
| snicheckadm.exe | |
| snichecksrv.exe | |
| snicon.exe | |
| snsrv.exe | |
| smsx.exe | |
| svcharge.exe | |
| svdealer.exe | |
| svframe.exe | |
| svtray.exe | |
| sschk.exe | |
| trjscan.exe | |
| trupd.exe | |
| ssecuritymanager.exe | |
| dltray.exe | |
| dlservice.exe | |
| almon.exe | |
| lmon.exe | |
| savadminservice.exe | |
| savservice.exe | |
| sweepsrv.sys | |
| swnetsup.exe | |
| alsvc.exe | |
| alupdate.exe | |
| savmain.exe | |
| sav32cli.exe | |
| certificationmanagerservicent.exe | |
| emlibupdateagentnt.exe | |
| managementagentnt.exe | |
| mgntsvc.exe | |
| routernt.exe | |
| schdsrvc.exe | |
| scfmanager.exe | |
| scfservice.exe | |
| scftray.exe | |
| op_viewer.exe | |
| sgbhp.exe | |
| pctsauxs.exe | |
| pctsgui.exe | |
| pctssvc.exe | |
| pctstray.exe | |
| regmech.exe | |
| sdtrayapp.exe | |
| svcntaux.exe | |
| swdsvc.exe | |
| swnxt.exe | |
| execstat.exe | |
| seestat.exe | |
| swserver.exe | |
| slee81.exe | |
| kpf4gui.exe | |
| kpf4ss.exe | |
| wrspysetup.exe | |
| acctmgr.exe | |
| alertsvc.exe | |
| alunotify.exe | |
| aluschedulersvc.exe | |
| appsvc32.exe | |
| ccap.exe | |
| ccapp.exe | |
| ccevtmgr.exe | |
| ccproxy.exe | |
| ccpxysvc.exe | |
| ccsetmgr.exe | |
| checkup.exe | |
| cka.exe | |
| comhost.exe | |
| cpdclnt.exe | |
| csinject.exe | |
| csinsm32.exe | |
| csinsmnt.exe | |
| dbserv.exe | |
| defwatch.exe | |
| defwatch | |
| diskmon.exe | |
| djsnetcn.exe | |
| doscan.exe | |
| dwhwizrd.exe | |
| fwcfg.exe | |
| ghost_2.exe | |
| ghosttray.exe | |
| icepack.exe | |
| idsinst.exe | |
| ispwdsvc.exe | |
| issvc.exe | |
| isuac.exe | |
| luall.exe | |
| lucallbackproxy.exe | |
| lucoms~1.exe | |
| lucoms.exe | |
| mcui32.exe | |
| navapsvc.exe | |
| navapw32.exe | |
| navectrl.exe | |
| navelog.exe | |
| navesp.exe | |
| navshcom.exe | |
| navw32.exe | |
| navwnt.exe | |
| ndetect.exe | |
| ngctw32.exe | |
| ngserver.exe | |
| nisoptui.exe | |
| nisserv.exe | |
| nisum.exe | |
| nmain.exe | |
| npfmntor.exe | |
| nprotect.exe | |
| npscheck.exe | |
| npssvc.exe | |
| nscsrvce.exe | |
| nsctop.exe | |
| nsmdtr.exe | |
| olfsnt40.exe | |
| opscan.exe | |
| poproxy.exe | |
| pqibrowser.exe | |
| pqv2isvc.exe | |
| pxeservice.exe | |
| qdcsfs.exe | |
| qserver.exe | |
| reportersvc.exe | |
| rnav.exe | |
| savfmsesp.exe | |
| savroam.exe | |
| savscan.exe | |
| savui.exe | |
| sbserv.exe | |
| scan | |
| explicit.exe | |
| semsvc.exe | |
| sesclu.exe | |
| sevinst.exe | |
| smsectrl.exe | |
| smselog.exe | |
| smsesjm.exe | |
| smsesp.exe | |
| smsesrv.exe | |
| smsetask.exe | |
| smseui.exe | |
| sms.exe | |
| sndmon.exe | |
| sndsrvc.exe | |
| spbbcsvc.exe | |
| symlcsvc.exe | |
| symproxysvc.exe | |
| symsport.exe | |
| symtray.exe | |
