Analysis Report GZe6EcSTpO

Overview

General Information

Sample Name:	GZe6EcSTpO (renamed file extension from none to exe)
Analysis ID:	380813
MD5:	87e0355c098d2dfd890ae4c9da26bbdd
SHA1:	5f300f4dd15cccbe51cd4df51ac30b7c2c84fc75
SHA256:	570c3c298c2d30bfd7d824b0ec8e28b3efa51bf269297348fc5fc30cb81a2d7e
Tags:	1512361453
Infos:
Most interesting Screenshot:

Detection

Mimikatz HawkEye Nanocore xRAT CobaltStrike Codoso Ghost Coinhive Crypto Miner GhostRat Mini RAT Mirai Nukesped PupyRAT Quasar RevengeRAT ComRAT UACMe WebMonitor RAT Xmrig Xtreme RAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected Hacktool Mimikatz

Detected HawkEye Rat

Detected Nanocore Rat

Detected xRAT

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected CobaltStrike

Yara detected Codoso Ghost

Yara detected Coinhive miner

Yara detected Crypto Miner

Yara detected GhostRat

Yara detected Mimikatz

Yara detected Mini RAT

Yara detected Mirai

Yara detected Nukesped

Yara detected Powershell download and execute

Yara detected PupyRAT

Yara detected Quasar RAT

Yara detected RevengeRAT

Yara detected Turla ComRAT XORKey

Yara detected UACMe UAC Bypass tool

Yara detected WebMonitor RAT

Yara detected Xmrig cryptocurrency miner

Yara detected Xtreme RAT

Deletes itself after installation

Found Tor onion address

Found strings related to Crypto-Mining

Modifies existing user documents (likely ransomware behavior)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes a notice file (html or txt) to demand a ransom

Abnormal high CPU Usage

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains strange resources

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: GZe6EcSTpO.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: GZe6EcSTpO.exe	Virustotal: Detection: 52%			Perma Link
Source: GZe6EcSTpO.exe	ReversingLabs: Detection: 41%

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Cryptography:

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA0AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	3_2_02CA0AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA0380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	3_2_02CA0380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA0E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	3_2_02CA0E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB0AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	5_2_02DB0AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB0380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	5_2_02DB0380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB0E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	5_2_02DB0E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E10AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	8_2_02E10AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E10380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	8_2_02E10380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E10E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	8_2_02E10E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C102A0 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,	9_2_02C102A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	9_2_02C10380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10310 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,	9_2_02C10310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10120 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,	9_2_02C10120
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C12460 CryptAcquireContextW,CryptReleaseContext,	9_2_02C12460
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	9_2_02C10AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	9_2_02C10E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C11070 CryptExportKey,CryptExportKey,GetLastError,CryptExportKey,GetLastError,	9_2_02C11070
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C2B740 CryptAcquireContextW,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptGenRandom,CryptReleaseContext,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,GlobalMemoryStatus,GetCurrentProcessId,	9_2_02C2B740
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C115A0 CryptCreateHash,GetLastError,CryptSetHashParam,GetLastError,CryptSignHashW,GetLastError,CryptDestroyHash,	9_2_02C115A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C11AC0 CryptCreateHash,GetLastError,CryptSetHashParam,GetLastError,CryptSignHashW,CryptDestroyHash,	9_2_02C11AC0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C11880 CryptDecrypt,GetLastError,memcpy,	9_2_02C11880
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C0FE60 CryptEnumProvidersW,CryptEnumProvidersW,GetLastError,CryptEnumProvidersW,GetLastError,	9_2_02C0FE60
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C00AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	10_2_02C00AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C00380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	10_2_02C00380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C00E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	10_2_02C00E90

Exploits:

Yara detected UACMe UAC Bypass tool

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Privilege Escalation:

Detected Hacktool Mimikatz

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

String found in binary or memory: $s1 = "http://blog.gentilkiwi.com/mimikatz" ascii

Bitcoin Miner:

Yara detected Coinhive miner

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Crypto Miner

Source: Yara match	File source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY
Source: Yara match	File source: C:\Users\user\Desktop\otx-c2-iocs.txt, type: DROPPED

Found strings related to Crypto-Mining

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s1 = "stratum+tcp://" ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s7 = "-P /tmp && chmod +x /tmp/pools.txt" fullword ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s8 = "\"algo\": \"cryptonight\", // cryptonight (default) or cryptonight-lite" fullword ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s1 = "stratum+tcp://" ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: reference = "https://coinhive.com/documentation/miner"
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: Smominru Monero mining botnet making millions for operators https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-koOilRig uses RGDoor IIS Backdoor on Targets in the Middle East https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iiOilRig uses RGDoor IIS Backdoor on Targets in the Middle East https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iicLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cr

Compliance:

Uses 32bit PE files

Source: GZe6EcSTpO.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\vnwareupdate.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_508df7e2bcbccb90\MSVCR90.dll

Jump to behavior

Source: GZe6EcSTpO.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: $x1 = "\\BeyondExecV2\\Server\\Release\\Pipes.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\exeruner.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\T+M\\Result\\DocPrint.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\RbDoorX64.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\UACElevator_RID2B2C.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\shellcodegenerator.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Gubed\\Release\\Gubed.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\pstgdump_RID2A85.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\FakeRun.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\BypassUAC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\archer_lyl\\Release\\Archer_Input.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\ASGT.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = /\\Debug\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "ntfltmgr.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Debug\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ScreenMonitorService\\Release\\smmsrv.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\AllTheThings_RID2BB8.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\injector.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\ChromePasswordDump\\Release\\FireMaster.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\svc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "Desktop\\Htran\\Release\\Htran.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\Documents and Settings\\Administrator\\Desktop\\GetPAI\\Out\\IE.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\EWSTEW.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\beacon\\Release\\beacon.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\RoyalCli.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\BisonNewHNStubDll\\Release\\Goopdate.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\InjectDll.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\Development\\ghps\\nps\\nps\\obj\\x86\\Release\\nps.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Cobra\\Release\\Cobra.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\Sharpire_RID2A4F.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\milk\\Release\\milk.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\NoPowerShell.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "S:\\Lidstone\\renewing\\HA\\disable\\In.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "\\x86\\Release\\word.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "D:\\gitpoc\\UAC\\src\\x64\\Release\\lpe.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\Release\\Loader.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Release\\CnCerT.CCdoor.Client.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "D:\\Work\\Project\\VS\\HSSL\\HSSL_Unicode _2\\Release\\ServiceClient.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "F:\\Projects\\Bot\\Bot\\Release\\Ism.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Step7ProSim.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Release\\AppInitHook_RID2B57.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\inject.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "bin\\oSaberSvc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\WRK\\GHook\\gHook\\x64\\Debug\\gHookx64.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Projets\\vbsedit_source\\script2exe\\Release\\mywscript.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "srv\\newclient\\lib\\win32\\obj\\i386\\mstsc.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Decompress\\obj\\Release\\Decompress.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "ipsearcher_RID2B37\\ipsearcher_RID2B37\\Release\\ipsearcher_RID2B37.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\x64\\x64passldr.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\epathobj_exp\\x64\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Celesty Binder\\Stub\\STATIC\\Stub.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDbBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\reflective_dll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "src\\build\\Release\\dllConfig\\dllConfig.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Myrtille.Services.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\x86\\Debug\\secure_scan.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Win32Project1\\Release\\Win32Project1.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\RTLBot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\Potato.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ClearLog\\Release\\logC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "Agent Injector\\PolicyConverter\\Joiner\\obj\\Release\\Joiner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\PhantomNet-SSL.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\CWoolger.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\Bot Fresh.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\BypassUacDll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\Layer.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\kasper.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "Agent Injector\\PolicyConverter\\Inner\\obj\\Release\\Inner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\not copy\\obj\\Debug\\not copy.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\amd64\\elrawdsk.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s16 = ".\\lsasrv.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\FTPCom_vs10\\Release\\Engine.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pd source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\PSAttack.pdb" fullword source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\WindowXarbot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\objfre_w2k_x86\\i386\\guava.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\custact\\x86\\AICustAct.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Lenovo\\Desktop\\test\\Release\\test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\WinMain\\Release\\WinMain.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "Excalibur\\bin\\Shell.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\SkeyMan2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD dBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDoBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDcBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDdBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDiBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOThe Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4dec74bc41c581b82459;APTnotes 2014 Operation_Poisoned_Hurricane.pdf source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\ReflectivLoader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\fgexec_RID2983.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\botkill.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "Bot\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\PowerShellRunner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Bot5\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDh source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\instlsp\\Release\\Lancer.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\MiniAsp4\\Release\\MiniAsp.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\scout\\Release\\scout.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\epathobj_exp\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = /\\Release\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "BypassUac.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s5 = "%windows%\\mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\Release\\TempRacer_RID2A94.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\exploit.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\i386\\Hello.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s6 = "\\obj\\Release\\ZPP.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "uac\\bin\\install_test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Logintech\\Dropbox\\Projects\\New folder\\Latest\\Benchmark\\Benchmark\\obj\\Release\\Benchmark.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\dnscat2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD5Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDaBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8@ source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\support\\Release\\ab.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s4 = "C:\\v3\\exe\\de_svr_inst.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\	Jump to behavior

Networking:

Found Tor onion address

Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: WdSAzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-Double dipping: Diverting ransomware Bitcoin payments via .onion domains https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoDouble dipping: Diverting ransomware Bitcoin payments via .onion domains https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ranso
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: Double dipping: Diverting ransomware Bitcoin payments via .onion domains https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoNew version of mobile malware Catelites possibly linked to Cron cyber gang https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tH %

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s3 = "www.yahoo.com" fullword ascii equals www.yahoo.com (Yahoo)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 008DE622CA9526F5F4A1DD3F16F4EA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 02B03555A505CFCFC4B5F4F716B2BA88ED4CD8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 038A97B4E2F37F34B255F0643E49FC9D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 04738CA02F59A5CD394998A99FCD9613;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 070D7082A5ABE1112615877214EC82241FD17E5BD465E24D794A470F699AF88E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 07E1740152E09610EA826655D27E8D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 092DE09E2F346B81A84113734964AD10284F142D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 09DB36F71106379832C8CA57BA5BE8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 0A15D1AA85C9D39C4757EFDA861DA014156D31;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 0D2B07DF600285D1D8C49938BC2F79AD3EEF5C77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 0D7082A5ABE1112615877214EC82241FD17E5BD465E24D794A470F699AF88E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 12499311682E914B703A8669CE05FA4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 12620D0CBCDFBDB04D01A18BBD497B8A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 141E78D16456A072C9697454FC6D5F58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 159B71183A69928BA8F26B76772EC504AEFEAC71021B012BD006162E133731;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CAA374B5A53E34E161C59D18CE6FDFF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CC9179A724C41E6712CE3F5AEADFD;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CE20B4E7A561F0AC5C6C515975B70A5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CE41809508B7F88A24CABA884926C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1E78D16456A072C9697454FC6D5F58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1FD9AEEACA9631902BCCD6BDD89F74;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2154A36F32BA10E98020A8AD758A7A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 243511A51088D57E6DF08D5EF52D5499;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 277256F905D7CB07CDCD096CECC27E76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2B07DF600285D1D8C49938BC2F79AD3EEF5C77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2C641A9348F1E0CCF9F38EE17F41B2DA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2C9095C965A55EFC46E16B86F9B7D6C6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2DE09E2F346B81A84113734964AD10284F142D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2F159B71183A69928BA8F26B76772EC504AEFEAC71021B012BD006162E133731;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 31008DE622CA9526F5F4A1DD3F16F4EA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 34A11F3D68FD6CDEF04B6DF17BBE8F4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3511A51088D57E6DF08D5EF52D5499;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 36E477643375030431301ABACCB8287B2EECCE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3986FB79BC66807E28F233B52EFA7C315862C8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 39BFE18D912DBCC940D05D692EFEB9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3B6C3DF08E99B40148548E96CD1AC872;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3C432A21CFD05F976AF8C47A007928F7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3C58F168E883AF1294BBCEA33B03E6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3CC0D3A05CD0CEF8294506F37A0B8A00;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3D36E477643375030431301ABACCB8287B2EECCE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 40D3D8795559A556A8897EC6E003FC91;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 41E48A6B91750D99A8295C97FD55D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 432A21CFD05F976AF8C47A007928F7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 43E71A8C73B5E343AA9D2E19002373;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 451CE41809508B7F88A24CABA884926C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4595DBE00A538DF127E0079294C87DA0;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 489F3E5D8BFEB3A75250017191277E2D5D0BAE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4909DB36F71106379832C8CA57BA5BE8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 499311682E914B703A8669CE05FA4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: 4AADF3CA86E9B567E23F9F31782495;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4CB67845A88F1A9C22CEAAD46F584B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4E4E9AAC289F1C55E50227E2DE66463B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4E9AAC289F1C55E50227E2DE66463B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 509F959F92210D8DD40710BA34548AE960864754;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 514DEE65CAF923E829F1E0094D2585;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 529353E33FD3C0D2802BB558414F11;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5388520F80C6CA3038445EBB3D6A51F3D90BF717;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5ACC56C93C5BA1318DD2FA9C3509D60B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5C2C06DECA8212EB71D2CC7F0D23E9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5C5C2C06DECA8212EB71D2CC7F0D23E9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5C6A887A91B18289A70BDD29CC86EBDB;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5D63D4D952E9A0715583F97A2D9EDEB45AE74E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5DBEF7BDDAF50624E840CCBCE2816594;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5FCD7588B1D94008975C4627C8FEB6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 619528E52A31D1D348ACB2077E2FC240;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 61C909D2F625223DB2FB858BBDF42A76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 61E2679CD208E0A421ADC4940662C583;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 620D0CBCDFBDB04D01A18BBD497B8A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: 637F971A3BCD465BF077921A51F7EC;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 641A9348F1E0CCF9F38EE17F41B2DA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 64E917FEBEA4AB178F7D21A7E220FE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 64F0AC82CCC4A6DEF48D5F9079B7C146126C6464;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 65A1A73253F04354886F375B59550B46;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 65FCC51F70B2213BCE4D39DE56646795FD62D169;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 661CC9179A724C41E6712CE3F5AEADFD;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 6A887A91B18289A70BDD29CC86EBDB;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 6C3C58F168E883AF1294BBCEA33B03E6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 6C3DF08E99B40148548E96CD1AC872;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 722154A36F32BA10E98020A8AD758A7A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7256F905D7CB07CDCD096CECC27E76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 72A28EFB6E32E653B656CA32CCD44B3111145A695F6F6161965DEEBBDC437076;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 738CA02F59A5CD394998A99FCD9613;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 756DD64C1147515BA2298B6A760260;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 765FCD7588B1D94008975C4627C8FEB6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 78256FBF2F061CFDED7FDD58FEDED6765FADE730374C508ADAD89282F67D77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 78E90308FF107CE38089DFF16A929431;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 791BCEBAEA85E9129E706B22E3BDA43F762E4A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 793986FB79BC66807E28F233B52EFA7C315862C8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: 79B13F81582E64327CFC02425BD7DC;Trojan.Klonzyrat https://twitter.com/jiriatvirlab/status/822601440317345792 / https://www.symante equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7AA521E7CAFB360294E56969EDA5D6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7DBFA8CBB39192FFE2A930FC5258D4C1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7EAE5684E4B4BF44E36F2810C86FCD33;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8341E48A6B91750D99A8295C97FD55D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 848775BAB0801E5BB15B33FA4FCA573C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8775BAB0801E5BB15B33FA4FCA573C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 88520F80C6CA3038445EBB3D6A51F3D90BF717;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8943E71A8C73B5E343AA9D2E19002373;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8A39BFE18D912DBCC940D05D692EFEB9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8A97B4E2F37F34B255F0643E49FC9D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8F64E917FEBEA4AB178F7D21A7E220FE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8FF4DC8A2EBFD5EEA11A38877BD4F2DF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 901FD9AEEACA9631902BCCD6BDD89F74;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 90514DEE65CAF923E829F1E0094D2585;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 905A3508D9309A93AD5C0EC26EBC9B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9095C965A55EFC46E16B86F9B7D6C6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: 9166A078FB409E1952164028A00B99;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 943F5E45BEFA52FB12748CA7171D30096E1D4FC3C365561497C618341299D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9528E52A31D1D348ACB2077E2FC240;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 95DBE00A538DF127E0079294C87DA0;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 96489F3E5D8BFEB3A75250017191277E2D5D0BAE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 97290300ABB68FB48480718E6318EE2CDD4F099AA6438010FB2F44803E0B58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 99AA0D0ECEEFCE4C0856532181B449B1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9B97290300ABB68FB48480718E6318EE2CDD4F099AA6438010FB2F44803E0B58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9D1F5D79CD906F75C88177C7F6168E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9F959F92210D8DD40710BA34548AE960864754;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A030EA830A12A32E84A012DFB1679B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A07AA521E7CAFB360294E56969EDA5D6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A0B7FBDBDCEF1777657182A504283D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A11F3D68FD6CDEF04B6DF17BBE8F4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A1A73253F04354886F375B59550B46;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A278256FBF2F061CFDED7FDD58FEDED6765FADE730374C508ADAD89282F67D77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A28EFB6E32E653B656CA32CCD44B3111145A695F6F6161965DEEBBDC437076;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A54CCC770DCCE8FD4929B7C1176470;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A602B03555A505CFCFC4B5F4F716B2BA88ED4CD8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A6D36749EEBBBC51B552E5803ED1FD58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A8F69EB2CF9F30EA96961C86B4347282;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A906082DF6383AA8D5DE60F6EF830E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AA0D0ECEEFCE4C0856532181B449B1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AA374B5A53E34E161C59D18CE6FDFF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AA905A3508D9309A93AD5C0EC26EBC9B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: ACDB6D5C1D8C3F5E3C29C3605BFFCF18;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AE5684E4B4BF44E36F2810C86FCD33;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: APT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlPowerShell ransomware delivered in MalSpam https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailPowerShell ransomware delivered in MalSpam https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailPowerShell ransomware delivered in MalSpam https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailSandworm to Blacken: The SCADA Connection http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tSandworm to Blacken: The SCADA Connection http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-t9002 RAT -- a second building on the left http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-9002 RAT -- a second building on the left http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-Sandworm to Blacken: The SCADA Connection http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tXData ransomware attacked users in Ukraine https://twitter.com/martin_u/status/880088927595638784 / https://nioguard.blogspXData ransomware attacked users in Ukraine https://twitter.com/martin_u/status/880088927595638784 / https://nioguard.blogsp equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: B12CCD0A2BFE7D9540E29FAB052698BB300E81326EFD8D85515069179F2FC0;Trojan.Klonzyrat https://twitter.com/jiriatvirlab/status/822601440317345792 / https://www.symante equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: B45D63D4D952E9A0715583F97A2D9EDEB45AE74E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: B6CA04CC59805E2680D77A71D9D7BD2F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: B72A2802D2A7FF33FD2D4BBCF41188724FCAA8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BA756DD64C1147515BA2298B6A760260;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BCF823EEEE02967B49B764E22319C79F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BE0A15D1AA85C9D39C4757EFDA861DA014156D31;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BEF7BDDAF50624E840CCBCE2816594;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BFA54CCC770DCCE8FD4929B7C1176470;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BFA8CBB39192FFE2A930FC5258D4C1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-New multi platform malware/adware spreading via Facebook Messenger https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mNew multi platform malware/adware spreading via Facebook Messenger https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mNew multi platform malware/adware spreading via Facebook Messenger https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mLarge Malvertising Campaign Leads to Angler EK & Bunitu Malware http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverLarge Malvertising Campaign Leads to Angler EK & Bunitu Malware http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverLarge Malvertising Campaign Leads to Angler EK & Bunitu Malware http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverChina Hacks the Peace Palace: All Your EEZ\u2019s Are Belong to Us https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-belChina Hacks the Peace Palace: All Your EEZ\u2019s Are Belong to Us https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-bel equals www.facebook.com (Facebook)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C093A79FAE9B92E69C99BB28F9AE12939E4E1327A371EEAC9207E346ECCDB4;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C0D3A05CD0CEF8294506F37A0B8A00;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C1529353E33FD3C0D2802BB558414F11;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C1A030EA830A12A32E84A012DFB1679B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C34CB67845A88F1A9C22CEAAD46F584B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C3DC68E8D734968432C5DD5F6DB444C7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C8791BCEBAEA85E9129E706B22E3BDA43F762E4A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C909D2F625223DB2FB858BBDF42A76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: CA04CC59805E2680D77A71D9D7BD2F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: CC56C93C5BA1318DD2FA9C3509D60B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: CDA0B7FBDBDCEF1777657182A504283D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: CEFB8A9866A1A09F8ADE2992575F489BCEB735;Trojan.Klonzyrat https://twitter.com/jiriatvirlab/status/822601440317345792 / https://www.symante equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D36749EEBBBC51B552E5803ED1FD58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D3D8795559A556A8897EC6E003FC91;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D745EA39C8C5B82D5E153D3313096C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D7D745EA39C8C5B82D5E153D3313096C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DB07E1740152E09610EA826655D27E8D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DB6D5C1D8C3F5E3C29C3605BFFCF18;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DC68E8D734968432C5DD5F6DB444C7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: DD5F334CFFD250A1E16DAC46165DD6;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DDE2A6AC540643E2428976B778C43D39;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DEF52F017EAAC4843AAB506A39AC2DBF96AEE5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E20B4E7A561F0AC5C6C515975B70A5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E2679CD208E0A421ADC4940662C583;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E29D1F5D79CD906F75C88177C7F6168E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E2A6AC540643E2428976B778C43D39;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E90308FF107CE38089DFF16A929431;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E9A906082DF6383AA8D5DE60F6EF830E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: E9FC007CC082BE545DBC0C62247ADE;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: EFDEF52F017EAAC4843AAB506A39AC2DBF96AEE5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F0AC82CCC4A6DEF48D5F9079B7C146126C6464;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F2943F5E45BEFA52FB12748CA7171D30096E1D4FC3C365561497C618341299D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F4DC8A2EBFD5EEA11A38877BD4F2DF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F69EB2CF9F30EA96961C86B4347282;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F823EEEE02967B49B764E22319C79F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F9B72A2802D2A7FF33FD2D4BBCF41188724FCAA8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: FCC093A79FAE9B92E69C99BB28F9AE12939E4E1327A371EEAC9207E346ECCDB4;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: FCC51F70B2213BCE4D39DE56646795FD62D169;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: Karagany.B https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234Karagany.B https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234Karagany.B https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234Ding! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamMalicious Word document targeting Mac users https://objective-see.com/blog/blog_0x17.htmlFinding Hackingteam code in Russian malware https://objective-see.com/blog/blog_0x18.htmlDing! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pDing! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pDing! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pOcean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (HttpProv.dll)Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (HttpProv.dll) equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Further Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlVENOM Linux rootkit https://security.web.cern.ch/security/venom.shtmllVENOM Linux rootkit https://security.web.cern.ch/security/venom.shtmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comEvilBunny (2014) https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Pincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comEvilBunny (2014) https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Pincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comAPTnotes 2012 Cyberattack_against_Israeli_and_Palestinian_targets.pdfPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.com equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: Linux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pMalicious Macros targetting South Korea https://twitter.com/eyalsela/status/900248754091167744Hellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin.p equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: Malware Analysis Report (MAR-10135536-G) \u2013 North Korean Trojan: BADCALL MAR-10135536-G_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publEvasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Malware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publDownloaders on Google Play spreading malware to steal Facebook login details https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-facDownloaders on Google Play spreading malware to steal Facebook login details https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-fac6B6E023B4221BAE8ED37BB18407516; APT10 / Cloud Hopper https://goo.gl/CywXnS equals www.facebook.com (Facebook)
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: New Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNaoinstalad Malware Targeting users in Brazil http://www.malware-traffic-analysis.net/2017/06/08/index.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNaoinstalad Malware Targeting users in Brazil http://www.malware-traffic-analysis.net/2017/06/08/index.htmlBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eya equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: SDarkhotel (2014) https://cdn.securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf / htOperation Double Tap https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware equals www.facebook.com (Facebook)
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: Sowbug: Cyber espionage group targets South American and Southeast Asian governments https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout5Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopi1#ISMDoor impersonates ZAHRANI (an electrical equipment and engineering company in Saudi Arabia) and ThetaRay. https://twitter.com/eyalsela/status/92066117900924109328cTurla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopib8Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopieTurla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiNRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-aRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-udiRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-ioRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-Recent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-f6Recent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks- equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: The Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScRATs from the Underground http://researchcenter.paloaltonetworks.com/2017/01/unit42-exploring-cybercrime-uBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyad312ff06187c93d12dd5f1d0;FannyWorm Equation Group Sample http://goo.gl/f6xNwu equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: The Spring Dragon APT https://securelist.com/blog/research/70726/the-spring-dragon-apt/APT1: technical backstage (2013) https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03//Nebula Exploit Kit http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlNebula Exploit Kit http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlNebula Exploit Kit http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlUrsnif: Deep Technical Dive http://www.seculert.com/blogs/ursnif-deep-technical-diveLazarus Bitcoin Spearphishes https://twitter.com/ClearskySec/status/944926250161844224Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Lazarus Bitcoin Spearphishes https://twitter.com/ClearskySec/status/944926250161844224Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Angler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variantsAngler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variantsGroup5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Lazarus Bitcoin Spearphishes https://twitter.com/ClearskySec/status/944926250161844224Angler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variantsAngler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variants equals www.twitter.com (Twitter)