| symwsc.exe | |
| sysdoc32.exe | |
| ucservice.exe | |
| updtnv28.exe | |
| urllstck.exe | |
| usrprmpt.exe | |
| v2iconsole.exe | |
| vpc32.exe | |
| vpdn_lu.exe | |
| vprosvc.exe | |
| wfxctl32.exe | |
| wfxmod32.exe | |
| wfxsnt40.exe | |
| lucomserver.exe | |
| savfmselog.exe | |
| savfmsesjm.exe | |
| savfmsectrl.exe | |
| savfmsespamstatsmanager.exe | |
| savfmsesrv.exe | |
| savfmsetask.exe | |
| savfmseui.exe | |
| snac.exe | |
| ssm.exe | |
| reportsvc.exe | |
| vptray.exe | |
| procexp.exe | |
| tdimon.exe | |
| tfun.exe | |
| tfgui.exe | |
| tfservice.exe | |
| tftray.exe | |
| tiaspn~1.exe | |
| traflnsp.exe | |
| asupport.exe | |
| isntsmtp.exe | |
| nsmdemf.exe | |
| nsmdmon.exe | |
| nsmdreal.exe | |
| nsmdsch.exe | |
| ofcdog.exe | |
| pccnt.exe | |
| pccntupd.exe | |
| pcctlcom.exe | |
| pcscnsrv.exe | |
| schupd.exe | |
| tmntsrv.exe | |
| tmpfw.exe | |
| tmproxy.exe | |
| tmas.exe | |
| entitymain.exe | |
| aphost.exe | |
| lwdmserver.exe | |
| mrf.exe | |
| isntsysmonitor | |
| ofcpfwsvc.exe | |
| dwwin.exe | |
| patch.exe | |
| pccclient.exe | |
| pccguide.exe | |
| pcclient.exe | |
| pccpfw.exe | |
| pcscan.exe | |
| pntiomon.exe | |
| pop3pack.exe | |
| pop3trap.exe | |
| scanmailoutlook.exe | |
| smoutlookpack.exe | |
| webtrapnt.exe | |
| euqmonitor.exe | |
| smex_activeupda | |
| smex_master.exe | |
| smex_remoteconf | |
| smex_systemwatc | |
| svcgenerichost | |
| spntsvc.exe | |
| stopp.exe | |
| stwatchdog.exe | |
| usbguard.exe | |
| uploadrecord.exe | |
| sbamsvc.exe | |
| vrvmail.exe | |
| vrvmon.exe | |
| vrvnet.exe | |
| vrv.exe | |
| wrsa.exe | |
| networkagent.exe | |
| websensecontrolservice.exe | |
| mpcmdrun.exe | |
| msascui.exe | |
| msmpeng.exe | |
| mspmspsv.exe | |
| kb891711.exe | |
| zavaux.exe | |
| zavcore.exe | |
| zillya.exe | |
| zlclient.exe | |
| vsmon.exe | |
| forcefield.exe | |
| iswmgr.exe | |
| zapro.exe | |
| zonealarm.exe | |
| mantispm.exe | |
| Acronis VSS Provider | |
| Enterprise Client Service | |
| Sophos Agent | |
| Sophos AutoUpdate Service | |
| Sophos Clean Service | |
| Sophos Device Control Service | |
| Sophos File Scanner Service | |
| Sophos Health Service | |
| Sophos MCS Agent | |
| Sophos MCS Client | |
| Sophos Message Router | |
| Sophos Safestore Service | |
| Sophos System Protection Service | |
| Sophos Web Control Service | |
| SQLsafe Backup Service | |
| SQLsafe Filter Service | |
| Symantec System Recovery | |
| Veeam Backup Catalog Data Service | |
| AcronisAgent | |
| AcrSch2Svc | |
| Antivirus | |
| ARSM | |
| BackupExecAgentAccelerator | |
| BackupExecAgentBrowser | |
| BackupExecDeviceMediaService | |
| BackupExecJobEngine | |
| BackupExecManagementService | |
| BackupExecRPCService | |