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: HTTP://HI.BAIDU.COM/0X24Q
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: Http://Www.YrYz.Net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: Http://www.darkst.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/%5.5d.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/content.html?id=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/device_command.asp?device_id=%s&cv=%s&command=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/error.html?tab=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/ja-JP/2015/%d/%d/%d%d%d%d%d%d%d%d.gif
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/logo.png
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/main.php?ssid=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/provide?clients=%s&reqs=visit.startload
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/record.asp?device_t=%s&key=%s&device_id=%s&cv=%s&result=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/result_%s.htm
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/webmail.php?id=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s:%d/aspxabcdef.asp?%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s:%d/aspxabcdefg.asp?%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%ws:%d/%d%s%dHTTP/1.1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://0.0.0.0/1
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://0xicf.wordpress.com/2014/12/18/a-pirated-version-of-the-assassins-creed-a
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://124.133.254.171/up/up.asp?id=%08x&pcname=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/1.exe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/6kbbs/bank.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/cookie.asp?fuck=
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/error1.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/phptunnel.php
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/sql.asp?id=1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:%d/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:%u/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:8000/$_name
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://192.168.16.186/details.php?id=1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://192.169.200.200:2217/mysql_inject.php?id=1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://2016.eicar.org/85-0-Download.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://202.113.20.235/gj/images/2.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://210.73.64.88/doorway/cgi-bin/getclientip.asp?IP=
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://24hack.com/xyadmin.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://Www.cnhuker.com
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: http://amtrckr.info/json/live
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://amtrckr.info/json/liveeFull
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://asec.ahnlab.com/1015
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://babelfish.yahoo.com/translate_url?
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.htmlFake
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.htmlTaiwan
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.com/2016/04/two-bytes-to-951m.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://bbs.yesmybi.net
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1/.
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1/A
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1/The
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1acA
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1tesDemocracy
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://bit.ly/1BFEujv
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blacksecurity.org
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0day.jp/2015/06/linuxmayhem.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0day.jp/2015/06/linuxmayhem.htmlBlue
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0day.jp/p/english-report-of-fhappi-freehosting.html?m=1
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploi
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploiFiesta
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploiTeaching
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/120423677154/unusual-njrat-campaign-originating-from-s
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/120423677154/unusual-njrat-campaign-originating-from-sDiscovering
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/120423677154/unusual-njrat-campaign-originating-from-sUnusual
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/127019416444/development-of-the-cryptoapp-ransomware
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/134260124544/inside-braviaxfakerean-an-analysis-and-hi
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/64094318510/analysis-of-the-internet-security-fake-ant
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/64094318510/analysis-of-the-internet-security-fake-antAnalysis
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1448
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1448CRCoinManager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1448f
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519GlobeImposter
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519New
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519Operation
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1521
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1527
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1527Continued
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1527Group5:
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cari.net/carisirt-defaulting-on-passwords-part-1-r0_bot/Defaulting
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cari.net/carisirt-defaulting-on-passwords-part-1-r0_bot/Hancitor
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkp
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/.
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/A
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/Futurax
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-author
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-waYi
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traf
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-trafOSX/Dok
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-trafShortJSRat
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/05/10/diamondfox-modular-malware-one-stop-shop/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/05/10/diamondfox-modular-malware-one-stop-shop/Spear
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intellige
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intellige8
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligeDigging
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf/Rocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfARocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfAttacks
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfEvasive
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfRocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfnRocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdftRocket
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/ironman-deep-panda-uses-sakula-malware-target-organi
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/Sakula
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/Scanbox
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/Tofsee
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/puttering-into-the-future
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/spear-a-threat-actor-resurfaces
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/spear-a-threat-actor-resurfacesSPEAR:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/spear-a-threat-actor-resurfacesThe
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.ht
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.htHong
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.htXSLCmd
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.h
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.hAPT
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.hSpearphising
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dynamoo.com/2015/05/malware-spam-attn-outstanding-invoices.html
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dynamoo.com/2015/07/malware-spam-hmrc-taxes-application.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dynamoo.com/2015/07/malware-spam-hmrc-taxes-application.htmlGamarue
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companie
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companieBackdoor
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.foregenix.com/malware-alert-new-pos-malware-tinypos
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/badmirror-new-android-malware-family-spotted-by-sh
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/badmirror-new-android-malware-family-spotted-by-shAttacks
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/locker-an-android-ransomware-full-of-surprises
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unk
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unkRATs
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unkSpam
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/what-s-cooking-dridex-s-new-and-undiscovered-recip
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/what-s-cooking-dridex-s-new-and-undiscovered-recipDridex
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/what-s-cooking-dridex-s-new-and-undiscovered-recipNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.gentilkiwi.com/mimikatz
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/.s/2015/05/a-new-uac-bypass-method-that-dridex-uses.htm
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authent
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-filesAsruex:
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-filesDiamondFox
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-filesEmissary
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.htmlDetecting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.htmlDown
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.knownsec.com/wp-content/uploads/2016/01/Malicious-Code-Analysis-on-U
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.macnica.net/blog/2017/08/post-fb81.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwarebytes.org/exploits-2/2015/03/jamieoliver-com-still-compromise
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwarebytes.org/exploits-2/2015/03/jamieoliver-com-still-compromiseNew
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwarebytes.org/fraud-scam/2015/03/new-facebook-worm-variant-levera
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwaremustdie.org/2014/08/another-country-sponsored-malware.html
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerabil
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/4DDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/9DDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/DDG:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/ECHTHONIC
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/HARE_DENY_WRITEt
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/IDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/dDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/fDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/lDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/ource:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/tDDG:
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl0A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl1A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl2A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl4A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl7A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl8
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl8A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl9A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklIA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklUA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklaA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklcA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickldA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickldiA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickleA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklfA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickliA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickliCompromised
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-b
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-bThe
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.nsfocus.net/blackmoon-bank-trojan-sample-technical-analysis-report/
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.ropchain.com/2015/08/16/analysis-of-exploit-targeting-office-2007-20
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.ropchain.com/2015/08/16/analysis-of-exploit-targeting-office-2007-20Dyreza
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.rvrsh3ll.net
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.h
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.hFrom
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.hSWF
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.hiSWF
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2015/12/cryptowall-4.html
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/03/samsam-ransomware.html
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/04/nuclear-exposed.html
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#more
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreBronze
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreEternalRocks
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreProject
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreTofsee
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/12/flokibot-collab.htmlRecent
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/12/flokibot-collab.htmlWin32/Spy.Obator
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2017/01/locky-struggles.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2017/01/locky-struggles.htmlWithout
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2017/02/pony-pub-files.html?m=1
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/02/korean-maldoc.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/02/korean-maldoc.htmlCloud
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/02/korean-maldoc.htmlKorean
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.html
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.html7Covert
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.htmlCovert
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.htmlLatest
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.htmlaCovert
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.ht
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/07/the-medoc-connection.htmlParanoid
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/07/the-medoc-connection.htmlThe
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.htmlBronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.htmlMalicious
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.html
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.html25d0b1ccb0b157ceff4e883e;FannyWorm
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlBanking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlGlobe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlThe
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/fin7-stealer.html
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmlChessMasters
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmlCyber
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmlOSX/Proton
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmloCyber
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html.
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlCharming
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlNew
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlOperation
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlROKRAT
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.htmlPoisoning
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.htmlThere
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.htmlKorea
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.htmlOperation
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.htmlBronze
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.htmlOlympic
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.htmlTrojan.DarkLoader
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html3Targeted
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.htmlRuby
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.htmlTargeted
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendm
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/?p=73194
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-h
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-hLuaBot:
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-lands
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-foothold
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdAttack
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdDyre
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdpj
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdwww.secureworks.com/
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-of-the-90s-kid
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-of-the-90s-kidAnalysis
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-of-the-90s-kidChinese
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-New
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/banker-trojan-sports-BANKER
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/banker-trojan-sports-Industroyer
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojans-as-a-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bebloh-expands-japan-BEBLOH
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bebloh-expands-japan-Jaff
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bebloh-expands-japan-mise.pdf
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-espionage-c
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-stra
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-stracCyber
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wa
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-mal
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-malCVE-2017-0199:
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-spam-runs-resu
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-.P
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-Erebus
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-TREASUREHUNT:
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/fake-apps-take-advant
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/fastpos-updates-in-tiUrsnif
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2016/02/fighter
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black.jFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black//Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black/u8WAVh
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black00Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black12Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black18Campaign
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black19Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black1cFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black20Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black2DFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black2bFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black38Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black3AFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black3WFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black42Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black43Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black45Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black55Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black6eFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black70Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black76Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black80Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black87Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black94Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black97Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black99Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black9dFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackAVFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackBzFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackC6Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackD1Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackD5Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackE
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackFollowing
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackPTFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackSeFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackWGNYE
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacka.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacka2Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacka7Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackaPFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackasFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackbfFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackc
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackc5Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackceFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackd2Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackd5Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackddFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackdfFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacke
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacke-Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackf1Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackf6Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackfbFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackg
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackg-Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackgoFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackhrFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackjFFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackkeFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacklsFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackmpFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackp:Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackraFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackteFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackttFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackwaFollowing
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-at
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-atCompromised
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-atStrider:
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hddcryptor-updates-st
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tar
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tarBotnet
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tarDCSO
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tarKIVARS
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-7Latest
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-Latest
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-ppendixes.pdf8
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-upd
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-comple
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-y
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-y8
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-yLurk:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-yTerracotta
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kit
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kitenPlugX
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/majikpos-combines-pos
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/majikpos-combines-posConnecting
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/majikpos-combines-posMajikPOS
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-fareit-strain-del
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-ghost-push-varian
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-BlackOasis
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-Industroyer
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-New
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-targeted-attack-g
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-wannacry-mimickin
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-NewPosThings
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas.
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlasPoS
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlasRecent
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-c-major-act
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-s
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-iosMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-iosPawn
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/plugx-new-tool-for-a-
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreo
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreoEPS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreoPok
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pornographic-themed-m
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-at
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-at#)RawPOS
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-at2
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atF
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atRawPOS
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atV
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atX
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atm
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-ats
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atx
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze--1009---njrat-uncove
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-.Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-07Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-20Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-46Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-4aDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-54Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-5aDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-74Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-8bDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-9-Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-98Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-98bDaserf
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-PTDaserf
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-_oDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-coDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-daDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-diDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-ment_crew_indicators
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-njDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-reThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-roDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-teDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-toDaserf
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-t
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-t9002
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tMagic
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tSandworm
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tXData
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-us
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-usAttacks
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-usSigned
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/syscon-backdoor-uses-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/syscon-backdoor-uses-Locker:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/syscon-backdoor-uses-SYSCON
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/the-significance-of-t
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/third-party-app-store
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-actors-behind-
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-actors-behind-BIFROSE
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-actors-behind-Sandworm
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discoversKorplug
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discoversMalumPoS:
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/two-games-released-in
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-pos-malware-a
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/updated-sundown-exploUpdated
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/us-healthcare-organiz
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/us-healthcare-organizksUS
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/us-healthcare-organizulMultiple
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-update
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-updateAngler
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-updateSSH
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-variants
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-variantsAngler
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-variantsGroup5:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spam
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamDing
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamKaragany.B
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamMalicious
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/fareit-analysis
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs1fc6034b3ec99a01e3b2cde22846772656481d7374209ca0
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs4124a533037373a922b01421caca3821af36099d98b7d6aa
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs6b44c772bac7cc958b1b4535f02a584fc3a55377a3e7f4cc
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngsb4cb0490afa7da6647dc7f255a6c4c742b649fe4ff853b83
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidon
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidon4D938F4A5B3BAFB84CBD447FC3DCCACB;Destover
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidonInfected
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidonPoseidon
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/resume-spam-cryptowall
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/spam-dridex
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/sysadmin-phish
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/teslacrypt
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/wiper-malware
Source: vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/trojanized-putty-software
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/trojanized-putty-softwareLazarus
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/trojanized-putty-softwareTrojanized
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/wp-co
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/wp-coAdventures
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/wp-coSpam
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://botzone1.blogspot.com/2015/03/blue-ddos-botnet-stub-source-panel.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://botzone1.blogspot.com/2015/03/blue-ddos-botnet-stub-source-panel.htmlBlue
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://botzone1.blogspot.com/2015/03/blue-ddos-botnet-stub-source-panel.htmlLinux/Moose
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-9002
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-Sandworm
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malver
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverChina
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverLarge
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-ban
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-banBanking
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-banJapanese
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-banYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-sampl
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplAPT28
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplDeciphering
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplEmissary
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplRussian
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.(2010)
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.India
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.s
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.de/2015/08/potao-express-samples.html
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.de/2015/08/potao-express-samples.html8
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://csirt.ninja/?p=1103
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_an
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anSystematic
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anmiSystematic
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anminiduke_indicators_
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anorSystematic
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_antorSystematic
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://cyber.verint.com/nymaim-malware-variant/aAPT28
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf.pOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf.pdf
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf01Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfCyOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfKorea
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfNew
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfOpOperation
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfTnOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfatOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfeaOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfesOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdflOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfn_Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfncOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfpoOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfr_Operation
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://d12zpbetgs1pco.cloudfront.net/Weatherapi/shell
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://d99net.3322.org
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://darkeyev3.blogspot.fi/
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/Appendix%20-%20The%20Rise%20and%20Fall%20
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pd
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdPrivileges
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://dokumente.linksfraktion.de/inhalt/report-orig.pdf
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://download.ahnlab.com/kr/site/library/%5bAnalysis%5dDefense_Industry_Threat
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-Babar
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-Malicious
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/8
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/Filmkan
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/Turla
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/zscaler/research/~3/KveAeHbavcs/ongoing-angler-ex
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/zscaler/research/~3/KveAeHbavcs/ongoing-angler-exSatellite
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/zscaler/research/~3/KveAeHbavcs/ongoing-angler-exSpyDealer:
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Nxcmd081znk/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://ftp.powernet.com.tr/supermail/debug/k3
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://garwarner.blogspot.com/2016/08/amazon-gift-card-from-kelihos.html
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://garwarner.blogspot.com/2016/08/amazon-gift-card-from-kelihos.htmlAmazon
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://garwarner.blogspot.com/2016/08/amazon-gift-card-from-kelihos.htmlStuxnet
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://getalfa.rf.gd/?i=1
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://go.cybereason.com/rs/996-
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/0Nhax2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/5VYtlU
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/9Tlk90
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/MJ0c2M
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/SGcS2HSymantec
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/TWGNYE
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/V0epcf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/WiwtYT
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/ZjJy
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/ZjJyti
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL476bf24a4b1e9f4bc2a61b152115e1feDerusbi
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL4c0b2e9d2ef909d15270d4dd7fa5a4a5Derusbi
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL4f4bf27b738ff8f2a89d1bc487b054a8a7bd555866ae1c161f78630a638850e775d3d1f23628122a
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL7bd55818c5971b63dc45cf57cbeb950bDerusbi
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/bGzjmB
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/bTtpGDMalware
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/bTtpGDTROJ_WERDLOD:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/d5ujEHKraken
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/f6xNwu
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/f6xNwu8
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/f6xNwue
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTr
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTr$0i
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTr8
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTrBackspace
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTrFireeye:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTrTargeted
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/igxLyF
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/ivt8EW
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/jcS0lOAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/kAHB9t
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/m2CXWR
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/psjCCc
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/u8WAVh
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://google.com/search
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/Chaos:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/Ransom.ShurL0ckr
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://grimhacker.com/2015/04/10/gp3finder-group-policy-preference-password-finder/
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Adventures-in-PoSeidon-ge
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Adventures-in-PoSeidon-geAdventures
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Adventures-in-PoSeidon-geUncovering
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://hi.baidu.com/ca3tie1/home
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://hi.baidu.com/xahacker/fuck.txt
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://ht.ly/Wg3GY
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://ht.ly/Wg3GYScanline
Source: vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: http://ht.ly/Wg3GYp
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://id-ransomware.blogspot.co.uk/2016/10/ishtar-ransomware.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://id-ransomware.blogspot.co.uk/2016/12/braincrypt-ransomware.html
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://id-ransomware.blogspot.co.uk/2017/06/shifr-raas-ransomware.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://iframe.ip138.com/ic.asp
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://info.ai.baesystems.com/rs/308-OXI-896/images/The_Return_of_Qbot_WP_V2%20M
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://itsjack.cc/blog/2015/02/krakenhttp-not-sinking-my-ship-part-1/
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://johannesbader.ch/2015/01/the-dga-of-symmi/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://johannesbader.ch/2015/01/the-dga-of-symmi/Symmi
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://l-y.vicp.net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://laudanum.inguardians.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://laudanum.secureideas.net
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://liuya0904.blogspot.co.uk/2016/04/new-elknotbillgates-variant-with-xor.htm
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/1.asp?id=16
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/index.asp?id=2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/index.asp?id=zhr
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/retomysql/pista.aspx?id_pista=1
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/23/index.html9EITest
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/23/index.htmlCryxos.B
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/29/index.htmlBlank
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/29/index.htmlsBlank
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/29/index.htmlture
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/01/index.html
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/01/index.htmlKaragany.B
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.htmlGlobeImposter
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.htmlTomcat
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.htmlVawtrak
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.html
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlDridex
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlGryphon
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlxCaon
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/03/index.htmlIntroducing
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/03/index.htmlx
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2015/03/cryptofortress-teeraca-aka.html
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2015/06/fast-look-at-sundown-ek.html?m=1
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.html
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlNebula
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlRegin
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlUrsnif:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://marcoramilli.blogspot.co.uk/2017/06/false-flag-attack-on-multi-stage.html.
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://marcoramilli.blogspot.co.uk/2017/06/false-flag-attack-on-multi-stage.htmlFalse
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://md5.com.cn/index.php/md5reverse/index/md/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://microsoftcompanywork.htm
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-mor
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morBernhardPOS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morMultiple
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wi
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wi9Word
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wiCobalt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wiOkiru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wiWord
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-exce
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://netimo.net
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://news.asiaone.com/news
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=11115&c=5&lng=en&p=0
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=11115&ampAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=11115&ampLinux.DDoS.93
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Duqu
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Lazarus
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5New
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Operation
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Trojanized
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9754&lng=en&c=14
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://news.softpedia.com/news/free-darktrack-rat-has-the-potential-of-being-theAlphaLocker
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://news.softpedia.com/news/meet-orcus-latest-addition-to-the-rat-market-5060
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://news.softpedia.com/news/new-malware-uses
Source: GZe6EcSTpO.exe, GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://ntsecurity.nu/toolbox/clearlogs/
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://oalabs.openanalysis.net/2016/09/18/the-case-of-getlook23-using-github-iss
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligen
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/Palebot_Pales
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/Palebot_PalesOperation
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20a
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20a8
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20aHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20actHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20ailHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20ailPitty
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20araHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20areHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20aybHangover
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20Illuminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20New
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20Updated
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/ThreatConnect
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7V
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VLinux.DDoS.93
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VSpy
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VfAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VfSpy
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/raw/S8ApwFFz
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/raw/S8ApwFFzGathering
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/raw/S8ApwFFziAkdoor
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.c
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.cMacro
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.cWonknu:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-.
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-Attack
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-Bolek:
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/disrupting-an-adware-serving-skype-botnet/
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/disrupting-an-adware-serving-skype-botnet/Disrupting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/disrupting-an-adware-serving-skype-botnet/Pushdo
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/fluxerbot-nginx-powered-proxy-malware/
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/macro-documents-with-xor-encoded-payloads/
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/rockloader-new-upatre-like-downloader-pushed-dridex-downloads
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.ht
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.htNewPosThings
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.htOrcaRAT
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-BAIJIU:
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-Holiday
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-The
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/neutrino-exploit-kit-deliver
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmlFMore
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmleaMore
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmlrPlugX
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmltMore
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmlwMore
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdf
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdfAPT30
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdfSakula
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdfScanbox
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html?utm
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html?utmCompromised
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html?utmOilRig
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html?utm_source=
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html?utm_source=Malware
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2015/12/new-spy-banker-trojan-telax-abusing.html
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.html.pThere
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlPost-Soviet
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlTThere
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlThere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlaThere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlack
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlgThere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmluThere
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.co
Source: vnwareupdate.exe, 00000003.00000003.242241721.0000000003CA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googl
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlAttacks
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlBadMirror:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlDCSO
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlWild
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-Recent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-aRecent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-f6Recent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-ioRecent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-udiRecent
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-e
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-e8
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-eCmstar
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-eThe
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/plugx-uses-legitimate-samsung
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/plugx-uses-legitimate-samsungMagnitude
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/plugx-uses-legitimate-samsungPlugX
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-fam
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-gove
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-goveChina-based
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-CozyCar
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-Tracking
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-se
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seFlokibot
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seRecent
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seUnit
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-4ae4;APT10
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-Syrian
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-UPS:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-WannaCry
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aeros
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aeros8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerosCompromised
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerosWatering
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/banking-trojan-escelar-infect
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-KeyRaider:
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targetsOperation
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targetsRetefe
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-A
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-RTF
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-Unusual
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-cam
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-camMusical
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modi
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-Android
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-Chinese
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-a
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aBanking
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aDragonOK
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aJapanese
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-mo
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/11/cryptowall-v4-emerges-days-af
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-s
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-lin
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linAttack
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linAttacks
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russ
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russAPT3
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russBBSRAT
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russEl
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russPowerSniff
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russThe
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jail
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/proxyback-malware-turns-user-
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-em
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-emNetTraveler
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-emYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-Anchor
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-Deep
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-New
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-Operation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-The
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espi
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-li
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-didAsruex:
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-didEmissary
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-didSphinx
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phish
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishAndroid
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishWidespread
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/banload-malware-affecting-bra
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/evolution-of-samsa-malware-su
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/locky-ransomware-installed-th
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/locky-ransomware-installed-thLocky
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/locky-ransomware-installed-thMalware
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-ma
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-maBBSRAT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-maIlluminating
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-acto
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-tesla
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-o
Source: vnwareupdate.exe, 00000003.00000003.233614213.0000000005D73000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets
Source: vnwareupdate.exe, 00000003.00000003.233536403.0000000005CF3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets-south
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-a
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-varian
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-varianTracking
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-andromeda-botnet-targe
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-cryptobit-another-rans
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-spynote-android-trojan
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-spynote-android-trojan(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-spynote-android-trojanKaseya
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-orcus-birth-of-an-unus
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-orcus-birth-of-an-unusOrcus
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-orcus-birth-of-an-unusPackrat:
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-t
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-tSigned
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-tSofacys
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-Operation
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-distt
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-tools
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsDCSO
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsDragonOK
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-exploring-cybercrime-u
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-exploring-cybercrime-uBanking
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-From
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-KONNI
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-Second
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-aInvestigation
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-aMagic
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-aSandworm
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage.
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xageFlokibot
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-si
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-siContinued
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infec
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-d
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequelThe
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequelWannaCry
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/?p=17203
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/?p=17203Aveo
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/?p=17203Crimeware-as-a-Service
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://reversingminds-blog.logdown.com/posts/2125985-dridex-atombombing-in-detaiDown
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://sec4app.com
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/fulldisclosure/2015/Jan/131
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/68978/whos-really-spreading-through-the-bright-star/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/68978/whos-really-spreading-through-the-bright-star/Potential
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/research/68083/cloud-atlas-redoctober-a
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/research/68083/cloud-atlas-redoctober-aCloud
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/research/68083/cloud-atlas-redoctober-aSyrian
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf0b7613e0f739eb63fd5ed9e99934d54a38e56c558ab8
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/files/2015/02/Carbanak_APT_eng.pdfCarbanak
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://securityblog.s21sec.com/2015/03/new-banker-slave-hitting-polish-banks.htm
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-fo
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-foNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-foOperation
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-foaNew
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://securitykitten.github.io/lusypos-and-tor/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://securitykitten.github.io/lusypos-and-tor/EWRaspberry
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://securityxploded.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://securityxploded.com/browser-password-dump.php
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: http://sentrant.com/2015/05/20/bedep-ad-fraud-botnet-analysis-exposing-the-mecha
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://sentrant.com/2015/05/20/bedep-ad-fraud-botnet-analysis-exposing-the-mechaBedep
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://sentrant.com/2015/05/20/bedep-ad-fraud-botnet-analysis-exposing-the-mechaRawPOS
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://seo.chinaz.com/?host=
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://services.fiveemotions.co.jp
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://snip.ly/giNB
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://snip.ly/giNB8
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://stnmt.bacninh.gov.vn/documents/57412/11672469/420-STTTT.pdf
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://surveillance-security-camera.blogspot.co.uk/2017/01/analysis-of-new-shamo
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://t.co/EG0qtVcKLh
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05#
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05#KTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05#qTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05$
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05$TTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05%
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05(
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05)
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05.
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05/
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-050
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-052
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-052/Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-052CTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-053
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-055
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-056
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-057
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-058?Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-059
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-059JTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05=RTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05ARTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05D
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05E
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05G
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05I3Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05K
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05M
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05N
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05O
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05P
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Q
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05R
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05S
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05T
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05U
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05W
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05X
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Y
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Z
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05_
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05a
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05b
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05c
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05d
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05dbTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05dtTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05e
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05f
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05g
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05h
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05i
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05j
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05l
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05m
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05n
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05o
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05p
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05q
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05q0Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05q8Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05r
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05rOTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05rvTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05s
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05t
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05u
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05v
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05w
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05x
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05x:Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05y
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05z
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05~
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01APTnotes
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Archimedes
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01FireCrypt
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Grabit
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Skype
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20160106-02
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://thisissecurity.net/2015/09/30/when-elf-billgates-met-windows/Operation
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://thisissecurity.net/2015/09/30/when-elf-billgates-met-windows/When
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://threatconnect.com/camerashy/?utm_campaign=CameraShy
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://tools.zjqhr.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://translate.google.com/translate?prev=hp&hl=en&js=n&u=%s?%d&sl=es&tl=en
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://update.konamidata.com/test/zl/sophos/td/index.dat?
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://update.konamidata.com/test/zl/sophos/td/result/rz.dat?
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://update.upload-dropbox
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://us11.campaign-archive1.com/?u=90e9f2002c4ccb9d8c541acf9&id=27baaa7b7b
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://user.qzone.qq.com/568148075
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20Auro
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20AurockCombating
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20AurokCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20Aurokan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://winodwsupdates.me
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.0855.tv
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.4ngel.net
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdf
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdf6788313A762C211DCB0DE421607E6057;Desto
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfGauss
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfHancitor
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfIntroducing
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfP
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfPoseidon
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfuss
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.arbornetworks.com/blog/asert/alpha-testing-alphaleon-http-bot/
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.avanan.com/resources/attack-on-office-365-corporate-users-with-zero-d
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.baidu.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.baidu.com/ma.exe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.bleepingcomputer.com/news/security/cryptoluck-ransomware-being-malverNew
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.bleepingcomputer.com/news/security/ctb-faker-ransomware-does-a-poor-j
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://www.blueliv.com
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.cert.org.cn/publish/main/10/2017/20170804154348879884398/201708041543
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.cert.pl/PDF/The_Postal_Group.pdf
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-sp
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-sp20Nearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spMaNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spPTNearly
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spWoNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spabEthiopian
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spatNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spdfNearly
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spfdNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spixNearly
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spoup
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spteNearly
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/ruby-rce-used-to-push-monero-coinminer/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.chinesehack.org/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/Charming
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/F220F0A48885BAFC29B31FB7228CC4BB;Bots
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/Full
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/copykitten-jpost/
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/APTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/Anunak:
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/Operation
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campai
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/Iranian
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/TIranian
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/iec/#att123
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/iec/#att123Operation
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/ismagent/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/ismagent/EquationDrug
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/ismagent/Recent
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/0219;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/0LeetMX
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/44b8ee7fc2c9;APTnotes
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/8
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/8p
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/A
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/F
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/LeetMX
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/N
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/Operation
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/T
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/Y
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/df
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/f
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/nShark-MaudiOperation.pdf
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/notes
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/s
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/Digging
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/Iranian
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/Malware
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/The
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/tulip
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/8
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/Floki
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/Recent
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/Tofsee
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201ABLOID_EXTRAt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201Syrian
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201The
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf?x
Source: vnwareupdate.exe, 00000003.00000002.530925888.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdfIranian
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdfRCHER
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdfck
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.cnhonker.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.cnhonker.net============
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.cnhonker.net=============
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfGathering
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfMiniduke
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfNebula
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfRegin
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/turlaepiccc/turla_epic_cc_v1.pdf
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/turlaepiccc/turla_epic_cc_v1.pdfEpic
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyintanalysis.com/a-quick-look-at-a-likely-newposthings-sample/
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyintanalysis.com/threat-analysis-poison-ivy-and-links-to-an-extended
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/aggressive-malware-pushers-prolific-cyber-surfers-beware/
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/aggressive-malware-pushers-prolific-cyber-surfers-beware/(
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/koreatimes-installs-venik/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/koreatimes-installs-venik/Infected
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/koreatimes-installs-venik/Kraken
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti-tMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti/s
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti:/Multiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instienMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instiewMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instifaMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instiwaMultiple
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/psychcental-com-infected-with-angler-ek-installs-bedep-va
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/psychcental-com-infected-with-angler-ek-installs-bedep-vaAndroid.Bankosy:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/psychcental-com-infected-with-angler-ek-installs-bedep-vaAngler
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.darknet.org.uk/2016/03/tempracer-windows-privilege-escalation-tool/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.dyamar.com.
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmck
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmck8
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmck8p
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckCombating
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckDirt
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckNew
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckRATs
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckThe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.eyuyan.com)
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1015_Alienspy_FINAL.pdf
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdf
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfDisrupting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfPushdo
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfSakula
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfiPushdo
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_Si
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_Si.secureworks.com/cyb
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_SiAttack
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_SiFidelis
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/03/stop_scanning_mymac.html
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mkt
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mktNew
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mktWinnti
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mktkNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.foundstone.com
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.html
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.htmlFurther
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.htmlPincav
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.htmlVENOM
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.co.jp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/bot.html)
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://www.govcert.admin.ch/blog/5/e-banking-trojan-retefe-still-spreading-in-sw
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.govcert.admin.ch/blog/5/e-banking-trojan-retefe-still-spreading-in-swTargeted
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.govcert.admin.ch/blog/5/e-banking-trojan-retefe-still-spreading-in-swe-Banking
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.greyhathacker.net/?p=738
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.hackdos.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.hackp.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.happysec.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.hkmjj.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.i0day.com/1.txt
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://www.infosecisland.com/blogview/23567-Vietnamese-Malware-Gets-Very-Persona
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ran
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/another-distraction-new-version-north-korean-ransomware-h24A
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/another-distraction-new-version-north-korean-ransomware-hCs
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Lazarus
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Lucky
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/New
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Trojanized
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Vawtrak
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/eternalminer-copycats/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/new-variants-of-agent-btz-comrat-found/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.ip138.com/ip2city.asp
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2014/10/cve-2014-4114/
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2014/10/cve-2014-4114/Roki
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2015/06/hawkeye-keylogger-campaigns-affect-multipl
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-le
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-leKhaan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.israirairlines.com/?mode=page&page=14635&lang=eng
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.jmicron.co.tw0
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.ht
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.ht8
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.ht8P%
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htDridex
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htSpearphishing
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htTargeted
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&amp
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3671
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=4327
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&ampThe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&ampWin32/Spy.Obator
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1465
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=14658
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1465Citadel
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1465Pkybot:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.luocong.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.maicaidao.com/server.phpcaidao
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_27
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_27Covert
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_27It
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2014/06/blitzanalysis-embassy-of-greece-beijingCOSMICDUKE
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2014/06/blitzanalysis-embassy-of-greece-beijingEmbassy
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2015/05/14/index2.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2015/08/13/index.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2015/09/02/index.html
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.html
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlDridex
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlGryphon
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlxCaon
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.html
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.htmlBanking
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.htmlNaoinstalad
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.htmlNew
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.malwarefor.me/2015-08-31-angler-ek-pushing-bedep/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.md5.com.cn
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.md5decrypter.co.uk/feed/api.aspx?
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://www.morihi-soc.net/?p=910
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/lab-blog/closer-look-hancitor
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/lab-blog/mikey-linux-keylogger
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoorTurla
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.nartv.org/mirror/ghostnet.pdf
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampAndroid
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampCharming
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampDridex
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampFull
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampGreenbugs
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.nforange.com/inc/1.asp?
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.nyxbone.com/malware/CryptoMix.html
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.operationblockbuster.com/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/Duqu
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/Skype
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.pcshare.cn
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.pcshares.cn/pcshare200/lostpass.asp
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are0The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are0Windigo
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are5The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are7The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areNThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areaThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-arecThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-aredThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areiThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.realtek.com0
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.sablog.net/blog
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://www.seculert.com/blogs/ursnif-deep-technical-dive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.seculert.com/blogs/ursnif-deep-technical-diveLazarus
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://www.secuobs.com/revue/news/326907.shtml
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-fami
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-famiComment
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-famiSakula
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/stegoloader-a-steal
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomwa
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomwaRatting
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomwaTeslaCrypt
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-t
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-tKeyBoy
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-tThreat
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.sginternet.net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.site.com/test.dll?user=%USERNAME&pass=%PASSWORD
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/black-vine-formidable-cyberespionage-group
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/breaking-bad-themed-los-pollos-hermanos-cr
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/breaking-bad-themed-los-pollos-hermanos-cr&#39
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-u
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/colombians-major-target-email-campaigns-de
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/colombians-major-target-email-campaigns-de#1020
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/colombians-major-target-email-campaigns-deColombians
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/duuzer-back-door-troj
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-kore
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threat
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threat8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threatATMZombie:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threatDyre
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malw
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malw.s
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malwBanking
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malwDragonOK
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-one-click-fraudsters-target-ios-u
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-h
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-hDyreza
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-hNew
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financi
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financiCARBANAK
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financiOdinaff:
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tar
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tarMARCHER
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tarPatchwork
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tartchwork
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/russian-bank-employees-received-fake-job-o
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauNew
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauOperation
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauStrider:
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauWild
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-do
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-do0Taiwan
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doDCSO
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doLinking
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doTaiwan
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doarTaiwan
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-dot
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Sc
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScBanking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScRATs
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScckCommunities
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Sch
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/SckCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/SckThe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Sckan
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepa
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepaHoliday
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepaThe
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99Android.Bankosy:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99South
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.thc.org
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/china-hacks-the-peace-palace-all-your-eezs-are
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/From
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/Possible
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlGlobeImposter
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlLazarus
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlNew
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlVawtrak
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/11/down-the-h-w0rm-hole-with-houdinis-rat.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/11/down-the-h-w0rm-hole-with-houdinis-rat.htmlDown
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/11/down-the-h-w0rm-hole-with-houdinis-rat.htmlDridex
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.threattracksecurity.com/it-blog/dyre-now-using-signed-certificates-ht
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.threattracksecurity.com/it-blog/dyre-now-using-signed-certificates-htDyre
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.threattracksecurity.com/it-blog/dyre-now-using-signed-certificates-hte-Banking
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.topronet.com
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.co.kr/cloud-content/us/pdfs/security-intelligence/white-pa
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape//Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape089Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape1EOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape5bOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape6Operation
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeA
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeAmazon
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeAttacks
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeBraincrypt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeNwOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papePawn
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeSaOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeatOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papedOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papef6XSLCmd
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papegOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeiOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeioOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeion
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papepOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-paperOperation
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.de/media/wp/safe-a-targeted-threat-whitepaper-en.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.vip80000.com/hot/index.html
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.virusradar.com/en/Python_Agent.F/description
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.htmlAnalyzing
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.htmlMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.html_Muddying
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.volexity.com/blog/?p=158
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.volexity.com/blog/?p=158Grabit
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.volexity.com/blog/?p=158Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.wasabii.com.tw
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://www.waseda.jp/navi/security/2017/0414.html
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.waseda.jp/navi/security/2017/0414.htmlCallisto
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.waseda.jp/navi/security/2017/0414.htmlSpearphishing
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-l
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lAggressive
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lCompromised
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lb
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lhnCompromised
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom.
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-customFancy
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-customNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-customSednit
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afgha
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afgha:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghaBingo
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghaoKorplug
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/01/29/msilagent-pyo-have-botnet-will-travel/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/01/29/msilagent-pyo-have-botnet-will-travel/MSIL/Agent.PYO
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/01/29/msilagent-pyo-have-botnet-will-travel/Operation
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/Operation
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/ROKRAT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/The
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/29/unboxing-linuxmumblehard-muttering-spamHong
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/29/unboxing-linuxmumblehard-muttering-spamMumblehard
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/Winnti
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/07/23/porn-clicker-keeps-infecting-apps-on-go
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-g
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-gCarbanak
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-gGazing
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/17/the-trojan-games-odlanor-malware-cheats
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/22/android-trojan-drops-in-despite-googles
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/10/20/multi-stage-exploit-installing-trojan/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/10/20/multi-stage-exploit-installing-trojan/Multi-stage
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/10/20/multi-stage-exploit-installing-trojan/Wiper
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-indust
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-indust?
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-industNew
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-industTaiwan
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-eas
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-easVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/12/nymaim-rides-2016-reaches-brazil/Regin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/12/nymaim-rides-2016-reaches-brazil/lRegin
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmiss
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sednit-und
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2014/01/Advanced-Persistent-Thr
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.p
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pMalicious
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressDrOperation
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Expressare
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressatOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressinOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressmpOperation
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressonOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressooOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressozOperation
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressspAnalysis
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressukOperation
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd.
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd.0
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd.p
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdOperation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdStantinko
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.wzpg.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xcodez.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfocus.net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfocus.org
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xxx.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xxx.com/xxx.exe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://x.x.x/x.dll
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://zhouzhen.eviloctal.org
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/Erebus
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/MONSOON
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/Petya
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/SpyNote
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/i(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://1.2.3.4:1234)
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://127.0.0.1:6655/cgi/redmin?op=cron&action=once
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/An
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/Fireeye:
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/SlingShot
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/burning-umbrella/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://adaclscan.codeplex.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://app.any.run/tasks/719c94eb-0a00-47cc-b583-ad4f9e25ebdb
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://app.any.run/tasks/ae2521dd-61aa-4bc7-b0d8-8c85ddcbfcc9
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/a2zw9uye2hhofsc1me6yfj39u6gjalcq
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/a2zw9uye2hhofsc1me6yfj39u6gjalcqDuke
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/a2zw9uye2hhofsc1me6yfj39u6gjalcqlInside
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/c95me2uocwoothfnapxrcjwfmynue4ri
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8ENeutrino
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8iRetefe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8mbot-APT.pdf
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3APT1:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3Group5:
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3THE
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57
Source: vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv576BE21E389056CA028CF9083E42A765E8F61B0B5C;Crypt
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57EvilBunny
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Footprints
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Pincav
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57The
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://arsenalexperts.com/Case-Studies/Odatv/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/an-update-on-the-urlzone-banker/
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/automating-intelligence-discovering-recent-plugx
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/automating-intelligence-discovering-recent-plugxDiscovering
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/automating-intelligence-discovering-recent-plugxTargeted
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/8
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/Fancy
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/peeking-at-pkybot/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/peeking-at-pkybot/Pkybot:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/peeking-at-pkybot/RawPOS
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/uncovering-the-seven-pointed-dagger/
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://attack.mitre.org/wiki/Software/S0142
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://attack.mitre.org/wiki/Software/S0142APT10
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://attack.mitre.org/wiki/Software/S0142New
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://badcyber.com/new-mirai-attack-vector-bot-exploits-a-recently-discovered-
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20R
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20RPitty
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20RRSA
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20RUnmasking
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareDarkhotel
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-fac
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-fac6B6E023B4221BAE8ED37
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-facDownloaders
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-t
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tCerber
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tH
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tNew
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers-The
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customersSThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customerseThe
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customersuRetefe
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-inFrom
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-inPayloads
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-protects-five-universities-new-malwar
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-protects-five-universities-new-malwarTrojan.DarkLoader
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ou
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ou4Tordow
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ouContinued
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ouTordow
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-ag
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-agAnalysis
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-agOperation
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-agtRecent
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/an-introduction-to-alphalocker
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companiesDigitally
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companiesThe
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/graftor-variant-leveraging-signed-microsoft-executable
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/grand-theft-auto-panda
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/grand-theft-auto-pandaThe
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany.
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany8
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germanyDridex
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germanyPetya
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radarShell
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radarTick
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/the-ghost-dragon
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyveillance.com/widespread-malspam-campaign-delivering-locky-ransom
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyveillance.com/widespread-malspam-campaign-delivering-locky-ransomChina-based
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyveillance.com/widespread-malspam-campaign-delivering-locky-ransomWidespread
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.ensilo.com/uncovering-new-activity-by-apt10
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.eset.ie/2016/09/01/torrentlocker-crypto-ransomware-still-active-usi
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/06/14/obfuscated-bitcoin-miner-propagates-through
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/07/25/insights-on-torrentlocker
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/11/02/the-angry-spam-and-the-tricky-macro-deliver
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/11/02/the-angry-spam-and-the-tricky-macro-deliverHancitor
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/11/28/a-new-all-in-one-botnet-proteus
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizati
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbot
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbotA
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbotRecent
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Evasive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Malware
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Operation
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/12/pdf-phishing-leads-to-nanocore-rat-targets-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/12/pdf-phishing-leads-to-nanocore-rat-targets-6PDF
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/12/pdf-phishing-leads-to-nanocore-rat-targets-diPDF
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targets
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targetsBadRabbit
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targetsEvasive
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targetsdcc6;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitc
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitc7A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitc9A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcaA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcaMaster
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcgA
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2018/02/21/omg-mirai-based-bot-turns-iot-devices-into-
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2018/02/21/omg-mirai-based-bot-turns-iot-devices-into-Emissary
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2018/02/21/omg-mirai-based-bot-turns-iot-devices-into-New
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/post/over-100-000-south-korean-users-affected-by-black
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/post/over-100-000-south-korean-users-affected-by-blackSouth
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/post/over-100-000-south-korean-users-affected-by-blackTunnel
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/04/14/a-mole-exposing-itself-to-sunlight/
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/04/14/a-mole-exposing-itself-to-sunlight/A
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/Operation
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/Snake:
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2014/02/23968-uroburos-highly-complex-espionage-s
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2014/11/23937-the-uroburos-case-new-sophisticated
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2015/01/23926-analysis-of-project-cobra
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2015/01/23927-evolution-of-sophisticated-spyware-
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2015/01/23927-evolution-of-sophisticated-spyware-l
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifi
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifiAngler
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifiNew
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifiSofacy
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-th
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-thAndromeda
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-thThe
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-thaAndromeda
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.korumail.com/cyber-security/french-commercial-proposal-malware/
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2016/10/get-your-rat-on-pastebin/
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2017/01/the-curious-case-of-a-sundown-e
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptominin
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomininTNewly
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/exploits/2016/08/malvertising-campaign-
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-docShakti
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-docShell
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-docTordow
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disg
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disgCmstar
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disgKorplug
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/04/usps-themed-malspam-now-de
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/cerber-ransomware-delivere00OilRig
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/cerber-ransomware-delivereOilRig
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-anti
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-antiCarbanak
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-antiLocky
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-antiNb
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/01/a-coin-miner-with-a-heaven
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/01/a-coin-miner-with-a-heavenA
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/01/a-coin-miner-with-a-heavenMalicious
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experimen
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experimenDrive-by
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experimenMalware
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/new-mac-cryptominer-distri
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/new-mac-cryptominer-distriNew
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/new-mac-cryptominer-distriSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-NitlovePOS:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-Operation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-Uncovering
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/05/unusual-exploit-kit-targets-chi
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/05/unusual-exploit-kit-targets-chiRTF
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/05/unusual-exploit-kit-targets-chiUnusual
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/11/blast-from-the-past-blackhole-e
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-c
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-cDyre
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-cUnusual
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/12/inside-chimera-ransomware-the
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2016/03/maktub-locker-beautiful-and-d
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/malvertising-2/2015/11/the-casino-malvertising-cam
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/malvertising-2/2015/12/spike-in-malvertising-attac
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/04/a
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massi
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massiFlash
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.nviso.be/2018/08/02/powershell-inside-a-certificate-part-3/
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-ov
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-ov:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-ovSamSam
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-OH-Worm
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-OPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-PoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-arPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-nPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-oPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-rPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-sPoS
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu.gDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu/gDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu0
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu1BDeciphering
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu2
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu22Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu43Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu52Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu70Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu89NEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuA9Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuAPDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuClDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuCyDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuDCSO
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciud
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuf
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciunSDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuppDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciups://goo.gl/CywXnS
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-tar
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-tarLazarus
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaig
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulner
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnerDrive-by
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnerFalse
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnerOracle
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnere
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnuke-se
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnuke-seFlash
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac0Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac1Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac2Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac6Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac7Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac9Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacDragonOK
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacEspionage
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacH
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacIVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacTVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-co
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-coCARBANAK
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-coCarbon
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/dridex-shadows-blacklisting-stealth-a
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/jaff-enters-ransomware-scene-locky-st
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/jaff-enters-ransomware-scene-locky-stJaff
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigbo
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-.gNEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-0
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-99NEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-CyNEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-FEA
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismu
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-d
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-dTracking
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-dUDPOS
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-move8
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-moveMalumPoS:
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-moveUrsnif
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custo
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custoChinese
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custoZEUS
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/android-malware-clicker-dgen-found-google-p
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/android-malware-clicker-dgen-found-google-pActor
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/evoltin-pos-malware-attacks-via-macro
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/malware-employs-powershell-to-infect-system
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacks
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacksNetwire
Source: vnwareupdate.exe, 00000003.00000003.241767951.0000000005691000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/Lurk:
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/Rovnix
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizatio
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizatioSpearphishing
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizatioTerracotta
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/cat-phishing/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/cat-phishing/Cat
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/cat-phishing/New
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/peering-into-glassrat/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/Operation
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/Peering
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf2RSA
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf8
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf9bOperation
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfDarkhotel
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfOperation
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfR
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfRRSA
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfRSA
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfcRSA
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfchRSA
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-39Terracotta
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3Digitally
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3Terracotta
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3The
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-p
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdfLegspin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdfOilRig
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf.dAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf20Analysis
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfMaAnalysis
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfThe
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfampAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfare
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfgiAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfhtAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfmlAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfo-Analysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfpeAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfpoAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfprAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfs.Analysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdftaAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfumAnalysis
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-co
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-coEthiopian
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-coThe
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-cobEthiopian
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-wit
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-wit2Inside
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-witInside
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-witSamSam
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedCNCERT
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedFrom
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedMalware
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedPayloads
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedPossible
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposede
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Exploring
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Inside
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Recent
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Wiper
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferat
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-commun
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communKnock
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communSurtr:
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communaCryptoLuck
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/Iranian
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/Malware
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/Communities
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/Tibetan
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-gr
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-grSpoofed
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-grTargeted
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/08/what-we-know-about-the-south-korea-niss-use-of-ha
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/08/what-we-know-about-the-south-korea-niss-use-of-haPackrat:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/Quaverse
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/APT29
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Angler
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Group5:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Lazarus
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Miniduke
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://code.google.com/p/google-security-research/issues/detail?id=473&can=1&start=200
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://coinhive.com/documentation/miner
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-a
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-aKeyBoy
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-aeKeyBoy
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attack
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-ta
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-taOperation
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/07/10/active-m8
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/04/targeted/hRemcos
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/04/targetedBCHTHONIC
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/04/targetedlesCHTHONIC
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-Did
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-Russian
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-Tale
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-uRussian
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/12/08/grateful
Source: vnwareupdate.exe, 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by-nc/4.0/
Source: vnwareupdate.exe, 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by-nc/4.0/.
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/azorult-version-2-atrocious-spyware-in8
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-Double
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-official
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officialCyber
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officialLazarus
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officialR
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/malware-actors-using-nic-cyber-security-themed-spear-phishin
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/malware-actors-using-nic-cyber-security-themed-spear-phishinn
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/uri-terror-at
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-emb
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embURI
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://digitasecurity.com/blog/2018/02/19/coldroot/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://digitasecurity.com/blog/2018/02/19/coldroot/Denis
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://dl.dropbox.com/u/105015858
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://dl.dropbox.com/u/105015858/nome.exe
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://docs.googl
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErcContinued
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErcNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErcs
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX01Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX03Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX08Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX31Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX32Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX33Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX37Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX5cCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX5dCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX66Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX78Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX7dCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX80
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX84Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX8dCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX93Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX95Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX97Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXNewly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXPTCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXa7Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXaeCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXalCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXasCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXb6Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXc7Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXc8Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXcdCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXctCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXd8Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXe3Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXe6Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXf1Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXf6Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXfcCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXmyCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXneCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXpdfCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXpeCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXroCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXteCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXtoCampaign
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-Finds
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-Finds.
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-FindsChinese
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-FindsDressCode
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-CVE-2017-11882-exploited-to-del
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-CVE-2017-11882-exploited-to-delCVE-2017-11882
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-CVE-2017-11882-exploited-to-delStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybere8fb36bf4d5cf98c2;APT
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereAPT3
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereUntangling
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cyberefb28dee5fde7cbb0;APT
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphin
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinCyberespionage
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinTravle
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://exchange.xforce.ibmcloud.com/collection/Group-123s-2016-to-2018-Campaign
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://exchange.xforce.ibmcloud.com/collection/Group-123s-2016-to-2018-Campaign/Skygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://exchange.xforce.ibmcloud.com/collection/Group-123s-2016-to-2018-Campaign0Comnie
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/marcher-gets-close-to-u
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/marcher-gets-close-to-u8
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/marcher-gets-close-to-uMARCHER
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/new-python-based-crypto
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/new-python-based-crypto8
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://file.gdatasoftware.com/web/en/documents/whitepaper/Rurktar.pdf
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://file.gdatasoftware.com/web/en/documents/whitepaper/Rurktar.pdfAPT29
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://file.gdatasoftware.com/web/en/documents/whitepaper/Rurktar.pdfRurktar
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://firstlook.org/theintercept/2015/08/21/inside-the-spyware-campaign-agains
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://ghostbin.com/paste/jsph7
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://ghostbin.com/paste/xgvdv
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/edeca/01f5e35d7de074cdd6710caddd973965
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/edeca/01f5e35d7de074cdd6710caddd973965Paranoid
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/edeca/01f5e35d7de074cdd6710caddd973965The
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8#file-katz-xml
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/0x00-0x00/ShellPop
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/0xbadjuju/Sharpire_RID2A4F
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/AlessandroZ/BeRoot/tree/master/Windows
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/AlessandroZ/LaZagne
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/AlessandroZ/LaZagne/releases/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/BeetleChunks/redsails
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Ben0xA/nps
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Cn33liz/SharpCat_RID2A27
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Cn33liz/p0wnedShell
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/CoreSecurity/impacket
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/DarthTon/Blackbone
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/FuzzySecurity/PowerShell-Suite
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/HarmJ0y/KeeThief
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Kevin-Robertson/Invoke-TheHash
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/MalwareTech/UACElevator_RID2B2C
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Neo23x0/Loki/issues/35
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Neo23x0/yarGen
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/PowerShellEmpire/Empire
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Torte_ELF.yarLinux
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Torte_ELF.yarRurktar
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/adaptivethreat/Empire
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/bartblaze/PHP-backdoors
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/bitsadmin/nopowershell
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csv
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csvPackrat:
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csvRovnix
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csvSouth
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/cpaton/Scripting/blob/master/VBA/Base64.bas
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/eset/malware-ioc/blob/master/sednit/part3.adoc
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/eset/malware-ioc/blob/master/sednit/part3.adocA
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/fireeye/iocs/tree/master/APT28
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/foxglovesec/RottenPotato
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/frohoff/ysoserial
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/g0tmi1k/exe2hex
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/gdssecurity/PSAttack/releases/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/gentilkiwi/kekeo/releases
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/gentilkiwi/mimikatz/releases
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/hfiref0x/UACME
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/huntergregal/mimipenguin
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/jaredhaight/Invoke-MetasploitPayload/blob/master/Invoke-MetasploitPayload.ps1
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/joridos/custom-ssh-backdoor05ce6e55dc8b2cdf07eca710c652032dae7940d9f719d24c65de77
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/maaaaz/impacket-examples-windows
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/mdsecactivebreach/CACTUSTORCH_RID2A54
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/n1nj4sec/pupy-binaries
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nccgroup/Winpayloads
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nccgroup/redsnarf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nikicat/web-malware-collection
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/odzhan/shells/
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/pan-unit42/iocs/blob/master/ramdo/hashes.txt
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/peewpw/Invoke-PSImage
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/ptrrkssn/pnscan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/putterpanda/mimikittenz
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/rapid7/metasploit-framework/commit/12a6d67be48527f5d3987e40cac2a0cbb4ab6ce7
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/rsmudge/metasploit-loader
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/samratashok/nishang
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/skelsec/PyKerberoast
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/sqlmapproject/sqlmap
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocks
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksBronze
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksEDB660EF32E2FD59AD1E610E9842C2DF;Dridex
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksEternalRocks
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksProject
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksTofsee
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/subTee/AllTheThings_RID2BB8
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/t3ntman/CrunchRAT_RID2A5B
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/tiagorlampert/CHAOS
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/valsov/BackNet
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/vysec/ps1-toolkit
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/wordfence/grizzly
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/xmrig/xmrig/releases
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/zerosum0x0/koadic
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/cta-2018-0116-appendix.pdf
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/cta-2018-0116-appendix.pdf-2017-9805
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdfDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdfTargeting
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdfurce:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4if3HG
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4nyX1e
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4nyX1eAPT29
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4nyX1eAPTnotes
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4pTkGQ
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/5jvv9q
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/7jGkpV
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/7yKyOj
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/7yKyOjq
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8LbqZ9
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8LbqZ9Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8LbqZ9IB
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8U6fY2
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8U6fY23e91f399d207178a5aa6de3d680b58fc3f239004e541a8bff2cc3e851b76e8bb0914f9fbdac67cd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/9DNn8q
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/AW9Cuu
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/BSQWzw
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/BvYurS
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CX3KaY
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CpfJQQ
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CywXnS
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CywXnS3f23d152cc7badf728dfd60f6baa5c861a500630nS10586913ceeecd408da4e656c29ed4e91c6b7
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/E4qia9
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/HG2j5T
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/HZ5XMN
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/JAHZVL
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/JAlw3s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/JQVfFP
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eR
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eR0
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRIRC
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRMiddle
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRP
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRp
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/LXeeW70face841f7b2953e7c29c064d6886523W7APT28
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/LXeeW77e68371ba3a988ff88e0fb54e2507f0d0529b1d393f405bc2b2b33709dd571539fea62c042a8eda
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/LXeeW7APT28
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/MSJCxP
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/MZ7dRg
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Mr6M2J
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/N5MEj0
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Nbqbt6
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/OOB3mH
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/OkB63qFidelis
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/PChE1z
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Pg3P4W
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/QMRZ8K
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/QaOh4V
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Qew6dT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/RLf9qU
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/RvDwwA
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/SjQhlp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/VbvJtL
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/VdrwgR
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/WVflzO
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Z292v6
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Z3JUAA
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/eFoP4A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/ffeCfd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/h6iaGj
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk(w
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk036EB11A5751C77BC65006769921C8E5;Bots
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk1CCC528390573062FF2311FCFD555064;Data-Stealing
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk3A25847848C62C4F2DCA67D073A524AE;Destover
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk8
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk80
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxY
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxY23d.exe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxY89d.exe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYAbg.exe
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYConEmu.exe
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYFile.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYNoodles.exe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYOrange
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYPort.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYSession.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYShell.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYSocks.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYY
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYf3e3e25a822012023c6e81b206711865Energetic
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYrk
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/iqH8CK
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/jKIfGB
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/jhJWRpUpdateproxy.dll
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/joxXHF
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/jp2SkT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/p32Ozf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/pTffPA
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/puVc9q
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/qScSrE
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/qeBHsr
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/rW1yvZ
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/snc85M
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/t3uUTG
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/t3uUTGMofang
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/t3uUTGTROJ_WERDLOD:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/tcSoiJ
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/tezXZt
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/th5q2vGMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/uAic1X
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/urp4CD
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/v3ebal
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/vtQoCQ
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/vtQoCQProject
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlh
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhD1C27EE7CE18675974EDF42D4EEA25C6;Destover
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhProject
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhROKRAT
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhTROJ_WERDLOD:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/x81cSy
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/xnKTgt
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/xnKTgt.p9
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/xnKTgtrk
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zPsn83
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V8
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V83da8e94c6d1efe2a039f49a1e748df5eef01af5aV8The
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V84bdd366d8ee35503cf062ae22abe5a4a2d8d8907V8The
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V85c52996d9f68ba6fd0da4982f238ec1d279a7f9d8839d3e213717b88a06ffc48827929891a10059
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V8The
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://hazmalware.blogspot.co.uk/2016/12/analysis-of-august-stealer-malware.htm
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://heimdalsecurity.com/blog/security-alert-adwind-rat-targeted-attacks-zero
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-8
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-Iranian
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-Spear
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118Dark
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118New
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://iranthreats.github.io/resources/human-rights-impersonation-malware/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://iranthreats.github.io/resources/human-rights-impersonation-malware/MALWARE
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://iranthreats.github.io/resources/macdownloader-macos-malware/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/diary/Analysis
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/diary/Tomcat
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/Adwind
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/Malspam
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/NemucodAES
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/Sage
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://issp.ua/issp_system_images/Crystal_Finance_Millennium_CyberAttack_EN.pdf
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://issp.ua/issp_system_images/Crystal_Finance_Millennium_CyberAttack_EN.pdfSednit
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://issp.ua/issp_system_images/Crystal_Finance_Millennium_CyberAttack_EN.pdfUkranian
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/securelist/?p=75237
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/themysteryoft
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/theteamspysto
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-t
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-tA
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-tPlatinum
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-tWinnti
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/2016/05/inside-the-million-machine-clickfraud-botne
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/2013/04/MiniDuke_Paper
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid0Operation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid1Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid2Operation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid3Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid4Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidIOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidROperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidTOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidVOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidXOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidb3Operation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insiddOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insideOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidfOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidlOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidlienVault
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidoOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidrOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidsOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidtOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidzOperation
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://labs.opendns.com/2016/07/13/wildfire-ransomware-gaining-momentum/
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for-the-3rd-asean-us-summi
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for-the-3rd-asean-us-summiDridex
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for-the-3rd-asean-us-summiWonknu:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applican
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applican.
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applican.P
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicanMONSOON
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicanQarallax
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://login.yahoo.com/config/login
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://logrhythm.com/pdfs/threat-research/logrhythm-labs-oilrig-campaign-analys
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://malwr.com/analysis/ZDc4ZmIyZDI4MTVjNGY5NWI0YzE3YjIzNGFjZTcyYTY/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://map.blueliv.com
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://maps.blueliv.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://matt.ucc.asn.au/dropbear/dropbear.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://medium.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://minergate.com/faq/what-pool-address
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://mlwre.github.io/2015/12/11/Derkziel-Sofware.html
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://mlwre.github.io/2015/12/11/Derkziel-Sofware.html25e4d8354c882eaea94b52039a96cc6d969a2dec8486
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://mlwre.github.io/2015/12/11/Derkziel-Sofware.htmlDerkziel
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html/Disrupting
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html/Operation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmlAlmanah
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmlOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmlRoki
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmls/Operation
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-deli
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-deliSpoofed
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-deliTargeted
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/Fake
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/New
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-swift-copy-notification-payment-slip-malspam
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-swift-copy-notification-payment-slip-malspamFake
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-swift-copy-notification-payment-slip-malspamench
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/invoice-notification-with-id-number-40533-deliver
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/more-fake-receipts-and-payment-receipt-emails-delGlobe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/more-fake-receipts-and-payment-receipt-emails-delThe
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-email
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailPowerShell
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailSandworm
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/scanned-image-from-mx-2600n-with-password-protect
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/scanned-image-from-mx-2600n-with-password-protectScanned
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/scanned-image-from-mx-2600n-with-password-protectTurlas
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-hsbc-account-secure-documents-malspam-del
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-rfq-quotation-from-sino-heavy-machinery-c
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-uk-fuels-collection-malspam-delivers-malw
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-uk-fuels-collection-malspam-delivers-malwSpoofed
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-uk-fuels-collection-malspam-delivers-malwThe
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/the-return-of-locky-with-fake-invoice-emails/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/trickbot-downloaded-via-vbs-email-blank-subject-n
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/trickbot-downloaded-via-vbs-email-blank-subject-nMultiple
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://mzultra.wordpress.com/2014/05/06/c654645ff44bbaa41e5b77be8889f5e5/
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://mzultra.wordpress.com/2014/05/06/c654645ff44bbaa41e5b77be8889f5e5/Pcoka
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-r
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-rFlokibot
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-or
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-orFrom
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://nioguard.blogsp
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://nioguard.blogspXData
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x0E.html
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x17.html
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x17.htmlFinding
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x17.htmlSPEAR:
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x18.html
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x18.htmlDing
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.html
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.htmlBadPatch
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.htmlFurtim
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.htmlROKRAT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/MGAVB1uz
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/MGAVB1uzdfAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/MGAVB1uzfAPTnotes
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/Ncu00NRv
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/Ncu00NRvREGIN
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/Y7pJv3tK
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/raw/
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux//SWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux/LSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux56SWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux63SWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux9aSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxbeSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxeaThe
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxs
Source: vnwareupdate.exe	String found in binary or memory: https://plusvic.github.io/yara
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://proofpoint.com/us/threat-insight/post/Not-Yet-Dead
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://proofpoint.com/us/threat-insight/post/Not-Yet-DeadContinued
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://proofpoint.com/us/threat-insight/post/Not-Yet-DeadDridex
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHas
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHas(2010)
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHas.Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHasThe
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201611_Ke
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201611_KeIt
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_In
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_In8P
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_InInsider
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_InNew
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/fireeye/pivy-report/master/PIVY-Appendix.pdf
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/13
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/2564af38;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/29768a2452a0e3abde02
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/2abcbff517a4adb2609f
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/32172544079ff42890db
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/40b299824e34394f334b
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4724f2b83f4181d3df47
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4dec74bc41c581b82459
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/6b38ec36d001361edd98
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/75585c3b871405dd299d
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/7c8d63137ed7a0b365cc
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/;US
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/Bankshot
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/IoTroop
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/ac317ed78f8016d59cb4
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/b9feb1af431404d1c55e
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/c310a9c431577f348923
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/c5f97184;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/d3f074b70788897ae7e2
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/d8cfafa2b02b6a25bd3b
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/dc8985226b7b2c468bb8
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/e3aa12fb899cd715abbe
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/f70e18fe0dedabefe9bf
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/h
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/ho
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/k-MaudiOperation.pdf
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/s
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/1A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/5Continued
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/8A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/Cyberattack
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/aA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/gA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/iA
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp285ff9c2339c8e9dbf;A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp29APT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp5aAPT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp86APT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpdiAPT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpe7APT3
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/apt-attack-middle-east-big-bang/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/.pBRONZE
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/01IoTroop
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/IoTroop
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/arIoTroop
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/ark-MaudiOperation.pdf
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/raIoTroop
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-ba
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-baPTCyber
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-badfThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-baseThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-bateThe
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/Paranoid
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-malspam-targeting-bra
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-malspam-targeting-braMalspam
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-malspam-targeting-braNemucodAES
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-v00OilRig
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vCerber
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vOilRig
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vTargeted
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vTemp.Periscope
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vTriton
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-tro
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-troSpyDealer:
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-The
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-Tick
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-pers
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persTwoFace
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-cont8
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-contDefaulting
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-contThe
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-n
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-nScanned
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-nThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-at
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-lay
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-lay7e94;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layAnalyzing
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-lay_Analyzing
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-ta
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-taBotnet
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-taHoeflerText
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-CVE-2017-8759:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-Threat
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/BadPatch
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/New
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/Paranoid
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/e
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targe
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targe9Skygofree:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeFreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeMSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targecSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targelFreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targetFreeMilk:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-c
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeuSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-at
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-atInsider
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-atOilRig
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-d
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targe
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeFormBook
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeTargeted
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta18Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta1dMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta2eTrickbot
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta31Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta54Trickbot
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta7dMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taLockCrypt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta_cMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta_oMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taa4Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taafMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tab1Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tab5Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tabfMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tac0Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tac62ef8;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tac7Trickbot
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tad2787b;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tadiMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tameMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tatoMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taw_Muddying
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discove
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties0New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties1BEBLOH
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties1New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties6New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesTNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesaNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesbNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiescNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesdNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tieseNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesfNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesiNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesoNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesomise.pdf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesseNew
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-c
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-cIOilRig
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-cPDF
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbuster
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbusterNew
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbusterOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbusterer
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit4Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit5Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit92Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit9Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit_Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitcRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitdRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploiteRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitiRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitoEvasive
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitoRecent
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-ea
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-eaThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-eaUBoatRAT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-bo
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-bo2Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-boMaster
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-targ
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-targComnie
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-targrComnie
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-iot-malware-evolves-h
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-iot-malware-evolves-hIoT
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-iot-malware-evolves-hNorth
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cr
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-ii
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iiOilRig
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iicLarge
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-m
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/-PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis//PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/0PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/1PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/2PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/3PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/4PowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/5PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/6PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/7PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/8PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/Carbanak
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/EPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/VnPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/aPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/bPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/cPowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/ePowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/fOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/fPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/iPowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/oPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/sPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/tPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/uPowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/usPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/wPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/xPowerStager
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-a
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-aKovter
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-aThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-mi
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-cus
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukr
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entiti
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-servic
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-u
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-t
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmini
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://s.tencent.com/research/report/471.html
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.htmlKnock
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.htmlSurtr:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.htmlThreat
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.htm
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.htmContinued
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.htmThe
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/78674/sambacry-is-coming/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/0A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/1A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/2A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/3A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/5A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/6A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/6SamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/7A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/8A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/9A
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/MA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/SA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/Sample
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/Sednit
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/bA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/cA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/fA
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/s
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/36462/stuxnetduqu-the-evolution-of-
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin.p
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin8
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinWinnti
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/Citadel
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/GlobeImposter
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/The
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/72087/the-shade-encryptor-a-double-
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/72356/i-am-hdroot-part-2/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/.
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/SlingShot
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-trends-report-q2-2017/79332/Dridex
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-trends-report-q2-2017/79332/Greenbugs
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/18Bingo
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/5fInside
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/6cBingo
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atmii-a-small-but-effective-atm-robber/82707/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atmii-a-small-but-effective-atm-robber/82707/The
Source: vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-d
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-dNew
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/33208/new-version-of-osx-sabpub-confirmed-
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/IXESHE
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/MyKings
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/Temp.Periscope
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/The
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/75812/the-equation-giveaway/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/8
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/LockPoS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/The
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/10El
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/11023296f88f88bbb77d579f5fbad02e064274264c5066
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/El
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/dEl
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-t
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-.
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-Syrian
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-Tibetan
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-l
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-lLegspin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-lOilRig
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-lSkeleton
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-ga
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-gaThe
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-pla
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-plaEquationDrug
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-plaOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-plaSpam
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/8
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/APT
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/Grabit
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticat
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticatTheDuqu
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70726/the-spring-dragon-apt/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70726/the-spring-dragon-apt/APT1:
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/Communities
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/Dino
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/Naoinstalad
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threa
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threaStrider:
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threaWild
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71713/darkhotels-attacks-in-2015/
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/Jamieoliver
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/New
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contrOngoing
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contrSatellite
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contrTargeted
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72187/coinvault-are-we-reaching-the-end-of-
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-Duke
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-Sofacy
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-c
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-w
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-wATMZombie:
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-wLocky
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/74063/the-return-of-hackingteam-with-new-im
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/74063/the-return-of-hackingteam-with-new-imOngoing
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/74063/the-return-of-hackingteam-with-new-imThe
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/75040/lurk-banker-trojan-exclusively-for-ru
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/75328/the-dropping-elephant-actor/
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/75384/lurk-a-danger-where-you-least-expect-
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/76318/crypy-ransomware-behind-israeli-lines
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-fr
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-frIlluminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-frKopiLuwak:
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77621/newish-mirai-spreader-poses-new-risks
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/sas/77908/lazarus-under-the-hood/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/Denis
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/Lazarus
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/OSX/Coldroot
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/07/Kaspersky_Lab_crouching_yeti_appendixes_eng
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdf
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdfSyrian
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdfThe
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdfWannaCry
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regi
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regi8
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_RegiAPT1:
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_RegiMiniduke
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_RegiRegin
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_engThe
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2016/06/xDedic_marketplace_ENG.pdfLinux
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2016/06/xDedic_marketplace_ENG.pdfTHE
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/80
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/A
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/Gaza
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/in-expetrpetyas-shadow-fakecry-ransomware-wave-hits-ukrai
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/introducing-whitebear/81638/
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/introducing-whitebear/81638/Cat
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/introducing-whitebear/81638/Patchwork
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/luckymouse-ndisproxy-driver/87914/
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-m
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mLarge
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/operation-applejeus/87553/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/.
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729//
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/5F97C5EA28
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/APT
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/DCSO
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/Emissary
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/ScarCruft
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/Turla
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/shadowpad-in-corporate-networks/81432/
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603-FreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836033Group
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836033Skygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836035FreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836039FreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603Diplomats
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603SSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603Skygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603Spearphishing
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603aSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603ll
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603nSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603uGroup
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603wSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/the-nukebot-banking-trojan-from-rough-drafts-to-real-thre
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/the-nukebot-banking-trojan-from-rough-drafts-to-real-threThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/the-silence/83009/
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/8
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/8n
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/MSIL/Agent.PYO
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/WAP-billing
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/es
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/0Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/2Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/3Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/4Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/5Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/7Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/9Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/CZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/PZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/SZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/d
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/gZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/hZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/per
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/sZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/yZero-day
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-stea
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-te
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teDragonfly:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teFancyBear
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teThreat
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teeThreat
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw(Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw-Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw.Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw/Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw0Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw1Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw2Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw3Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw4Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw5Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw6Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw8North
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw9Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw:Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwCGold
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwLGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwSGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwTGold
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwTick
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwVGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwaGold
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-pe
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwdGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malweGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwfGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwgt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwh
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwnGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwoGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwon
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwpGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwrGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwsGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwuGold
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-globa
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-globaCyberespionage
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-globaLazarus
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/leakerlocker-mobile-ransomware-a
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/leakerlocker-mobile-ransomware-aLeakerLocker:
Source: vnwareupdate.exe, 00000003.00000003.245791168.00000000039A7000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeon
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeonps://goo.gl/CywXnS
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalis
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalis58cNorth
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalisNorth
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalisbGSowbug:
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentDragonfly:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentIt
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentMajikPOS
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentTargeted
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-repor
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-repor9Paggalangrypt.A
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reporJenX
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtml
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmlEvilBunny
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmlFurther
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmlVENOM
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmllVENOM
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securityintelligence.com/brazil-cant-catch-a-break-after-panda-comes-themlRegin
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-wa
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-waThe
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://sfkino.tistory.com/73
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://spamonmove.blogspot.co.uk/2017/01/email-on-10th-jan-2017-invoice-from.ht
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://st.drweb.com/static/new-www/news/2016/september/Investigation_of_Linux.M
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://st.drweb.com/static/new-www/news/2016/september/Investigation_of_Linux.MInvestigation
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://st.drweb.com/static/new-www/news/2016/september/Investigation_of_Linux.MThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://steemit.com/shadowbrokers/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://t.co/OLIj1yVJ4m
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://techhelplist.com/index.php/tech-tutorials/41-misc/444-aspr
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://techhelplist.com/index.php/tech-tutorials/41-misc/444-asprCVE-2017-0199:
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://techhelplist.com/index.php/tech-tutorials/41-misc/444-asprLinking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.co
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/0x766c6164/status/794176576011309056
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/0xffff0800/status/1118406371165126656
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/BThurstonCPTECH/status/1128489465327030277
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/933280188733018113
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/944926250161844224
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/944926250161844224Angler
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/944926250161844224Group5:
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472MS15-078
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472Sofacy
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/968104465818669057
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DbgShell/status/1101076457189793793
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DrunkBinary/status/1002587521073721346
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DrunkBinary/status/1018448895054098432
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DrunkBinary/status/982969891975319553
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ItsReallyNick/status/887705105239343104
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ItsReallyNick/status/975705759618158593
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ItsReallyNick/status/980915287922040832
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/James_inthe_box/status/1072116224652324870
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JaromirHorejsi/status/1047084277920411648
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JoKe_42/status/879693258183647232
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JohnLaTwC/status/915590893155098629
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JohnLaTwC/status/915590893155098629Locky
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/MarceloRivero/status/988455516094550017
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/RedDrip7/status/1145877272945025029
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/Voulnet/status/892104753295110145
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/abuse_ch/status/1145697917161934856
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/asfakian/status/1044859525675843585
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/blu3_team/status/955971742329135105
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/buffaloverflow/status/907728364278087680
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/buffaloverflow/status/908455053345869825
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/crai
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/crai(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/craiPetya
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/craiu/status/900314063560998912
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/craiu/status/959477129795731458
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/sta
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832ASCS
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832Temp.Periscope
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1129647994603790338
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/9455880420808990728
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/9455880420808990729750018A94D020A3D16C91A9495A7EC0;Data-Stealing
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072Further
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072Lazarus
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072e
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyberintproject/status/961714165550342146
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/danielhbohannon/status/877953970437844993
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/danielhbohannon/status/905096106924761088
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234Ding
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234Karagany.B
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234New
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234Pcoka
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eya
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyaBanking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyaNaoinstalad
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyaNew
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyad312ff06187c93d12dd5f1d0;FannyWorm
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/882497460102365185
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Continued
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Dimnie:
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Shell
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Tordow
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/900248754091167744Hellsing
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/920661179009241093
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/92066117900924109328cTurla
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/haroonmeer/status/939099379834658817
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/infosecn1nja/status/1021399595899731968?s=12
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/itaitevet/status/1141677424045953024
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/jiriatvirlab/status/822601440317345792
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/malwareforme/status/915300883012870144
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/malwrhunterteam/status/953313514629853184
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/martin_u/status/880088927595638784
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/msftmmpc/status/877396932758560768
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/mzbat/status/895811803325898753
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/omri9741/status/991942007701598208
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/pwnallthethings/status/743230570440826886?lang=en
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/securitydoggo/status/936219272002654208
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/silv0123/status/1073072691584880640
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/stamparm/status/864865144748298242
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://virustotal.com/en/file/3d8a0c2d95e023a71f44bea2d04667ee06df5fd83d71eb5df
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://virustotal.com/en/file/3d8a0c2d95e023a71f44bea2d04667ee06df5fd83d71eb5dfAlmanah
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://vms.dataprotection.com.ua/virus/?i=13332788&virus_name=Trojan.Inject
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&amp
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&i=15421778
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&i=8400823
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampAndroid
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampGhosts
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampLinux.Proxy.10
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampTargeted
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.ru/virus/?
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.ru/virus/?i=15059456
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlDetecting
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlLuaBot:
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlPoS
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlXAgentOSX:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://weankor.vxstream-sandbox.com/sample/6b857ef314938d37997c178ea50687a281d8ff9925f0c4e709407546
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedes
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedes.
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedesArchimedes
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedesGlobeImposter
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Ana
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc.
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc.p
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc/wWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc17WannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc50WannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc52WannaCry
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc8
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc8p
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc96;APT10
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcAnother
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcF8WannaCry
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcThe
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcWannaCry
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcYayih
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcanWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcc.WannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researccuWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcd
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcdiWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcdoWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researce3;APT10
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/a-north-korean-monero-cryptocurre
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/a-north-korean-monero-cryptocurreA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/a-north-korean-monero-cryptocurreOkiru
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/arp-spoofing-used-to-insert-malic
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/arp-spoofing-used-to-insert-malicARP
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/arp-spoofing-used-to-insert-malicUpdated
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/botnet-bruteforcing-point-of-saleAided
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/botnet-bruteforcing-point-of-saleBotnet
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/botnet-bruteforcing-point-of-saleKIVARS
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-vi
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-viLockCrypt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-viRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-viYx
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/targeted-attacks-against-tibet-or
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcjsWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcnsWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcpsWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcryWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researctoWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researctyWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcwrWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researczaWannaCry
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.
Source: vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.0
Source: vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.P
Source: vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.p
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex/Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex1Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex2Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex5
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex7Operation
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex8
Source: vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex807
Source: vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex88
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex8P5
Source: vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex8p6
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exConference
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exDragonOK
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exMusical
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exYiSpecter:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exeOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exiOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exmOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exoOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-extOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exyOperation
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/additional-insights-shamoon2/
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/another-banker-enters-matrix/WannaCry
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-From
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-ckCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-kCommunities
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/Digital
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/Flokibot
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/Unit
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/XAgentOSX:
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/Sofacys
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/The
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/8
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/Full
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/Gryphon
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/lockpos-joins-flock/
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/recent-poison-iv/
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/the-revolution-will-be-written-in-delph
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/the-revolution-will-be-written-in-delphAsruex:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/the-revolution-will-be-written-in-delphThe
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-Threat
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatEmbassy
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatH
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatHpW
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatIlluminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatNew
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatPlugX
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatRetefe
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatSecond
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatUpdated
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-Fl
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-FlFastPOS
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-FlFlying
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&tn=baidu&wd=ip138
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badgu
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to26Cobalt
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/new-ghostadmin-malware-used-for-d
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-in-uk
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-in-ukEvolution
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/reyptson-ransomware-spams-your-fr
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/en-gb/security-blog/2015-01-20/reversing-inception-apt-
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2013-11-25/plugx-used-against-mongolian-t
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2013-11-25/plugx-used-against-mongolian-tPlugX
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2013-11-25/plugx-used-against-mongolian-tPowerSniff
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-04-09/visual-basic-script-malware-re
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-04-09/visual-basic-script-malware-rePotential
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-04-09/visual-basic-script-malware-reRTF
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-KeyRaider:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-Spearphising
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.com
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comEvilBunny
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comFidelis
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comPincav
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-l
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/a-deeper-look-at-tofsee-modules/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/a-deeper-look-at-tofsee-modules/Fiesta
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis///Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis//LRamnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/05Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/15Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/63Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/7dSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/a3Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/beRamnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/s
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/tofsee-en/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/tofsee-en/Cat
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/tofsee-en/Tofsee
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245791168.00000000039A7000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/10/1/h8ybw9lv70jigavhu46dexrlrhmow2
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-report
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportAnalysis
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportH
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportRecent
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.circl.lu/pub/tr-25/
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.contextis.com/documents/30/TA10009_20140127_-_CTI_Threat_Advisory_-_
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.contextis.com/documents/30/TA10009_20140127_-_CTI_Threat_Advisory_-_Communities
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.contextis.com/documents/30/TA10009_20140127_-_CTI_Threat_Advisory_-_The
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-commi
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-fiel
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-fielSednit
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/french-connection-french-aerospace-focused-cve-
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://www.crysys.hu/skywiper/skywiper.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.crysys.hu/skywiper/skywiper.pdfTargeted
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.csis.dk/en/csis/blog/4628/
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyberscoop.com/chipotle-hack-fin7-carbanak-baja-fresh-ruby-tuesday/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/baijiu.html
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/baijiu.htmlBAIJIU:
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/baijiu.htmlIOCS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.El
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.Malspam
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/rawpos-malware.html
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/rawpos-malware.htmlHikit
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/rawpos-malware.htmlRawPOS
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-konni-stealthy-remote-access
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-konni-stealthy-remote-accessKONNI
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.htmlHkdoor
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.htmliSamSam
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-the-return-of-qakbot-malwareIlluminating
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/O
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/OOSX/Dok
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/OOperation
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/operation-cleaver-the-notepad-files
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/operation-cleaver-the-notepad-filesPoS
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/eternalblue-exploit-actively-used-deliver-remote-access-
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/eternalblue-exploit-actively-used-deliver-remote-access-EternalBlue
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/eternalblue-exploit-actively-used-deliver-remote-access-KingKong.dll
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/samba
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/sambaOops
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/sambaSamba
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.damballa.com/corebot-and-darknet/
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://www.damballa.com/wp-content/uploads/2015/08/Damballa_PonyUp.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.dropbox.com
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.dshield.org/forums/diary/Example
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://www.easyaq.com/news/271075408.shtml
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-ef
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.enterprisetimes.co.uk/201
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.enterprisetimes.co.uk/201.
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.enterprisetimes.co.uk/201Analyzing
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: https://www.esentire.com/news-and-events/security-advisories/kaseya-virtual-syst
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.esentire.com/news-and-events/security-advisories/kaseya-virtual-systl
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdfIranian
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/callisto-groupGrand
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdfCOSMICDUKE
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdfUpdated
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002764.html
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002780.html
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002795.html
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002822.html
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002822.htmlDuke
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002822.htmlSofacy
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1019_Ratcheting_Down_on_
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_#1020
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_ZEUS
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29The
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29Ukranian
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2012/12/to-russia-with-apt.html
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.htmlBIFROSE
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.htmlHangover
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operati
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operati0The
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operati1Neutrino
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operatieThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operatinThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operatisThe
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/06/trojan-apt-seinup-hitting-a
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/06/trojan-apt-seinup-hitting-aLuaBot:
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/06/trojan-apt-seinup-hitting-aTrojan.APT.Seinup
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-e
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-e.
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-eOperation
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-ePalebot
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-ePok
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/hand-me-downs-exploit-and-i
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-da
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-daOperation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-daWinnti
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-Pawn
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-DCSO
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-Illuminating
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-Tracking
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-i
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-iOperation
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-iOrcaRAT
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydogOperation
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydogRecent
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydogThe
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-t
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/07/the-little-signature-that-c
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/07/the-little-signature-that-cThe
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/07/the-little-signature-that-crB
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-Connecting
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-Spoofed
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/operation-poisoned-hurrican
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-direction
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-directionRansomware
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-back
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backByeBye
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backXSLCmd
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backesellsing
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backsOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backsXSLCmd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-ope
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverEquationDrug
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverNew
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverOperation
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverThe
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlAPT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlDarkhotel
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlOperation
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlRSA
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.htmlMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.htmlTeslaCrypt
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.html
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.htmlNitlovePOS:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/09/suceful_next_genera.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.htmlAPT
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.htmlChina-based
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.htmlTaiwan
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.ht
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.htmlLuaBot:
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.htmlTREASUREHUNT:
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.html
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.htmlApocalypse
Source: vnwareupdate.exe, 00000003.00000003.234133131.0000000005DF3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/multigrain_pointo.html
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlKopiLuwak:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlUpdated
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/06/latest-android-overlay-malw
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/06/locky-is-back-and-asking-fo
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/06/resurrection-of-the-evil-mi
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03//Nebula
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/APT29
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/Without
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.h
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlBdCVE-2017-0199
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlCVE-2017-0199
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlMassive
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.htmlBernhardPOS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.htmlFIN7
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlPowerShell
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.ht
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.htEPS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.htThe
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-c
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cStrider:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sAttacks
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sTwoFace
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranianFake
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranianIranian
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distributeCVE-2017-8759:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distributeSurtr:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distributi
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tl
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tl0Newly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tl9Newly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tldNewly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tloNewly
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at0Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at1Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at2Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at4Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at6Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at7Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at8Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atHAttackers
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atIPoisoning
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atcAttackers
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-ateAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atliAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atpAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atrAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atuAttackers
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-e
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-e7aNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-e80New
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-eNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-ed8New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-eng
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-engMALWARE
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-engNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-eraNew
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/01/microsoft-office-vulnerabil
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deli
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliARITCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliENTtCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliE_NOCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliRt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deli_PRICVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-delit
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobi
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-c
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-de
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/r
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rNIC
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rThe
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rail
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/fireeye-malware-supply-chain.pdf
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/fireeye-malware-supply-chain.pdfDisrupting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/fireeye-malware-supply-chain.pdfFrom
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-en
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-enFrom
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-enOPERATION
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-Rans
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-RansNecurs
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-RansTurla
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securiA
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securiMONSOON
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/accounts/servicelogin
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.gov.il/he/Departments/publications/reports/rand
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/33/the-retefe-saga
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/33/the-retefe-sagaT0
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/33/the-retefe-sagaThe
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.guardicore.com/2016/06/the-photominer-campaign/
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.guardicore.com/2016/10/the-oracle-of-delphi-steal-your-credentials/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hackcon.org/wp-content/uploads/2015/02/Foredrag01.pdf
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/21f68db0d05c86d382742971b8b228dc1a6b47793
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513Andromeda
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513New
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513WannaCry
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/6a48b5211b622ffe49ae4e32ada72bb4d9db40576
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/788e91b3eaa67ec6f755c9c2afc682b830282b110
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/9ed5d45130547cc1df21aafae4d90e35587c0de97
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/cf1568bcf5f43e0eb44b2e813e5d31cd6f058c698
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/cf1568bcf5f43e0eb44b2e813e5d31cd6f058c698Korean
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/cf1568bcf5f43e0eb44b2e813e5d31cd6f058c698Vacation
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/d75d19693153a36a9414f418c2498d3b49016b1e4
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/fec85e6f69f1e619fc2d68c5501e4a9f2cc813bca
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/fec85e6f69f1e619fc2d68c5501e4a9f2cc813bcaShifr
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/fec85e6f69f1e619fc2d68c5501e4a9f2cc813bcaShortJSRat
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.icebrg.io/blog/footprints-of-fin7-iocs
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/APT28
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.its.ms.gov/services/securityAlerts/11-1-2012%20Possible%20spear%20ph
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.its.ms.gov/services/securityAlerts/11-1-2012%20Possible%20spear%20phThe
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.kudelskisecurity.com/sites/default/files/sphinx_moth_cfc_report.pdf
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.kudelskisecurity.com/sites/default/files/sphinx_moth_cfc_report.pdfAPT28
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.kudelskisecurity.com/sites/default/files/sphinx_moth_cfc_report.pdfSphinx
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.lac.co.jp/lacwatch/people/20170223_001224.html
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.lac.co.jp/lacwatch/people/20170223_001224.htmlAPT10
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.mcafee.com/hk/resources/white-papers/wp-global-energy-cyberattacks-n
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.mysonicwall.com/SonicAlert/searchresults.aspx?ev=article&id=995
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.mysonicwall.com/SonicAlert/searchresults.aspx?ev=article&ampDuqu
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs22BTurla
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2APTurla
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2CyTurla
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2ECTargeted
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2pper
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2psTurla
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou04Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou2013
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou2aTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou8eTurla
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouKIVARS
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou_cTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groub6Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groucoTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groudfTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groue8Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouf0Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groumeTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouroTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouseLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouseTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouw_Turla
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdfEpic
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdfHikit
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202
Source: vnwareupdate.exe	String found in binary or memory: https://www.openssl.org/docs/faq.html
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/p
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pDing
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pOcean
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-bloss
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossOPERATION
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fil
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-atta
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-attaContinued
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-attaOlympic
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-CVE-2017-0199:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-LeetMX
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-North
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-er
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-yberattack
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/proofpoint-threat-insight-carbana
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/proofpoint-threat-insight-carbanaCarbanak
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/dyre-malware-campaigners-innovate-distribution-tec
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/dyre-malware-campaigners-innovate-distribution-tecBolek:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricksExploring
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zer
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerOops
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerTemp.Periscope
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-F
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-FDyre
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-FDyreza
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-FOngoing
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-Vu
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-VuTWO
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-VutMassive
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Meet-GreenDispenser
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threa
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-ThreaDridex
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-ThreaNew
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Updated-Blackmoon-Banking-Troj
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/abbadonpos-now-targeting-speci
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/banking-trojans-dridex-vawtrak
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/banking-trojans-dridex-vawtrakDCSO
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-sam
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-s
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ranso
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoDouble
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoNew
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-reci
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-reciDridex
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-reciUrsnif
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backd
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdDroidJack
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdOPERATION
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleARP
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleFin7
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscri
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappearHancitor
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappearOdinaff:
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/kovter-group-malvertising-camp
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/kovter-group-malvertising-campThe
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spea
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spea013
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spea8Leviathan:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speaLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speaNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speacLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speameLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speaoLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-CVE-2017-0199
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-Massive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-Temp.Periscope
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-upd
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russia
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russiaNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russiaSednit
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-aptCampaign
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-aptOperation
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-pop
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-popAided
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-popKOVTER
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-popOstap
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/panda-banker-new-banking-troja
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/phish-scales-malicious-actor-tAndroid
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/phish-scales-malicious-actor-tFlying
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-//Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-/LSmominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-02Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-33Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-82Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-a3Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-beSmominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-c7Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-f37Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-fbSmominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-koOilRig
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/spam-now-with-side-of-cryptxxx
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/spam-now-with-side-of-cryptxxxSpam
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/spam-now-with-side-of-cryptxxxTARGETED
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopi
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopi1#ISMDoor
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiNRecent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopib8Turla
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopieTurla
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ursnif-banking-trojan-campaign
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ursnif-banking-trojan-campaignUrsnif
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clou
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clou617ba23c7a6aad88;APT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouCOSMICDUKE
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouIlluminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouNew
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouTARGETED
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouThreat
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouUpdated
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.recordedfuture.com/web-shell-analysis-part-2/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2India
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2Vacation
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.reverse.it/sample/6995fd3a66382669a48e071033a08c9404efd30c065b54f1ab
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.reverse.it/sample/e3399d4802f9e6d6d539e3ae57e7ea9a54610a7c4155a6541df8e94d67af086e?envir
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba0Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba5Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba6Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba8Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaCCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaInfrastructure
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaTCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaTDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaUCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaaCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobadCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaeCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobafcCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobagCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobanCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobapCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobarCobalt
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-EITest
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-WannaCry
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/
Source: vnwareupdate.exe, 00000003.00000003.245791168.00000000039A7000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-strike/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-strike/CCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-strike/FileTour
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/fake-flash-update-watering-hole-attack/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/fake-flash-update-watering-hole-attack/Fake
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/fake-flash-update-watering-hole-attack/HoeflerText
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/htprat/
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/3ce763275c55e691;APT10
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/Remcos
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/bRemcos
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf.P
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf21aee5e49dfa7b39fc97f0
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf49458ab6253da1f3023266
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf7e17eea51551c8d9ece289
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf928822f67fbb3cd9c83be8
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfThe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfc6e75bb6acd73bc7cf8908
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfh
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfhttp://goo.gl/NpJpVZ
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfoney
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfssom
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizat
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizatChinese
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizatDressCode
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/duqu
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-rat
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-ratDroidJack
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-ratSpam
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/bronze-unionBRONZE
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/bronze-unionContinued
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/htran8
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/htranAPTnotes
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns//SamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns/fSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns68dSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns9SamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsc0Recent
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsleSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsrbHkdoor
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigoo
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigoo8
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigooRecent
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigooThe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigooWin32/Spy.Obator
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/skeleton-key-malware-analysis
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/skeleton-key-malware-analysisA
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaign
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignDridex
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignFull
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignGreenbugs
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignParanoid
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignSpearphishing
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignThe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignl
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignl13475D0FDBA8DC7A648B57B10E8296D5;Bots
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignlThe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignmlGrand
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/wiper-malware-analysis-attacking-korean-finRecent
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/wiper-malware-analysis-attacking-korean-finTrojan.APT.Seinup
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/wiper-malware-analysis-attacking-korean-finWiper
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/Teaching
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/TelsaCrypt
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/iOperation
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.skycure.com/blog/exaspy-commodity-android-spyware-targeting-high-lev
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-Gaza
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-New
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-The
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/CVE-2017-0199-li
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/CVE-2017-0199-liNew
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/plugx-goes-to-th
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminer
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminer8
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminerCoinMiner
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/O
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/O/A
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/ORoki
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/OTheDuqu
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/T
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/TAndroid
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/TRSA
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/TTelsaCrypt
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/backdoorwinnti-attackers-have-skeleton-th
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-Dragonfly:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-OilRig
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-an
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-ixTargeted
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-m
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout4Sowbug:
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout5Turla
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout8Sowbug:
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-soutSowbug:
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-soutViSowbug:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitco
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitcoCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitcoVnCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitcoVnUntangling
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Darktrack
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Legspin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Nymaim
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Platinum
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Regin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Zeus
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitep
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitep8
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepBronze
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepComment
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepDeep
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepInComment
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepOperation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepRegin
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepSyrian
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepThe
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepUPS:
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepUnComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepWeComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepe_Comment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepesComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepg
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepiaComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepliComment
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whiteprOperation
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepraBlank
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepraComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepraPutter
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepucComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepucture
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepxeComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepybComment
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2016-0224
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-010516-1811-99
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011214-3734-99
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011214-3734-99Mestep
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011607-5822-99
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011607-5822-99Mestep
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011607-5822-99Trulop
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-031519-0428-99
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99663a;APT10
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99Andromeda
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99North
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99UPS:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99WannaCry
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99Zero-day
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-062915-5446-99
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-062915-5446-99Futurax
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-062915-5446-99MyKings
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-070611-0813-99
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-070611-0813-99H-Worm
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-070611-0813-99WAP-billing
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99Dreambot
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99Karagany.B
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2018-021208-2435-99
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2018-021208-2435-99Ransom.ShurL0ckr
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2018-021208-2435-99aOperation
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.theregister.co.uk/2018/01/16/arc_iot_botnet_malware/
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/Rescoms
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/Unmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/eraUnmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/ilUnmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/raUnmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/reUnmasking
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/khaan-quest-chinese-cyber-espionage-targeting
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/khaan-quest-chinese-cyber-espionage-targetingCNACOM
Source: vnwareupdate.exe, 00000003.00000003.241767951.0000000005691000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/killing-with-a-borrowed-knife-chaining-core-c
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/killing-with-a-borrowed-knife-chaining-core-cRetefe
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/killing-with-a-borrowed-knife-chaining-core-cYayih
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/operation-poisoned-helmand/
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/where-there-is-smoke-there-is-fire-south-asia
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-bel
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-belChina
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-/EVASIVE
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-nEVASIVE
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-tRocket
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.htmlBBSRAT
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.htmlThe
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.htmlUnusual
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.ai
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.aieraRescoms
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.aiilRescoms
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.aireRescoms
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-pape
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papeIXESHE
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papeSanny
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/KOVTER-and-CERBER-on-a-One-T
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/KOVTER-and-CERBER-on-a-One-TKOVTER
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Carbanak-/-Anunak-Attack
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-Post-Soviet
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-SYSCON
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-Macro
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-Quaverse
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Tale-of-the-Two-Payloads-%E2New
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Tale-of-the-Two-Payloads-%E2Tale
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-lik
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.u-toyama.ac.jp/news/2016/doc/1011.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/AA19-024A
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=Spearphishing
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=Unusual
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=fSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-164A6566a8c1b8b73f10205b6b1e8757cee8489e8f756e4d0ad37a314f2
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-164A83e7aaf52e5f567349eee880b0626e61e97dc12b8db9966faf55a99
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-293A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-318A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-318B
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA18-074A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publ
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publ3Malware
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publB5Malware
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publDownloaders
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publEvasive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publMalware
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publThe_Mirage_Campaign.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publcMalware
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publeMalware
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD0Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD1Truebot.A
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD3Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD5Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOThe
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD_Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDaBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDbBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDcBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDdBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDfBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDh
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDiBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDoBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publyMalware
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/070ee4a40852b26ec0cfd79e32176287a6b9d2b15e377281d8414550a83f6496/
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/975e515bbf8828b103b05039fe86afad7da43b043d
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/975e515bbf8828b103b05039fe86afad7da43b043dBBSRAT
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/975e515bbf8828b103b05039fe86afad7da43b043dRussia
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/ee069edc46a18698fa99b6d2204895e6a516af1a306ea986a798b178f289ecd6/
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/ip-address/188.128.173.225/information/
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/fr/file/740d3a1b84e274ad36c6811ee597851b279aa893de6be
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/UnDemocracy
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/asDemocracy
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/g
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/reDemocracy
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-tar
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-tarReal
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-tarRussia
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-&#39
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-Campaign
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-sta
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-sta.
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-staCarbon
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-staOperation
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-Turlas
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/.0
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/It
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/JS_POWMET
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/ppendixes.pdf8
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmediaFreeMilk:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmediaOSX/Proton
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmediacators_of_compromise
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-di
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diAnalyzing
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diBadRabbit
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/8P
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/ATMii:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/Windigo
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disru
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disruDisrupting
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disruFancy
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfi
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfi-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfi2ed97283c6e157eb5;AP
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfiIStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfiStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfibStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/0F246A13178841F8B324CA54696F592B;Wa
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/APT
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/C20980D3971923A0795662420063528A43D
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/Turla
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdfAided
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdfIndustroyer
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdfIranian
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf.
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf.P
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdfLeakerLocker:
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdfStantinko
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdfGazing
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdfNetwire
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pd
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdDiplomats
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdNearly
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdp
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdf
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdf8
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdfPeering
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdfStuxnet
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.yumpu.com/en/document/view/55505308/the-history-of-the-darkseoul-gro
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-thre
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.zingbox.com/blog/ploutus-d-malware-turns-atms-into-iot-devices/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/cnacom-open-source-exploitation-strategicWatering
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/ispy-keyloggerfFidelis
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/neutrino-malvertising-campaign-drops-gamaIThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/neutrino-malvertising-campaign-drops-gamalRetefe
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/new-infostealer-trojan-uses-fiddler-proxyTWO
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/pdf/technicalbriefs/tb_advanced_persistent_threats.pdf
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf8
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdfAPT30
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdfHiding
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdfTofsee
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-fl
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flFrom

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Code function: 0_2_00405205 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405205

E-Banking Fraud:

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Spam, unwanted Advertisements and Ransom Demands:

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\SQSJKEBWDT.docx	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\BNAGMGSPLO\EEGWXUHVUG.xlsx	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\ZGGKNSUKOP.jpg	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\PIVFAGEAAV.docx	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\EEGWXUHVUG.xlsx	Jump to behavior

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File dropped: C:\Users\user\Desktop\filename-iocs.txt -> decrypt\.url;60# hawkeye keylogger https://goo.gl/th5q2v\\hawkeye_keylogger_;70# kaspersky rat report https://goo.gl/th5q2v\\appdata\\roaming\\microsoft\\[^\\]{1,32}\.(exe|doc|zip);50\\audioendpointbuilder\.exe;60\\brokerinfrastructure\.exe;60\\windowsupdate\.exe;50# apt28 https://goo.gl/6xiayqmicrosoft\\mediaplayer\\updatewindws\.exe;100\\updatewindws\.exe;70\\netui\.dll;50\\edg6ef885e2\.tmp;60\\appdata\\local\\conhost\.dll;70\\application data\\conhost\.dll;70\\application data\\svchost\.exe;70\\application data\\conhost\.dll;70\\appdata\\local\\svchost\.exe;70\\appdata\\local\\conhost\.dll;70# fidelis threat advisory http://goo.gl/zjjyti\\9i86vdi3l1zi1v\\;60\\cvaniocol\.cmd;60\\flrsqgyy\.dvz;60\\ibdyambl\.vbs;60\\ouhlolswfixh$;60\\slie\.rjd$;60\\znimialt\.exe;60(temp|tmp|temp)\\cedt370r$3$\.exe;60(temp|tmp|temp)\\penguin\.exe;60\\microsoft\\windows\\hknswc\.exe;60\\microsoft\\windows\\appmgnt\.exe;60\\policymanager$;60\\file_127\.127\.ppt;60\\file_127\.127\.ppsx;60(t

Jump to dropped file

System Summary:

Malicious sample detected (through community Yara rule)

Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.436058475.0000000006B94000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.316101546.000000000684D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 00000013.00000003.464557374.0000000006D87000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file h6ss.php Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects NoPowerShell hack tool Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects JQuery File Upload vulnerability CVE-2018-9206 Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from FIN7 report in August 2018 Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious Doc from FIN7 campaign Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Dsniff hack tool Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HOPLIGHT malware used by HiddenCobra APT group Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects NoPowerShell hack tool Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects JQuery File Upload vulnerability CVE-2018-9206 Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from FIN7 report in August 2018 Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious Doc from FIN7 campaign Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Dsniff hack tool Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HOPLIGHT malware used by HiddenCobra APT group Author: Florian Roth
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.454771924.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file h6ss.php Author: Florian Roth
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.sh Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.asp Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-psh.vba Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.vba Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.psh Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.aspx Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.aspx Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vbs Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vba Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-cmd.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.hta Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-ref.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PowerShell ISESteroids obfuscation Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader - suspicious - Possible FP could be program crack Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript cloaked as Favicon file used in Leviathan incident Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a ZxShell - CN threat group Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EternalRocks Malware - file taskhost.exe Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects BeyondExec Remote Access Tool - file rexesvr.exe Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy RAT Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from OilRig malware and malicious scripts Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related custom port scaner output file Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Red Sails Hacktool - Python Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Rehashed RAT incident Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy backdoor Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware sample mentioned in Microcin technical report by Kaspersky Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Fireball malware - file clearlog.dll Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects CactusTorch Hacktool Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware related to Operation Cloud Hopper - Page 25 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Tools related to Operation Cloud Hopper Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimipenguin Password Extractor - Linux Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Word Dropper from Proofpoint FIN7 Report Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file WMImplant.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Osiris Device Guard Bypass - file Invoke-OSiRis.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects powershell script used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a Windows scheduled task as used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects hack tool used in Operation Wilted Tulip - Windows Tasks Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Compiled Impacket Tools Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elgingamble Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsd Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file eggbasket Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file sambal Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file envisioncollision Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsex Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file DUL Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file slugger2 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file jackpop Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file estesfox Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool set Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects output generated by EQGRP scanner.exe Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: IEC-104 Interaction Module Program Strings Author: Dragos Inc
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in VBS obfuscation Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in JS obfuscation Author: Florian Roth
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file PHP1.php Author: Florian Roth
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file h4ntu shell [powered by tsoi Author: unknown
Source: 00000013.00000003.458084749.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.470647242.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file cmdjsp.jsp Author: Florian Roth
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file 404super.php Author: Florian Roth
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file Asp.asp Author: Florian Roth
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.473662008.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.481442342.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.325135478.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.455300807.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file h6ss.php Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file cmdjsp.jsp Author: Florian Roth
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file 404super.php Author: Florian Roth
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file Asp.asp Author: Florian Roth
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.470556930.0000000006B92000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file PHP1.php Author: Florian Roth
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file h4ntu shell [powered by tsoi Author: unknown
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.sh Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.asp Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-psh.vba Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.vba Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.psh Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.aspx Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.aspx Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vbs Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vba Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-cmd.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.hta Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-ref.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PowerShell ISESteroids obfuscation Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader - suspicious - Possible FP could be program crack Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript cloaked as Favicon file used in Leviathan incident Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a ZxShell - CN threat group Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EternalRocks Malware - file taskhost.exe Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects BeyondExec Remote Access Tool - file rexesvr.exe Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy RAT Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from OilRig malware and malicious scripts Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related custom port scaner output file Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Red Sails Hacktool - Python Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Rehashed RAT incident Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy backdoor Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware sample mentioned in Microcin technical report by Kaspersky Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Fireball malware - file clearlog.dll Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects CactusTorch Hacktool Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware related to Operation Cloud Hopper - Page 25 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Tools related to Operation Cloud Hopper Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimipenguin Password Extractor - Linux Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Word Dropper from Proofpoint FIN7 Report Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file WMImplant.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Osiris Device Guard Bypass - file Invoke-OSiRis.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects powershell script used in Operation Wilted Tulip Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a Windows scheduled task as used in Operation Wilted Tulip Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects hack tool used in Operation Wilted Tulip - Windows Tasks Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Compiled Impacket Tools Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elgingamble Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsd Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file eggbasket Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file sambal Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file envisioncollision Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsex Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file DUL Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file slugger2 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file jackpop Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file estesfox Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool set Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects output generated by EQGRP scanner.exe Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: IEC-104 Interaction Module Program Strings Author: Dragos Inc
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in VBS obfuscation Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in JS obfuscation Author: Florian Roth
Source: 0000000A.00000003.322872020.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.464807403.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file PHP1.php Author: Florian Roth
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file h4ntu shell [powered by tsoi Author: unknown
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-psh.vba Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.vba Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.psh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.aspx Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-cmd.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-ref.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PowerShell ISESteroids obfuscation Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Codoso APT CustomTCP Malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Gh0st RAT mentioned in Cylance\' Ghost Dragon Report Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Gh0st RAT mentioned in Cylance\' Ghost Dragon Report Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a malware sysdll.exe from the Rocket Kitten APT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader - suspicious - Possible FP could be program crack Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects all QuarksPWDump versions Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file create_dns_injection.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file screamingplow.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file MixText.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file tunnel_state_reader Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file payload.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file eligiblecandidate.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BUSURPER-2211-724.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file networkProfiler_orderScans.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file sniffer_xml2pcap Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BananaAid Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file config_jp1_UA.pl Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file userscript.FW Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BUSURPER-3001-724.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file workit.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file tinyhttp_setup.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file EPBA.script Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file jetplow.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file sploit.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file uninstallPBD.bat Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BICECREAM-2140 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BFLEA-2201.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file StoreFc.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files sploit.py, sploit.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files ssh.py, telnet.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - Extrabacon exploit output Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - Unique strings Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file kerberoast.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPowerCat.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPotato.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedExploits.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedBinaries.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedAmsiBypass.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - from files p0wnedShell.cs, p0wnedShell.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PlugX Malware Samples from June 2016 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Venom Linux Rootkit Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects IronGate APT Malware - Step7ProSim DLL Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a ZxShell - CN threat group Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hack Deep Panda - lot1.tmp-pwdump Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hack Deep Panda - htran-exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EternalRocks Malware - file taskhost.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Linux hack tools - file a Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Linux Port Scanner Shark Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups - file pstgdump.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups - file PwDump.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects an XML that executes Mimikatz on an endpoint via MSBuild Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects NoPowerShell hack tool Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy RAT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT and similar malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CommentCrew Malware MiniASP APT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: X-Agent/CHOPSTICK Implant by APT28 Author: US CERT
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related custom port scaner output file Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware by Chinese APT PLA Unit 78020 - Generic Rule Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware by Chinese APT PLA Unit 78020 - Generic Rule - Chong Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - file s3.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - file s1.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - from files keygen.exe, s1.exe, s2.exe, s3.exe, s4.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - from files s3.exe, s4.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PassCV Malware mentioned in Cylance Report Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla malware (based on sample used in the RUAG APT case) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla malware (based on sample used in the RUAG APT case) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla malware (based on sample used in the RUAG APT case) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Red Sails Hacktool - Python Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects an APT malware related to PutterPanda Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Rehashed RAT incident Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy backdoor Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Iron Panda malware DnsTunClient - file named.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Iron Panda Malware Htran Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from the Proofpoint CN APT ZeroT incident Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from the Proofpoint CN APT ZeroT incident Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware sample mentioned in Microcin technical report by Kaspersky Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Fireball malware - file clearlog.dll Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimikatz strings Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20123_cmdDef.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20123.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20120_cmdDef.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20121_cmdDef.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects JQuery File Upload vulnerability CVE-2018-9206 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects CactusTorch Hacktool Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from FIN7 report in August 2018 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CCProxy config known from Operation Cleaver Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware related to Operation Cloud Hopper - Page 25 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Tools related to Operation Cloud Hopper Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware Sample - maybe Regin related Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationDrug - HDD/SSD firmware operation - nls_933w.dll Author: Florian Roth @4nc4p
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Mimikatz.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimipenguin Password Extractor - Linux Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pirpi Backdoor - and other malware (generic rule) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pirpi Backdoor Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool that can be used for privilege escalation - file gp3finder_v4.0.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool that can be used for privilege escalation - file folderperm.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a Metasploit Loader by RSMudge - file loader.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth

Yara detected Xtreme RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\vnwareupdate.exe

Process Stats: CPU usage > 98%

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Code function: 0_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040320C

Detected potential crypto function

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00404A44	0_2_00404A44
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00406F54	0_2_00406F54
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_0040677D	0_2_0040677D
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C3A220	3_2_02C3A220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C86360	3_2_02C86360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C72310	3_2_02C72310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C376E0	3_2_02C376E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8AFB0	3_2_02C8AFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA9F50	3_2_02CA9F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8B4C0	3_2_02C8B4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8A590	3_2_02C8A590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8ADB0	3_2_02C8ADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D4A220	5_2_02D4A220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D96360	5_2_02D96360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D82310	5_2_02D82310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D476E0	5_2_02D476E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9AFB0	5_2_02D9AFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB9F50	5_2_02DB9F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9B4C0	5_2_02D9B4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9A590	5_2_02D9A590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9ADB0	5_2_02D9ADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DAA220	8_2_02DAA220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DF6360	8_2_02DF6360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DE2310	8_2_02DE2310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DA76E0	8_2_02DA76E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFAFB0	8_2_02DFAFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E19F50	8_2_02E19F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFB4C0	8_2_02DFB4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFA590	8_2_02DFA590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFADB0	8_2_02DFADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BE42F0	9_2_02BE42F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BAA220	9_2_02BAA220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C60200	9_2_02C60200
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C463F0	9_2_02C463F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4A3F0	9_2_02C4A3F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C523B0	9_2_02C523B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4E340	9_2_02C4E340
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C36360	9_2_02C36360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BE2310	9_2_02BE2310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44370	9_2_02C44370
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BF6360	9_2_02BF6360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4C040	9_2_02C4C040
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44050	9_2_02C44050
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C521C0	9_2_02C521C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BD2180	9_2_02BD2180
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44110	9_2_02C44110
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4A130	9_2_02C4A130
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C50610	9_2_02C50610
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C48630	9_2_02C48630
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C447C0	9_2_02C447C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BD07D0	9_2_02BD07D0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4A7B0	9_2_02C4A7B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C50730	9_2_02C50730
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C504F0	9_2_02C504F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42440	9_2_02C42440
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C64460	9_2_02C64460
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C445C0	9_2_02C445C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFA590	9_2_02BFA590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C425F0	9_2_02C425F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C525A0	9_2_02C525A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44AF0	9_2_02C44AF0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42AB0	9_2_02C42AB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCEA30	9_2_02BCEA30
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C48A60	9_2_02C48A60
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCEA59	9_2_02BCEA59
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C40BC0	9_2_02C40BC0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C52BE0	9_2_02C52BE0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3EBF0	9_2_02C3EBF0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C468C0	9_2_02C468C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C449B0	9_2_02C449B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42930	9_2_02C42930
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BD6EA0	9_2_02BD6EA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C48E90	9_2_02C48E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4CEB0	9_2_02C4CEB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C06E50	9_2_02C06E50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C62E70	9_2_02C62E70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFAFB0	9_2_02BFAFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BC8FC0	9_2_02BC8FC0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C50C10	9_2_02C50C10
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFADB0	9_2_02BFADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C26D80	9_2_02C26D80
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C34DA0	9_2_02C34DA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C46DB0	9_2_02C46DB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C64D40	9_2_02C64D40
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42D70	9_2_02C42D70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C432F0	9_2_02C432F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4B280	9_2_02C4B280
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C532B0	9_2_02C532B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C07210	9_2_02C07210
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45380	9_2_02C45380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C49380	9_2_02C49380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43396	9_2_02C43396
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43398	9_2_02C43398
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3F370	9_2_02C3F370
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C0737C	9_2_02C0737C
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BED378	9_2_02BED378
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C51330	9_2_02C51330
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C430C6	9_2_02C430C6
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C430C8	9_2_02C430C8
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C47080	9_2_02C47080
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BED020	9_2_02BED020
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C41060	9_2_02C41060
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C2F010	9_2_02C2F010
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43020	9_2_02C43020
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C451A0	9_2_02C451A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C51110	9_2_02C51110
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3F120	9_2_02C3F120
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43136	9_2_02C43136
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C55130	9_2_02C55130
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BED6B0	9_2_02BED6B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C016E0	9_2_02C016E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BA76E0	9_2_02BA76E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C49650	9_2_02C49650
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5F610	9_2_02C5F610
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCF640	9_2_02BCF640
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C437F0	9_2_02C437F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5F790	9_2_02C5F790
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45750	9_2_02C45750
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4D710	9_2_02C4D710
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFB4C0	9_2_02BFB4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C41470	9_2_02C41470
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCF450	9_2_02BCF450
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C27430	9_2_02C27430
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45589	9_2_02C45589
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C1B5A0	9_2_02C1B5A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C435B0	9_2_02C435B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45510	9_2_02C45510
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C51AD0	9_2_02C51AD0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43A40	9_2_02C43A40
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5FA50	9_2_02C5FA50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45A70	9_2_02C45A70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C41A20	9_2_02C41A20
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43BE0	9_2_02C43BE0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C1BB80	9_2_02C1BB80
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C63B80	9_2_02C63B80
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5D8C0	9_2_02C5D8C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3B950	9_2_02C3B950
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3F930	9_2_02C3F930
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C69930	9_2_02C69930
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C35E70	9_2_02C35E70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02B9A220	10_2_02B9A220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BD2310	10_2_02BD2310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BE6360	10_2_02BE6360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02B976E0	10_2_02B976E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEAFB0	10_2_02BEAFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C09F50	10_2_02C09F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEB4C0	10_2_02BEB4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEADB0	10_2_02BEADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEA590	10_2_02BEA590

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BDC5A0 appears 43 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C5A840 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD5810 appears 69 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C65870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C6A840 appears 577 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BE99B0 appears 67 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BDAA60 appears 34 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02CFA840 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02E6A840 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD57D0 appears 130 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02D5D470 appears 45 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BB4570 appears 34 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02D75870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02DD5870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BAD470 appears 45 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD5890 appears 43 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD5870 appears 398 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C00EC0 appears 47 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BC5870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BE3160 appears 111 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BB43E0 appears 318 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BBD470 appears 37 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02DBD470 appears 45 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02E0A840 appears 63 times

PE file contains strange resources

Source: GZe6EcSTpO.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GZe6EcSTpO.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GZe6EcSTpO.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Uses 32bit PE files

Source: GZe6EcSTpO.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Yara signature match

Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.321850832.00000000068D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.321850832.00000000068D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.321850832.00000000068D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 00000013.00000003.473985141.0000000006BA5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.428708026.0000000006BA5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.436058475.0000000006B94000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.316101546.000000000684D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.316101546.000000000684D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.312404128.0000000006667000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit date = 2014/01/28, author = Florian Roth, description = Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, score = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit author = Florian Roth, description = PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, hash = b2b797707e09c12ff5e632af84b394ad41a46fa4
Source: 00000013.00000003.464557374.0000000006D87000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_gzinflated date = 2021/01/12, author = Arnim Rupp, description = PHP webshell which directly eval()s obfuscated string, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 49e5bc75a1ec36beeff4fbaeb16b322b08cf192d
Source: 00000013.00000003.464557374.0000000006D87000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_h6ss date = 2014/01/28, author = Florian Roth, description = Web Shell - file h6ss.php, score = 272dde9a4a7265d6c139287560328cd5
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Lazagne_Gen_18 date = 2018-12-11, author = Florian Roth, description = Detects Lazagne password extractor hacktool, reference = https://github.com/AlessandroZ/LaZagne, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 51121dd5fbdfe8db7d3a5311e3e9c904d644ff7221b60284c03347938577eecf
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NoPowerShell date = 2018-12-28, hash1 = 2dad091dd00625762a7590ce16c3492cbaeb756ad0e31352a42751deb7cf9e70, author = Florian Roth, description = Detects NoPowerShell hack tool, reference = https://github.com/bitsadmin/nopowershell
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_LNX_Pnscan date = 2019-05-27, author = Florian Roth, description = Detects Pnscan port scanner, reference = https://github.com/ptrrkssn/pnscan, score =
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Script_Obfuscation_Char_Concat date = 2018-10-04, hash1 = b30cc10e915a23c7273f0838297e0d2c9f4fc0ac1f56100eef6479c9d036c12b, author = Florian Roth, description = Detects strings found in sample from CN group repo leak in October 2018, reference = https://twitter.com/JaromirHorejsi/status/1047084277920411648
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Netsh_PortProxy_Command date = 2019-04-20, author = Florian Roth, description = Detects a suspicious command line with netsh and the portproxy command, reference = https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-interface-portproxy, score = 9b33a03e336d0d02750a75efa1b9b6b2ab78b00174582a9b2cb09cd828baea09
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VUL_JQuery_FileUpload_CVE_2018_9206 date = 2018-10-19, reference3 = https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html, author = Florian Roth, description = Detects JQuery File Upload vulnerability CVE-2018-9206, reference2 = https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f, reference = https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_Strings_Aug18_1 date = 2018-08-01, hash1 = b6354e46af0d69b6998dbed2fceae60a3b207584e08179748e65511d45849b00, author = Florian Roth, description = Detects strings from FIN7 report in August 2018, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_MalDoc_Aug18_1 date = 2018-08-01, hash1 = 9c12591c850a2d5355be0ed9b3891ccb3f42e37eaf979ae545f2f008b5d124d6, author = Florian Roth, description = Detects malicious Doc from FIN7 campaign, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_PowerKatz_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Unknown_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_1 date = 2019-04-17, hash1 = b1d621091740e62c84fc8c62bcdad07873c8b61b83faba36097ef150fd6ec768, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_2 date = 2019-04-17, hash1 = 2943e69e6c34232dee3236ced38d41d378784a317eeaf6b90482014210fcd459, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_3 date = 2019-04-17, hash1 = 27e03b98ae0f6f2650f378e9292384f1350f95ee4f3ac009e0113a8d9e2e14ed, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Dsniff date = 2019-02-19, author = Florian Roth, description = Detects Dsniff hack tool, score = https://goo.gl/eFoP4A
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_MAL_HOPLIGHT_NK_HiddenCobra_Apr19_1 date = 2019-04-13, hash1 = d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39, author = Florian Roth, description = Detects HOPLIGHT malware used by HiddenCobra APT group, reference = https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Source: 0000000A.00000003.324847009.0000000006648000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Lazagne_Gen_18 date = 2018-12-11, author = Florian Roth, description = Detects Lazagne password extractor hacktool, reference = https://github.com/AlessandroZ/LaZagne, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 51121dd5fbdfe8db7d3a5311e3e9c904d644ff7221b60284c03347938577eecf
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NoPowerShell date = 2018-12-28, hash1 = 2dad091dd00625762a7590ce16c3492cbaeb756ad0e31352a42751deb7cf9e70, author = Florian Roth, description = Detects NoPowerShell hack tool, reference = https://github.com/bitsadmin/nopowershell
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_LNX_Pnscan date = 2019-05-27, author = Florian Roth, description = Detects Pnscan port scanner, reference = https://github.com/ptrrkssn/pnscan, score =
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Script_Obfuscation_Char_Concat date = 2018-10-04, hash1 = b30cc10e915a23c7273f0838297e0d2c9f4fc0ac1f56100eef6479c9d036c12b, author = Florian Roth, description = Detects strings found in sample from CN group repo leak in October 2018, reference = https://twitter.com/JaromirHorejsi/status/1047084277920411648
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Netsh_PortProxy_Command date = 2019-04-20, author = Florian Roth, description = Detects a suspicious command line with netsh and the portproxy command, reference = https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-interface-portproxy, score = 9b33a03e336d0d02750a75efa1b9b6b2ab78b00174582a9b2cb09cd828baea09
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VUL_JQuery_FileUpload_CVE_2018_9206 date = 2018-10-19, reference3 = https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html, author = Florian Roth, description = Detects JQuery File Upload vulnerability CVE-2018-9206, reference2 = https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f, reference = https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_Strings_Aug18_1 date = 2018-08-01, hash1 = b6354e46af0d69b6998dbed2fceae60a3b207584e08179748e65511d45849b00, author = Florian Roth, description = Detects strings from FIN7 report in August 2018, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_MalDoc_Aug18_1 date = 2018-08-01, hash1 = 9c12591c850a2d5355be0ed9b3891ccb3f42e37eaf979ae545f2f008b5d124d6, author = Florian Roth, description = Detects malicious Doc from FIN7 campaign, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_PowerKatz_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Unknown_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_1 date = 2019-04-17, hash1 = b1d621091740e62c84fc8c62bcdad07873c8b61b83faba36097ef150fd6ec768, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_2 date = 2019-04-17, hash1 = 2943e69e6c34232dee3236ced38d41d378784a317eeaf6b90482014210fcd459, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_3 date = 2019-04-17, hash1 = 27e03b98ae0f6f2650f378e9292384f1350f95ee4f3ac009e0113a8d9e2e14ed, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Dsniff date = 2019-02-19, author = Florian Roth, description = Detects Dsniff hack tool, score = https://goo.gl/eFoP4A
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_MAL_HOPLIGHT_NK_HiddenCobra_Apr19_1 date = 2019-04-13, hash1 = d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39, author = Florian Roth, description = Detects HOPLIGHT malware used by HiddenCobra APT group, reference = https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Source: 0000000A.00000003.316213218.0000000006859000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.461202031.0000000006E05000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.461202031.0000000006E05000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.461202031.0000000006E05000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 0000000A.00000003.323605826.0000000006667000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.433232225.00000000052E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.413817784.00000000052A4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit date = 2014/01/28, author = Florian Roth, description = Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, score = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit author = Florian Roth, description = PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, hash = b2b797707e09c12ff5e632af84b394ad41a46fa4
Source: 00000013.00000003.460017323.0000000006DFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.460017323.0000000006DFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.460017323.0000000006DFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 0000000A.00000003.318816470.000000000688B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.481677976.0000000006BA6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.456923467.0000000006DC6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.456923467.0000000006DC6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.456923467.0000000006DC6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 0000000A.00000003.325411258.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.454771924.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_gzinflated date = 2021/01/12, author = Arnim Rupp, description = PHP webshell which directly eval()s obfuscated string, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 49e5bc75a1ec36beeff4fbaeb16b322b08cf192d
Source: 00000013.00000003.454771924.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_h6ss date = 2014/01/28, author = Florian Roth, description = Web Shell - file h6ss.php, score = 272dde9a4a7265d6c139287560328cd5
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf date = 2017-02-09, hash1 = 320a01ec4e023fb5fbbaef963a2b57229e4f918847e5a49c7a3f631cb556e96c, author = Florian Roth, description = Metasploit Payloads - file msf.sh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_2 date = 2017-02-09, hash1 = e52f98466b92ee9629d564453af6f27bd3645e00a9e2da518f5a64a33ccf8eb5, author = Florian Roth, description = Metasploit Payloads - file msf.asp, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_psh date = 2017-02-09, hash1 = 5cc6c7f1aa75df8979be4a16e36cece40340c6e192ce527771bdd6463253e46f, author = Florian Roth, description = Metasploit Payloads - file msf-psh.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe date = 2017-02-09, hash1 = 321537007ea5052a43ffa46a6976075cee6a4902af0c98b9fd711b9f572c20fd, author = Florian Roth, description = Metasploit Payloads - file msf-exe.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_3 date = 2017-02-09, hash1 = 335cfb85e11e7fb20cddc87e743b9e777dc4ab4e18a39c2a2da1aa61efdbd054, author = Florian Roth, description = Metasploit Payloads - file msf.psh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_4 date = 2017-02-09, hash1 = 26b3e572ba1574164b76c6d5213ab02e4170168ae2bcd2f477f246d37dbe84ef, author = Florian Roth, description = Metasploit Payloads - file msf.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe_2 date = 2017-02-09, hash1 = 3a2f7a654c1100e64d8d3b4cd39165fba3b101bbcce6dd0f70dae863da338401, author = Florian Roth, description = Metasploit Payloads - file msf-exe.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_6 date = 2017-02-09, hash1 = 8d6f55c6715c4a2023087c3d0d7abfa21e31a629393e4dc179d31bb25b166b3f, author = Florian Roth, description = Metasploit Payloads - file msf.vbs, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_7 date = 2017-02-09, hash1 = 425beff61a01e2f60773be3fcb74bdfc7c66099fe40b9209745029b3c19b5f2f, author = Florian Roth, description = Metasploit Payloads - file msf.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_8 date = 2017-02-09, hash1 = 519717e01f0cb3f460ef88cd70c3de8c7f00fb7c564260bd2908e97d11fde87f, author = Florian Roth, description = Metasploit Payloads - file msf.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_cmd date = 2017-02-09, hash1 = 9f41932afc9b6b4938ee7a2559067f4df34a5c8eae73558a3959dd677cb5867f, author = Florian Roth, description = Metasploit Payloads - file msf-cmd.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_11 date = 2017-02-09, hash1 = d1daf7bc41580322333a893133d103f7d67f5cd8a3e0f919471061d41cf710b6, author = Florian Roth, description = Metasploit Payloads - file msf.hta, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_ref date = 2017-02-09, hash1 = 4ec95724b4c2b6cb57d2c63332a1dd6d4a0101707f42e3d693c9aab19f6c9f87, author = Florian Roth, description = Metasploit Payloads - file msf-ref.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CVE_2017_8759_SOAP_Excel date = 2017-09-15, author = Florian Roth, description = Detects malicious files related to CVE-2017-8759, reference = https://twitter.com/buffaloverflow/status/908455053345869825, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_ISESteroids_Obfuscation date = 2017-06-23, author = Florian Roth, description = Detects PowerShell ISESteroids obfuscation, reference = https://twitter.com/danielhbohannon/status/877953970437844993, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_1 date = 2017-08-20, hash1 = f2f85855914345eec629e6fc5333cf325a620531d1441313292924a88564e320, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_2 date = 2017-08-20, hash2 = b90831aaf8859e604283e5292158f08f100d4a2d4e1875ea1911750a6cb85fe0, author = Florian Roth, description = Detects Reflective DLL Loader - suspicious - Possible FP could be program crack, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score = c2a7a2d0b05ad42386a2bedb780205b7c0af76fe9ee3d47bbe217562f627fcae
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_3 date = 2017-08-20, hash1 = d10e4b3f1d00f4da391ac03872204dc6551d867684e0af2a4ef52055e771f474, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript_Favicon_File date = 2017-10-18, hash1 = 39c952c7e14b6be5a9cb1be3f05eafa22e1115806e927f4e2dc85d609bc0eb36, author = Florian Roth, description = VBScript cloaked as Favicon file used in Leviathan incident, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Redosdru_Jun17 date = 2017-06-04, hash1 = 4f49e17b457ef202ab0be905691ef2b2d2b0a086a7caddd1e70dd45e5ed3b309, author = Florian Roth, description = Detects malware Redosdru - file systemHome.exe, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Nitol_Jun17 date = 2017-06-04, hash1 = cba19d228abf31ec8afab7330df3c9da60cd4dae376552b503aea6d7feff9946, author = Florian Roth, description = Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WScript_Shell_PowerShell_Combo date = 2018-02-07, author = Florian Roth, description = Detects malware from Middle Eastern campaign reported by Talos, reference = http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 15f5aaa71bfa3d62fd558a3e88dd5ba26f7638bf2ac653b8d6b8d54dc7e5926b
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_with_WScript_Shell date = 2017-06-21, author = Florian Roth, description = Detects WScript Shell in HTA, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_Embedded date = 2017-06-21, author = Florian Roth, description = Detects an embedded HTA file, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill date = 2017-03-07, hash3 = 69530d78c86031ce32583c6800f5ffc629acacb18aac4c8bb5b0e915fc4cc4db, hash2 = 62aabce7a5741a9270cddac49cd1d715305c1d0505e620bbeaec6ff9b6fd0260, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 2bab3716a1f19879ca2e6d98c518debb107e0ed8e1534241f7769193807aac83
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill_VBS_1 date = 2017-03-07, hash1 = 0f4d608a87e36cb0dbf1b2d176ecfcde837070a2b2a049d532d3d4226e0c9587, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ZxShell_Jul17 date = 2017-07-08, hash1 = 5d2a4cde9fa7c2fdbf39b2e2ffd23378d0c50701a3095d1e91e3cf922d7b0b16, author = Florian Roth, description = Detects a ZxShell - CN threat group, reference = https://blogs.rsa.com/cat-phishing/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EternalRocks_taskhost date = 2017-05-18, hash1 = cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30, author = Florian Roth, description = Detects EternalRocks Malware - file taskhost.exe, reference = https://twitter.com/stamparm/status/864865144748298242, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: BeyondExec_RemoteAccess_Tool date = 2017-03-17, hash1 = 3d3e3f0708479d951ab72fa04ac63acc7e5a75a5723eb690b34301580747032c, author = Florian Roth, description = Detects BeyondExec Remote Access Tool - file rexesvr.exe, reference = https://goo.gl/BvYurS, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Disclosed_0day_POCs_injector date = 2017-07-07, hash1 = ba0e2119b2a6bad612e86662b643a404426a07444d476472a71452b7e9f94041, author = Florian Roth, description = Detects POC code from disclosed 0day hacktool set, reference = Disclosed 0day Repos, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_PupyRAT_PY date = 2017-02-17, hash1 = 8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71, author = Florian Roth, description = Detects Pupy RAT, reference = https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OilRig_Strings_Oct17 date = 2017-10-18, author = Florian Roth, description = Detects strings from OilRig malware and malicious scripts, reference = https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_Script_Running_from_HTTP author = Florian Roth, description = Detects a suspicious , reference = https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-20
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_1 date = 2017-06-13, hash2 = 018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81, hash1 = ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Portscan_3_Output date = 2017-06-13, author = Florian Roth, description = Detects Industroyer related custom port scaner output file, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_4 date = 2017-06-13, hash1 = 21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_5 date = 2017-06-13, hash1 = 7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: redSails_PY date = 2017-10-02, hash2 = 5ec20cb99030f48ba512cbc7998b943bebe49396b20cf578c26debbf14176e5e, hash1 = 6ebedff41992b9536fe9b1b704a29c8c1d1550b00e14055e3c6376f75e462661, author = Florian Roth, description = Detects Red Sails Hacktool - Python, reference = https://github.com/BeetleChunks/redsails, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Rehashed_RAT_2 date = 2017-09-08, hash1 = 49efab1dedc6fffe5a8f980688a5ebefce1be3d0d180d5dd035f02ce396c9966, author = Florian Roth, description = Detects malware from Rehashed RAT incident, reference = https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Pupy_Backdoor date = 2017-08-11, hash5 = 06bb41c12644ca1761bcb3c14767180b673cb9d9116b555680073509e7063c3e, hash4 = 20e19817f72e72f87c794843d46c55f2b8fd091582bceca0460c9f0640c7bbd8, hash3 = 90757c1ae9597bea39bb52a38fb3d497358a2499c92c7636d71b95ec973186cc, hash2 = 83380f351214c3bd2c8e62430f70f8f90d11c831695027f329af04806b9f8ea4, hash1 = ae93714203c7ab4ab73f2ad8364819d16644c7649ea04f483b46924bd5bc0153, author = Florian Roth, description = Detects Pupy backdoor, hash7 = 8784c317e6977b4c201393913e76fc11ec34ea657de24e957d130ce9006caa01, hash6 = be83c513b24468558dc7df7f63d979af41287e568808ed8f807706f6992bfab2, reference = https://github.com/n1nj4sec/pupy-binaries, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Microcin_Sample_5 date = 2017-09-26, hash1 = b9c51397e79d5a5fd37647bc4e4ee63018ac3ab9d050b02190403eb717b1366e, author = Florian Roth, description = Malware sample mentioned in Microcin technical report by Kaspersky, reference = https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: clearlog date = 2017-06-02, hash1 = 14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3, author = Florian Roth, description = Detects Fireball malware - file clearlog.dll, reference = https://goo.gl/4pTkGQ, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PS_AMSI_Bypass date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1, license = https://creativecommons.org/licenses/by-nc/4.0/, score = file
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_Obfuscation_Dropbox date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_MSHTA_Bypass date = 2017-07-19, author = Florian Roth, description = Detects MSHTA Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JavaScript_Run_Suspicious author = Florian Roth, description = Detects a suspicious Javascript Run command, reference = https://twitter.com/craiu/status/900314063560998912, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-23
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_Spring1 date = 2017-02-04, hash5 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash2 = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a, hash1 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, author = Florian Roth, description = Ysoserial Payloads - file Spring1.bin, hash7 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, hash6 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload date = 2017-02-04, hash5 = 747ba6c6d88470e4d7c36107dfdff235f0ed492046c7ec8a8720d169f6d271f4, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, hash2 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, author = Florian Roth, description = Ysoserial Payloads, hash10 = 0143fee12fea5118be6dcbb862d8ba639790b7505eac00a9f1028481f874baa8, hash11 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash12 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, hash9 = 1fea8b54bb92249203d68d5564a01599b42b46fc3a828fe0423616ee2a2f2d99, hash8 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash7 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, hash6 = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = f756c88763d48cb8d99e26b4773eb03814d0bd9bd467cc743ebb1479b2c4073e, super_rule = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_3 date = 2017-02-04, hash2 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, author = Florian Roth, description = Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CACTUSTORCH date = 2017-07-31, hash3 = a52d802e34ac9d7d3539019d284b04ded3b8e197d5e3b38ed61f523c3d68baa7, hash2 = 0305aa32d5f8484ca115bb4888880729af7f33ac99594ec1aa3c65644e544aea, hash1 = 314e6d7d863878b6dca46af165e7f08fedd42c054d7dc3828dc80b86a3a9b98c, author = Florian Roth, description = Detects CactusTorch Hacktool, reference = https://github.com/mdsecactivebreach/CACTUSTORCH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_2 date = 2017-04-03, hash1 = c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_3 date = 2017-04-03, hash1 = c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_5 date = 2017-04-03, hash1 = beb1bc03bb0fba7b0624f8b2330226f8a7da6344afd68c5bc526f9d43838ef01, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_WmiDLL_inMemory date = 2017-04-07, author = Florian Roth, description = Malware related to Operation Cloud Hopper - Page 25, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_WMIExec_Tool_Apr17_1 date = 2017-04-07, hash1 = 21bc328ed8ae81151e7537c27c0d6df6d47ba8909aebd61333e32155d01f3b11, author = Florian Roth, description = Tools related to Operation Cloud Hopper, reference = https://github.com/maaaaz/impacket-examples-windows, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, modified = 2020-07-27
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Mimipenguin_SH date = 2017-04-01, author = Florian Roth, description = Detects Mimipenguin Password Extractor - Linux, reference = https://github.com/huntergregal/mimipenguin, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: POSHSPY_Malware date = 2017-07-15, author = Florian Roth, description = Detects, reference = https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FIN7_Backdoor_Aug17 date = 2017-08-04, author = Florian Roth, description = Detects Word Dropper from Proofpoint FIN7 Report, reference = https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec date = 2017-06-14, hash1 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen_1 date = 2017-06-14, hash2 = 7565d376665e3cd07d859a5cf37c2332a14c08eb808cc5d187a7f0533dc69e07, hash1 = 140c23514dbf8043b4f293c501c2f9046efcc1c08630621f651cfedb6eed8b97, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec_Invoke_WMIExec_1 date = 2017-06-14, hash2 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen date = 2017-06-14, hash3 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, hash2 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 56c6012c36aa863663fe5536d8b7fe4c460565d456ce2277a883f10d78893c01
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WMImplant date = 2017-03-24, hash1 = 860d7c237c2395b4f51b8c9bd0ee6cab06af38fff60ce3563d160d50c11d2f78, author = Florian Roth, description = Auto-generated rule - file WMImplant.ps1, reference = https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBrokers_Jan17_Screen_Strings date = 2017-01-08, author = Florian Roth, description = Detects strings derived from the ShadowBroker\'s leak of Windows tools/exploits, reference = https://bit.no.com:43110/theshadowbrokers.bit/post/message7/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_OSiRis date = 2017-03-27, hash1 = 19e4a8b07f85c3d4c396d0c4e839495c9fba9405c06a631d57af588032d2416e, author = Florian Roth, description = Osiris Device Guard Bypass - file Invoke-OSiRis.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_KHRAT_script date = 2017-08-31, hash1 = 8c88b4177b59f4cac820b0019bcc7f6d3d50ce4badb689759ab0966780ae32e3, author = Florian Roth, description = Rule derived from KHRAT script but can match on other malicious scripts as well, reference = https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_powershell date = 2017-07-23, hash1 = e5ee1f45cbfdb54b02180e158c3c1f080d89bce6a7d1fe99dd0ff09d47a36787, author = Florian Roth, description = Detects powershell script used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_Windows_UM_Task date = 2017-07-23, hash1 = 4c2fc21a4aab7686877ddd35d74a917f6156e48117920d45a3d2f21fb74fedd3, author = Florian Roth, description = Detects a Windows scheduled task as used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_WindowsTask date = 2017-07-23, hash5 = 984c7e1f76c21daf214b3f7e131ceb60c14abf1b0f4066eae563e9c184372a34, hash4 = 5046e7c28f5f2781ed7a63b0871f4a2b3065b70d62de7254491339e8fe2fa14a, hash3 = b6f515b3f713b70b808fc6578232901ffdeadeb419c9c4219fbfba417bba9f01, hash2 = 340cbbffbb7685133fc318fa20e4620ddf15e56c0e65d4cf1b2d606790d4425d, hash1 = c3cbe88b82cd0ea46868fb4f2e8ed226f3419fc6d4d6b5f7561e70f4cd33822c, author = Florian Roth, description = Detects hack tool used in Operation Wilted Tulip - Windows Tasks, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Impacket_Tools_Generic_1 date = 2017-04-07, hash5 = e2205539f29972d4e2a83eabf92af18dd406c9be97f70661c336ddf5eb496742, hash4 = ab909f8082c2d04f73d8be8f4c2640a5582294306dffdcc85e83a39d20c49ed6, hash3 = 2d8d500bcb3ffd22ddd8bd68b5b2ce935c958304f03729442a20a28b2c0328c1, hash2 = d256d1e05695d62a86d9e76830fcbb856ba7bd578165a561edd43b9f7fdb18a3, hash20 = 202a1d149be35d96e491b0b65516f631f3486215f78526160cf262d8ae179094, description = Compiled Impacket Tools, hash9 = 21d85b36197db47b94b0f4995d07b040a0455ebbe6d413bc33d926ee4e0315d9, hash8 = 0f7f0d8afb230c31fe6cf349c4012b430fc3d6722289938f7e33ea15b2996e1b, hash7 = dc85a3944fcb8cc0991be100859c4e1bf84062f7428c4dc27c71e08d88383c98, hash6 = 27bb10569a872367ba1cfca3cf1c9b428422c82af7ab4c2728f501406461c364, reference = https://github.com/maaaaz/impacket-examples-windows, super_rule = 4f7fad0676d3c3d2d89e8d4e74b6ec40af731b1ddf5499a0b81fc3b1cd797ee3, author = Florian Roth, hash10 = 4c2921702d18e0874b57638433474e54719ee6dfa39d323839d216952c5c834a, hash11 = 47afa5fd954190df825924c55112e65fd8ed0f7e1d6fd403ede5209623534d7d, hash12 = 7d715217e23a471d42d95c624179fe7de085af5670171d212b7b798ed9bf07c2, hash17 = e300339058a885475f5952fb4e9faaa09bb6eac26757443017b281c46b03108b, hash18 = 19544863758341fe7276c59d85f4aa17094045621ca9c98f8a9e7307c290bad4, license = https://creativecommons.org/licenses/by-nc/4.0/, hash19 = 2527fff1a3c780f6a757f13a8912278a417aea84295af1abfa4666572bbbf086, hash13 = 9706eb99e48e445ac4240b5acb2efd49468a800913e70e40b25c2bf80d6be35f, hash14 = d2856e98011541883e5b335cb46b713b1a6b2c414966a9de122ee7fb226aa7f7, hash15 = 8ab2b60aadf97e921e3a9df5cf1c135fbc851cb66d09b1043eaaa1dc01b9a699, hash16 = efff15e1815fb3c156678417d6037ddf4b711a3122c9b5bc2ca8dc97165d3769
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Auditcleaner date = 2017-04-08, hash1 = 8c172a60fa9e50f0df493bf5baeb7cc311baef327431526c47114335e0097626, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elgingamble date = 2017-04-08, hash1 = 0573e12632e6c1925358f4bfecf8c263dd13edf52c633c9109fe3aae059b49dd, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elgingamble, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsd date = 2017-04-08, hash1 = 634c50614e1f5f132f49ae204c4a28f62a32a39a3446084db5b0b49b564034b8, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsd, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_ebbshave date = 2017-04-08, hash1 = eb5e0053299e087c87c2d5c6f90531cc1946019c85a43a2998c7b66a6f19ca4b, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_eggbasket date = 2017-04-08, hash1 = b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file eggbasket, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_sambal date = 2017-04-08, hash1 = 2abf4bbe4debd619b99cb944298f43312db0947217437e6b71b9ea6e9a1a4fec, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file sambal, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_envisioncollision date = 2017-04-08, hash1 = 75d5ec573afaf8064f5d516ae61fd105012cbeaaaa09c8c193c7b4f9c0646ea1, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file envisioncollision, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsex date = 2017-04-08, hash1 = 2d8ae842e7b16172599f061b5b1f223386684a7482e87feeb47a38a3f011b810, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsex, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_DUL date = 2017-04-08, hash1 = 24d1d50960d4ebf348b48b4db4a15e50f328ab2c0e24db805b106d527fc5fe8e, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file DUL, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_slugger2 date = 2017-04-08, hash1 = a6a9ab66d73e4b443a80a69ef55a64da7f0af08dfaa7e17eb19c327301a70bdf, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file slugger2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_jackpop date = 2017-04-08, hash1 = 0b208af860bb2c7ef6b1ae1fcef604c2c3d15fc558ad8ea241160bf4cbac1519, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file jackpop, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_epoxyresin_v1_0_0 date = 2017-04-08, hash1 = eea8a6a674d5063d7d6fc9fe07060f35b16172de6d273748d70576b01bf01c73, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_estesfox date = 2017-04-08, hash1 = 33530cae130ee9d9deeee60df9292c00242c0fe6f7b8eedef8ed09881b7e1d5a, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file estesfox, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elatedmonkey_1_0_1_1 date = 2017-04-08, hash1 = bf7a9dce326604f0681ca9f7f1c24524543b5be8b6fcc1ba427b18e2a4ff9090, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell_ftshell_v3_10_3_0 date = 2017-04-08, hash2 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__scanner_scanner_v2_1_2 date = 2017-04-08, hash2 = 9807aaa7208ed6c5da91c7c30ca13d58d16336ebf9753a5cea513bcb59de2cff, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = dcbcd8a98ec93a4e877507058aa26f0c865b35b46b8e6de809ed2c4b3db7e222
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ghost_sparc_ghost_x86_3 date = 2017-04-08, hash2 = 82c899d1f05b50a85646a782cddb774d194ef85b74e1be642a8be2c7119f4e33, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = d5ff0208d9532fc0c6716bd57297397c8151a01bf4f21311f24e7a72551f9bf1
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__jparsescan_parsescan_5 date = 2017-04-08, hash2 = 942c12067b0afe9ebce50aa9dfdbf64e6ed0702d9a3a00d25b4fca62a38369ef, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 8c248eec0af04300f3ba0188fe757850d283de84cf42109638c1c1280c822984
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__funnelout_v4_1_0_1 date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 457ed14e806fdbda91c4237c8dc058c55e5678f1eecdd78572eff6ca0ed86d33
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__magicjack_v1_1_0_0_client date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 63292a2353275a3bae012717bb500d5169cd024064a1ce8355ecb4e9bfcdfdd1
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell date = 2017-04-08, hash4 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_noclient_3_3_2 date = 2017-04-09, hash1 = 3cf0eb010c431372af5f32e2ee8c757831215f8836cabc7d805572bb5574fc72, author = Florian Roth, description = Equation Group hack tool set, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Eternalromance date = 2017-04-15, hash2 = b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f1ae9fdbb660aae3421fd3e5b626c1e537d8e9ee2f9cd6d56cb70b6878eaca5d
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Gen2 date = 2017-04-15, hash4 = 8f7e10a8eedea37ee3222c447410fd5b949bd352d72ef22ef0b2821d9df2f5ba, hash3 = f2e90e04ddd05fa5f9b2fec024cd07365aebc098593d636038ebc2720700662b, hash2 = 561c0d4fc6e0ff0a78613d238c96aed4226fbb7bb9ceea1d19bc770207a6be1e, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 7fe425cd040608132d4f4ab2671e04b340a102a20c97ffdcf1b75be43a9369b5
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_ntevt date = 2017-04-15, hash1 = 4254ee5e688fc09bdc72bcc9c51b1524a2bb25a9fb841feaf03bc7ec1a9975bf, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld date = 2017-04-15, hash5 = 8419866c9058d738ebc1a18567fef52a3f12c47270f2e003b3e1242d86d62a46, hash4 = 551174b9791fc5c1c6e379dac6110d0aba7277b450c2563e34581565609bc88e, hash3 = c10f4b9abee0fde50fe7c21b9948a2532744a53bb4c578630a81d2911f6105a3, hash2 = 320144a7842500a5b69ec16f81a9d1d4c8172bb92301afd07fb79bc0eca81557, hash1 = 9ab667b7b5b9adf4ff1d6db6f804824a22c7cc003eb4208d5b2f12809f5e69d0, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0 date = 2017-04-15, hash2 = 5db457e7c7dba80383b1df0c86e94dc6859d45e1d188c576f2ba5edee139d9ae, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 052e778c26120c683ee2d9f93677d9217e9d6c61ffc0ab19202314ab865e3927
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4 date = 2017-04-15, hash5 = 5c0896dbafc5d8cc19b1bc7924420b20ed5999ac5bee2cb5a91aada0ea01e337, hash4 = c5e119ff7b47333f415aea1d2a43cb6cb322f8518562cfb9b90399cac95ac674, hash3 = 9d16d97a6c964e0658b6cd494b0bbf70674bf37578e2ff32c4779a7936e40556, hash2 = c4152f65e45ff327dade50f1ac3d3b876572a66c1ce03014f2877cea715d9afd, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 3e181ca31f1f75a6244b8e72afaa630171f182fbe907df4f8b656cc4a31602f6
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_scanner_output date = 2017-04-17, author = Florian Roth, description = Detects output generated by EQGRP scanner.exe, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: dragos_crashoverride_moduleStrings author = Dragos Inc, description = IEC-104 Interaction Module Program Strings, reference = https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_VBS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in VBS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_JS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in JS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.324570617.0000000006668000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.323986177.0000000002E7D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_PHP1 date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file PHP1.php, score = 14c7281fdaf2ae004ca5fec8753ce3cb
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: h4ntu_shell__powered_by_tsoi_ description = Semi-Auto-generated - file h4ntu shell [powered by tsoi
Source: 0000000A.00000003.313108656.0000000006641000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.458084749.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000002.524614024.000000000242B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000002.524614024.000000000242B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.470647242.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000002.552309239.00000000036C7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_jsp_cmdjsp date = 2014/01/28, author = Florian Roth, description = Web Shell - file cmdjsp.jsp, score = b815611cc39f17f05a73444d699341d4
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_sig_404super date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file 404super.php, score = 7ed63176226f83d36dce47ce82507b28
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_Asp date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file Asp.asp, score = 32c87744ea404d0ea0debd55915010b7
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.458213135.0000000006DE1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.458213135.0000000006DE1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.458213135.0000000006DE1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_OSX date = 2017-12-24, hash2 = b7b506f38d0553cd2beb4111c7ef383c821f04cee5169fed2ef5d869c9fbfab3, hash1 = 2680d9900a057d553fcb28d84cdc41c3fc18fd224a88a32ee14c9c1b501a86af, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Silence_malware_2 date = 2017-11-01, hash1 = 75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27, author = Florian Roth, description = Detects malware sample mentioned in the Silence report on Securelist, reference = https://securelist.com/the-silence/83009/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://minergate.com/faq/what-pool-address
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_unspecified_Jan18_1 date = 2018-01-19, hash1 = f87879b29ff83616e9c9044bd5fb847cf5d2efdd2f01fc284d1a6ce7d464a417, author = Florian Roth, description = Detects unspecified malware sample, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_PSImage date = 2017-12-16, author = Florian Roth, description = Detects a command to execute PowerShell from String, reference = https://github.com/peewpw/Invoke-PSImage, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: malware_apt15_royaldll sha256 = bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d, author = David Cannings, description = DLL implant, originally rights.dll and runs as a service
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000003.312268650.0000000006667000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.481501193.0000000006DCE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.324781029.00000000068E9000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.473662008.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.481442342.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.325135478.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 00000013.00000003.463235186.0000000006E38000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.470663077.0000000006BA5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.324504797.0000000006892000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.325168966.0000000006892000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.312103557.0000000006629000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000002.541755283.0000000002FA0000.00000004.00000040.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.455300807.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_gzinflated date = 2021/01/12, author = Arnim Rupp, description = PHP webshell which directly eval()s obfuscated string, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 49e5bc75a1ec36beeff4fbaeb16b322b08cf192d
Source: 00000013.00000003.455300807.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_h6ss date = 2014/01/28, author = Florian Roth, description = Web Shell - file h6ss.php, score = 272dde9a4a7265d6c139287560328cd5
Source: 00000013.00000003.477128932.00000000052EB000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_OSX date = 2017-12-24, hash2 = b7b506f38d0553cd2beb4111c7ef383c821f04cee5169fed2ef5d869c9fbfab3, hash1 = 2680d9900a057d553fcb28d84cdc41c3fc18fd224a88a32ee14c9c1b501a86af, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Silence_malware_2 date = 2017-11-01, hash1 = 75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27, author = Florian Roth, description = Detects malware sample mentioned in the Silence report on Securelist, reference = https://securelist.com/the-silence/83009/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://minergate.com/faq/what-pool-address
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_unspecified_Jan18_1 date = 2018-01-19, hash1 = f87879b29ff83616e9c9044bd5fb847cf5d2efdd2f01fc284d1a6ce7d464a417, author = Florian Roth, description = Detects unspecified malware sample, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_PSImage date = 2017-12-16, author = Florian Roth, description = Detects a command to execute PowerShell from String, reference = https://github.com/peewpw/Invoke-PSImage, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: malware_apt15_royaldll sha256 = bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d, author = David Cannings, description = DLL implant, originally rights.dll and runs as a service
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000002.536292107.0000000002E75000.00000004.00000040.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_jsp_cmdjsp date = 2014/01/28, author = Florian Roth, description = Web Shell - file cmdjsp.jsp, score = b815611cc39f17f05a73444d699341d4
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_sig_404super date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file 404super.php, score = 7ed63176226f83d36dce47ce82507b28
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_Asp date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file Asp.asp, score = 32c87744ea404d0ea0debd55915010b7
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 00000013.00000003.470556930.0000000006B92000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit date = 2014/01/28, author = Florian Roth, description = Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, score = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_PHP1 date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file PHP1.php, score = 14c7281fdaf2ae004ca5fec8753ce3cb
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: h4ntu_shell__powered_by_tsoi_ description = Semi-Auto-generated - file h4ntu shell [powered by tsoi
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit author = Florian Roth, description = PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, hash = b2b797707e09c12ff5e632af84b394ad41a46fa4
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf date = 2017-02-09, hash1 = 320a01ec4e023fb5fbbaef963a2b57229e4f918847e5a49c7a3f631cb556e96c, author = Florian Roth, description = Metasploit Payloads - file msf.sh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_2 date = 2017-02-09, hash1 = e52f98466b92ee9629d564453af6f27bd3645e00a9e2da518f5a64a33ccf8eb5, author = Florian Roth, description = Metasploit Payloads - file msf.asp, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_psh date = 2017-02-09, hash1 = 5cc6c7f1aa75df8979be4a16e36cece40340c6e192ce527771bdd6463253e46f, author = Florian Roth, description = Metasploit Payloads - file msf-psh.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe date = 2017-02-09, hash1 = 321537007ea5052a43ffa46a6976075cee6a4902af0c98b9fd711b9f572c20fd, author = Florian Roth, description = Metasploit Payloads - file msf-exe.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_3 date = 2017-02-09, hash1 = 335cfb85e11e7fb20cddc87e743b9e777dc4ab4e18a39c2a2da1aa61efdbd054, author = Florian Roth, description = Metasploit Payloads - file msf.psh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_4 date = 2017-02-09, hash1 = 26b3e572ba1574164b76c6d5213ab02e4170168ae2bcd2f477f246d37dbe84ef, author = Florian Roth, description = Metasploit Payloads - file msf.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe_2 date = 2017-02-09, hash1 = 3a2f7a654c1100e64d8d3b4cd39165fba3b101bbcce6dd0f70dae863da338401, author = Florian Roth, description = Metasploit Payloads - file msf-exe.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_6 date = 2017-02-09, hash1 = 8d6f55c6715c4a2023087c3d0d7abfa21e31a629393e4dc179d31bb25b166b3f, author = Florian Roth, description = Metasploit Payloads - file msf.vbs, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_7 date = 2017-02-09, hash1 = 425beff61a01e2f60773be3fcb74bdfc7c66099fe40b9209745029b3c19b5f2f, author = Florian Roth, description = Metasploit Payloads - file msf.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_8 date = 2017-02-09, hash1 = 519717e01f0cb3f460ef88cd70c3de8c7f00fb7c564260bd2908e97d11fde87f, author = Florian Roth, description = Metasploit Payloads - file msf.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_cmd date = 2017-02-09, hash1 = 9f41932afc9b6b4938ee7a2559067f4df34a5c8eae73558a3959dd677cb5867f, author = Florian Roth, description = Metasploit Payloads - file msf-cmd.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_11 date = 2017-02-09, hash1 = d1daf7bc41580322333a893133d103f7d67f5cd8a3e0f919471061d41cf710b6, author = Florian Roth, description = Metasploit Payloads - file msf.hta, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_ref date = 2017-02-09, hash1 = 4ec95724b4c2b6cb57d2c63332a1dd6d4a0101707f42e3d693c9aab19f6c9f87, author = Florian Roth, description = Metasploit Payloads - file msf-ref.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CVE_2017_8759_SOAP_Excel date = 2017-09-15, author = Florian Roth, description = Detects malicious files related to CVE-2017-8759, reference = https://twitter.com/buffaloverflow/status/908455053345869825, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_ISESteroids_Obfuscation date = 2017-06-23, author = Florian Roth, description = Detects PowerShell ISESteroids obfuscation, reference = https://twitter.com/danielhbohannon/status/877953970437844993, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_1 date = 2017-08-20, hash1 = f2f85855914345eec629e6fc5333cf325a620531d1441313292924a88564e320, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_2 date = 2017-08-20, hash2 = b90831aaf8859e604283e5292158f08f100d4a2d4e1875ea1911750a6cb85fe0, author = Florian Roth, description = Detects Reflective DLL Loader - suspicious - Possible FP could be program crack, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score = c2a7a2d0b05ad42386a2bedb780205b7c0af76fe9ee3d47bbe217562f627fcae
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_3 date = 2017-08-20, hash1 = d10e4b3f1d00f4da391ac03872204dc6551d867684e0af2a4ef52055e771f474, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript_Favicon_File date = 2017-10-18, hash1 = 39c952c7e14b6be5a9cb1be3f05eafa22e1115806e927f4e2dc85d609bc0eb36, author = Florian Roth, description = VBScript cloaked as Favicon file used in Leviathan incident, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Redosdru_Jun17 date = 2017-06-04, hash1 = 4f49e17b457ef202ab0be905691ef2b2d2b0a086a7caddd1e70dd45e5ed3b309, author = Florian Roth, description = Detects malware Redosdru - file systemHome.exe, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Nitol_Jun17 date = 2017-06-04, hash1 = cba19d228abf31ec8afab7330df3c9da60cd4dae376552b503aea6d7feff9946, author = Florian Roth, description = Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WScript_Shell_PowerShell_Combo date = 2018-02-07, author = Florian Roth, description = Detects malware from Middle Eastern campaign reported by Talos, reference = http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 15f5aaa71bfa3d62fd558a3e88dd5ba26f7638bf2ac653b8d6b8d54dc7e5926b
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_with_WScript_Shell date = 2017-06-21, author = Florian Roth, description = Detects WScript Shell in HTA, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_Embedded date = 2017-06-21, author = Florian Roth, description = Detects an embedded HTA file, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill date = 2017-03-07, hash3 = 69530d78c86031ce32583c6800f5ffc629acacb18aac4c8bb5b0e915fc4cc4db, hash2 = 62aabce7a5741a9270cddac49cd1d715305c1d0505e620bbeaec6ff9b6fd0260, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 2bab3716a1f19879ca2e6d98c518debb107e0ed8e1534241f7769193807aac83
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill_VBS_1 date = 2017-03-07, hash1 = 0f4d608a87e36cb0dbf1b2d176ecfcde837070a2b2a049d532d3d4226e0c9587, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ZxShell_Jul17 date = 2017-07-08, hash1 = 5d2a4cde9fa7c2fdbf39b2e2ffd23378d0c50701a3095d1e91e3cf922d7b0b16, author = Florian Roth, description = Detects a ZxShell - CN threat group, reference = https://blogs.rsa.com/cat-phishing/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EternalRocks_taskhost date = 2017-05-18, hash1 = cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30, author = Florian Roth, description = Detects EternalRocks Malware - file taskhost.exe, reference = https://twitter.com/stamparm/status/864865144748298242, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: BeyondExec_RemoteAccess_Tool date = 2017-03-17, hash1 = 3d3e3f0708479d951ab72fa04ac63acc7e5a75a5723eb690b34301580747032c, author = Florian Roth, description = Detects BeyondExec Remote Access Tool - file rexesvr.exe, reference = https://goo.gl/BvYurS, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Disclosed_0day_POCs_injector date = 2017-07-07, hash1 = ba0e2119b2a6bad612e86662b643a404426a07444d476472a71452b7e9f94041, author = Florian Roth, description = Detects POC code from disclosed 0day hacktool set, reference = Disclosed 0day Repos, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_PupyRAT_PY date = 2017-02-17, hash1 = 8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71, author = Florian Roth, description = Detects Pupy RAT, reference = https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OilRig_Strings_Oct17 date = 2017-10-18, author = Florian Roth, description = Detects strings from OilRig malware and malicious scripts, reference = https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_Script_Running_from_HTTP author = Florian Roth, description = Detects a suspicious , reference = https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-20
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_1 date = 2017-06-13, hash2 = 018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81, hash1 = ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Portscan_3_Output date = 2017-06-13, author = Florian Roth, description = Detects Industroyer related custom port scaner output file, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_4 date = 2017-06-13, hash1 = 21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_5 date = 2017-06-13, hash1 = 7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: redSails_PY date = 2017-10-02, hash2 = 5ec20cb99030f48ba512cbc7998b943bebe49396b20cf578c26debbf14176e5e, hash1 = 6ebedff41992b9536fe9b1b704a29c8c1d1550b00e14055e3c6376f75e462661, author = Florian Roth, description = Detects Red Sails Hacktool - Python, reference = https://github.com/BeetleChunks/redsails, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Rehashed_RAT_2 date = 2017-09-08, hash1 = 49efab1dedc6fffe5a8f980688a5ebefce1be3d0d180d5dd035f02ce396c9966, author = Florian Roth, description = Detects malware from Rehashed RAT incident, reference = https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware_QA_vqgk date = 2016-08-29, author = Florian Roth, description = VT Research QA uploaded malware - file vqgk.dll, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 99541ab28fc3328e25723607df4b0d9ea0a1af31b58e2da07eff9f15c4e6565c
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Pupy_Backdoor date = 2017-08-11, hash5 = 06bb41c12644ca1761bcb3c14767180b673cb9d9116b555680073509e7063c3e, hash4 = 20e19817f72e72f87c794843d46c55f2b8fd091582bceca0460c9f0640c7bbd8, hash3 = 90757c1ae9597bea39bb52a38fb3d497358a2499c92c7636d71b95ec973186cc, hash2 = 83380f351214c3bd2c8e62430f70f8f90d11c831695027f329af04806b9f8ea4, hash1 = ae93714203c7ab4ab73f2ad8364819d16644c7649ea04f483b46924bd5bc0153, author = Florian Roth, description = Detects Pupy backdoor, hash7 = 8784c317e6977b4c201393913e76fc11ec34ea657de24e957d130ce9006caa01, hash6 = be83c513b24468558dc7df7f63d979af41287e568808ed8f807706f6992bfab2, reference = https://github.com/n1nj4sec/pupy-binaries, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Microcin_Sample_5 date = 2017-09-26, hash1 = b9c51397e79d5a5fd37647bc4e4ee63018ac3ab9d050b02190403eb717b1366e, author = Florian Roth, description = Malware sample mentioned in Microcin technical report by Kaspersky, reference = https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: clearlog date = 2017-06-02, hash1 = 14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3, author = Florian Roth, description = Detects Fireball malware - file clearlog.dll, reference = https://goo.gl/4pTkGQ, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PS_AMSI_Bypass date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1, license = https://creativecommons.org/licenses/by-nc/4.0/, score = file
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_Obfuscation_Dropbox date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_MSHTA_Bypass date = 2017-07-19, author = Florian Roth, description = Detects MSHTA Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JavaScript_Run_Suspicious author = Florian Roth, description = Detects a suspicious Javascript Run command, reference = https://twitter.com/craiu/status/900314063560998912, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-23
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_Spring1 date = 2017-02-04, hash5 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash2 = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a, hash1 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, author = Florian Roth, description = Ysoserial Payloads - file Spring1.bin, hash7 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, hash6 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload date = 2017-02-04, hash5 = 747ba6c6d88470e4d7c36107dfdff235f0ed492046c7ec8a8720d169f6d271f4, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, hash2 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, author = Florian Roth, description = Ysoserial Payloads, hash10 = 0143fee12fea5118be6dcbb862d8ba639790b7505eac00a9f1028481f874baa8, hash11 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash12 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, hash9 = 1fea8b54bb92249203d68d5564a01599b42b46fc3a828fe0423616ee2a2f2d99, hash8 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash7 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, hash6 = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = f756c88763d48cb8d99e26b4773eb03814d0bd9bd467cc743ebb1479b2c4073e, super_rule = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_3 date = 2017-02-04, hash2 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, author = Florian Roth, description = Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CACTUSTORCH date = 2017-07-31, hash3 = a52d802e34ac9d7d3539019d284b04ded3b8e197d5e3b38ed61f523c3d68baa7, hash2 = 0305aa32d5f8484ca115bb4888880729af7f33ac99594ec1aa3c65644e544aea, hash1 = 314e6d7d863878b6dca46af165e7f08fedd42c054d7dc3828dc80b86a3a9b98c, author = Florian Roth, description = Detects CactusTorch Hacktool, reference = https://github.com/mdsecactivebreach/CACTUSTORCH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_2 date = 2017-04-03, hash1 = c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_3 date = 2017-04-03, hash1 = c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_5 date = 2017-04-03, hash1 = beb1bc03bb0fba7b0624f8b2330226f8a7da6344afd68c5bc526f9d43838ef01, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_WmiDLL_inMemory date = 2017-04-07, author = Florian Roth, description = Malware related to Operation Cloud Hopper - Page 25, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_WMIExec_Tool_Apr17_1 date = 2017-04-07, hash1 = 21bc328ed8ae81151e7537c27c0d6df6d47ba8909aebd61333e32155d01f3b11, author = Florian Roth, description = Tools related to Operation Cloud Hopper, reference = https://github.com/maaaaz/impacket-examples-windows, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, modified = 2020-07-27
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Mimipenguin_SH date = 2017-04-01, author = Florian Roth, description = Detects Mimipenguin Password Extractor - Linux, reference = https://github.com/huntergregal/mimipenguin, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: POSHSPY_Malware date = 2017-07-15, author = Florian Roth, description = Detects, reference = https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FIN7_Backdoor_Aug17 date = 2017-08-04, author = Florian Roth, description = Detects Word Dropper from Proofpoint FIN7 Report, reference = https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec date = 2017-06-14, hash1 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen_1 date = 2017-06-14, hash2 = 7565d376665e3cd07d859a5cf37c2332a14c08eb808cc5d187a7f0533dc69e07, hash1 = 140c23514dbf8043b4f293c501c2f9046efcc1c08630621f651cfedb6eed8b97, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec_Invoke_WMIExec_1 date = 2017-06-14, hash2 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen date = 2017-06-14, hash3 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, hash2 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 56c6012c36aa863663fe5536d8b7fe4c460565d456ce2277a883f10d78893c01
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WMImplant date = 2017-03-24, hash1 = 860d7c237c2395b4f51b8c9bd0ee6cab06af38fff60ce3563d160d50c11d2f78, author = Florian Roth, description = Auto-generated rule - file WMImplant.ps1, reference = https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBrokers_Jan17_Screen_Strings date = 2017-01-08, author = Florian Roth, description = Detects strings derived from the ShadowBroker\'s leak of Windows tools/exploits, reference = https://bit.no.com:43110/theshadowbrokers.bit/post/message7/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_OSiRis date = 2017-03-27, hash1 = 19e4a8b07f85c3d4c396d0c4e839495c9fba9405c06a631d57af588032d2416e, author = Florian Roth, description = Osiris Device Guard Bypass - file Invoke-OSiRis.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_KHRAT_script date = 2017-08-31, hash1 = 8c88b4177b59f4cac820b0019bcc7f6d3d50ce4badb689759ab0966780ae32e3, author = Florian Roth, description = Rule derived from KHRAT script but can match on other malicious scripts as well, reference = https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_powershell date = 2017-07-23, hash1 = e5ee1f45cbfdb54b02180e158c3c1f080d89bce6a7d1fe99dd0ff09d47a36787, author = Florian Roth, description = Detects powershell script used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_Windows_UM_Task date = 2017-07-23, hash1 = 4c2fc21a4aab7686877ddd35d74a917f6156e48117920d45a3d2f21fb74fedd3, author = Florian Roth, description = Detects a Windows scheduled task as used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_WindowsTask date = 2017-07-23, hash5 = 984c7e1f76c21daf214b3f7e131ceb60c14abf1b0f4066eae563e9c184372a34, hash4 = 5046e7c28f5f2781ed7a63b0871f4a2b3065b70d62de7254491339e8fe2fa14a, hash3 = b6f515b3f713b70b808fc6578232901ffdeadeb419c9c4219fbfba417bba9f01, hash2 = 340cbbffbb7685133fc318fa20e4620ddf15e56c0e65d4cf1b2d606790d4425d, hash1 = c3cbe88b82cd0ea46868fb4f2e8ed226f3419fc6d4d6b5f7561e70f4cd33822c, author = Florian Roth, description = Detects hack tool used in Operation Wilted Tulip - Windows Tasks, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Impacket_Tools_Generic_1 date = 2017-04-07, hash5 = e2205539f29972d4e2a83eabf92af18dd406c9be97f70661c336ddf5eb496742, hash4 = ab909f8082c2d04f73d8be8f4c2640a5582294306dffdcc85e83a39d20c49ed6, hash3 = 2d8d500bcb3ffd22ddd8bd68b5b2ce935c958304f03729442a20a28b2c0328c1, hash2 = d256d1e05695d62a86d9e76830fcbb856ba7bd578165a561edd43b9f7fdb18a3, hash20 = 202a1d149be35d96e491b0b65516f631f3486215f78526160cf262d8ae179094, description = Compiled Impacket Tools, hash9 = 21d85b36197db47b94b0f4995d07b040a0455ebbe6d413bc33d926ee4e0315d9, hash8 = 0f7f0d8afb230c31fe6cf349c4012b430fc3d6722289938f7e33ea15b2996e1b, hash7 = dc85a3944fcb8cc0991be100859c4e1bf84062f7428c4dc27c71e08d88383c98, hash6 = 27bb10569a872367ba1cfca3cf1c9b428422c82af7ab4c2728f501406461c364, reference = https://github.com/maaaaz/impacket-examples-windows, super_rule = 4f7fad0676d3c3d2d89e8d4e74b6ec40af731b1ddf5499a0b81fc3b1cd797ee3, author = Florian Roth, hash10 = 4c2921702d18e0874b57638433474e54719ee6dfa39d323839d216952c5c834a, hash11 = 47afa5fd954190df825924c55112e65fd8ed0f7e1d6fd403ede5209623534d7d, hash12 = 7d715217e23a471d42d95c624179fe7de085af5670171d212b7b798ed9bf07c2, hash17 = e300339058a885475f5952fb4e9faaa09bb6eac26757443017b281c46b03108b, hash18 = 19544863758341fe7276c59d85f4aa17094045621ca9c98f8a9e7307c290bad4, license = https://creativecommons.org/licenses/by-nc/4.0/, hash19 = 2527fff1a3c780f6a757f13a8912278a417aea84295af1abfa4666572bbbf086, hash13 = 9706eb99e48e445ac4240b5acb2efd49468a800913e70e40b25c2bf80d6be35f, hash14 = d2856e98011541883e5b335cb46b713b1a6b2c414966a9de122ee7fb226aa7f7, hash15 = 8ab2b60aadf97e921e3a9df5cf1c135fbc851cb66d09b1043eaaa1dc01b9a699, hash16 = efff15e1815fb3c156678417d6037ddf4b711a3122c9b5bc2ca8dc97165d3769
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Auditcleaner date = 2017-04-08, hash1 = 8c172a60fa9e50f0df493bf5baeb7cc311baef327431526c47114335e0097626, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elgingamble date = 2017-04-08, hash1 = 0573e12632e6c1925358f4bfecf8c263dd13edf52c633c9109fe3aae059b49dd, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elgingamble, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsd date = 2017-04-08, hash1 = 634c50614e1f5f132f49ae204c4a28f62a32a39a3446084db5b0b49b564034b8, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsd, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_ebbshave date = 2017-04-08, hash1 = eb5e0053299e087c87c2d5c6f90531cc1946019c85a43a2998c7b66a6f19ca4b, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_eggbasket date = 2017-04-08, hash1 = b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file eggbasket, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_sambal date = 2017-04-08, hash1 = 2abf4bbe4debd619b99cb944298f43312db0947217437e6b71b9ea6e9a1a4fec, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file sambal, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_envisioncollision date = 2017-04-08, hash1 = 75d5ec573afaf8064f5d516ae61fd105012cbeaaaa09c8c193c7b4f9c0646ea1, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file envisioncollision, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsex date = 2017-04-08, hash1 = 2d8ae842e7b16172599f061b5b1f223386684a7482e87feeb47a38a3f011b810, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsex, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_DUL date = 2017-04-08, hash1 = 24d1d50960d4ebf348b48b4db4a15e50f328ab2c0e24db805b106d527fc5fe8e, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file DUL, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_slugger2 date = 2017-04-08, hash1 = a6a9ab66d73e4b443a80a69ef55a64da7f0af08dfaa7e17eb19c327301a70bdf, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file slugger2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_jackpop date = 2017-04-08, hash1 = 0b208af860bb2c7ef6b1ae1fcef604c2c3d15fc558ad8ea241160bf4cbac1519, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file jackpop, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_epoxyresin_v1_0_0 date = 2017-04-08, hash1 = eea8a6a674d5063d7d6fc9fe07060f35b16172de6d273748d70576b01bf01c73, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_estesfox date = 2017-04-08, hash1 = 33530cae130ee9d9deeee60df9292c00242c0fe6f7b8eedef8ed09881b7e1d5a, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file estesfox, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elatedmonkey_1_0_1_1 date = 2017-04-08, hash1 = bf7a9dce326604f0681ca9f7f1c24524543b5be8b6fcc1ba427b18e2a4ff9090, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell_ftshell_v3_10_3_0 date = 2017-04-08, hash2 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__scanner_scanner_v2_1_2 date = 2017-04-08, hash2 = 9807aaa7208ed6c5da91c7c30ca13d58d16336ebf9753a5cea513bcb59de2cff, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = dcbcd8a98ec93a4e877507058aa26f0c865b35b46b8e6de809ed2c4b3db7e222
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ghost_sparc_ghost_x86_3 date = 2017-04-08, hash2 = 82c899d1f05b50a85646a782cddb774d194ef85b74e1be642a8be2c7119f4e33, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = d5ff0208d9532fc0c6716bd57297397c8151a01bf4f21311f24e7a72551f9bf1
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__jparsescan_parsescan_5 date = 2017-04-08, hash2 = 942c12067b0afe9ebce50aa9dfdbf64e6ed0702d9a3a00d25b4fca62a38369ef, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 8c248eec0af04300f3ba0188fe757850d283de84cf42109638c1c1280c822984
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__funnelout_v4_1_0_1 date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 457ed14e806fdbda91c4237c8dc058c55e5678f1eecdd78572eff6ca0ed86d33
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__magicjack_v1_1_0_0_client date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 63292a2353275a3bae012717bb500d5169cd024064a1ce8355ecb4e9bfcdfdd1
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell date = 2017-04-08, hash4 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_noclient_3_3_2 date = 2017-04-09, hash1 = 3cf0eb010c431372af5f32e2ee8c757831215f8836cabc7d805572bb5574fc72, author = Florian Roth, description = Equation Group hack tool set, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Eternalromance date = 2017-04-15, hash2 = b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f1ae9fdbb660aae3421fd3e5b626c1e537d8e9ee2f9cd6d56cb70b6878eaca5d
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Gen2 date = 2017-04-15, hash4 = 8f7e10a8eedea37ee3222c447410fd5b949bd352d72ef22ef0b2821d9df2f5ba, hash3 = f2e90e04ddd05fa5f9b2fec024cd07365aebc098593d636038ebc2720700662b, hash2 = 561c0d4fc6e0ff0a78613d238c96aed4226fbb7bb9ceea1d19bc770207a6be1e, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 7fe425cd040608132d4f4ab2671e04b340a102a20c97ffdcf1b75be43a9369b5
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_ntevt date = 2017-04-15, hash1 = 4254ee5e688fc09bdc72bcc9c51b1524a2bb25a9fb841feaf03bc7ec1a9975bf, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld date = 2017-04-15, hash5 = 8419866c9058d738ebc1a18567fef52a3f12c47270f2e003b3e1242d86d62a46, hash4 = 551174b9791fc5c1c6e379dac6110d0aba7277b450c2563e34581565609bc88e, hash3 = c10f4b9abee0fde50fe7c21b9948a2532744a53bb4c578630a81d2911f6105a3, hash2 = 320144a7842500a5b69ec16f81a9d1d4c8172bb92301afd07fb79bc0eca81557, hash1 = 9ab667b7b5b9adf4ff1d6db6f804824a22c7cc003eb4208d5b2f12809f5e69d0, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0 date = 2017-04-15, hash2 = 5db457e7c7dba80383b1df0c86e94dc6859d45e1d188c576f2ba5edee139d9ae, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 052e778c26120c683ee2d9f93677d9217e9d6c61ffc0ab19202314ab865e3927
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4 date = 2017-04-15, hash5 = 5c0896dbafc5d8cc19b1bc7924420b20ed5999ac5bee2cb5a91aada0ea01e337, hash4 = c5e119ff7b47333f415aea1d2a43cb6cb322f8518562cfb9b90399cac95ac674, hash3 = 9d16d97a6c964e0658b6cd494b0bbf70674bf37578e2ff32c4779a7936e40556, hash2 = c4152f65e45ff327dade50f1ac3d3b876572a66c1ce03014f2877cea715d9afd, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 3e181ca31f1f75a6244b8e72afaa630171f182fbe907df4f8b656cc4a31602f6
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_scanner_output date = 2017-04-17, author = Florian Roth, description = Detects output generated by EQGRP scanner.exe, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: dragos_crashoverride_moduleStrings author = Dragos Inc, description = IEC-104 Interaction Module Program Strings, reference = https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_VBS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in VBS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_JS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in JS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.316499473.0000000006860000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000002.523349455.00000000022DB000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000002.523349455.00000000022DB000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.322872020.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.323493568.00000000068EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.323493568.00000000068EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.323493568.00000000068EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.464807403.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 00000013.00000002.542830535.0000000002FAE000.00000004.00000040.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_OSX date = 2017-12-24, hash2 = b7b506f38d0553cd2beb4111c7ef383c821f04cee5169fed2ef5d869c9fbfab3, hash1 = 2680d9900a057d553fcb28d84cdc41c3fc18fd224a88a32ee14c9c1b501a86af, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Silence_malware_2 date = 2017-11-01, hash1 = 75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27, author = Florian Roth, description = Detects malware sample mentioned in the Silence report on Securelist, reference = https://securelist.com/the-silence/83009/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://minergate.com/faq/what-pool-address
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_unspecified_Jan18_1 date = 2018-01-19, hash1 = f87879b29ff83616e9c9044bd5fb847cf5d2efdd2f01fc284d1a6ce7d464a417, author = Florian Roth, description = Detects unspecified malware sample, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_PSImage date = 2017-12-16, author = Florian Roth, description = Detects a command to execute PowerShell from String, reference = https://github.com/peewpw/Invoke-PSImage, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: malware_apt15_royaldll sha256 = bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d, author = David Cannings, description = DLL implant, originally rights.dll and runs as a service
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000003.325067585.0000000002E7E000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.478269987.0000000002FAD000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: classification engine