| BackupExecVSSProvider | |
| bedbg | |
| DCAgent | |
| EPSecurityService | |
| EPUpdateService | |
| EraserSvc11710 | |
| EsgShKernel | |
| FA_Scheduler | |
| IISAdmin | |
| IMAP4Svc | |
| macmnsvc | |
| masvc | |
| MBAMService | |
| MBEndpointAgent | |
| McAfeeEngineService | |
| McAfeeFramework | |
| McAfeeFrameworkMcAfeeFramework | |
| McShield | |
| McTaskManager | |
| mfemms | |
| mfevtp | |
| mozyprobackup | |
| MsDtsServer | |
| MsDtsServer100 | |
| MsDtsServer110 | |
| MSExchangeES | |
| MSExchangeIS | |
| MSExchangeMGMT | |
| MSExchangeMTA | |
| MSExchangeSA | |
| MSExchangeSRS | |
| MSOLAP$SQL_2008 | |
| MSOLAP$SYSTEM_BGC | |
| MSOLAP$TPS | |
| MSOLAP$TPSAMA | |
| MSSQL$BKUPEXEC | |
| MSSQL$ECWDB2 | |
| MSSQL$PRACTICEMGT | |
| MSSQL$PRACTTICEBGC | |
| MSSQL$PROFXENGAGEMENT | |
| MSSQL$SBSMONITORING | |
| MSSQL$SHAREPOINT | |
| MSSQL$SQL_2008 | |
| MSSQL$SYSTEM_BGC | |
| MSSQL$TPS | |
| MSSQL$TPSAMA | |
| MSSQL$VEEAMSQL2008R2 | |
| MSSQL$VEEAMSQL2012 | |
| MSSQLFDLauncher | |
| MSSQLFDLauncher$PROFXENGAGEMENT | |
| MSSQLFDLauncher$SBSMONITORING | |
| MSSQLFDLauncher$SHAREPOINT | |
| MSSQLFDLauncher$SQL_2008 | |
| MSSQLFDLauncher$SYSTEM_BGC | |
| MSSQLFDLauncher$TPS | |
| MSSQLFDLauncher$TPSAMA | |
| MSSQLSERVER | |
| MSSQLServerADHelper100 | |
| MSSQLServerOLAPService | |
| MySQL57 | |
| ntrtscan | |
| OracleClientCache80 | |
| PDVFSService | |
| POP3Svc | |
| ReportServer | |
| ReportServer$SQL_2008 | |
| ReportServer$SYSTEM_BGC | |
| ReportServer$TPS | |
| ReportServer$TPSAMA | |
| RESvc | |
| sacsvr | |
| SamSs | |
| SAVAdminService | |
| SAVService | |
| SDRSVC | |
| SepMasterService | |
| ShMonitor | |
| Smcinst | |
| SmcService | |
| SMTPSvc | |
| SNAC | |
| SntpService | |
| sophossps | |
| SQLAgent$BKUPEXEC | |
| SQLAgent$ECWDB2 | |
| SQLAgent$PRACTTICEBGC | |
| SQLAgent$PRACTTICEMGT | |
| SQLAgent$PROFXENGAGEMENT | |
| SQLAgent$SBSMONITORING | |
| SQLAgent$SHAREPOINT | |
| SQLAgent$SQL_2008 | |
| SQLAgent$SYSTEM_BGC | |
| SQLAgent$TPS | |
| SQLAgent$TPSAMA | |
| SQLAgent$VEEAMSQL2008R2 | |
| SQLAgent$VEEAMSQL2012 | |
| SQLBrowser | |
| SQLSafeOLRService | |
| SQLSERVERAGENT | |
| SQLTELEMETRY | |
| SQLTELEMETRY$ECWDB2 | |
| SQLWriter | |
| SstpSvc | |
| svcGenericHost | |
| swi_filter | |
| swi_service | |
| swi_update_64 | |
| TmCCSF | |
| tmlisten | |
| TrueKey | |
| TrueKeyScheduler | |
| TrueKeyServiceHelper | |
| UI0Detect | |
| VeeamBackupSvc | |
| VeeamBrokerSvc | |
| VeeamCatalogSvc | |
| VeeamCloudSvc | |
| VeeamDeploymentService | |
| VeeamDeploySvc | |
| VeeamEnterpriseManagerSvc | |
| VeeamMountSvc | |
| VeeamNFSSvc | |
| VeeamRESTSvc | |
| VeeamTransportSvc | |
| W3Svc | |
| wbengine | |
| WRSVC | |
| VeeamHvIntegrationSvc | |
| swi_update | |
| SQLAgent$CXDB | |
| SQLAgent$CITRIX_METAFRAME | |
| SQL Backups | |
| MSSQL$PROD | |
| Zoolz 2 Service | |
| MSSQLServerADHelper | |
| SQLAgent$PROD | |
| msftesql$PROD | |
| NetMsmqActivator | |
| EhttpSrv | |
| ekrn | |
| ESHASRV | |
| MSSQL$SOPHOS | |
| SQLAgent$SOPHOS | |
| klnagent | |
| MSSQL$SQLEXPRESS | |
| SQLAgent$SQLEXPRESS | |
| kavfsslp | |
| KAVFSGT | |
| KAVFS | |
| mfefire | |
| avast! Antivirus | |
| aswBcc | |
| Avast Business Console Client Antivirus Service | |
| mfewc | |
| Telemetryserver | |
| WdNisSvc | |
| WinDefend | |
| MCAFEETOMCATSRV530 | |
| MCAFEEEVENTPARSERSRV | |
| MSSQLFDLauncher$ITRIS | |
| MSSQL$EPOSERVER | |
| MSSQL$ITRIS | |
| SQLAgent$EPOSERVER | |
| SQLAgent$ITRIS | |
| SQLTELEMETRY$ITRIS | |
| MsDtsServer130 | |
| SSISTELEMETRY130 | |
| MSSQLLaunchpad$ITRIS | |
| BITS | |
| BrokerInfrastructure | |
| epag | |
| EPIntegrationService | |
| EPProtectedService | |
| epredline | |
| TmPfw | |
| SentinelAgent | |
| SentinelHelperService | |
| LogProcessorService | |
| SentinelStaticEngine | |
| DB2GOVERNOR_DB2COPY1 | |
| DB2LICD_DB2COPY1 | |
| DB2MGMTSVC_DB2COPY1 | |
| DB2REMOTECMD_DB2COPY1 | |
| DB2DAS00 | |
| DB2-0 | |
| DB2INST2 | |
| IBMDataServerMgr | |
| IBMDSServer41 | |
| MSSQL$CITRIX_METAFRAME | |
| RumorServer | |
| myAgtSvc | |
| McAfee SiteAdvisor Enterprise Service | |
| Alerter | |
| ERSvc | |
| Eventlog | |
| ImapiService | |
| NetDDE | |
| NtLmSsp | |
| NtmsSvc | |
| odserv | |
| SnowInventoryClient | |
| TlntSvr | |
| VMTools | |
| VMware | |
| WebClient | |
| WinVNC4 | |
| BlueStripeCollector | |
| Cissesrv | |
| CpqRcmc3 | |
| gupdate | |
| gupdatem | |
| HealthService | |
| NimbusWatcherService | |
| ProLiantMonitor | |
| SDD_Service | |
| sysdown | |
| System | |
| GoogleChromeElevationService | |
| bcrservice | |
| ccEvtMgr | |
| ccSetMgr | |
| CSAdmin | |
| CSAuth | |
| CSDbSync | |
| CSLog | |
| CSMon | |
| CSRadius | |
| CSTacacs | |
| Symantec | |
| VGAuthService | |
| SepMasterServiceMig | |
| vmware-converter-agent | |
| vmware-converter-server | |
| vmware-converter-worker | |
| avbackup | |
| MSSQL$NET2 | |
| Net2ClientSvc | |
| NetSvc | |
| SQLAgent$NET2 | |
| tpautoconnsvc | |
| TPVCGateway | |
| VMwareCAFCommAmqpListener | |
| VMwareCAFManagementAgentHost | |
| TPAutoConnSvc | |
| AdobeARMservice | |
| RSCDsvc | |
| LRSDRVX | |
| msvsmon90 | |
| IDriverT | |
| MSMQ | |
| Internal name: | |
| payload.dll | |
| elevate: | |
| MEGA-G8= | |
| x5gj5_gmG8.log | |
| vssadmin delete shadows /all /for= | |
| \vssadmin.exe | |
| cipher /W: | |
| \cipher.exe | |
| processed: | |
| available VM: | |
| x5gj5_gmG8 | |
| failed. | |
| KiB | |
| KiB/s | |
| start | |
| KiB | |
| scaning | |
| processed: | |
| Note: | |