Classification label: mal100.rans.troj.expl.evad.mine.winEXE@15/1031@0/0

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	0_2_0040320C
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C46250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	3_2_02C46250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D56250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	5_2_02D56250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DB6250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	8_2_02DB6250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BB6250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	9_2_02BB6250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BA6250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	10_2_02BA6250

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Code function: 0_2_004044D1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004044D1

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,

0_2_004020D1

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File created: C:\Users\user\Desktop\00554e26-4141-4a67-98c4-9454bf8d1c70.dll

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File created: C:\Users\user\AppData\Local\Temp\nswAFA.tmp

Jump to behavior

Source: GZe6EcSTpO.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: GZe6EcSTpO.exe	Virustotal: Detection: 52%
Source: GZe6EcSTpO.exe	ReversingLabs: Detection: 41%

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File read: C:\Users\user\Desktop\GZe6EcSTpO.exe

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: GZe6EcSTpO.exe

Static file information: File size 16770272 > 1048576

Source: C:\Users\user\Desktop\vnwareupdate.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_508df7e2bcbccb90\MSVCR90.dll

Jump to behavior

Source: GZe6EcSTpO.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: $x1 = "\\BeyondExecV2\\Server\\Release\\Pipes.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\exeruner.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\T+M\\Result\\DocPrint.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\RbDoorX64.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\UACElevator_RID2B2C.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\shellcodegenerator.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Gubed\\Release\\Gubed.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\pstgdump_RID2A85.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\FakeRun.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\BypassUAC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\archer_lyl\\Release\\Archer_Input.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\ASGT.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = /\\Debug\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "ntfltmgr.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Debug\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ScreenMonitorService\\Release\\smmsrv.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\AllTheThings_RID2BB8.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\injector.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\ChromePasswordDump\\Release\\FireMaster.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\svc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "Desktop\\Htran\\Release\\Htran.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\Documents and Settings\\Administrator\\Desktop\\GetPAI\\Out\\IE.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\EWSTEW.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\beacon\\Release\\beacon.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\RoyalCli.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\BisonNewHNStubDll\\Release\\Goopdate.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\InjectDll.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\Development\\ghps\\nps\\nps\\obj\\x86\\Release\\nps.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Cobra\\Release\\Cobra.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\Sharpire_RID2A4F.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\milk\\Release\\milk.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\NoPowerShell.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "S:\\Lidstone\\renewing\\HA\\disable\\In.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "\\x86\\Release\\word.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "D:\\gitpoc\\UAC\\src\\x64\\Release\\lpe.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\Release\\Loader.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Release\\CnCerT.CCdoor.Client.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "D:\\Work\\Project\\VS\\HSSL\\HSSL_Unicode _2\\Release\\ServiceClient.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "F:\\Projects\\Bot\\Bot\\Release\\Ism.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Step7ProSim.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Release\\AppInitHook_RID2B57.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\inject.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "bin\\oSaberSvc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\WRK\\GHook\\gHook\\x64\\Debug\\gHookx64.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Projets\\vbsedit_source\\script2exe\\Release\\mywscript.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "srv\\newclient\\lib\\win32\\obj\\i386\\mstsc.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Decompress\\obj\\Release\\Decompress.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "ipsearcher_RID2B37\\ipsearcher_RID2B37\\Release\\ipsearcher_RID2B37.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\x64\\x64passldr.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\epathobj_exp\\x64\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Celesty Binder\\Stub\\STATIC\\Stub.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDbBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\reflective_dll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "src\\build\\Release\\dllConfig\\dllConfig.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Myrtille.Services.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\x86\\Debug\\secure_scan.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Win32Project1\\Release\\Win32Project1.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\RTLBot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\Potato.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ClearLog\\Release\\logC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "Agent Injector\\PolicyConverter\\Joiner\\obj\\Release\\Joiner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\PhantomNet-SSL.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\CWoolger.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\Bot Fresh.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\BypassUacDll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\Layer.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\kasper.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "Agent Injector\\PolicyConverter\\Inner\\obj\\Release\\Inner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\not copy\\obj\\Debug\\not copy.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\amd64\\elrawdsk.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s16 = ".\\lsasrv.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\FTPCom_vs10\\Release\\Engine.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pd source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\PSAttack.pdb" fullword source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\WindowXarbot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\objfre_w2k_x86\\i386\\guava.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\custact\\x86\\AICustAct.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Lenovo\\Desktop\\test\\Release\\test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\WinMain\\Release\\WinMain.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "Excalibur\\bin\\Shell.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\SkeyMan2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD dBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDoBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDcBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDdBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDiBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOThe Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4dec74bc41c581b82459;APTnotes 2014 Operation_Poisoned_Hurricane.pdf source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\ReflectivLoader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\fgexec_RID2983.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\botkill.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "Bot\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\PowerShellRunner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Bot5\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDh source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\instlsp\\Release\\Lancer.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\MiniAsp4\\Release\\MiniAsp.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\scout\\Release\\scout.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\epathobj_exp\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = /\\Release\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "BypassUac.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s5 = "%windows%\\mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\Release\\TempRacer_RID2A94.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\exploit.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\i386\\Hello.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s6 = "\\obj\\Release\\ZPP.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "uac\\bin\\install_test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Logintech\\Dropbox\\Projects\\New folder\\Latest\\Benchmark\\Benchmark\\obj\\Release\\Benchmark.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\dnscat2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD5Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDaBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8@ source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\support\\Release\\ab.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s4 = "C:\\v3\\exe\\de_svr_inst.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

Data Obfuscation:

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_00401D61 push ecx; ret	3_2_00401D74
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CFB2B1 push ecx; ret	3_2_02CFB2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C39F8F pushfd ; ret	3_2_02C39F96
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02E0B2B1 push ecx; ret	5_2_02E0B2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E6B2B1 push ecx; ret	8_2_02E6B2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C30678 push es; ret	9_2_02C3067A
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C6B2B1 push ecx; ret	9_2_02C6B2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C5B2B1 push ecx; ret	10_2_02C5B2C4

Source: initial sample

Static PE information: section name: .text entropy: 6.92175980221

Persistence and Installation Behavior:

Drops PE files

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\winxpgui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\python27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_cffi_backend.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.adsi.adsi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\yara.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\mfc90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._constant_time.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32clipboard.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32pdh.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\msvcp90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\tk85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32pipe.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.directsound.directsound.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.mapi.mapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\python27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.authorization.authorization.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._openssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\msvcm90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\pywintypes27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.taskscheduler.taskscheduler.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\tcl85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.mapi.exchange.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.bits.bits.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\MSVCR90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\pythoncom27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.ifilter.ifilter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.internet.internet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\MSVCR90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.axcontrol.axcontrol.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.axscript.axscript.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32gui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.mapi.exchdapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.propsys.propsys.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.axdebug.axdebug.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\vnwareupdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32file.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._padding.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.shell.shell.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32process.pyd	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Deletes itself after installation

Source: C:\Users\user\Desktop\vnwareupdate.exe

File deleted: c:\users\user\desktop\gze6ecstpo.exe

Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM3

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $S5 = "WIRESHARK.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $A2 = "DUMPCAP.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $X12 = "ANTISNIFF -A WIRESHARK.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $S3 = "WINDUMP.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $S2 = "TCPDUMP.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $X1 = ";PROCMON64.EXE;NETMON.EXE;TCPVIEW.EXE;MINISNIFFER.EXE;SMSNIFF.EXE" ASCII

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\winxpgui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.taskscheduler.taskscheduler.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\tcl85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.mapi.exchange.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.bits.bits.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.adsi.adsi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\yara.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\mfc90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.ifilter.ifilter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.internet.internet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32clipboard.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.axcontrol.axcontrol.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.axscript.axscript.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32pdh.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32gui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\msvcp90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.mapi.exchdapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\tk85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32pipe.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.mapi.mapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.directsound.directsound.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.propsys.propsys.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\msvcm90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.axdebug.axdebug.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.authorization.authorization.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32process.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32ui.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: C:\Users\user\Desktop\vnwareupdate.exe

Code function: 3_2_02C46250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,

3_2_02C46250

Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\	Jump to behavior

Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: Check_VMWare_DeviceMap
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: Check_VmTools
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $v1 = "vmware" fullword ascii
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: Check_Qemu_Description
Source: GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	Binary or memory string: "C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=C:\Users\user\Desktop\Uninstall.exesmVath_DakotaxpTheme.tclluler.taskscheduler.pyde.pydx
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	Binary or memory string: .tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=q
Source: GZe6EcSTpO.exe, 00000000.00000002.225965765.000000000042C000.00000004.00020000.sdmp	Binary or memory string: "C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=GhT1
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	Binary or memory string: tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: antivm_vmware
Source: GZe6EcSTpO.exe, 00000000.00000002.226025578.0000000000470000.00000004.00000020.sdmp	Binary or memory string: C:\Users\user\Desktop\C:\Users\user\Desktop\vnwareupdate.exe"C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBV\Registry\Machine\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_InitializeS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=C:\Users\user\Desktop\vnwareupdate.exeWinsta0\Default=::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=computerComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\U\Registry\Machine\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\Users\userp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $v3 = "VMWVMCIHOSTDEV" fullword ascii
Source: vnwareupdate.exe, 00000003.00000002.516586653.00000000021E0000.00000004.00000040.sdmp	Binary or memory string: C:\Users\user\Desktop\vnwareupdate.exe-rtNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=
Source: vnwareupdate.exe, 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp	Binary or memory string: tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=q
Source: GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	Binary or memory string: "C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=

Anti Debugging:

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\vnwareupdate.exe

Code function: 3_2_00401E98 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,

3_2_00401E98

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_00401A91 SetUnhandledExceptionFilter,	3_2_00401A91
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_00401E98 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	3_2_00401E98
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CFAD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	3_2_02CFAD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02E0AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	5_2_02E0AD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E6AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	8_2_02E6AD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C6AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	9_2_02C6AD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C5AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	10_2_02C5AD3E

HIPS / PFW / Operating System Protection Evasion:

Yara detected Powershell download and execute

Source: Yara match	File source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1092'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1136'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1244'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1236'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1256'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1300'	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=			Jump to behavior

Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp

Binary or memory string: DOF_PROGMAN

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\ad421c32-aaf8-4995-847c-18069215aace.md VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\ad421c32-aaf8-4995-847c-18069215aace.md VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\9703e260-d265-4332-8de3-4e5fab56a248.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\9703e260-d265-4332-8de3-4e5fab56a248.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\9703e260-d265-4332-8de3-4e5fab56a248.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\status.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\00554e26-4141-4a67-98c4-9454bf8d1c70.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\00554e26-4141-4a67-98c4-9454bf8d1c70.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\2a5e15fa-fe3f-471c-b784-6a56e4aeac95.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\fc38c7ee-ad18-4c74-a67c-9df763b1d8a4.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\28f4fa56-e109-42e0-9d12-1e216cf1181f.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\a6be3467-9cec-43b3-8e87-ded73d446923.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\93d72046-08db-4412-ab52-b014148c1823.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation

Source: C:\Users\user\Desktop\vnwareupdate.exe

Code function: 3_2_00401DC8 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

3_2_00401DC8

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

0_2_0040320C

Source: C:\Users\user\Desktop\vnwareupdate.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Codoso Ghost

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected GhostRat

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Mimikatz

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Mini RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY

Yara detected Nukesped

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected PupyRAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected WebMonitor RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Remote Access Functionality:

Detected HawkEye Rat

Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: \HawkEye_Keylogger_
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: rule MAL_HawkEye_Keylogger_Gen_Dec18_RID324D : DEMO GEN HKTL MAL T1056 T1113 {
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: rule HawkEye_Keylogger_Feb18_1_RID302C : DEMO EXE FILE MAL T1056 {

Detected Nanocore Rat

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $x2 = "NanoCore.ClientPluginHost" fullword ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $x1 = "NanoCore.ClientPluginHost" fullword ascii

Detected xRAT

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

String found in binary or memory: $x5 = "<description>My UAC Compatible application</description>" fullword ascii

Yara detected CobaltStrike

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Codoso Ghost

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected GhostRat

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Mini RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY

Yara detected Nukesped

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected PupyRAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Turla ComRAT XORKey

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected WebMonitor RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: GZe6EcSTpO.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: GZe6EcSTpO.exe	Virustotal: Detection: 52%			Perma Link
Source: GZe6EcSTpO.exe	ReversingLabs: Detection: 41%

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Cryptography:

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA0AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	3_2_02CA0AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA0380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	3_2_02CA0380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA0E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	3_2_02CA0E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB0AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	5_2_02DB0AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB0380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	5_2_02DB0380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB0E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	5_2_02DB0E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E10AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	8_2_02E10AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E10380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	8_2_02E10380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E10E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	8_2_02E10E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C102A0 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,	9_2_02C102A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	9_2_02C10380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10310 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,	9_2_02C10310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10120 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,	9_2_02C10120
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C12460 CryptAcquireContextW,CryptReleaseContext,	9_2_02C12460
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	9_2_02C10AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C10E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	9_2_02C10E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C11070 CryptExportKey,CryptExportKey,GetLastError,CryptExportKey,GetLastError,	9_2_02C11070
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C2B740 CryptAcquireContextW,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptGenRandom,CryptReleaseContext,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,GlobalMemoryStatus,GetCurrentProcessId,	9_2_02C2B740
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C115A0 CryptCreateHash,GetLastError,CryptSetHashParam,GetLastError,CryptSignHashW,GetLastError,CryptDestroyHash,	9_2_02C115A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C11AC0 CryptCreateHash,GetLastError,CryptSetHashParam,GetLastError,CryptSignHashW,CryptDestroyHash,	9_2_02C11AC0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C11880 CryptDecrypt,GetLastError,memcpy,	9_2_02C11880
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C0FE60 CryptEnumProvidersW,CryptEnumProvidersW,GetLastError,CryptEnumProvidersW,GetLastError,	9_2_02C0FE60
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C00AA0 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,	10_2_02C00AA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C00380 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,	10_2_02C00380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C00E90 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,	10_2_02C00E90

Exploits:

Yara detected UACMe UAC Bypass tool

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Privilege Escalation:

Detected Hacktool Mimikatz

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

String found in binary or memory: $s1 = "http://blog.gentilkiwi.com/mimikatz" ascii

Bitcoin Miner:

Yara detected Coinhive miner

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Crypto Miner

Source: Yara match	File source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY
Source: Yara match	File source: C:\Users\user\Desktop\otx-c2-iocs.txt, type: DROPPED

Found strings related to Crypto-Mining

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s1 = "stratum+tcp://" ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s7 = "-P /tmp && chmod +x /tmp/pools.txt" fullword ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s8 = "\"algo\": \"cryptonight\", // cryptonight (default) or cryptonight-lite" fullword ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s1 = "stratum+tcp://" ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: reference = "https://coinhive.com/documentation/miner"
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: Smominru Monero mining botnet making millions for operators https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-koOilRig uses RGDoor IIS Backdoor on Targets in the Middle East https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iiOilRig uses RGDoor IIS Backdoor on Targets in the Middle East https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iicLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge Scale Monero Cryptocurrency Mining Operation using XMRig https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cr

Compliance:

Uses 32bit PE files

Source: GZe6EcSTpO.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\vnwareupdate.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_508df7e2bcbccb90\MSVCR90.dll

Jump to behavior

Source: GZe6EcSTpO.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: $x1 = "\\BeyondExecV2\\Server\\Release\\Pipes.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\exeruner.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\T+M\\Result\\DocPrint.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\RbDoorX64.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\UACElevator_RID2B2C.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\shellcodegenerator.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Gubed\\Release\\Gubed.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\pstgdump_RID2A85.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\FakeRun.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\BypassUAC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\archer_lyl\\Release\\Archer_Input.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\ASGT.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = /\\Debug\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "ntfltmgr.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Debug\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ScreenMonitorService\\Release\\smmsrv.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\AllTheThings_RID2BB8.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\injector.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\ChromePasswordDump\\Release\\FireMaster.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\svc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "Desktop\\Htran\\Release\\Htran.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\Documents and Settings\\Administrator\\Desktop\\GetPAI\\Out\\IE.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\EWSTEW.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\beacon\\Release\\beacon.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\RoyalCli.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\BisonNewHNStubDll\\Release\\Goopdate.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\InjectDll.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\Development\\ghps\\nps\\nps\\obj\\x86\\Release\\nps.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Cobra\\Release\\Cobra.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\Sharpire_RID2A4F.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\milk\\Release\\milk.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\NoPowerShell.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "S:\\Lidstone\\renewing\\HA\\disable\\In.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "\\x86\\Release\\word.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "D:\\gitpoc\\UAC\\src\\x64\\Release\\lpe.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\Release\\Loader.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Release\\CnCerT.CCdoor.Client.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "D:\\Work\\Project\\VS\\HSSL\\HSSL_Unicode _2\\Release\\ServiceClient.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "F:\\Projects\\Bot\\Bot\\Release\\Ism.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Step7ProSim.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Release\\AppInitHook_RID2B57.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\inject.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "bin\\oSaberSvc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\WRK\\GHook\\gHook\\x64\\Debug\\gHookx64.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Projets\\vbsedit_source\\script2exe\\Release\\mywscript.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "srv\\newclient\\lib\\win32\\obj\\i386\\mstsc.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Decompress\\obj\\Release\\Decompress.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "ipsearcher_RID2B37\\ipsearcher_RID2B37\\Release\\ipsearcher_RID2B37.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\x64\\x64passldr.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\epathobj_exp\\x64\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Celesty Binder\\Stub\\STATIC\\Stub.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDbBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\reflective_dll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "src\\build\\Release\\dllConfig\\dllConfig.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Myrtille.Services.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\x86\\Debug\\secure_scan.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Win32Project1\\Release\\Win32Project1.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\RTLBot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\Potato.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ClearLog\\Release\\logC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "Agent Injector\\PolicyConverter\\Joiner\\obj\\Release\\Joiner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\PhantomNet-SSL.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\CWoolger.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\Bot Fresh.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\BypassUacDll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\Layer.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\kasper.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "Agent Injector\\PolicyConverter\\Inner\\obj\\Release\\Inner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\not copy\\obj\\Debug\\not copy.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\amd64\\elrawdsk.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s16 = ".\\lsasrv.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\FTPCom_vs10\\Release\\Engine.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pd source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\PSAttack.pdb" fullword source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\WindowXarbot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\objfre_w2k_x86\\i386\\guava.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\custact\\x86\\AICustAct.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Lenovo\\Desktop\\test\\Release\\test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\WinMain\\Release\\WinMain.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "Excalibur\\bin\\Shell.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\SkeyMan2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD dBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDoBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDcBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDdBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDiBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOThe Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4dec74bc41c581b82459;APTnotes 2014 Operation_Poisoned_Hurricane.pdf source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\ReflectivLoader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\fgexec_RID2983.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\botkill.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "Bot\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\PowerShellRunner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Bot5\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDh source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\instlsp\\Release\\Lancer.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\MiniAsp4\\Release\\MiniAsp.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\scout\\Release\\scout.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\epathobj_exp\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = /\\Release\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "BypassUac.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s5 = "%windows%\\mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\Release\\TempRacer_RID2A94.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\exploit.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\i386\\Hello.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s6 = "\\obj\\Release\\ZPP.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "uac\\bin\\install_test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Logintech\\Dropbox\\Projects\\New folder\\Latest\\Benchmark\\Benchmark\\obj\\Release\\Benchmark.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\dnscat2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD5Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDaBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8@ source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\support\\Release\\ab.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s4 = "C:\\v3\\exe\\de_svr_inst.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\	Jump to behavior

Networking:

Found Tor onion address

Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: WdSAzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-Double dipping: Diverting ransomware Bitcoin payments via .onion domains https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoDouble dipping: Diverting ransomware Bitcoin payments via .onion domains https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ranso
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: Double dipping: Diverting ransomware Bitcoin payments via .onion domains https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoNew version of mobile malware Catelites possibly linked to Cron cyber gang https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tH %

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $s3 = "www.yahoo.com" fullword ascii equals www.yahoo.com (Yahoo)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 008DE622CA9526F5F4A1DD3F16F4EA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 02B03555A505CFCFC4B5F4F716B2BA88ED4CD8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 038A97B4E2F37F34B255F0643E49FC9D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 04738CA02F59A5CD394998A99FCD9613;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 070D7082A5ABE1112615877214EC82241FD17E5BD465E24D794A470F699AF88E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 07E1740152E09610EA826655D27E8D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 092DE09E2F346B81A84113734964AD10284F142D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 09DB36F71106379832C8CA57BA5BE8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 0A15D1AA85C9D39C4757EFDA861DA014156D31;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 0D2B07DF600285D1D8C49938BC2F79AD3EEF5C77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 0D7082A5ABE1112615877214EC82241FD17E5BD465E24D794A470F699AF88E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 12499311682E914B703A8669CE05FA4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 12620D0CBCDFBDB04D01A18BBD497B8A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 141E78D16456A072C9697454FC6D5F58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 159B71183A69928BA8F26B76772EC504AEFEAC71021B012BD006162E133731;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CAA374B5A53E34E161C59D18CE6FDFF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CC9179A724C41E6712CE3F5AEADFD;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CE20B4E7A561F0AC5C6C515975B70A5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1CE41809508B7F88A24CABA884926C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1E78D16456A072C9697454FC6D5F58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 1FD9AEEACA9631902BCCD6BDD89F74;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2154A36F32BA10E98020A8AD758A7A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 243511A51088D57E6DF08D5EF52D5499;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 277256F905D7CB07CDCD096CECC27E76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2B07DF600285D1D8C49938BC2F79AD3EEF5C77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2C641A9348F1E0CCF9F38EE17F41B2DA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2C9095C965A55EFC46E16B86F9B7D6C6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2DE09E2F346B81A84113734964AD10284F142D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 2F159B71183A69928BA8F26B76772EC504AEFEAC71021B012BD006162E133731;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 31008DE622CA9526F5F4A1DD3F16F4EA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 34A11F3D68FD6CDEF04B6DF17BBE8F4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3511A51088D57E6DF08D5EF52D5499;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 36E477643375030431301ABACCB8287B2EECCE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3986FB79BC66807E28F233B52EFA7C315862C8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 39BFE18D912DBCC940D05D692EFEB9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3B6C3DF08E99B40148548E96CD1AC872;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3C432A21CFD05F976AF8C47A007928F7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3C58F168E883AF1294BBCEA33B03E6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3CC0D3A05CD0CEF8294506F37A0B8A00;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 3D36E477643375030431301ABACCB8287B2EECCE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 40D3D8795559A556A8897EC6E003FC91;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 41E48A6B91750D99A8295C97FD55D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 432A21CFD05F976AF8C47A007928F7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 43E71A8C73B5E343AA9D2E19002373;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 451CE41809508B7F88A24CABA884926C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4595DBE00A538DF127E0079294C87DA0;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 489F3E5D8BFEB3A75250017191277E2D5D0BAE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4909DB36F71106379832C8CA57BA5BE8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 499311682E914B703A8669CE05FA4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: 4AADF3CA86E9B567E23F9F31782495;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4CB67845A88F1A9C22CEAAD46F584B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4E4E9AAC289F1C55E50227E2DE66463B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 4E9AAC289F1C55E50227E2DE66463B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 509F959F92210D8DD40710BA34548AE960864754;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 514DEE65CAF923E829F1E0094D2585;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 529353E33FD3C0D2802BB558414F11;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5388520F80C6CA3038445EBB3D6A51F3D90BF717;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5ACC56C93C5BA1318DD2FA9C3509D60B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5C2C06DECA8212EB71D2CC7F0D23E9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5C5C2C06DECA8212EB71D2CC7F0D23E9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5C6A887A91B18289A70BDD29CC86EBDB;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5D63D4D952E9A0715583F97A2D9EDEB45AE74E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5DBEF7BDDAF50624E840CCBCE2816594;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 5FCD7588B1D94008975C4627C8FEB6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 619528E52A31D1D348ACB2077E2FC240;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 61C909D2F625223DB2FB858BBDF42A76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 61E2679CD208E0A421ADC4940662C583;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 620D0CBCDFBDB04D01A18BBD497B8A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: 637F971A3BCD465BF077921A51F7EC;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 641A9348F1E0CCF9F38EE17F41B2DA;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 64E917FEBEA4AB178F7D21A7E220FE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 64F0AC82CCC4A6DEF48D5F9079B7C146126C6464;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 65A1A73253F04354886F375B59550B46;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 65FCC51F70B2213BCE4D39DE56646795FD62D169;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 661CC9179A724C41E6712CE3F5AEADFD;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 6A887A91B18289A70BDD29CC86EBDB;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 6C3C58F168E883AF1294BBCEA33B03E6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 6C3DF08E99B40148548E96CD1AC872;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 722154A36F32BA10E98020A8AD758A7A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7256F905D7CB07CDCD096CECC27E76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 72A28EFB6E32E653B656CA32CCD44B3111145A695F6F6161965DEEBBDC437076;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 738CA02F59A5CD394998A99FCD9613;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 756DD64C1147515BA2298B6A760260;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 765FCD7588B1D94008975C4627C8FEB6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 78256FBF2F061CFDED7FDD58FEDED6765FADE730374C508ADAD89282F67D77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 78E90308FF107CE38089DFF16A929431;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 791BCEBAEA85E9129E706B22E3BDA43F762E4A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 793986FB79BC66807E28F233B52EFA7C315862C8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: 79B13F81582E64327CFC02425BD7DC;Trojan.Klonzyrat https://twitter.com/jiriatvirlab/status/822601440317345792 / https://www.symante equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7AA521E7CAFB360294E56969EDA5D6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7DBFA8CBB39192FFE2A930FC5258D4C1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 7EAE5684E4B4BF44E36F2810C86FCD33;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8341E48A6B91750D99A8295C97FD55D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 848775BAB0801E5BB15B33FA4FCA573C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8775BAB0801E5BB15B33FA4FCA573C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 88520F80C6CA3038445EBB3D6A51F3D90BF717;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8943E71A8C73B5E343AA9D2E19002373;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8A39BFE18D912DBCC940D05D692EFEB9;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8A97B4E2F37F34B255F0643E49FC9D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8F64E917FEBEA4AB178F7D21A7E220FE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 8FF4DC8A2EBFD5EEA11A38877BD4F2DF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 901FD9AEEACA9631902BCCD6BDD89F74;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 90514DEE65CAF923E829F1E0094D2585;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 905A3508D9309A93AD5C0EC26EBC9B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9095C965A55EFC46E16B86F9B7D6C6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: 9166A078FB409E1952164028A00B99;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 943F5E45BEFA52FB12748CA7171D30096E1D4FC3C365561497C618341299D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9528E52A31D1D348ACB2077E2FC240;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 95DBE00A538DF127E0079294C87DA0;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 96489F3E5D8BFEB3A75250017191277E2D5D0BAE;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 97290300ABB68FB48480718E6318EE2CDD4F099AA6438010FB2F44803E0B58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 99AA0D0ECEEFCE4C0856532181B449B1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9B97290300ABB68FB48480718E6318EE2CDD4F099AA6438010FB2F44803E0B58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9D1F5D79CD906F75C88177C7F6168E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: 9F959F92210D8DD40710BA34548AE960864754;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A030EA830A12A32E84A012DFB1679B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A07AA521E7CAFB360294E56969EDA5D6;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A0B7FBDBDCEF1777657182A504283D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A11F3D68FD6CDEF04B6DF17BBE8F4D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A1A73253F04354886F375B59550B46;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A278256FBF2F061CFDED7FDD58FEDED6765FADE730374C508ADAD89282F67D77;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A28EFB6E32E653B656CA32CCD44B3111145A695F6F6161965DEEBBDC437076;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A54CCC770DCCE8FD4929B7C1176470;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A602B03555A505CFCFC4B5F4F716B2BA88ED4CD8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A6D36749EEBBBC51B552E5803ED1FD58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A8F69EB2CF9F30EA96961C86B4347282;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: A906082DF6383AA8D5DE60F6EF830E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AA0D0ECEEFCE4C0856532181B449B1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AA374B5A53E34E161C59D18CE6FDFF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AA905A3508D9309A93AD5C0EC26EBC9B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: ACDB6D5C1D8C3F5E3C29C3605BFFCF18;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: AE5684E4B4BF44E36F2810C86FCD33;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: APT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlPowerShell ransomware delivered in MalSpam https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailPowerShell ransomware delivered in MalSpam https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailPowerShell ransomware delivered in MalSpam https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailSandworm to Blacken: The SCADA Connection http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tSandworm to Blacken: The SCADA Connection http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-t9002 RAT -- a second building on the left http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-9002 RAT -- a second building on the left http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-Sandworm to Blacken: The SCADA Connection http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tXData ransomware attacked users in Ukraine https://twitter.com/martin_u/status/880088927595638784 / https://nioguard.blogspXData ransomware attacked users in Ukraine https://twitter.com/martin_u/status/880088927595638784 / https://nioguard.blogsp equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: B12CCD0A2BFE7D9540E29FAB052698BB300E81326EFD8D85515069179F2FC0;Trojan.Klonzyrat https://twitter.com/jiriatvirlab/status/822601440317345792 / https://www.symante equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: B45D63D4D952E9A0715583F97A2D9EDEB45AE74E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: B6CA04CC59805E2680D77A71D9D7BD2F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: B72A2802D2A7FF33FD2D4BBCF41188724FCAA8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BA756DD64C1147515BA2298B6A760260;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BCF823EEEE02967B49B764E22319C79F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BE0A15D1AA85C9D39C4757EFDA861DA014156D31;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BEF7BDDAF50624E840CCBCE2816594;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BFA54CCC770DCCE8FD4929B7C1176470;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: BFA8CBB39192FFE2A930FC5258D4C1;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot Found on Google Play and Targets Ten New UAE Banking Apps http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-New multi platform malware/adware spreading via Facebook Messenger https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mNew multi platform malware/adware spreading via Facebook Messenger https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mNew multi platform malware/adware spreading via Facebook Messenger https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mLarge Malvertising Campaign Leads to Angler EK & Bunitu Malware http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverLarge Malvertising Campaign Leads to Angler EK & Bunitu Malware http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverLarge Malvertising Campaign Leads to Angler EK & Bunitu Malware http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverChina Hacks the Peace Palace: All Your EEZ\u2019s Are Belong to Us https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-belChina Hacks the Peace Palace: All Your EEZ\u2019s Are Belong to Us https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-bel equals www.facebook.com (Facebook)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C093A79FAE9B92E69C99BB28F9AE12939E4E1327A371EEAC9207E346ECCDB4;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C0D3A05CD0CEF8294506F37A0B8A00;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C1529353E33FD3C0D2802BB558414F11;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C1A030EA830A12A32E84A012DFB1679B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C34CB67845A88F1A9C22CEAAD46F584B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C3DC68E8D734968432C5DD5F6DB444C7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C8791BCEBAEA85E9129E706B22E3BDA43F762E4A;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: C909D2F625223DB2FB858BBDF42A76;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: CA04CC59805E2680D77A71D9D7BD2F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: CC56C93C5BA1318DD2FA9C3509D60B;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: CDA0B7FBDBDCEF1777657182A504283D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: CEFB8A9866A1A09F8ADE2992575F489BCEB735;Trojan.Klonzyrat https://twitter.com/jiriatvirlab/status/822601440317345792 / https://www.symante equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D36749EEBBBC51B552E5803ED1FD58;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D3D8795559A556A8897EC6E003FC91;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D745EA39C8C5B82D5E153D3313096C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: D7D745EA39C8C5B82D5E153D3313096C;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DB07E1740152E09610EA826655D27E8D;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DB6D5C1D8C3F5E3C29C3605BFFCF18;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DC68E8D734968432C5DD5F6DB444C7;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: DD5F334CFFD250A1E16DAC46165DD6;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DDE2A6AC540643E2428976B778C43D39;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: DEF52F017EAAC4843AAB506A39AC2DBF96AEE5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E20B4E7A561F0AC5C6C515975B70A5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E2679CD208E0A421ADC4940662C583;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E29D1F5D79CD906F75C88177C7F6168E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E2A6AC540643E2428976B778C43D39;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E90308FF107CE38089DFF16A929431;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: E9A906082DF6383AA8D5DE60F6EF830E;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: E9FC007CC082BE545DBC0C62247ADE;Gendwnurl Backdoor https://twitter.com/0x766c6164/status/794176576011309056 / https://www.microsoft equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: EFDEF52F017EAAC4843AAB506A39AC2DBF96AEE5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F0AC82CCC4A6DEF48D5F9079B7C146126C6464;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F2943F5E45BEFA52FB12748CA7171D30096E1D4FC3C365561497C618341299D5;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F4DC8A2EBFD5EEA11A38877BD4F2DF;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F69EB2CF9F30EA96961C86B4347282;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F823EEEE02967B49B764E22319C79F;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: F9B72A2802D2A7FF33FD2D4BBCF41188724FCAA8;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: FCC093A79FAE9B92E69C99BB28F9AE12939E4E1327A371EEAC9207E346ECCDB4;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: FCC51F70B2213BCE4D39DE56646795FD62D169;Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A / https://twitter.com/cyb3rops/sta equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: Karagany.B https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234Karagany.B https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234Karagany.B https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234Ding! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamMalicious Word document targeting Mac users https://objective-see.com/blog/blog_0x17.htmlFinding Hackingteam code in Russian malware https://objective-see.com/blog/blog_0x18.htmlDing! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pDing! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pDing! Your RAT has been delivered http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pOcean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (HttpProv.dll)Ocean Lotus Report by Tencent https://s.tencent.com/research/report/471.html (HttpProv.dll) equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Lazarus Samples https://twitter.com/cyb3rops/status/945588042080899072Further Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlVENOM Linux rootkit https://security.web.cern.ch/security/venom.shtmllVENOM Linux rootkit https://security.web.cern.ch/security/venom.shtmlFurther Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.htmlPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comEvilBunny (2014) https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Pincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comEvilBunny (2014) https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Pincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.comAPTnotes 2012 Cyberattack_against_Israeli_and_Palestinian_targets.pdfPincav Malware Hashes https://map.blueliv.com / https://www.blueliv.com equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: Linux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pMalicious Macros targetting South Korea https://twitter.com/eyalsela/status/900248754091167744Hellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin.p equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: Malware Analysis Report (MAR-10135536-G) \u2013 North Korean Trojan: BADCALL MAR-10135536-G_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publEvasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Malware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publMalware Analysis Report (MAR-10135536-F) \u2013 North Korean Trojan: HARDRAIN MAR-10135536-F_WHITE_stix.xml / https://www.us-cert.gov/sites/default/files/publDownloaders on Google Play spreading malware to steal Facebook login details https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-facDownloaders on Google Play spreading malware to steal Facebook login details https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-fac6B6E023B4221BAE8ED37BB18407516; APT10 / Cloud Hopper https://goo.gl/CywXnS equals www.facebook.com (Facebook)
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: New Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNaoinstalad Malware Targeting users in Brazil http://www.malware-traffic-analysis.net/2017/06/08/index.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNaoinstalad Malware Targeting users in Brazil http://www.malware-traffic-analysis.net/2017/06/08/index.htmlBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eya equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: SDarkhotel (2014) https://cdn.securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf / htOperation Double Tap https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT Malware Delivered over Facebook https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware equals www.facebook.com (Facebook)
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: Sowbug: Cyber espionage group targets South American and Southeast Asian governments https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout5Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopi1#ISMDoor impersonates ZAHRANI (an electrical equipment and engineering company in Saudi Arabia) and ThetaRay. https://twitter.com/eyalsela/status/92066117900924109328cTurla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopib8Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopieTurla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiNRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-aRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-udiRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-ioRecent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-Recent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-f6Recent Watering Hole Attacks Attributed to APT Group th3bug Using Poison Ivy (2014) http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks- equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: The Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe Scarab attack group http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScRATs from the Underground http://researchcenter.paloaltonetworks.com/2017/01/unit42-exploring-cybercrime-uBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyaBanking Trojan Attempts To Steal Brazillion$ http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 / https://twitter.com/eyad312ff06187c93d12dd5f1d0;FannyWorm Equation Group Sample http://goo.gl/f6xNwu equals www.twitter.com (Twitter)
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: The Spring Dragon APT https://securelist.com/blog/research/70726/the-spring-dragon-apt/APT1: technical backstage (2013) https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03/APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03//Nebula Exploit Kit http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlNebula Exploit Kit http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlNebula Exploit Kit http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlUrsnif: Deep Technical Dive http://www.seculert.com/blogs/ursnif-deep-technical-diveLazarus Bitcoin Spearphishes https://twitter.com/ClearskySec/status/944926250161844224Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Lazarus Bitcoin Spearphishes https://twitter.com/ClearskySec/status/944926250161844224Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Group5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Angler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variantsAngler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variantsGroup5: Syria and the Iranian Connection https://citizenlab.org/2016/08/group5-syria/Lazarus Bitcoin Spearphishes https://twitter.com/ClearskySec/status/944926250161844224Angler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variantsAngler Exploit Kit New Variants http://blogs.cisco.com/security/talos/angler-variants equals www.twitter.com (Twitter)