| If you are reading this text, it means, we've hacked your corporate network. | |
| Now all your data is encrypted with very serious and powerful algorithms (AES256 and RSA-4,096). | |
| These algorithms now in use in military intelligence, NSA and CIA . | |
| No one can help you to restore your data without our special decipherer. | |
| Don't even waste your time. | |
| But there are good news for you. | |
| We don't want to do any damage to your business. | |
| We are working for profit. | |
| The core of this criminal business is to give back your valuable data in the original form (for ransom of course). | |
| In order to prove that we can restore all your data, we'll decrypt 3 of your files for free. | |
| Please, attach 2-3 encrypted files to your first letter. | |
| Each file must be less than 5 Mb, non-archived and your files should not contain valuable information | |
| (databases, backups, large word files or excel sheets, etc.). | |
| You will receive decrypted samples and our conditions how to get the decipherer. | |
| For the fastest solution of the problem, please, write immediately in your first letter: | |
| the name of your company, | |
| the domain name of your corporate network and | |
| the URL of your corporate website | |
| It is important ! | |
| And please do not start your first letter to us with the words: | |
| "It's a mistake !! Our company is just trimming and grooming little dogs. We don't have money at all." | |
| "There is a big mistake on our site ! | |
| We are not leaders in our industry and all our competitors don't suck our huge dick. | |
| We're just | |
| small company, and we are dying because of hard competition." | |
| "We are not the Super Mega International Corporation ltd., we are just a nursery etc." | |
| We see it 5 times a day. This shit doesn't work at all !!! | |
| Don't waste our and your time. | |
| Remember ! We don't work for food. | |
| You have to pay for decryption in Bitcoins (BTC). | |
| If you think you pay $500 and you'll get the decryptor, you are 50 million light years away from reality :) | |
| The ransom begins from 2-3 BTC up to 600 BTC. | |
| If you don't have money don't even write to us. | |
| We don't do charity ! | |
| One more time : | |
| 1.(In first letter) write the name of your company, the domain name of your corporate network and the URL of your corporate website | |
| 2. Attach 2-3 encrypted files (we'll show you some magic) | |
| 3. Use Google in order to find out how to buy bitcoins fast | |
| As soon as we get bitcoins you'll get all your decrypted data back. | |
| Contact emails: | |
| MckinnisKamariyah91@mail.com | |
| ThomassenVallen1999@mail.com | |
| Man is the master of everything and decides everything. |