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: HTTP://HI.BAIDU.COM/0X24Q
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: Http://Www.YrYz.Net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: Http://www.darkst.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/%5.5d.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/content.html?id=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/device_command.asp?device_id=%s&cv=%s&command=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/error.html?tab=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/ja-JP/2015/%d/%d/%d%d%d%d%d%d%d%d.gif
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/logo.png
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/main.php?ssid=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/provide?clients=%s&reqs=visit.startload
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/record.asp?device_t=%s&key=%s&device_id=%s&cv=%s&result=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/result_%s.htm
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s/webmail.php?id=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s:%d/aspxabcdef.asp?%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%s:%d/aspxabcdefg.asp?%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://%ws:%d/%d%s%dHTTP/1.1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://0.0.0.0/1
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://0xicf.wordpress.com/2014/12/18/a-pirated-version-of-the-assassins-creed-a
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://124.133.254.171/up/up.asp?id=%08x&pcname=%s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/1.exe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/6kbbs/bank.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/cookie.asp?fuck=
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/error1.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/phptunnel.php
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1/sql.asp?id=1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:%d/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:%u/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:8000/$_name
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://192.168.16.186/details.php?id=1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://192.169.200.200:2217/mysql_inject.php?id=1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://2016.eicar.org/85-0-Download.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://202.113.20.235/gj/images/2.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://210.73.64.88/doorway/cgi-bin/getclientip.asp?IP=
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://24hack.com/xyadmin.asp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://Www.cnhuker.com
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: http://amtrckr.info/json/live
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://amtrckr.info/json/liveeFull
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://asec.ahnlab.com/1015
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://babelfish.yahoo.com/translate_url?
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.htmlFake
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.htmlTaiwan
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://baesystemsai.blogspot.com/2016/04/two-bytes-to-951m.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://bbs.yesmybi.net
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1/.
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1/A
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1/The
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1acA
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://benkowlab.blogspot.com/2017/08/a-third-look-in-jsdropperursnif.html?m=1tesDemocracy
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://bit.ly/1BFEujv
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blacksecurity.org
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0day.jp/2015/06/linuxmayhem.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0day.jp/2015/06/linuxmayhem.htmlBlue
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0day.jp/p/english-report-of-fhappi-freehosting.html?m=1
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploi
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploiFiesta
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploiTeaching
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/120423677154/unusual-njrat-campaign-originating-from-s
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/120423677154/unusual-njrat-campaign-originating-from-sDiscovering
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/120423677154/unusual-njrat-campaign-originating-from-sUnusual
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/127019416444/development-of-the-cryptoapp-ransomware
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/134260124544/inside-braviaxfakerean-an-analysis-and-hi
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/64094318510/analysis-of-the-internet-security-fake-ant
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.0x3a.com/post/64094318510/analysis-of-the-internet-security-fake-antAnalysis
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1448
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1448CRCoinManager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1448f
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519GlobeImposter
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519New
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1519Operation
Source: vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1521
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1527
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1527Continued
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.alyac.co.kr/1527Group5:
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cari.net/carisirt-defaulting-on-passwords-part-1-r0_bot/Defaulting
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cari.net/carisirt-defaulting-on-passwords-part-1-r0_bot/Hancitor
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkp
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/.
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/A
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/01/23/hummingbad-returns/Futurax
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-author
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-waYi
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traf
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-trafOSX/Dok
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-trafShortJSRat
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/05/10/diamondfox-modular-malware-one-stop-shop/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/2017/05/10/diamondfox-modular-malware-one-stop-shop/Spear
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intellige
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intellige8
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligeDigging
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf/Rocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfARocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfAttacks
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfEvasive
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfRocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdfnRocket
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdftRocket
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/ironman-deep-panda-uses-sakula-malware-target-organi
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/Sakula
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/Scanbox
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.crowdstrike.com/sakula-reloaded/Tofsee
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/puttering-into-the-future
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/spear-a-threat-actor-resurfaces
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/spear-a-threat-actor-resurfacesSPEAR:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cylance.com/spear-a-threat-actor-resurfacesThe
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.ht
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.htHong
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.htXSLCmd
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.h
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.hAPT
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.hSpearphising
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dynamoo.com/2015/05/malware-spam-attn-outstanding-invoices.html
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dynamoo.com/2015/07/malware-spam-hmrc-taxes-application.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.dynamoo.com/2015/07/malware-spam-hmrc-taxes-application.htmlGamarue
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companie
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companieBackdoor
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.foregenix.com/malware-alert-new-pos-malware-tinypos
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/badmirror-new-android-malware-family-spotted-by-sh
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/badmirror-new-android-malware-family-spotted-by-shAttacks
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/locker-an-android-ransomware-full-of-surprises
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unk
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unkRATs
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unkSpam
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/what-s-cooking-dridex-s-new-and-undiscovered-recip
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/what-s-cooking-dridex-s-new-and-undiscovered-recipDridex
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.fortinet.com/post/what-s-cooking-dridex-s-new-and-undiscovered-recipNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.gentilkiwi.com/mimikatz
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/.s/2015/05/a-new-uac-bypass-method-that-dridex-uses.htm
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authent
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-filesAsruex:
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-filesDiamondFox
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-filesEmissary
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.htmlDetecting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.htmlDown
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.knownsec.com/wp-content/uploads/2016/01/Malicious-Code-Analysis-on-U
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.macnica.net/blog/2017/08/post-fb81.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwarebytes.org/exploits-2/2015/03/jamieoliver-com-still-compromise
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwarebytes.org/exploits-2/2015/03/jamieoliver-com-still-compromiseNew
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwarebytes.org/fraud-scam/2015/03/new-facebook-worm-variant-levera
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.malwaremustdie.org/2014/08/another-country-sponsored-malware.html
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerabil
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/4DDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/9DDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/DDG:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/ECHTHONIC
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/HARE_DENY_WRITEt
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/IDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/dDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/fDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/lDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/ource:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/tDDG:
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl0A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl1A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl2A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl4A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl7A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl8
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl8A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickl9A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklIA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklUA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklaA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklcA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickldA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickldiA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickleA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quicklfA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickliA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickliCompromised
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-b
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-bThe
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.nsfocus.net/blackmoon-bank-trojan-sample-technical-analysis-report/
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.ropchain.com/2015/08/16/analysis-of-exploit-targeting-office-2007-20
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.ropchain.com/2015/08/16/analysis-of-exploit-targeting-office-2007-20Dyreza
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.rvrsh3ll.net
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.h
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.hFrom
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.hSWF
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.hiSWF
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2015/12/cryptowall-4.html
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/03/samsam-ransomware.html
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/04/nuclear-exposed.html
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#more
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreBronze
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreEternalRocks
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreProject
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/09/tofsee-spam.html#moreTofsee
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/12/flokibot-collab.htmlRecent
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2016/12/flokibot-collab.htmlWin32/Spy.Obator
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2017/01/locky-struggles.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2017/01/locky-struggles.htmlWithout
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintel.com/2017/02/pony-pub-files.html?m=1
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/02/korean-maldoc.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/02/korean-maldoc.htmlCloud
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/02/korean-maldoc.htmlKorean
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.html
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.html7Covert
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.htmlCovert
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.htmlLatest
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/03/dnsmessenger.htmlaCovert
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.ht
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/07/the-medoc-connection.htmlParanoid
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/07/the-medoc-connection.htmlThe
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.htmlBronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.htmlMalicious
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.html
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.html25d0b1ccb0b157ceff4e883e;FannyWorm
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlBanking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlGlobe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlNew
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/brazilbanking.htmlThe
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/09/fin7-stealer.html
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmlChessMasters
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmlCyber
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmlOSX/Proton
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.htmloCyber
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html.
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlCharming
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlNew
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlOperation
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.htmlROKRAT
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.htmlPoisoning
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.htmlThere
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.htmlKorea
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.htmlOperation
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.htmlBronze
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.htmlOlympic
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/olympic-destroyer.htmlTrojan.DarkLoader
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html3Targeted
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.htmlRuby
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.htmlTargeted
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendm
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/?p=73194
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-h
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-hLuaBot:
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-lands
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-foothold
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdAttack
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdDyre
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdpj
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-gains-footholdwww.secureworks.com/
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-of-the-90s-kid
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-of-the-90s-kidAnalysis
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/attack-of-the-90s-kidChinese
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-BankBot
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-New
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/banker-trojan-sports-BANKER
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/banker-trojan-sports-Industroyer
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojans-as-a-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bebloh-expands-japan-BEBLOH
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bebloh-expands-japan-Jaff
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/bebloh-expands-japan-mise.pdf
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-espionage-c
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-stra
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-stracCyber
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wa
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-mal
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-malCVE-2017-0199:
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-spam-runs-resu
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-.P
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-Erebus
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-TREASUREHUNT:
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/fake-apps-take-advant
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/fastpos-updates-in-tiUrsnif
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2016/02/fighter
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black.jFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black//Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black/u8WAVh
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black00Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black12Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black18Campaign
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black19Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black1cFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black20Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black2DFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black2bFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black38Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black3AFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black3WFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black42Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black43Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black45Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black55Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black6eFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black70Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black76Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black80Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black87Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black94Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black97Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black99Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-black9dFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackAVFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackBzFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackC6Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackD1Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackD5Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackE
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackFollowing
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackPTFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackSeFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackWGNYE
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacka.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacka2Following
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacka7Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackaPFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackasFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackbfFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackc
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackc5Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackceFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackd2Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackd5Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackddFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackdfFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacke
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacke-Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackf1Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackf6Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackfbFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackg
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackg-Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackgoFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackhrFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackjFFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackkeFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacklsFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackmpFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackp:Following
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackraFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackteFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackttFollowing
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blackwaFollowing
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-at
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-atCompromised
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-atStrider:
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/hddcryptor-updates-st
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tar
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tarBotnet
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tarDCSO
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-tarKIVARS
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-7Latest
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-Latest
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-ppendixes.pdf8
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-upd
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-comple
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-y
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-y8
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-yLurk:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/lurk-retracing-five-yTerracotta
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kit
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kitenPlugX
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/majikpos-combines-pos
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/majikpos-combines-posConnecting
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/majikpos-combines-posMajikPOS
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-fareit-strain-del
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-ghost-push-varian
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-BlackOasis
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-Industroyer
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-retadup-variants-New
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-targeted-attack-g
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/new-wannacry-mimickin
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-NewPosThings
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas.
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlasPoS
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlasRecent
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-c-major-act
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-s
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-iosMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-iosPawn
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/plugx-new-tool-for-a-
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreo
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreoEPS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreoPok
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/pornographic-themed-m
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-at
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-at#)RawPOS
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-at2
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atF
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atRawPOS
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atV
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atX
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atm
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-ats
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-checking-in-atx
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze--1009---njrat-uncove
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-.Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-07Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-20Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-46Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-4aDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-54Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-5aDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-74Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-8bDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-9-Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-98Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-98bDaserf
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-Daserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-PTDaserf
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-_oDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-coDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-daDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-diDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-ment_crew_indicators
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-njDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-reThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-roDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-teDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-toDaserf
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-t
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-t9002
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tMagic
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tSandworm
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-tXData
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-us
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-usAttacks
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-usSigned
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/syscon-backdoor-uses-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/syscon-backdoor-uses-Locker:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/syscon-backdoor-uses-SYSCON
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/the-significance-of-t
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/third-party-app-store
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-actors-behind-
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-actors-behind-BIFROSE
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-actors-behind-Sandworm
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discoversKorplug
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discoversMalumPoS:
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/two-games-released-in
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-pos-malware-a
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/updated-sundown-exploUpdated
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/us-healthcare-organiz
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/us-healthcare-organizksUS
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://blog.trendmicro.com/trendlabs-security-intelligence/us-healthcare-organizulMultiple
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-update
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-updateAngler
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-updateSSH
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-variants
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-variantsAngler
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/angler-variantsGroup5:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spam
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamCOOLREAPER
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamDing
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamKaragany.B
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/darkkomet-rat-spamMalicious
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/fareit-analysis
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs1fc6034b3ec99a01e3b2cde22846772656481d7374209ca0
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs4124a533037373a922b01421caca3821af36099d98b7d6aa
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngs6b44c772bac7cc958b1b4535f02a584fc3a55377a3e7f4cc
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/malicious-pngsb4cb0490afa7da6647dc7f255a6c4c742b649fe4ff853b83
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidon
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidon4D938F4A5B3BAFB84CBD447FC3DCCACB;Destover
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidonInfected
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/poseidonPoseidon
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/resume-spam-cryptowall
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/spam-dridex
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/sysadmin-phish
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/teslacrypt
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/talos/wiper-malware
Source: vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/trojanized-putty-software
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/trojanized-putty-softwareLazarus
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/security/trojanized-putty-softwareTrojanized
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/wp-co
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/wp-coAdventures
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://blogs.cisco.com/wp-coSpam
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://botzone1.blogspot.com/2015/03/blue-ddos-botnet-stub-source-panel.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://botzone1.blogspot.com/2015/03/blue-ddos-botnet-stub-source-panel.htmlBlue
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://botzone1.blogspot.com/2015/03/blue-ddos-botnet-stub-source-panel.htmlLinux/Moose
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-9002
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-Sandworm
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malver
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverChina
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malverLarge
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-ban
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-banBanking
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-banJapanese
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://community.websense.com/blogs/securitylabs/archive/2015/10/12/japanese-banYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-sampl
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplAPT28
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplDeciphering
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplEmissary
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.co.uk/2017/02/russian-apt-apt28-collection-of-samplRussian
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.(2010)
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.India
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.s
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.de/2015/08/potao-express-samples.html
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://contagiodump.blogspot.de/2015/08/potao-express-samples.html8
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://csirt.ninja/?p=1103
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_an
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anSystematic
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anmiSystematic
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anminiduke_indicators_
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_anorSystematic
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_antorSystematic
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://cyber.verint.com/nymaim-malware-variant/aAPT28
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf.pOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf.pdf
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf01Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfCyOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfKorea
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfNew
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfOpOperation
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfTnOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfatOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfeaOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfesOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdflOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfn_Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfncOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfpoOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdfr_Operation
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://d12zpbetgs1pco.cloudfront.net/Weatherapi/shell
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://d99net.3322.org
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://darkeyev3.blogspot.fi/
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/Appendix%20-%20The%20Rise%20and%20Fall%20
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pd
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdPrivileges
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://dokumente.linksfraktion.de/inhalt/report-orig.pdf
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://download.ahnlab.com/kr/site/library/%5bAnalysis%5dDefense_Industry_Threat
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-Babar
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-Malicious
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/8
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/Filmkan
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/PaloAltoNetworks/~3/xuID4xdAMX4/Turla
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/zscaler/research/~3/KveAeHbavcs/ongoing-angler-ex
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/zscaler/research/~3/KveAeHbavcs/ongoing-angler-exSatellite
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://feedproxy.google.com/~r/zscaler/research/~3/KveAeHbavcs/ongoing-angler-exSpyDealer:
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Nxcmd081znk/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://ftp.powernet.com.tr/supermail/debug/k3
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://garwarner.blogspot.com/2016/08/amazon-gift-card-from-kelihos.html
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://garwarner.blogspot.com/2016/08/amazon-gift-card-from-kelihos.htmlAmazon
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://garwarner.blogspot.com/2016/08/amazon-gift-card-from-kelihos.htmlStuxnet
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://getalfa.rf.gd/?i=1
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://go.cybereason.com/rs/996-
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/0Nhax2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/5VYtlU
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/9Tlk90
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/MJ0c2M
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/SGcS2HSymantec
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/TWGNYE
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/V0epcf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/WiwtYT
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/ZjJy
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/ZjJyti
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL476bf24a4b1e9f4bc2a61b152115e1feDerusbi
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL4c0b2e9d2ef909d15270d4dd7fa5a4a5Derusbi
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL4f4bf27b738ff8f2a89d1bc487b054a8a7bd555866ae1c161f78630a638850e775d3d1f23628122a
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/b3pVyL7bd55818c5971b63dc45cf57cbeb950bDerusbi
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/bGzjmB
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/bTtpGDMalware
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/bTtpGDTROJ_WERDLOD:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/d5ujEHKraken
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/f6xNwu
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/f6xNwu8
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/f6xNwue
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTr
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTr$0i
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTr8
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTrBackspace
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTrFireeye:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/h0dJTrTargeted
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/igxLyF
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/ivt8EW
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/jcS0lOAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/kAHB9t
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/m2CXWR
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/psjCCc
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://goo.gl/u8WAVh
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://google.com/search
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/Chaos:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/Ransom.ShurL0ckr
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://grimhacker.com/2015/04/10/gp3finder-group-policy-preference-password-finder/
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Adventures-in-PoSeidon-ge
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Adventures-in-PoSeidon-geAdventures
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Adventures-in-PoSeidon-geUncovering
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://hi.baidu.com/ca3tie1/home
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://hi.baidu.com/xahacker/fuck.txt
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://ht.ly/Wg3GY
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://ht.ly/Wg3GYScanline
Source: vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: http://ht.ly/Wg3GYp
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://id-ransomware.blogspot.co.uk/2016/10/ishtar-ransomware.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://id-ransomware.blogspot.co.uk/2016/12/braincrypt-ransomware.html
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://id-ransomware.blogspot.co.uk/2017/06/shifr-raas-ransomware.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://iframe.ip138.com/ic.asp
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://info.ai.baesystems.com/rs/308-OXI-896/images/The_Return_of_Qbot_WP_V2%20M
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://itsjack.cc/blog/2015/02/krakenhttp-not-sinking-my-ship-part-1/
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://johannesbader.ch/2015/01/the-dga-of-symmi/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://johannesbader.ch/2015/01/the-dga-of-symmi/Symmi
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://l-y.vicp.net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://laudanum.inguardians.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://laudanum.secureideas.net
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://liuya0904.blogspot.co.uk/2016/04/new-elknotbillgates-variant-with-xor.htm
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/1.asp?id=16
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/index.asp?id=2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/index.asp?id=zhr
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://localhost/retomysql/pista.aspx?id_pista=1
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/23/index.html9EITest
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/23/index.htmlCryxos.B
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/29/index.htmlBlank
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/29/index.htmlsBlank
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/07/29/index.htmlture
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/01/index.html
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/01/index.htmlKaragany.B
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.htmlGlobeImposter
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.htmlTomcat
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index3.htmlVawtrak
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.html
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlDridex
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlGryphon
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/02/index4.htmlxCaon
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/03/index.htmlIntroducing
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://malware-traffic-analysis.net/2017/08/03/index.htmlx
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2015/03/cryptofortress-teeraca-aka.html
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2015/06/fast-look-at-sundown-ek.html?m=1
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.html
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlNebula
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlRegin
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.htmlUrsnif:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://marcoramilli.blogspot.co.uk/2017/06/false-flag-attack-on-multi-stage.html.
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://marcoramilli.blogspot.co.uk/2017/06/false-flag-attack-on-multi-stage.htmlFalse
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://md5.com.cn/index.php/md5reverse/index/md/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://microsoftcompanywork.htm
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-mor
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morBernhardPOS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morMultiple
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wi
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wi9Word
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wiCobalt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wiOkiru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://mymalwareparty.blogspot.co.uk/2018/01/word-add-in-persistence-found-in-wiWord
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-exce
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://netimo.net
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://news.asiaone.com/news
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=11115&c=5&lng=en&p=0
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=11115&ampAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=11115&ampLinux.DDoS.93
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Duqu
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Lazarus
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5New
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Operation
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9548&lng=en&c=5Trojanized
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: http://news.drweb.com/show/?i=9754&lng=en&c=14
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://news.softpedia.com/news/free-darktrack-rat-has-the-potential-of-being-theAlphaLocker
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://news.softpedia.com/news/meet-orcus-latest-addition-to-the-rat-market-5060
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://news.softpedia.com/news/new-malware-uses
Source: GZe6EcSTpO.exe, GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://ntsecurity.nu/toolbox/clearlogs/
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://oalabs.openanalysis.net/2016/09/18/the-case-of-getlook23-using-github-iss
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligen
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/Palebot_Pales
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/Palebot_PalesOperation
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20a
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20a8
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20aHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20actHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20ailHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20ailPitty
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20araHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20areHangover
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20aybHangover
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20Illuminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20New
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/FTA%201001%20Updated
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/ThreatConnect
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7V
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VLinux.DDoS.93
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VSpy
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VfAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/it1xSB7VfSpy
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/raw/S8ApwFFz
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/raw/S8ApwFFzGathering
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://pastebin.com/raw/S8ApwFFziAkdoor
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.c
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.cMacro
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.cWonknu:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-.
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-Attack
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-Bolek:
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/disrupting-an-adware-serving-skype-botnet/
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/disrupting-an-adware-serving-skype-botnet/Disrupting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/disrupting-an-adware-serving-skype-botnet/Pushdo
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/fluxerbot-nginx-powered-proxy-malware/
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/macro-documents-with-xor-encoded-payloads/
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://phishme.com/rockloader-new-upatre-like-downloader-pushed-dridex-downloads
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.ht
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.htNewPosThings
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.htOrcaRAT
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-BAIJIU:
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-Holiday
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2014/12/festive-spearphishing-merry-The
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/neutrino-exploit-kit-deliver
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmlFMore
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmleaMore
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmlrPlugX
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmltMore
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.htmlwMore
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdf
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdfAPT30
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdfSakula
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://pwc.blogs.com/files/cto-tib-20150223-01a.pdfScanbox
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html?utm
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html?utmCompromised
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html?utmOilRig
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html?utm_source=
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html?utm_source=Malware
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2015/12/new-spy-banker-trojan-telax-abusing.html
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.html.pThere
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlPost-Soviet
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlTThere
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlThere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlaThere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlack
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmlgThere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.htmluThere
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.co
Source: vnwareupdate.exe, 00000003.00000003.242241721.0000000003CA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googl
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlAttacks
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlBadMirror:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlDCSO
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-googlWild
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-Recent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-aRecent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-f6Recent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-ioRecent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-udiRecent
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-e
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-e8
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-eCmstar
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-eThe
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/plugx-uses-legitimate-samsung
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/plugx-uses-legitimate-samsungMagnitude
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/05/plugx-uses-legitimate-samsungPlugX
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-fam
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-gove
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-goveChina-based
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-CozyCar
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-Tracking
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-se
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seFlokibot
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seRecent
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seUnit
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-4ae4;APT10
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-Syrian
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-UPS:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-WannaCry
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aeros
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aeros8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerosCompromised
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerosWatering
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/banking-trojan-escelar-infect
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-KeyRaider:
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targetsOperation
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targetsRetefe
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-A
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-RTF
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-Unusual
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-cam
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-camMusical
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modi
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-Android
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-Chinese
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-a
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aBanking
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aDragonOK
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aJapanese
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-aYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-mo
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/11/cryptowall-v4-emerges-days-af
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-s
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-lin
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linAttack
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linAttacks
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russ
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russAPT3
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russBBSRAT
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russEl
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russPowerSniff
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russThe
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jail
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2015/12/proxyback-malware-turns-user-
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-em
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-emNetTraveler
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-emYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-Anchor
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-Deep
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-New
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-Operation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-The
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espi
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-li
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-didAsruex:
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-didEmissary
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-didSphinx
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-mimics-d
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phish
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishAndroid
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishWidespread
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/banload-malware-affecting-bra
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/evolution-of-samsa-malware-su
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/locky-ransomware-installed-th
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/locky-ransomware-installed-thLocky
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/locky-ransomware-installed-thMalware
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-ma
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-maBBSRAT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-maIlluminating
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-acto
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-tesla
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-o
Source: vnwareupdate.exe, 00000003.00000003.233614213.0000000005D73000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets
Source: vnwareupdate.exe, 00000003.00000003.233536403.0000000005CF3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/05/unit42-krbanker-targets-south
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-recent-mnkit-exploit-a
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-varian
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-varianTracking
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-andromeda-botnet-targe
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-cryptobit-another-rans
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-spynote-android-trojan
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-spynote-android-trojan(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/07/unit42-spynote-android-trojanKaseya
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-fresh-baked-homekit-ma
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-orcus-birth-of-an-unus
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-orcus-birth-of-an-unusOrcus
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/08/unit42-orcus-birth-of-an-unusPackrat:
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-t
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-tSigned
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-tSofacys
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-Operation
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-distt
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-tools
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsDCSO
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsDragonOK
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolsYiSpecter:
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-exploring-cybercrime-u
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-exploring-cybercrime-uBanking
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-From
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-KONNI
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-Second
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-a
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-aInvestigation
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-aMagic
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-aSandworm
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-stegbaus-because-somet
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xage.
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xageFlokibot
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-si
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-siContinued
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infec
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-d
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequelThe
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequelWannaCry
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/?p=17203
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/?p=17203Aveo
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://researchcenter.paloaltonetworks.com/?p=17203Crimeware-as-a-Service
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://reversingminds-blog.logdown.com/posts/2125985-dridex-atombombing-in-detaiDown
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://sec4app.com
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/fulldisclosure/2015/Jan/131
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/68978/whos-really-spreading-through-the-bright-star/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/68978/whos-really-spreading-through-the-bright-star/Potential
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/research/68083/cloud-atlas-redoctober-a
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/research/68083/cloud-atlas-redoctober-aCloud
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/blog/research/68083/cloud-atlas-redoctober-aSyrian
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf0b7613e0f739eb63fd5ed9e99934d54a38e56c558ab8
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://securelist.com/files/2015/02/Carbanak_APT_eng.pdfCarbanak
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://securityblog.s21sec.com/2015/03/new-banker-slave-hitting-polish-banks.htm
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-fo
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-foNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-foOperation
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-foaNew
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://securitykitten.github.io/lusypos-and-tor/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://securitykitten.github.io/lusypos-and-tor/EWRaspberry
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://securityxploded.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://securityxploded.com/browser-password-dump.php
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: http://sentrant.com/2015/05/20/bedep-ad-fraud-botnet-analysis-exposing-the-mecha
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://sentrant.com/2015/05/20/bedep-ad-fraud-botnet-analysis-exposing-the-mechaBedep
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://sentrant.com/2015/05/20/bedep-ad-fraud-botnet-analysis-exposing-the-mechaRawPOS
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://seo.chinaz.com/?host=
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://services.fiveemotions.co.jp
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://snip.ly/giNB
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://snip.ly/giNB8
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://stnmt.bacninh.gov.vn/documents/57412/11672469/420-STTTT.pdf
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://surveillance-security-camera.blogspot.co.uk/2017/01/analysis-of-new-shamo
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://t.co/EG0qtVcKLh
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05#
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05#KTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05#qTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05$
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05$TTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05%
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05(
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05)
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05.
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05/
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-050
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-052
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-052/Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-052CTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-053
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-055
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-056
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-057
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-058?Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-059
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-059JTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05=RTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05ARTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05D
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05E
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05G
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05I3Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05K
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05M
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05N
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05O
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05P
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Q
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05R
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05S
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05T
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05U
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05W
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05X
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Y
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05Z
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05_
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05a
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05b
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05c
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05d
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05dbTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05dtTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05e
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05f
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05g
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05h
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05i
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05j
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05l
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05m
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05n
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05o
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05p
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05q
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05q0Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05q8Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05r
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05rOTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05rvTrojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05s
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05t
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05u
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05v
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05w
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05x
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05x:Trojan.Linux.Spike.A
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05y
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05z
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20140926-05~
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01APTnotes
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Archimedes
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01FireCrypt
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Grabit
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Skype
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20151008-01Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://telussecuritylabs.com/threats/show/TSL20160106-02
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://thisissecurity.net/2015/09/30/when-elf-billgates-met-windows/Operation
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://thisissecurity.net/2015/09/30/when-elf-billgates-met-windows/When
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://threatconnect.com/camerashy/?utm_campaign=CameraShy
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://tools.zjqhr.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://translate.google.com/translate?prev=hp&hl=en&js=n&u=%s?%d&sl=es&tl=en
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://update.konamidata.com/test/zl/sophos/td/index.dat?
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://update.konamidata.com/test/zl/sophos/td/result/rz.dat?
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://update.upload-dropbox
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://us11.campaign-archive1.com/?u=90e9f2002c4ccb9d8c541acf9&id=27baaa7b7b
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://user.qzone.qq.com/568148075
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20Auro
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20AurockCombating
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20AurokCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://ver007.com/tools/APTnotes/2010/Combating%20Threats%20-%20Operation%20Aurokan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://winodwsupdates.me
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.0855.tv
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.4ngel.net
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdf
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdf6788313A762C211DCB0DE421607E6057;Desto
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfGauss
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfHancitor
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfIntroducing
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfP
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfPoseidon
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.aftana.ir/images/docs/files/000002/nf00002716-1.pdfuss
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.arbornetworks.com/blog/asert/alpha-testing-alphaleon-http-bot/
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.avanan.com/resources/attack-on-office-365-corporate-users-with-zero-d
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.baidu.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.baidu.com/ma.exe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.bleepingcomputer.com/news/security/cryptoluck-ransomware-being-malverNew
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.bleepingcomputer.com/news/security/ctb-faker-ransomware-does-a-poor-j
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://www.blueliv.com
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.cert.org.cn/publish/main/10/2017/20170804154348879884398/201708041543
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.cert.pl/PDF/The_Postal_Group.pdf
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-sp
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-sp20Nearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spMaNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spPTNearly
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spWoNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spabEthiopian
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spatNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spdfNearly
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spfdNearly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spixNearly
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spoup
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/nearly-undetectable-qarallax-rat-spreading-via-spteNearly
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: http://www.certego.net/en/news/ruby-rce-used-to-push-monero-coinminer/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.chinesehack.org/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/Charming
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/F220F0A48885BAFC29B31FB7228CC4BB;Bots
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/charmingkitten/Full
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/copykitten-jpost/
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/APTnotes
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/Anunak:
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/dustysky/Operation
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campai
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/Iranian
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/greenbug/TIranian
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/iec/#att123
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/iec/#att123Operation
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/ismagent/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/ismagent/EquationDrug
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/ismagent/Recent
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/0219;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/0LeetMX
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/44b8ee7fc2c9;APTnotes
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/8
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/8p
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/A
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/F
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/LeetMX
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/N
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/Operation
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/T
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/Y
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/df
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/f
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/nShark-MaudiOperation.pdf
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/notes
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/leetmx/s
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/Digging
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/Iranian
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/Malware
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/oilrig/The
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/tulip
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/8
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/Floki
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/Recent
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/winnti/Tofsee
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201ABLOID_EXTRAt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201Syrian
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.201The
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf?x
Source: vnwareupdate.exe, 00000003.00000002.530925888.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdfIranian
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdfRCHER
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdfck
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.cnhonker.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.cnhonker.net============
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.cnhonker.net=============
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfGathering
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfMiniduke
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfNebula
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdfRegin
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/turlaepiccc/turla_epic_cc_v1.pdf
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.crysys.hu/turlaepiccc/turla_epic_cc_v1.pdfEpic
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyintanalysis.com/a-quick-look-at-a-likely-newposthings-sample/
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyintanalysis.com/threat-analysis-poison-ivy-and-links-to-an-extended
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/aggressive-malware-pushers-prolific-cyber-surfers-beware/
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/aggressive-malware-pushers-prolific-cyber-surfers-beware/(
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/koreatimes-installs-venik/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/koreatimes-installs-venik/Infected
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/koreatimes-installs-venik/Kraken
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti-tMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti/s
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-insti:/Multiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instienMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instiewMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instifaMultiple
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/multiple-malwares-used-to-target-an-asian-financial-instiwaMultiple
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/psychcental-com-infected-with-angler-ek-installs-bedep-va
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/psychcental-com-infected-with-angler-ek-installs-bedep-vaAndroid.Bankosy:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.cyphort.com/psychcental-com-infected-with-angler-ek-installs-bedep-vaAngler
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.darknet.org.uk/2016/03/tempracer-windows-privilege-escalation-tool/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.dyamar.com.
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmck
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmck8
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmck8p
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckCombating
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckDirt
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckNew
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckRATs
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckThe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/420_speechmckan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.eyuyan.com)
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1015_Alienspy_FINAL.pdf
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdf
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfDisrupting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfPushdo
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfSakula
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1016_Pushdo.pdfiPushdo
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_Si
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_Si.secureworks.com/cyb
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_SiAttack
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.fidelissecurity.com/sites/default/files/FTA_1017_Phishing_in_Plain_SiFidelis
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/03/stop_scanning_mymac.html
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mkt
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mktNew
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mktWinnti
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html?mktkNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.foundstone.com
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.html
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.htmlFurther
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.htmlPincav
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.freebuf.com/vuls/142970.htmlVENOM
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.co.jp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/bot.html)
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: http://www.govcert.admin.ch/blog/5/e-banking-trojan-retefe-still-spreading-in-sw
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.govcert.admin.ch/blog/5/e-banking-trojan-retefe-still-spreading-in-swTargeted
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.govcert.admin.ch/blog/5/e-banking-trojan-retefe-still-spreading-in-swe-Banking
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.greyhathacker.net/?p=738
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.hackdos.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.hackp.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.happysec.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.hkmjj.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.i0day.com/1.txt
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://www.infosecisland.com/blogview/23567-Vietnamese-Malware-Gets-Very-Persona
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ran
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/another-distraction-new-version-north-korean-ransomware-h24A
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/another-distraction-new-version-north-korean-ransomware-hCs
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Lazarus
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Lucky
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/New
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Trojanized
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/blockbusted-lazarus-blockbuster-north-korea/Vawtrak
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/eternalminer-copycats/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.intezer.com/new-variants-of-agent-btz-comrat-found/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.ip138.com/ip2city.asp
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2014/10/cve-2014-4114/
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2014/10/cve-2014-4114/Roki
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2015/06/hawkeye-keylogger-campaigns-affect-multipl
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-le
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-leKhaan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.israirairlines.com/?mode=page&page=14635&lang=eng
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.jmicron.co.tw0
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.ht
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.ht8
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.ht8P%
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htDridex
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htSpearphishing
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.jpcert.or.jp/magazine/acreport-ChChes.htTargeted
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&amp
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3671
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=4327
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&ampThe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&ampWin32/Spy.Obator
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1465
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=14658
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1465Citadel
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1465Pkybot:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.luocong.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.maicaidao.com/server.phpcaidao
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_27
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_27Covert
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_27It
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2014/06/blitzanalysis-embassy-of-greece-beijingCOSMICDUKE
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-reversing.com/2014/06/blitzanalysis-embassy-of-greece-beijingEmbassy
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2015/05/14/index2.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2015/08/13/index.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2015/09/02/index.html
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.html
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlDridex
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlGryphon
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/03/30/index2.htmlxCaon
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.html
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.htmlBanking
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.htmlNaoinstalad
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.malware-traffic-analysis.net/2017/06/08/index.htmlNew
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.malwarefor.me/2015-08-31-angler-ek-pushing-bedep/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.md5.com.cn
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.md5decrypter.co.uk/feed/api.aspx?
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: http://www.morihi-soc.net/?p=910
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/lab-blog/closer-look-hancitor
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/lab-blog/mikey-linux-keylogger
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoorTurla
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.nartv.org/mirror/ghostnet.pdf
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampAndroid
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampCharming
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampDridex
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampFull
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampGreenbugs
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.netresec.com/?page=Blog&ampThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.nforange.com/inc/1.asp?
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.nyxbone.com/malware/CryptoMix.html
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.operationblockbuster.com/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/Duqu
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/Skype
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.pandasecurity.com/mediacenter/malware/skype-worm-reloaded/Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.pcshare.cn
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.pcshares.cn/pcshare200/lostpass.asp
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are0The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are0Windigo
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are5The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are7The
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areNThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areaThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-arecThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-aredThe
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-areiThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.realtek.com0
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.sablog.net/blog
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://www.seculert.com/blogs/ursnif-deep-technical-dive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.seculert.com/blogs/ursnif-deep-technical-diveLazarus
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: http://www.secuobs.com/revue/news/326907.shtml
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-fami
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-famiComment
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-famiSakula
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/stegoloader-a-steal
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomwa
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomwaRatting
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomwaTeslaCrypt
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-t
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-tKeyBoy
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-tThreat
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.sginternet.net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.site.com/test.dll?user=%USERNAME&pass=%PASSWORD
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/black-vine-formidable-cyberespionage-group
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/breaking-bad-themed-los-pollos-hermanos-cr
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/breaking-bad-themed-los-pollos-hermanos-cr&#39
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-u
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/colombians-major-target-email-campaigns-de
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/colombians-major-target-email-campaigns-de#1020
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/colombians-major-target-email-campaigns-deColombians
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/duuzer-back-door-troj
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-kore
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threat
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threat8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threatATMZombie:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/dyre-emerges-main-financial-trojan-threatDyre
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malw
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malw.s
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malwBanking
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-corporations-targeted-active-malwDragonOK
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/japanese-one-click-fraudsters-target-ios-u
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-h
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-hDyreza
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-hNew
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financi
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financiCARBANAK
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financiOdinaff:
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tar
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tarMARCHER
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tarPatchwork
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-tartchwork
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/russian-bank-employees-received-fake-job-o
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauNew
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauOperation
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauStrider:
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauWild
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-do
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-do0Taiwan
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doDCSO
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doLinking
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doTaiwan
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-doarTaiwan
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-dot
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Sc
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScBanking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScRATs
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScThe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/ScckCommunities
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Sch
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/SckCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/SckThe
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Sckan
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepa
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepaHoliday
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepaThe
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99Android.Bankosy:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99South
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.thc.org
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/china-hacks-the-peace-palace-all-your-eezs-are
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/From
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/Possible
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlGlobeImposter
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlLazarus
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlNew
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.htmlVawtrak
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/11/down-the-h-w0rm-hole-with-houdinis-rat.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/11/down-the-h-w0rm-hole-with-houdinis-rat.htmlDown
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.threatgeek.com/2016/11/down-the-h-w0rm-hole-with-houdinis-rat.htmlDridex
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.threattracksecurity.com/it-blog/dyre-now-using-signed-certificates-ht
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.threattracksecurity.com/it-blog/dyre-now-using-signed-certificates-htDyre
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.threattracksecurity.com/it-blog/dyre-now-using-signed-certificates-hte-Banking
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.topronet.com
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.co.kr/cloud-content/us/pdfs/security-intelligence/white-pa
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape//Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape089Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape1EOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape5bOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape6Operation
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-pape8
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeA
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeAmazon
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeAttacks
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeBraincrypt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeNwOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papePawn
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeSaOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeatOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papedOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papef6XSLCmd
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papegOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeiOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeioOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papeion
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papepOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-paperOperation
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://www.trendmicro.de/media/wp/safe-a-targeted-threat-whitepaper-en.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.vip80000.com/hot/index.html
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.virusradar.com/en/Python_Agent.F/description
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.htmlAnalyzing
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.htmlMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: http://www.vkremez.com/2017/09/lets-learn-reversing-trickbot-banking.html_Muddying
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.volexity.com/blog/?p=158
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.volexity.com/blog/?p=158Grabit
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: http://www.volexity.com/blog/?p=158Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.wasabii.com.tw
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://www.waseda.jp/navi/security/2017/0414.html
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.waseda.jp/navi/security/2017/0414.htmlCallisto
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.waseda.jp/navi/security/2017/0414.htmlSpearphishing
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-l
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lAggressive
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lCompromised
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lb
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: http://www.webroot.com/blog/2013/10/10/compromised-turkish-government-web-site-lhnCompromised
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom.
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-customFancy
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-customNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-customSednit
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afgha
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afgha:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghaBingo
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghaoKorplug
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/01/29/msilagent-pyo-have-botnet-will-travel/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/01/29/msilagent-pyo-have-botnet-will-travel/MSIL/Agent.PYO
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/01/29/msilagent-pyo-have-botnet-will-travel/Operation
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/Operation
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/ROKRAT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/09/operation-buhtrap/The
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/29/unboxing-linuxmumblehard-muttering-spamHong
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/04/29/unboxing-linuxmumblehard-muttering-spamMumblehard
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/Winnti
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/07/23/porn-clicker-keeps-infecting-apps-on-go
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-g
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-gCarbanak
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-gGazing
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/17/the-trojan-games-odlanor-malware-cheats
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/09/22/android-trojan-drops-in-despite-googles
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/10/20/multi-stage-exploit-installing-trojan/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/10/20/multi-stage-exploit-installing-trojan/Multi-stage
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2015/10/20/multi-stage-exploit-installing-trojan/Wiper
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-indust
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-indust?
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-industNew
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-industTaiwan
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-eas
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-easVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/12/nymaim-rides-2016-reaches-brazil/Regin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/07/12/nymaim-rides-2016-reaches-brazil/lRegin
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmiss
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sednit-und
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2014/01/Advanced-Persistent-Thr
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.p
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pLinux/Moose
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pMalicious
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressDrOperation
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Expressare
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressatOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressinOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressmpOperation
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressonOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressooOperation
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressozOperation
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressspAnalysis
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-ExpressukOperation
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd.
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd.0
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pd.p
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdOperation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdStantinko
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: http://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.wzpg.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xcodez.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfocus.net
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xfocus.org
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xxx.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xxx.com/xxx.exe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://x.x.x/x.dll
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: http://zhouzhen.eviloctal.org
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/Erebus
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/MONSOON
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/Petya
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/SpyNote
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/i(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://1.2.3.4:1234)
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://127.0.0.1:6655/cgi/redmin?op=cron&action=once
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/An
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/Fireeye:
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/an-update-on-winnti/SlingShot
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://401trg.pw/burning-umbrella/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://adaclscan.codeplex.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://app.any.run/tasks/719c94eb-0a00-47cc-b583-ad4f9e25ebdb
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://app.any.run/tasks/ae2521dd-61aa-4bc7-b0d8-8c85ddcbfcc9
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/a2zw9uye2hhofsc1me6yfj39u6gjalcq
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/a2zw9uye2hhofsc1me6yfj39u6gjalcqDuke
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/a2zw9uye2hhofsc1me6yfj39u6gjalcqlInside
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/c95me2uocwoothfnapxrcjwfmynue4ri
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8ENeutrino
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8iRetefe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/gh8m5os2jewj2adleu2xqivj9qzf9ok8mbot-APT.pdf
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3APT1:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3Group5:
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/x2jgr4j1bgfas2h2b4h09mam9nn4qwu3THE
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57
Source: vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv576BE21E389056CA028CF9083E42A765E8F61B0B5C;Crypt
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57EvilBunny
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Footprints
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57Pincav
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://app.box.com/s/xvilsesi5qd2gh6so2g3tnric51ndv57The
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://arsenalexperts.com/Case-Studies/Odatv/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/an-update-on-the-urlzone-banker/
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/automating-intelligence-discovering-recent-plugx
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/automating-intelligence-discovering-recent-plugxDiscovering
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/automating-intelligence-discovering-recent-plugxTargeted
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/8
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/Fancy
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/peeking-at-pkybot/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/peeking-at-pkybot/Pkybot:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/peeking-at-pkybot/RawPOS
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://asert.arbornetworks.com/uncovering-the-seven-pointed-dagger/
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://attack.mitre.org/wiki/Software/S0142
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://attack.mitre.org/wiki/Software/S0142APT10
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://attack.mitre.org/wiki/Software/S0142New
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://badcyber.com/new-mirai-attack-vector-bot-exploits-a-recently-discovered-
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20R
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20RPitty
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20RRSA
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20RUnmasking
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareAPT
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/avast-tracks-down-tempting-cedar-spywareDarkhotel
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-fac
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-fac6B6E023B4221BAE8ED37
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-facDownloaders
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-t
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tCerber
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tH
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-tNew
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers-The
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customersSThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customerseThe
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customersuRetefe
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-inFrom
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-inPayloads
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-protects-five-universities-new-malwar
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-protects-five-universities-new-malwarTrojan.DarkLoader
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ou
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ou4Tordow
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ouContinued
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.comodo.com/comodo-news/comodo-warns-android-users-of-tordow-v2-0-ouTordow
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-ag
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-agAnalysis
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-agOperation
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-agtRecent
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/an-introduction-to-alphalocker
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companiesDigitally
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companiesThe
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/graftor-variant-leveraging-signed-microsoft-executable
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/grand-theft-auto-panda
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/grand-theft-auto-pandaThe
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany.
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany8
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germanyDridex
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germanyPetya
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radarShell
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radarTick
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cylance.com/the-ghost-dragon
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyveillance.com/widespread-malspam-campaign-delivering-locky-ransom
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyveillance.com/widespread-malspam-campaign-delivering-locky-ransomChina-based
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.cyveillance.com/widespread-malspam-campaign-delivering-locky-ransomWidespread
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.ensilo.com/uncovering-new-activity-by-apt10
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.eset.ie/2016/09/01/torrentlocker-crypto-ransomware-still-active-usi
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/06/14/obfuscated-bitcoin-miner-propagates-through
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/07/25/insights-on-torrentlocker
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/11/02/the-angry-spam-and-the-tricky-macro-deliver
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/11/02/the-angry-spam-and-the-tricky-macro-deliverHancitor
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2016/11/28/a-new-all-in-one-botnet-proteus
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizati
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbot
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbotA
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbotRecent
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Evasive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Malware
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/09/20/evasive-malware-campaign-abuses-free-cloud-Operation
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/12/pdf-phishing-leads-to-nanocore-rat-targets-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/12/pdf-phishing-leads-to-nanocore-rat-targets-6PDF
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/12/pdf-phishing-leads-to-nanocore-rat-targets-diPDF
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targets
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targetsBadRabbit
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targetsEvasive
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targetsdcc6;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitc
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitc7A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitc9A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcaA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcaMaster
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcgA
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2018/02/21/omg-mirai-based-bot-turns-iot-devices-into-
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2018/02/21/omg-mirai-based-bot-turns-iot-devices-into-Emissary
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/2018/02/21/omg-mirai-based-bot-turns-iot-devices-into-New
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/post/over-100-000-south-korean-users-affected-by-black
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/post/over-100-000-south-korean-users-affected-by-blackSouth
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fortinet.com/post/over-100-000-south-korean-users-affected-by-blackTunnel
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/04/14/a-mole-exposing-itself-to-sunlight/
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/04/14/a-mole-exposing-itself-to-sunlight/A
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/Operation
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/Snake:
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2014/02/23968-uroburos-highly-complex-espionage-s
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2014/11/23937-the-uroburos-case-new-sophisticated
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2015/01/23926-analysis-of-project-cobra
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2015/01/23927-evolution-of-sophisticated-spyware-
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/2015/01/23927-evolution-of-sophisticated-spyware-l
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifi
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifiAngler
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifiNew
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/new-dridex-infection-vector-identifiSofacy
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-th
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-thAndromeda
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-thThe
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-thaAndromeda
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.korumail.com/cyber-security/french-commercial-proposal-malware/
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2016/10/get-your-rat-on-pastebin/
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2017/01/the-curious-case-of-a-sundown-e
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptominin
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomininTNewly
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/cybercrime/exploits/2016/08/malvertising-campaign-
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-docShakti
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-docShell
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/shakti-trojan-stealing-docTordow
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disg
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disgCmstar
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disgKorplug
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/04/usps-themed-malspam-now-de
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/cerber-ransomware-delivere00OilRig
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/cerber-ransomware-delivereOilRig
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-anti
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-antiCarbanak
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-antiLocky
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-antiNb
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/01/a-coin-miner-with-a-heaven
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/01/a-coin-miner-with-a-heavenA
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/01/a-coin-miner-with-a-heavenMalicious
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experimen
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experimenDrive-by
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experimenMalware
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/new-mac-cryptominer-distri
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/new-mac-cryptominer-distriNew
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.com/threat-analysis/2018/02/new-mac-cryptominer-distriSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-NitlovePOS:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-Operation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-Uncovering
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/05/unusual-exploit-kit-targets-chi
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/05/unusual-exploit-kit-targets-chiRTF
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/05/unusual-exploit-kit-targets-chiUnusual
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/exploits-2/2015/11/blast-from-the-past-blackhole-e
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-c
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-cDyre
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-cUnusual
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2015/12/inside-chimera-ransomware-the
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/intelligence/2016/03/maktub-locker-beautiful-and-d
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/malvertising-2/2015/11/the-casino-malvertising-cam
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/malvertising-2/2015/12/spike-in-malvertising-attac
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/04/a
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massi
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massiFlash
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.nviso.be/2018/08/02/powershell-inside-a-certificate-part-3/
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-ov
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-ov:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-ovSamSam
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-OH-Worm
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-OPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-PoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-arPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-nPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-oPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-rPoS
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/a-peek-inside-a-pos-sPoS
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu.gDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu/gDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu0
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu1BDeciphering
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu2
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu22Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu43Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu52Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu70Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciu89NEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuA9Deciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuAPDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuClDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuCyDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuDCSO
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciud
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuf
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciunSDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciuppDeciphering
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confuciups://goo.gl/CywXnS
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-tar
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-tarLazarus
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaig
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulner
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnerDrive-by
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnerFalse
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnerOracle
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnere
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnuke-se
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnuke-seFlash
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac0Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac1Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac2Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac6Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac7Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apac9Vulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacDragonOK
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacEspionage
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacH
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacIVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacTVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apacVulnerabilities
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-co
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-coCARBANAK
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-coCarbon
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/dridex-shadows-blacklisting-stealth-a
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/jaff-enters-ransomware-scene-locky-st
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/jaff-enters-ransomware-scene-locky-stJaff
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigbo
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-.gNEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-0
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-99NEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-CyNEW
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/new-year-new-look-dridex-compromised-FEA
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismu
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-d
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-dTracking
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-dUDPOS
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-move8
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-moveMalumPoS:
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-moveUrsnif
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custo
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custoChinese
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-custoZEUS
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/android-malware-clicker-dgen-found-google-p
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/android-malware-clicker-dgen-found-google-pActor
Source: vnwareupdate.exe, 00000003.00000003.244930410.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/evoltin-pos-malware-attacks-via-macro
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/malware-employs-powershell-to-infect-system
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacks
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacksNetwire
Source: vnwareupdate.exe, 00000003.00000003.241767951.0000000005691000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/Lurk:
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/Rovnix
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizatio
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizatioSpearphishing
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.mcafee.com/mcafee-labs/targeted-attack-campaign-indian-organizatioTerracotta
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/cat-phishing/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/cat-phishing/Cat
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/cat-phishing/New
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/peering-into-glassrat/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/Operation
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/Peering
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf2RSA
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf8
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf9bOperation
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfDarkhotel
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfOperation
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfR
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfRRSA
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfRSA
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfcRSA
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdfchRSA
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-39Terracotta
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3Digitally
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3Terracotta
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3The
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-p
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdfLegspin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdfOilRig
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf.dAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf20Analysis
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfMaAnalysis
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfThe
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfampAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfare
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfgiAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfhtAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfmlAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfo-Analysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfpeAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfpoAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfprAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfs.Analysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdftaAnalysis
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdfumAnalysis
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-co
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-coEthiopian
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-coThe
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-cobEthiopian
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-wit
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-wit2Inside
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-witInside
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-witSamSam
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedCNCERT
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedFrom
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedMalware
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedPayloads
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposedPossible
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposede
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Exploring
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Inside
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Recent
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2012/07/recent-observations/Wiper
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferat
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-commun
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communKnock
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communSurtr:
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-communaCryptoLuck
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/Iranian
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/Malware
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/Communities
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/Tibetan
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-gr
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-grSpoofed
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-grTargeted
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/08/what-we-know-about-the-south-korea-niss-use-of-ha
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/08/what-we-know-about-the-south-korea-niss-use-of-haPackrat:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/Quaverse
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/APT29
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Angler
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Group5:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Lazarus
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://citizenlab.org/2016/08/group5-syria/Miniduke
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://code.google.com/p/google-security-research/issues/detail?id=473&can=1&start=200
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://coinhive.com/documentation/miner
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-a
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-aKeyBoy
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-aeKeyBoy
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attack
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-ta
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-taOperation
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/07/10/active-m8
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/04/targeted/hRemcos
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/04/targetedBCHTHONIC
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/04/targetedlesCHTHONIC
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-Did
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-Russian
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-Tale
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-uRussian
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://community.rsa.com/community/products/netwitness/blog/2017/12/08/grateful
Source: vnwareupdate.exe, 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by-nc/4.0/
Source: vnwareupdate.exe, 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by-nc/4.0/.
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/azorult-version-2-atrocious-spyware-in8
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-AzorUlt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/azorult-version-2-atrocious-spyware-infection-using-3-1-rtf-Double
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-official
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officialCyber
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officialLazarus
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officialR
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/malware-actors-using-nic-cyber-security-themed-spear-phishin
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/malware-actors-using-nic-cyber-security-themed-spear-phishinn
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/uri-terror-at
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-emb
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embURI
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://digitasecurity.com/blog/2018/02/19/coldroot/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://digitasecurity.com/blog/2018/02/19/coldroot/Denis
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://dl.dropbox.com/u/105015858
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://dl.dropbox.com/u/105015858/nome.exe
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://docs.googl
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErcContinued
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErcNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErcs
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX01Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX03Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX08Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX31Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX32Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX33Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX37Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX5cCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX5dCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX66Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX78Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX7dCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX80
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX84Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX8dCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX93Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX95Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RX97Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXNewly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXPTCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXa7Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXaeCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXalCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXasCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXb6Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXc7Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXc8Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXcdCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXctCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXd8Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXe3Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXe6Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXf1Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXf6Campaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXfcCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXmyCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXneCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXpdfCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXpeCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXroCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXteCampaign
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXtoCampaign
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-Finds
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-Finds.
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-FindsChinese
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/Appendix-DressCode-Android-Malware-FindsDressCode
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-CVE-2017-11882-exploited-to-del
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-CVE-2017-11882-exploited-to-delCVE-2017-11882
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-CVE-2017-11882-exploited-to-delStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybere
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybere8fb36bf4d5cf98c2;APT
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereAPT3
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cybereUntangling
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cyberefb28dee5fde7cbb0;APT
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphin
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinCyberespionage
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://documents.trendmicro.com/assets/tech-brief-cyberespionage-campaign-sphinTravle
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://exchange.xforce.ibmcloud.com/collection/Group-123s-2016-to-2018-Campaign
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://exchange.xforce.ibmcloud.com/collection/Group-123s-2016-to-2018-Campaign/Skygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://exchange.xforce.ibmcloud.com/collection/Group-123s-2016-to-2018-Campaign0Comnie
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/marcher-gets-close-to-u
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/marcher-gets-close-to-u8
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/marcher-gets-close-to-uMARCHER
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/new-python-based-crypto
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://f5.com/labs/articles/threat-intelligence/malware/new-python-based-crypto8
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://file.gdatasoftware.com/web/en/documents/whitepaper/Rurktar.pdf
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://file.gdatasoftware.com/web/en/documents/whitepaper/Rurktar.pdfAPT29
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://file.gdatasoftware.com/web/en/documents/whitepaper/Rurktar.pdfRurktar
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://firstlook.org/theintercept/2015/08/21/inside-the-spyware-campaign-agains
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://ghostbin.com/paste/jsph7
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://ghostbin.com/paste/xgvdv
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/edeca/01f5e35d7de074cdd6710caddd973965
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/edeca/01f5e35d7de074cdd6710caddd973965Paranoid
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/edeca/01f5e35d7de074cdd6710caddd973965The
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8#file-katz-xml
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/0x00-0x00/ShellPop
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/0xbadjuju/Sharpire_RID2A4F
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/AlessandroZ/BeRoot/tree/master/Windows
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/AlessandroZ/LaZagne
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/AlessandroZ/LaZagne/releases/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/BeetleChunks/redsails
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Ben0xA/nps
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Cn33liz/SharpCat_RID2A27
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Cn33liz/p0wnedShell
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/CoreSecurity/impacket
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/DarthTon/Blackbone
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/FuzzySecurity/PowerShell-Suite
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/HarmJ0y/KeeThief
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Kevin-Robertson/Invoke-TheHash
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/MalwareTech/UACElevator_RID2B2C
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Neo23x0/Loki/issues/35
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Neo23x0/yarGen
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/PowerShellEmpire/Empire
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Torte_ELF.yarLinux
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Torte_ELF.yarRurktar
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/adaptivethreat/Empire
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/bartblaze/PHP-backdoors
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/bitsadmin/nopowershell
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csv
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csvPackrat:
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csvRovnix
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csvSouth
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/cpaton/Scripting/blob/master/VBA/Base64.bas
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/eset/malware-ioc/blob/master/sednit/part3.adoc
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/eset/malware-ioc/blob/master/sednit/part3.adocA
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/fireeye/iocs/tree/master/APT28
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/foxglovesec/RottenPotato
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/frohoff/ysoserial
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/g0tmi1k/exe2hex
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/gdssecurity/PSAttack/releases/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/gentilkiwi/kekeo/releases
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/gentilkiwi/mimikatz/releases
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/hfiref0x/UACME
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/huntergregal/mimipenguin
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/jaredhaight/Invoke-MetasploitPayload/blob/master/Invoke-MetasploitPayload.ps1
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/joridos/custom-ssh-backdoor05ce6e55dc8b2cdf07eca710c652032dae7940d9f719d24c65de77
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/maaaaz/impacket-examples-windows
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/mdsecactivebreach/CACTUSTORCH_RID2A54
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/n1nj4sec/pupy-binaries
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nccgroup/Winpayloads
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nccgroup/redsnarf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/nikicat/web-malware-collection
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/odzhan/shells/
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/pan-unit42/iocs/blob/master/ramdo/hashes.txt
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/peewpw/Invoke-PSImage
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/ptrrkssn/pnscan
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/putterpanda/mimikittenz
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/rapid7/metasploit-framework/commit/12a6d67be48527f5d3987e40cac2a0cbb4ab6ce7
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/rsmudge/metasploit-loader
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/samratashok/nishang
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/skelsec/PyKerberoast
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/sqlmapproject/sqlmap
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocks
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksBronze
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksEDB660EF32E2FD59AD1E610E9842C2DF;Dridex
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksEternalRocks
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksProject
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/stamparm/EternalRocksTofsee
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/subTee/AllTheThings_RID2BB8
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/t3ntman/CrunchRAT_RID2A5B
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/tiagorlampert/CHAOS
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/valsov/BackNet
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/vysec/ps1-toolkit
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/wordfence/grizzly
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/xmrig/xmrig/releases
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/zerosum0x0/koadic
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/cta-2018-0116-appendix.pdf
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/cta-2018-0116-appendix.pdf-2017-9805
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdfDDG:
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdfTargeting
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://go.recordedfuture.com/hubfs/reports/fr-2018-0214.pdfurce:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4if3HG
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4nyX1e
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4nyX1eAPT29
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4nyX1eAPTnotes
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/4pTkGQ
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/5jvv9q
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/7jGkpV
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/7yKyOj
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/7yKyOjq
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8LbqZ9
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8LbqZ9Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8LbqZ9IB
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8U6fY2
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/8U6fY23e91f399d207178a5aa6de3d680b58fc3f239004e541a8bff2cc3e851b76e8bb0914f9fbdac67cd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/9DNn8q
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/AW9Cuu
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/BSQWzw
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/BvYurS
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CX3KaY
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CpfJQQ
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CywXnS
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/CywXnS3f23d152cc7badf728dfd60f6baa5c861a500630nS10586913ceeecd408da4e656c29ed4e91c6b7
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/E4qia9
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/HG2j5T
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/HZ5XMN
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/JAHZVL
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/JAlw3s
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/JQVfFP
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eR
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eR0
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRIRC
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRMiddle
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRP
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/L9g9eRp
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/LXeeW70face841f7b2953e7c29c064d6886523W7APT28
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/LXeeW77e68371ba3a988ff88e0fb54e2507f0d0529b1d393f405bc2b2b33709dd571539fea62c042a8eda
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/LXeeW7APT28
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/MSJCxP
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/MZ7dRg
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Mr6M2J
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/N5MEj0
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Nbqbt6
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/OOB3mH
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/OkB63qFidelis
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/PChE1z
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Pg3P4W
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/QMRZ8K
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/QaOh4V
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Qew6dT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/RLf9qU
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/RvDwwA
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/SjQhlp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/VbvJtL
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/VdrwgR
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/WVflzO
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Z292v6
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/Z3JUAA
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/eFoP4A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/ffeCfd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/h6iaGj
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk(w
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk036EB11A5751C77BC65006769921C8E5;Bots
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk1CCC528390573062FF2311FCFD555064;Data-Stealing
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk3A25847848C62C4F2DCA67D073A524AE;Destover
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk8
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/hDQizk80
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxY
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxY23d.exe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxY89d.exe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYAbg.exe
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYConEmu.exe
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYFile.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYNoodles.exe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYOrange
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYPort.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYSession.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYShell.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYSocks.dll
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYY
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYf3e3e25a822012023c6e81b206711865Energetic
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/i3prxYrk
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/iqH8CK
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/jKIfGB
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/jhJWRpUpdateproxy.dll
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/joxXHF
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/jp2SkT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/p32Ozf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/pTffPA
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/puVc9q
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/qScSrE
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/qeBHsr
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/rW1yvZ
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/snc85M
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/t3uUTG
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/t3uUTGMofang
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/t3uUTGTROJ_WERDLOD:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/tcSoiJ
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/tezXZt
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/th5q2vGMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/uAic1X
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/urp4CD
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/v3ebal
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/vtQoCQ
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/vtQoCQProject
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlh
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhD1C27EE7CE18675974EDF42D4EEA25C6;Destover
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhProject
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhROKRAT
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/wt1xlhTROJ_WERDLOD:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/x81cSy
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/xnKTgt
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/xnKTgt.p9
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/xnKTgtrk
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zPsn83
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V8
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V83da8e94c6d1efe2a039f49a1e748df5eef01af5aV8The
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V84bdd366d8ee35503cf062ae22abe5a4a2d8d8907V8The
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V85c52996d9f68ba6fd0da4982f238ec1d279a7f9d8839d3e213717b88a06ffc48827929891a10059
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://goo.gl/zRf5V8The
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://hazmalware.blogspot.co.uk/2016/12/analysis-of-august-stealer-malware.htm
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://heimdalsecurity.com/blog/security-alert-adwind-rat-targeted-attacks-zero
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-8
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-Iranian
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-Spear
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118Dark
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118New
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://iranthreats.github.io/resources/human-rights-impersonation-malware/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://iranthreats.github.io/resources/human-rights-impersonation-malware/MALWARE
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://iranthreats.github.io/resources/macdownloader-macos-malware/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/diary/Analysis
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/diary/Tomcat
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/Adwind
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/Malspam
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/NemucodAES
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://isc.sans.edu/forums/diary/Sage
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://issp.ua/issp_system_images/Crystal_Finance_Millennium_CyberAttack_EN.pdf
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://issp.ua/issp_system_images/Crystal_Finance_Millennium_CyberAttack_EN.pdfSednit
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://issp.ua/issp_system_images/Crystal_Finance_Millennium_CyberAttack_EN.pdfUkranian
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/securelist/?p=75237
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/themysteryoft
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/theteamspysto
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-t
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-tA
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-tPlatinum
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/winnti-more-tWinnti
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/2016/05/inside-the-million-machine-clickfraud-botne
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/2013/04/MiniDuke_Paper
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid0Operation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid1Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid2Operation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid3Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insid4Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidIOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidROperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidTOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidVOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidXOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidb3Operation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insiddOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insideOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidfOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidlOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidlienVault
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidoOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidrOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidsOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidtOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-insidzOperation
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://labs.opendns.com/2016/07/13/wildfire-ransomware-gaining-momentum/
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for-the-3rd-asean-us-summi
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for-the-3rd-asean-us-summiDridex
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2015/11/24/wonknu-a-spy-for-the-3rd-asean-us-summiWonknu:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applican
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applican.
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applican.P
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicanMONSOON
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicanQarallax
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://login.yahoo.com/config/login
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://logrhythm.com/pdfs/threat-research/logrhythm-labs-oilrig-campaign-analys
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://malwr.com/analysis/ZDc4ZmIyZDI4MTVjNGY5NWI0YzE3YjIzNGFjZTcyYTY/
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://map.blueliv.com
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://maps.blueliv.com
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://matt.ucc.asn.au/dropbear/dropbear.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://medium.com/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://minergate.com/faq/what-pool-address
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://mlwre.github.io/2015/12/11/Derkziel-Sofware.html
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://mlwre.github.io/2015/12/11/Derkziel-Sofware.html25e4d8354c882eaea94b52039a96cc6d969a2dec8486
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://mlwre.github.io/2015/12/11/Derkziel-Sofware.htmlDerkziel
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html/Disrupting
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html/Operation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmlAlmanah
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmlOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmlRoki
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.htmls/Operation
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-deli
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-deliSpoofed
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-deliTargeted
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/Fake
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/New
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-swift-copy-notification-payment-slip-malspam
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-swift-copy-notification-payment-slip-malspamFake
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/fake-swift-copy-notification-payment-slip-malspamench
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/invoice-notification-with-id-number-40533-deliver
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/more-fake-receipts-and-payment-receipt-emails-delGlobe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/more-fake-receipts-and-payment-receipt-emails-delThe
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-email
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailPowerShell
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/new-powershell-ransomware-coming-in-malspam-emailSandworm
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/scanned-image-from-mx-2600n-with-password-protect
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/scanned-image-from-mx-2600n-with-password-protectScanned
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/scanned-image-from-mx-2600n-with-password-protectTurlas
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-hsbc-account-secure-documents-malspam-del
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-rfq-quotation-from-sino-heavy-machinery-c
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-uk-fuels-collection-malspam-delivers-malw
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-uk-fuels-collection-malspam-delivers-malwSpoofed
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/spoofed-uk-fuels-collection-malspam-delivers-malwThe
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/the-return-of-locky-with-fake-invoice-emails/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/trickbot-downloaded-via-vbs-email-blank-subject-n
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://myonlinesecurity.co.uk/trickbot-downloaded-via-vbs-email-blank-subject-nMultiple
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://mzultra.wordpress.com/2014/05/06/c654645ff44bbaa41e5b77be8889f5e5/
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://mzultra.wordpress.com/2014/05/06/c654645ff44bbaa41e5b77be8889f5e5/Pcoka
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-r
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-rFlokibot
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-or
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-orFrom
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://nioguard.blogsp
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://nioguard.blogspXData
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x0E.html
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x17.html
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x17.htmlFinding
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x17.htmlSPEAR:
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x18.html
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x18.htmlDing
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.html
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.htmlBadPatch
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.htmlFurtim
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://objective-see.com/blog/blog_0x26.htmlROKRAT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/MGAVB1uz
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/MGAVB1uzdfAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/MGAVB1uzfAPTnotes
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/Ncu00NRv
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/Ncu00NRvREGIN
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/Y7pJv3tK
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/raw/
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux//SWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux/LSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux56SWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux63SWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2ux9aSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxbeSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxeaThe
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://pastebin.com/xHLqW2uxs
Source: vnwareupdate.exe	String found in binary or memory: https://plusvic.github.io/yara
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://proofpoint.com/us/threat-insight/post/Not-Yet-Dead
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://proofpoint.com/us/threat-insight/post/Not-Yet-DeadContinued
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://proofpoint.com/us/threat-insight/post/Not-Yet-DeadDridex
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHas
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHas(2010)
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHas.Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHasThe
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201611_Ke
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201611_KeIt
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_In
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_In8P
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_InInsider
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/citizenlab/malware-indicators/master/201707_InNew
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/fireeye/pivy-report/master/PIVY-Appendix.pdf
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/13
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/2564af38;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/29768a2452a0e3abde02
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/2abcbff517a4adb2609f
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/32172544079ff42890db
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/40b299824e34394f334b
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4724f2b83f4181d3df47
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4dec74bc41c581b82459
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/6b38ec36d001361edd98
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/75585c3b871405dd299d
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/7c8d63137ed7a0b365cc
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/;US
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/Bankshot
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/IoTroop
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/ac317ed78f8016d59cb4
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/b9feb1af431404d1c55e
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/c310a9c431577f348923
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/c5f97184;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/d3f074b70788897ae7e2
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/d8cfafa2b02b6a25bd3b
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/dc8985226b7b2c468bb8
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/e3aa12fb899cd715abbe
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/f70e18fe0dedabefe9bf
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/h
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/ho
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/k-MaudiOperation.pdf
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/s
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/1A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/5Continued
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/8A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/Cyberattack
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/aA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/gA
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/iA
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp285ff9c2339c8e9dbf;A
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp29APT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp5aAPT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirp86APT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpdiAPT3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpe7APT3
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/apt-attack-middle-east-big-bang/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/.pBRONZE
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/01IoTroop
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/IoTroop
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/arIoTroop
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/ark-MaudiOperation.pdf
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/iotroop-botnet-full-investigation/raIoTroop
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-ba
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-baPTCyber
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-badfThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-baseThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-bateThe
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/Paranoid
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-malspam-targeting-bra
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-malspam-targeting-braMalspam
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-malspam-targeting-braNemucodAES
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-v00OilRig
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vCerber
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vOilRig
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vTargeted
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vTemp.Periscope
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-vTriton
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-tro
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-troSpyDealer:
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-The
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-Tick
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-pers
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persTwoFace
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-cont8
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-contDefaulting
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-contThe
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-n
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-nScanned
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-nThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-at
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-lay
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-lay7e94;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layAnalyzing
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-lay_Analyzing
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-ta
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-taBotnet
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-taHoeflerText
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-CVE-2017-8759:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-Threat
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/BadPatch
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/New
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/Operation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/Paranoid
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/e
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targe
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targe9Skygofree:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeFreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeMSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targecSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targelFreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targetFreeMilk:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-c
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeuSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-at
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-atInsider
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-atOilRig
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-d
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targe
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeFormBook
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeTargeted
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta18Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta1dMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta2eTrickbot
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta3
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta31Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta54Trickbot
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta7dMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taLockCrypt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta_cMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-ta_oMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taa4Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taafMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tab1Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tab5Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tabfMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tac0Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tac62ef8;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tac7Trickbot
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tad2787b;APTnotes
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tadiMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tameMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-tatoMuddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-taw_Muddying
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discove
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties0New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties1BEBLOH
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties1New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties6New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesTNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesaNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesbNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiescNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesdNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tieseNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesfNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesiNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesoNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesomise.pdf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-tiesseNew
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-c
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-cIOilRig
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-cPDF
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbuster
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbusterNew
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbusterOperation
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbusterer
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit4Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit5Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit92Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit9Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploit_Recent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitcRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitdRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploiteRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitiRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitoEvasive
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploitoRecent
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-ea
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-eaThe
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-eaUBoatRAT
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-bo
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-bo2Muddying
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-boMaster
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-targ
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-targComnie
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-targrComnie
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-iot-malware-evolves-h
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-iot-malware-evolves-hIoT
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-iot-malware-evolves-hNorth
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cr
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-crLarge
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-ii
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iiOilRig
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iicLarge
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-m
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/-PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis//PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/0PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/1PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/2PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/3PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/4PowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/5PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/6PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/7PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/8PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/Carbanak
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/EPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/PowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/VnPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/aPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/bPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/cPowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/ePowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/fOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/fPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/iPowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/oPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/sPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/tPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/uPowerStager
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/usPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/wPowerStager
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/xPowerStager
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-a
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-aKovter
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-aThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-mi
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-cus
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukr
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entiti
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-servic
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-u
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-t
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmini
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://s.tencent.com/research/report/471.html
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.htmlKnock
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.htmlSurtr:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.ae/2017/10/knock-knock-knocking-on-ehdoor-curious.htmlThreat
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.htm
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.htmContinued
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.htmThe
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/78674/sambacry-is-coming/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/0A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/1A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/2A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/3A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/5A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/6A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/6SamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/7A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/8A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/9A
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/A
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/MA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/SA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/Sample
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/Sednit
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/bA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/cA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/fA
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/a-slice-of-2017-sofacy-activity/83930/s
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/36462/stuxnetduqu-the-evolution-of-
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin.p
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsin8
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinHellsing
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsinWinnti
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/Citadel
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/GlobeImposter
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/69953/the-naikon-apt/The
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/72087/the-shade-encryptor-a-double-
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/analysis/publications/72356/i-am-hdroot-part-2/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/.
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-slingshot/84312/SlingShot
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-trends-report-q2-2017/79332/Dridex
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/apt-trends-report-q2-2017/79332/Greenbugs
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/18Bingo
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/5fInside
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/6cBingo
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atmii-a-small-but-effective-atm-robber/82707/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/atmii-a-small-but-effective-atm-robber/82707/The
Source: vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-d
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-dNew
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/33208/new-version-of-osx-sabpub-confirmed-
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/IXESHE
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/MyKings
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/Temp.Periscope
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/57647/the-red-october-campaign/The
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/75812/the-equation-giveaway/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/8
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/LockPoS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/The
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/10El
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/11023296f88f88bbb77d579f5fbad02e064274264c5066
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/El
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/66108/el-machete/dEl
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-t
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-.
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-Syrian
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68350/the-syrian-malware-part-2-who-is-the-Tibetan
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-l
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-lLegspin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-lOilRig
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-lSkeleton
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-ga
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-gaThe
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-pla
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-plaEquationDrug
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-plaOperation
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-plaSpam
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/8
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/APT
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/Grabit
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70087/grabit-and-the-rats/Trojan.Win32.Banker.NWT
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticat
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticatTheDuqu
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70726/the-spring-dragon-apt/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70726/the-spring-dragon-apt/APT1:
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/Communities
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/Dino
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/70991/games-are-over/Naoinstalad
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threa
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threaStrider:
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threaWild
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71713/darkhotels-attacks-in-2015/
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/Jamieoliver
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/New
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contr
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contrOngoing
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contrSatellite
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-contrTargeted
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72187/coinvault-are-we-reaching-the-end-of-
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-Duke
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-Sofacy
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-c
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-w
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-wATMZombie:
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-wLocky
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/74063/the-return-of-hackingteam-with-new-im
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/74063/the-return-of-hackingteam-with-new-imOngoing
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/74063/the-return-of-hackingteam-with-new-imThe
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/75040/lurk-banker-trojan-exclusively-for-ru
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/75328/the-dropping-elephant-actor/
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/75384/lurk-a-danger-where-you-least-expect-
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/76318/crypy-ransomware-behind-israeli-lines
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-fr
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-frIlluminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-frKopiLuwak:
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77621/newish-mirai-spreader-poses-new-risks
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/blog/sas/77908/lazarus-under-the-hood/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/Denis
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/Lazarus
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/denis-and-company/83671/OSX/Coldroot
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/07/Kaspersky_Lab_crouching_yeti_appendixes_eng
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdf
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdfSyrian
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdfThe
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/08/KL_report_syrian_malware.pdfWannaCry
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regi
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regi8
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_RegiAPT1:
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_RegiMiniduke
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_RegiRegin
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_engThe
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2016/06/xDedic_marketplace_ENG.pdfLinux
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2016/06/xDedic_marketplace_ENG.pdfTHE
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/80
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/A
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/Gaza
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/in-expetrpetyas-shadow-fakecry-ransomware-wave-hits-ukrai
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/introducing-whitebear/81638/
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/introducing-whitebear/81638/Cat
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/introducing-whitebear/81638/Patchwork
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/luckymouse-ndisproxy-driver/87914/
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-m
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mLarge
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-mNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/operation-applejeus/87553/
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/.
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729//
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/5F97C5EA28
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/APT
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/DCSO
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/Emissary
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/ScarCruft
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/Turla
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/shadowpad-in-corporate-networks/81432/
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603-FreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836033Group
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836033Skygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836035FreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/836039FreeMilk:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603Diplomats
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603SSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603Skygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603Spearphishing
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603aSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603ll
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603nSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603uGroup
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603wSkygofree:
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/the-nukebot-banking-trojan-from-rough-drafts-to-real-thre
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/the-nukebot-banking-trojan-from-rough-drafts-to-real-threThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/the-silence/83009/
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/8
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/8n
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/MSIL/Agent.PYO
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/WAP-billing
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/wap-billing-trojan-clickers-on-rise/81576/es
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/0Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/2Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/3Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/4Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/5Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/7Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/9Zero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/CZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/PZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/SZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/d
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/gZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/hZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/per
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/sZero-day
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securelist.com/zero-day-vulnerability-in-telegram/83800/yZero-day
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-stea
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-te
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teDragonfly:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teFancyBear
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teThreat
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-teeThreat
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw(Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw-Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw.Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw/Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw0Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw1Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw2Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw3Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw4Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw5Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw6Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw8North
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw9Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malw:Gold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwCGold
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwLGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwSGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwTGold
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwTick
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwVGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwaGold
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-pe
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwdGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malweGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwfGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwgt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwh
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwnGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwoGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwon
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwpGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwrGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwsGold
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malwuGold
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-globa
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-globaCyberespionage
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-globaLazarus
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/leakerlocker-mobile-ransomware-a
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/leakerlocker-mobile-ransomware-aLeakerLocker:
Source: vnwareupdate.exe, 00000003.00000003.245791168.00000000039A7000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeon
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeonps://goo.gl/CywXnS
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalis
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalis58cNorth
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalisNorth
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalisbGSowbug:
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentDragonfly:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentIt
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentMajikPOS
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://securingtomorrow.mcafee.com/mcafee-labs/targeted-campaign-steals-credentTargeted
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-repor
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-repor9Paggalangrypt.A
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reporJenX
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtml
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmlEvilBunny
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmlFurther
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmlVENOM
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://security.web.cern.ch/security/venom.shtmllVENOM
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://securityintelligence.com/brazil-cant-catch-a-break-after-panda-comes-themlRegin
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-wa
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-waThe
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://sfkino.tistory.com/73
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://spamonmove.blogspot.co.uk/2017/01/email-on-10th-jan-2017-invoice-from.ht
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://st.drweb.com/static/new-www/news/2016/september/Investigation_of_Linux.M
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://st.drweb.com/static/new-www/news/2016/september/Investigation_of_Linux.MInvestigation
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://st.drweb.com/static/new-www/news/2016/september/Investigation_of_Linux.MThe
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://steemit.com/shadowbrokers/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://t.co/OLIj1yVJ4m
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://techhelplist.com/index.php/tech-tutorials/41-misc/444-aspr
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://techhelplist.com/index.php/tech-tutorials/41-misc/444-asprCVE-2017-0199:
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://techhelplist.com/index.php/tech-tutorials/41-misc/444-asprLinking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.co
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/0x766c6164/status/794176576011309056
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/0xffff0800/status/1118406371165126656
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/BThurstonCPTECH/status/1128489465327030277
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/933280188733018113
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/944926250161844224
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/944926250161844224Angler
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/944926250161844224Group5:
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472MS15-078
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472Operation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/960924755355369472Sofacy
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ClearskySec/status/968104465818669057
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DbgShell/status/1101076457189793793
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DrunkBinary/status/1002587521073721346
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DrunkBinary/status/1018448895054098432
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/DrunkBinary/status/982969891975319553
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ItsReallyNick/status/887705105239343104
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ItsReallyNick/status/975705759618158593
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/ItsReallyNick/status/980915287922040832
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/James_inthe_box/status/1072116224652324870
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JaromirHorejsi/status/1047084277920411648
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JoKe_42/status/879693258183647232
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JohnLaTwC/status/915590893155098629
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/JohnLaTwC/status/915590893155098629Locky
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/MarceloRivero/status/988455516094550017
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/RedDrip7/status/1145877272945025029
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/Voulnet/status/892104753295110145
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/abuse_ch/status/1145697917161934856
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/asfakian/status/1044859525675843585
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/blu3_team/status/955971742329135105
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/buffaloverflow/status/907728364278087680
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/buffaloverflow/status/908455053345869825
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/crai
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/crai(APT-C-23)
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/craiPetya
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/craiu/status/900314063560998912
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/craiu/status/959477129795731458
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/sta
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832ASCS
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832Bronze
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1097423665472376832Temp.Periscope
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/1129647994603790338
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/9455880420808990728
Source: vnwareupdate.exe, 00000003.00000003.237440903.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/9455880420808990729750018A94D020A3D16C91A9495A7EC0;Data-Stealing
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072Further
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072Lazarus
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyb3rops/status/945588042080899072e
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/cyberintproject/status/961714165550342146
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/danielhbohannon/status/877953970437844993
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/danielhbohannon/status/905096106924761088
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234Ding
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234Karagany.B
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234New
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/demonslay335/status/876940273212895234Pcoka
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eya
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyaBanking
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyaNaoinstalad
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyaNew
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyad312ff06187c93d12dd5f1d0;FannyWorm
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/882497460102365185
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Continued
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Dimnie:
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Shell
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/885893685325574144Tordow
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/900248754091167744Hellsing
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/920661179009241093
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/eyalsela/status/92066117900924109328cTurla
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/haroonmeer/status/939099379834658817
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/infosecn1nja/status/1021399595899731968?s=12
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/itaitevet/status/1141677424045953024
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/jiriatvirlab/status/822601440317345792
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/malwareforme/status/915300883012870144
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/malwrhunterteam/status/953313514629853184
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/martin_u/status/880088927595638784
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/msftmmpc/status/877396932758560768
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/mzbat/status/895811803325898753
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/omri9741/status/991942007701598208
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/pwnallthethings/status/743230570440826886?lang=en
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/securitydoggo/status/936219272002654208
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/silv0123/status/1073072691584880640
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/stamparm/status/864865144748298242
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://virustotal.com/en/file/3d8a0c2d95e023a71f44bea2d04667ee06df5fd83d71eb5df
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://virustotal.com/en/file/3d8a0c2d95e023a71f44bea2d04667ee06df5fd83d71eb5dfAlmanah
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://vms.dataprotection.com.ua/virus/?i=13332788&virus_name=Trojan.Inject
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&amp
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&i=15421778
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&i=8400823
Source: vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampAndroid
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampGhosts
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237309639.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampLinux.Proxy.10
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.com/virus/?_is=1&ampTargeted
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.ru/virus/?
Source: vnwareupdate.exe, 00000003.00000002.528528109.00000000028B2000.00000004.00000001.sdmp	String found in binary or memory: https://vms.drweb.ru/virus/?i=15059456
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.html
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlDetecting
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlLuaBot:
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlPoS
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://w00tsec.blogspot.fr/2016/09/luabot-malware-targeting-cable-modems.htmlXAgentOSX:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://weankor.vxstream-sandbox.com/sample/6b857ef314938d37997c178ea50687a281d8ff9925f0c4e709407546
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedes
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedes.
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedesArchimedes
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://wikileaks.org/vault7/document/#archimedesGlobeImposter
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Ana
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc.
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc.p
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc/wWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc17WannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc50WannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc52WannaCry
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc8
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc8p
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researc96;APT10
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcAnother
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcF8WannaCry
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcThe
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcWannaCry
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcYayih
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcanWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcc.WannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researccuWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcd
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcdiWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcdoWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researce3;APT10
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/a-north-korean-monero-cryptocurre
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/a-north-korean-monero-cryptocurreA
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/a-north-korean-monero-cryptocurreOkiru
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/arp-spoofing-used-to-insert-malic
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/arp-spoofing-used-to-insert-malicARP
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/arp-spoofing-used-to-insert-malicUpdated
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/botnet-bruteforcing-point-of-saleAided
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/botnet-bruteforcing-point-of-saleBotnet
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/botnet-bruteforcing-point-of-saleKIVARS
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-vi
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-viLockCrypt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-viRecent
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-viYx
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-research/targeted-attacks-against-tibet-or
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcjsWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcnsWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcpsWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcryWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researctoWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researctyWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researcwrWannaCry
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/blogs/labs-researczaWannaCry
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.
Source: vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.0
Source: vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.P
Source: vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex.p
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex/Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex1Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex2Operation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex5
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex7Operation
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.551768875.0000000003D61000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex8
Source: vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex807
Source: vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex88
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex8P5
Source: vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-ex8p6
Source: vnwareupdate.exe, 00000003.00000003.236780975.00000000062F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233493320.0000000006353000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exConference
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exDragonOK
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exMusical
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exYiSpecter:
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exeOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exiOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exmOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exoOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-extOperation
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.alienvault.com/open-threat-exyOperation
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/additional-insights-shamoon2/
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/another-banker-enters-matrix/WannaCry
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-From
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-ckCommunities
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/dirtjumpers-ddos-engine-gets-a-tune-up-kCommunities
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/Digital
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/Flokibot
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/Unit
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/XAgentOSX:
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/Sofacys
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/The
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/8
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/Full
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/Gryphon
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/lockpos-joins-flock/
Source: vnwareupdate.exe, 00000003.00000003.233668995.0000000005DB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/recent-poison-iv/
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/the-revolution-will-be-written-in-delph
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/the-revolution-will-be-written-in-delphAsruex:
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/the-revolution-will-be-written-in-delphThe
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-Threat
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatEmbassy
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatH
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatHpW
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatIlluminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatNew
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatPlugX
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatRetefe
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatSecond
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2014/06/ASERT-ThreatUpdated
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-Fl
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-FlFastPOS
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-FlFlying
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&tn=baidu&wd=ip138
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badgu
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to26Cobalt
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/new-ghostadmin-malware-used-for-d
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-in-uk
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-in-ukEvolution
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.bleepingcomputer.com/news/security/reyptson-ransomware-spams-your-fr
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/en-gb/security-blog/2015-01-20/reversing-inception-apt-
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2013-11-25/plugx-used-against-mongolian-t
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2013-11-25/plugx-used-against-mongolian-tPlugX
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2013-11-25/plugx-used-against-mongolian-tPowerSniff
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-04-09/visual-basic-script-malware-re
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-04-09/visual-basic-script-malware-rePotential
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-04-09/visual-basic-script-malware-reRTF
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-KeyRaider:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-Spearphising
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.com
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comEvilBunny
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comFidelis
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.blueliv.comPincav
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-l
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/a-deeper-look-at-tofsee-modules/
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/a-deeper-look-at-tofsee-modules/Fiesta
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis///Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis//LRamnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/05Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/15Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/63Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/7dSWIFT
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/a3Ramnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/beRamnit
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/s
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/tofsee-en/
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/tofsee-en/Cat
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cert.pl/en/news/single/tofsee-en/Tofsee
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245791168.00000000039A7000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/10/1/h8ybw9lv70jigavhu46dexrlrhmow2
Source: vnwareupdate.exe, 00000003.00000003.245855228.00000000039E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245956038.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-report
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportAnalysis
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportH
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportRecent
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.circl.lu/pub/tr-25/
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.contextis.com/documents/30/TA10009_20140127_-_CTI_Threat_Advisory_-_
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.contextis.com/documents/30/TA10009_20140127_-_CTI_Threat_Advisory_-_Communities
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.contextis.com/documents/30/TA10009_20140127_-_CTI_Threat_Advisory_-_The
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-commi
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-fiel
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-fielSednit
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.crowdstrike.com/blog/french-connection-french-aerospace-focused-cve-
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://www.crysys.hu/skywiper/skywiper.pdf
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.crysys.hu/skywiper/skywiper.pdfTargeted
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.csis.dk/en/csis/blog/4628/
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyberscoop.com/chipotle-hack-fin7-carbanak-baja-fresh-ruby-tuesday/
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/baijiu.html
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/baijiu.htmlBAIJIU:
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/baijiu.htmlIOCS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.El
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.Malspam
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/rawpos-malware.html
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/rawpos-malware.htmlHikit
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/rawpos-malware.htmlRawPOS
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-konni-stealthy-remote-access
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-konni-stealthy-remote-accessKONNI
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.htmlHkdoor
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.htmliSamSam
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/en_us/blog/threat-spotlight-the-return-of-qakbot-malwareIlluminating
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/O
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/OOSX/Dok
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/OOperation
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/operation-cleaver-the-notepad-files
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.cylance.com/operation-cleaver-the-notepad-filesPoS
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/eternalblue-exploit-actively-used-deliver-remote-access-
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/eternalblue-exploit-actively-used-deliver-remote-access-EternalBlue
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/eternalblue-exploit-actively-used-deliver-remote-access-KingKong.dll
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/samba
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/sambaOops
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.cyphort.com/sambaSamba
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.damballa.com/corebot-and-darknet/
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://www.damballa.com/wp-content/uploads/2015/08/Damballa_PonyUp.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.dropbox.com
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.dshield.org/forums/diary/Example
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://www.easyaq.com/news/271075408.shtml
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-ef
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
Source: vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.enterprisetimes.co.uk/201
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.enterprisetimes.co.uk/201.
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.enterprisetimes.co.uk/201Analyzing
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: https://www.esentire.com/news-and-events/security-advisories/kaseya-virtual-syst
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.esentire.com/news-and-events/security-advisories/kaseya-virtual-systl
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdfIranian
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/callisto-groupGrand
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdfCOSMICDUKE
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdfUpdated
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002764.html
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002780.html
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002795.html
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002822.html
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002822.htmlDuke
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.f-secure.com/weblog/archives/00002822.htmlSofacy
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1019_Ratcheting_Down_on_
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_#1020
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_ZEUS
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29The
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29Ukranian
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2012/12/to-russia-with-apt.html
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.htmlBIFROSE
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.htmlHangover
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operati
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operati0The
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operati1Neutrino
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operatieThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operatinThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/04/the-mutter-backdoor-operatisThe
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/06/trojan-apt-seinup-hitting-a
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/06/trojan-apt-seinup-hitting-aLuaBot:
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/06/trojan-apt-seinup-hitting-aTrojan.APT.Seinup
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-e
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-e.
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-eOperation
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-ePalebot
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-ePok
Source: vnwareupdate.exe, 00000003.00000003.241469453.0000000005A11000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/hand-me-downs-exploit-and-i
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-da
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-daOperation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-daWinnti
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-Pawn
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-DCSO
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-Illuminating
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-Tracking
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-i
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-iOperation
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-iOrcaRAT
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydogOperation
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydogRecent
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydogThe
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-t
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/07/the-little-signature-that-c
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/07/the-little-signature-that-cThe
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/07/the-little-signature-that-crB
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-Connecting
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-Spoofed
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/08/operation-poisoned-hurrican
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-direction
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-directionRansomware
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-back
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backByeBye
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backXSLCmd
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backesellsing
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backsOperation
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backsXSLCmd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-ope
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverEquationDrug
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverNew
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverOperation
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handoverThe
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlAPT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlDarkhotel
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlOperation
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.htmlRSA
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.htmlMicrosoft
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.htmlTeslaCrypt
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.html
Source: vnwareupdate.exe, 00000003.00000003.233349750.0000000006273000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.htmlNitlovePOS:
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/09/suceful_next_genera.html
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.htmlAPT
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.htmlChina-based
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.htmlTaiwan
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.ht
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.htmlLuaBot:
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.htmlTREASUREHUNT:
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.html
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.htmlApocalypse
Source: vnwareupdate.exe, 00000003.00000003.234133131.0000000005DF3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/multigrain_pointo.html
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlKopiLuwak:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlUpdated
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/06/latest-android-overlay-malw
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/06/locky-is-back-and-asking-fo
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2016/06/resurrection-of-the-evil-mi
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03//Nebula
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/APT29
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/Without
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.h
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlBdCVE-2017-0199
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlCVE-2017-0199
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlMassive
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.htmlBernhardPOS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.htmlFIN7
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlAPT32
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.htmlPowerShell
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.ht
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.htEPS
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.htThe
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-c
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges
Source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cStrider:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
Source: vnwareupdate.exe, 00000003.00000002.552214471.0000000003DA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sAttacks
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sTwoFace
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranianFake
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranianIranian
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distributeCVE-2017-8759:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distributeSurtr:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.238209992.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distributi
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tl
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tl0Newly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tl9Newly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tldNewly
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tloNewly
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at0Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at1Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at2Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at4Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at6Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at7Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-at8Attackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atHAttackers
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atIPoisoning
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atcAttackers
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-ateAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atliAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atpAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atrAttackers
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-atuAttackers
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-e
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-e7aNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-e80New
Source: vnwareupdate.exe, 00000003.00000003.234268201.0000000006033000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-eNew
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-ed8New
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-eng
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-engMALWARE
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-engNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-eraNew
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/01/microsoft-office-vulnerabil
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deli
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliARITCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliENTtCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliE_NOCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliRt
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deli_PRICVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-delit
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobi
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-c
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-de
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/r
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rNIC
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rThe
Source: vnwareupdate.exe, 00000003.00000003.234392495.00000000060B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rail
Source: vnwareupdate.exe, 00000003.00000003.234338719.0000000006073000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/fireeye-malware-supply-chain.pdf
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/fireeye-malware-supply-chain.pdfDisrupting
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/fireeye-malware-supply-chain.pdfFrom
Source: vnwareupdate.exe, 00000003.00000003.242880867.0000000003BE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-en
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-enFrom
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-enOPERATION
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-Rans
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-RansNecurs
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-RansTurla
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securi
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securiA
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-securiMONSOON
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/accounts/servicelogin
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.gov.il/he/Departments/publications/reports/rand
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/33/the-retefe-saga
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/33/the-retefe-sagaT0
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.govcert.admin.ch/blog/33/the-retefe-sagaThe
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.guardicore.com/2016/06/the-photominer-campaign/
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.guardicore.com/2016/10/the-oracle-of-delphi-steal-your-credentials/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hackcon.org/wp-content/uploads/2015/02/Foredrag01.pdf
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/21f68db0d05c86d382742971b8b228dc1a6b47793
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513Andromeda
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513New
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/273d718027ca1945e5aada3602f8084426936d513WannaCry
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/6a48b5211b622ffe49ae4e32ada72bb4d9db40576
Source: vnwareupdate.exe, 00000003.00000003.241963093.0000000005611000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/788e91b3eaa67ec6f755c9c2afc682b830282b110
Source: vnwareupdate.exe, 00000003.00000003.232758250.0000000005F33000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/9ed5d45130547cc1df21aafae4d90e35587c0de97
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/cf1568bcf5f43e0eb44b2e813e5d31cd6f058c698
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/cf1568bcf5f43e0eb44b2e813e5d31cd6f058c698Korean
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/cf1568bcf5f43e0eb44b2e813e5d31cd6f058c698Vacation
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/d75d19693153a36a9414f418c2498d3b49016b1e4
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/fec85e6f69f1e619fc2d68c5501e4a9f2cc813bca
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/fec85e6f69f1e619fc2d68c5501e4a9f2cc813bcaShifr
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.hybrid-analysis.com/sample/fec85e6f69f1e619fc2d68c5501e4a9f2cc813bcaShortJSRat
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.icebrg.io/blog/footprints-of-fin7-iocs
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/APT28
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.its.ms.gov/services/securityAlerts/11-1-2012%20Possible%20spear%20ph
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.its.ms.gov/services/securityAlerts/11-1-2012%20Possible%20spear%20phThe
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.kudelskisecurity.com/sites/default/files/sphinx_moth_cfc_report.pdf
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.kudelskisecurity.com/sites/default/files/sphinx_moth_cfc_report.pdfAPT28
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.kudelskisecurity.com/sites/default/files/sphinx_moth_cfc_report.pdfSphinx
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.lac.co.jp/lacwatch/people/20170223_001224.html
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.lac.co.jp/lacwatch/people/20170223_001224.htmlAPT10
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.mcafee.com/hk/resources/white-papers/wp-global-energy-cyberattacks-n
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pd
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.mysonicwall.com/SonicAlert/searchresults.aspx?ev=article&id=995
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.mysonicwall.com/SonicAlert/searchresults.aspx?ev=article&ampDuqu
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs22BTurla
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2APTurla
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2CyTurla
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2ECTargeted
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2pper
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2psTurla
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou04Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou2013
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou2aTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou8eTurla
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouKIVARS
Source: vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grou_cTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groub6Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groucoTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groudfTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groue8Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouf0Turla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20groumeTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouroTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouseLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouseTurla
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20grouw_Turla
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdfEpic
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdfHikit
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202
Source: vnwareupdate.exe	String found in binary or memory: https://www.openssl.org/docs/faq.html
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/p
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pDing
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pOcean
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-bloss
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossOPERATION
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossOperation
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fil
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-atta
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-attaContinued
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-attaOlympic
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-CVE-2017-0199:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-LeetMX
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-North
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-er
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-yberattack
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/proofpoint-threat-insight-carbana
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/sites/default/files/proofpoint-threat-insight-carbanaCarbanak
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/dyre-malware-campaigners-innovate-distribution-tec
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/dyre-malware-campaigners-innovate-distribution-tecBolek:
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricksExploring
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zer
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerOops
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerTemp.Periscope
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-F
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-FDyre
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-FDyreza
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-FOngoing
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-Vu
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-VuTWO
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-VutMassive
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Meet-GreenDispenser
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threa
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-ThreaDridex
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-ThreaNew
Source: vnwareupdate.exe, 00000003.00000003.235905498.0000000005FB3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/Updated-Blackmoon-Banking-Troj
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/abbadonpos-now-targeting-speci
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/banking-trojans-dridex-vawtrak
Source: vnwareupdate.exe, 00000003.00000002.546099143.00000000037C7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/banking-trojans-dridex-vawtrakDCSO
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-sam
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-s
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ranso
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoDouble
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransoNew
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-reci
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-reciDridex
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-reciUrsnif
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backd
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdDroidJack
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdOPERATION
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleARP
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleFin7
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscri
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappearHancitor
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappearOdinaff:
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/kovter-group-malvertising-camp
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/kovter-group-malvertising-campThe
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spea
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spea013
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spea8Leviathan:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speaLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speaNew
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speacLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speameLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-speaoLeviathan:
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-CVE-2017-0199
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-Massive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-Temp.Periscope
Source: vnwareupdate.exe, 00000003.00000003.236259168.0000000005C73000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-upd
Source: vnwareupdate.exe, 00000003.00000003.242214739.0000000005451000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russia
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russiaNetTraveler
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russiaSednit
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-aptCampaign
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-aptOperation
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-pop
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-popAided
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-popKOVTER
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-popOstap
Source: vnwareupdate.exe, 00000008.00000003.285342005.0000000005DF3000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/panda-banker-new-banking-troja
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/phish-scales-malicious-actor-tAndroid
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/phish-scales-malicious-actor-tFlying
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-//Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-/LSmominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-02Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-33Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-82Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-a3Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-beSmominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-c7Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-f37Smominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-fbSmominru
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-koOilRig
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/spam-now-with-side-of-cryptxxx
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/spam-now-with-side-of-cryptxxxSpam
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/spam-now-with-side-of-cryptxxxTARGETED
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopi
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopi1#ISMDoor
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiNRecent
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopib8Turla
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopieTurla
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ursnif-banking-trojan-campaign
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.proofpoint.com/us/threat-insight/post/ursnif-banking-trojan-campaignUrsnif
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clou
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clou617ba23c7a6aad88;APT
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouCOSMICDUKE
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouIlluminating
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouNew
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouTARGETED
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouThreat
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-clouUpdated
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.recordedfuture.com/web-shell-analysis-part-2/
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2India
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2Vacation
Source: vnwareupdate.exe, 00000003.00000003.233888921.0000000005C33000.00000004.00000001.sdmp	String found in binary or memory: https://www.reverse.it/sample/6995fd3a66382669a48e071033a08c9404efd30c065b54f1ab
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.reverse.it/sample/e3399d4802f9e6d6d539e3ae57e7ea9a54610a7c4155a6541df8e94d67af086e?envir
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba0Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba5Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba6Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-coba8Cobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaCCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaInfrastructure
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaTCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaTDaserf
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaUCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaaCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobadCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobaeCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobafcCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobagCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobanCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobapCobalt
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobarCobalt
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-EITest
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-WannaCry
Source: vnwareupdate.exe, 00000003.00000003.245916145.0000000003967000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/
Source: vnwareupdate.exe, 00000003.00000003.245791168.00000000039A7000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-strike/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-strike/CCobalt
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/cobalt-strike/FileTour
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/fake-flash-update-watering-hole-attack/
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/fake-flash-update-watering-hole-attack/Fake
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/fake-flash-update-watering-hole-attack/HoeflerText
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/htprat/
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/3ce763275c55e691;APT10
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/Remcos
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/bRemcos
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf.P
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf21aee5e49dfa7b39fc97f0
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf49458ab6253da1f3023266
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf7e17eea51551c8d9ece289
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf928822f67fbb3cd9c83be8
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfThe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfc6e75bb6acd73bc7cf8908
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfh
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfhttp://goo.gl/NpJpVZ
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfoney
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdfssom
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizat
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizatChinese
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizatDressCode
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/duqu
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-rat
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-ratDroidJack
Source: vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-ratSpam
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/bronze-unionBRONZE
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/bronze-unionContinued
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/htran8
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/htranAPTnotes
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns//SamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns/fSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns68dSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaigns9SamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsc0Recent
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsleSamSam
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/samsam-ransomware-campaignsrbHkdoor
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigoo
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigoo8
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigooRecent
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigooThe
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/sindigooWin32/Spy.Obator
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/skeleton-key-malware-analysis
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/skeleton-key-malware-analysisA
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaign
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignAPTnotes
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignDridex
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignFull
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignGreenbugs
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignParanoid
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignSpearphishing
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignThe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignl
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignl13475D0FDBA8DC7A648B57B10E8296D5;Bots
Source: vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignlThe
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237373308.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/the-mirage-campaignmlGrand
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/wiper-malware-analysis-attacking-korean-finRecent
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/wiper-malware-analysis-attacking-korean-finTrojan.APT.Seinup
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.secureworks.com/research/wiper-malware-analysis-attacking-korean-finWiper
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/Teaching
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/TelsaCrypt
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/iOperation
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.skycure.com/blog/exaspy-commodity-android-spyware-targeting-high-lev
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-Gaza
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-New
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-rotten-The
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/CVE-2017-0199-li
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/CVE-2017-0199-liNew
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/plugx-goes-to-th
Source: vnwareupdate.exe, 00000003.00000003.237611046.00000000038E7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.233075798.00000000060F3000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminer
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminer8
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminerCoinMiner
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/O
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/O/A
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/ORoki
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/OTheDuqu
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/T
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/TAndroid
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/TRSA
Source: vnwareupdate.exe, 00000003.00000002.565870570.0000000003FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/TTelsaCrypt
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/backdoorwinnti-attackers-have-skeleton-th
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-Dragonfly:
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-OilRig
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-an
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-ixTargeted
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-m
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout4Sowbug:
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout5Turla
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-sout8Sowbug:
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-soutSowbug:
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-soutViSowbug:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates
Source: vnwareupdate.exe, 00000003.00000003.237713875.0000000003967000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitco
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitcoCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitcoVnCVE-2017-10271
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/connect/forums/bitcoVnUntangling
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Darktrack
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Legspin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Nymaim
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Platinum
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Regin
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/Zeus
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitep
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitep8
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepBronze
Source: vnwareupdate.exe, 00000003.00000002.557653688.0000000003E61000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepComment
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepDeep
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepInComment
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepOperation
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepRegin
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepSyrian
Source: vnwareupdate.exe, 00000003.00000002.570079073.0000000004121000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepThe
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepUPS:
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepUnComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepWeComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepe_Comment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepesComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepg
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepiaComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepliComment
Source: vnwareupdate.exe, 00000003.00000002.553151421.0000000003DE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whiteprOperation
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepraBlank
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepraComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepraPutter
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepucComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepucture
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepxeComment
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepybComment
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2016-0224
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-010516-1811-99
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011214-3734-99
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011214-3734-99Mestep
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011607-5822-99
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011607-5822-99Mestep
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-011607-5822-99Trulop
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-031519-0428-99
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99663a;APT10
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99Andromeda
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99North
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99UPS:
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99WannaCry
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99Zero-day
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-062915-5446-99
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-062915-5446-99Futurax
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-062915-5446-99MyKings
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-070611-0813-99
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-070611-0813-99H-Worm
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-070611-0813-99WAP-billing
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99Dreambot
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99Karagany.B
Source: vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99New
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2018-021208-2435-99
Source: vnwareupdate.exe, 00000003.00000003.234528386.0000000006133000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2018-021208-2435-99Ransom.ShurL0ckr
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.symantec.com/security_response/writeup.jsp?docid=2018-021208-2435-99aOperation
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.theregister.co.uk/2018/01/16/arc_iot_botnet_malware/
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/Rescoms
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/Unmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/eraUnmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/ilUnmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/raUnmasking
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/divide-and-conquer/reUnmasking
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/khaan-quest-chinese-cyber-espionage-targeting
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/khaan-quest-chinese-cyber-espionage-targetingCNACOM
Source: vnwareupdate.exe, 00000003.00000003.241767951.0000000005691000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/killing-with-a-borrowed-knife-chaining-core-c
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/killing-with-a-borrowed-knife-chaining-core-cRetefe
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/killing-with-a-borrowed-knife-chaining-core-cYayih
Source: vnwareupdate.exe, 00000003.00000003.241572242.0000000005911000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/operation-poisoned-helmand/
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/blog/where-there-is-smoke-there-is-fire-south-asia
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-bel
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatconnect.com/china-hacks-the-peace-palace-all-your-eezs-are-belChina
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-/EVASIVE
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-nEVASIVE
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-tRocket
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs
Source: vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.html
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.htmlBBSRAT
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.htmlThe
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.tr1adx.net/intel/TIB-00002.htmlUnusual
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.ai
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.aieraRescoms
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.aiilRescoms
Source: vnwareupdate.exe, 00000003.00000002.544656700.0000000003747000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_rescoms.aireRescoms
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.236671866.0000000005A91000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-pape
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papeIXESHE
Source: vnwareupdate.exe, 00000003.00000002.545077306.0000000003787000.00000004.00000001.sdmp	String found in binary or memory: https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papeSanny
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/KOVTER-and-CERBER-on-a-One-T
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/KOVTER-and-CERBER-on-a-One-TKOVTER
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Carbanak-/-Anunak-Attack
Source: vnwareupdate.exe, 00000003.00000003.245614299.0000000003AA7000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.245318104.0000000003B27000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-Post-Soviet
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-SYSCON
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-Macro
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-Quaverse
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Tale-of-the-Two-Payloads-%E2New
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Tale-of-the-Two-Payloads-%E2Tale
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-lik
Source: vnwareupdate.exe, 00000003.00000003.234026973.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: https://www.u-toyama.ac.jp/news/2016/doc/1011.pdf
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/AA19-024A
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=Spearphishing
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=Unusual
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA14-353A?utm_source=twitterfeed&utm_medium=fSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-164A6566a8c1b8b73f10205b6b1e8757cee8489e8f756e4d0ad37a314f2
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp, vnwareupdate.exe, 00000014.00000003.479045359.00000000036D7000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-164A83e7aaf52e5f567349eee880b0626e61e97dc12b8db9966faf55a99
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-293A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-318A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA17-318B
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/alerts/TA18-074A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publ
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publ3Malware
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publB5Malware
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publDownloaders
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publEvasive
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publMalware
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publThe_Mirage_Campaign.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publcMalware
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publeMalware
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD0Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD1Truebot.A
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD3Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD5Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOThe
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD_Bankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDaBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDbBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDcBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDdBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDfBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDh
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDiBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDoBankshot
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.us-cert.gov/sites/default/files/publyMalware
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/070ee4a40852b26ec0cfd79e32176287a6b9d2b15e377281d8414550a83f6496/
Source: vnwareupdate.exe, 00000003.00000003.241827224.0000000005711000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/975e515bbf8828b103b05039fe86afad7da43b043d
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/975e515bbf8828b103b05039fe86afad7da43b043dBBSRAT
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/975e515bbf8828b103b05039fe86afad7da43b043dRussia
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/file/ee069edc46a18698fa99b6d2204895e6a516af1a306ea986a798b178f289ecd6/
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/en/ip-address/188.128.173.225/information/
Source: vnwareupdate.exe, 00000003.00000003.232809431.0000000005F73000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/fr/file/740d3a1b84e274ad36c6811ee597851b279aa893de6be
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details
Source: vnwareupdate.exe, 00000003.00000003.242072217.0000000005511000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/UnDemocracy
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/asDemocracy
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/g
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/reDemocracy
Source: vnwareupdate.exe, 00000003.00000003.241994796.0000000005651000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-tar
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-tarReal
Source: vnwareupdate.exe, 00000003.00000002.566831546.0000000004021000.00000004.00000001.sdmp	String found in binary or memory: https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-tarRussia
Source: vnwareupdate.exe, 00000003.00000003.238306723.0000000003B67000.00000004.00000001.sdmp	String found in binary or memory: https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-&#39
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-Campaign
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-sta
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-sta.
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-staCarbon
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-staOperation
Source: vnwareupdate.exe, 00000003.00000003.242046472.00000000055D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-Turlas
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/.0
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/It
Source: vnwareupdate.exe, 00000003.00000002.559056371.0000000003EA1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/JS_POWMET
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/ppendixes.pdf8
Source: vnwareupdate.exe, 00000003.00000003.245681490.0000000003AE7000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmediaFreeMilk:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmediaOSX/Proton
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmediacators_of_compromise
Source: vnwareupdate.exe, 00000003.00000003.245741695.0000000003A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-di
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diAnalyzing
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diBadRabbit
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/
Source: vnwareupdate.exe, 00000003.00000002.530463485.0000000002B4E000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/8P
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/ATMii:
Source: vnwareupdate.exe, 00000003.00000003.234581767.0000000006173000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/Windigo
Source: vnwareupdate.exe, 00000003.00000003.237953574.0000000003A27000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disru
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disruDisrupting
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disruFancy
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfi
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfi-
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfi2ed97283c6e157eb5;AP
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfiIStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfiStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.237183356.0000000002BCE000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfibStrongPity2
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/0F246A13178841F8B324CA54696F592B;Wa
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/APT
Source: vnwareupdate.exe, 00000003.00000003.237491320.0000000003807000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/C20980D3971923A0795662420063528A43D
Source: vnwareupdate.exe, 00000003.00000002.539291516.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/Turla
Source: vnwareupdate.exe, 00000003.00000003.241724758.00000000057D1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdfAided
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdfIndustroyer
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdfIranian
Source: vnwareupdate.exe, 00000003.00000002.569366992.00000000040E1000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf.
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdf.P
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdfLeakerLocker:
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/07/Stantinko.pdfStantinko
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdfGazing
Source: vnwareupdate.exe, 00000003.00000003.234630712.00000000061B3000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdfNetwire
Source: vnwareupdate.exe, 00000003.00000003.237651120.0000000003927000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pd
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdDiplomats
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdNearly
Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdSkygofree:
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	String found in binary or memory: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdp
Source: vnwareupdate.exe, 00000003.00000003.241875314.0000000005751000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdf
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdf8
Source: vnwareupdate.exe, 00000003.00000002.568465087.00000000040A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdfPeering
Source: vnwareupdate.exe, 00000003.00000002.567684552.0000000004061000.00000004.00000001.sdmp	String found in binary or memory: https://www.wired.com/images_blogs/threatlevel/2010/10/w32_stuxnet_dossier.pdfStuxnet
Source: vnwareupdate.exe, 00000003.00000003.236580164.0000000005A51000.00000004.00000001.sdmp	String found in binary or memory: https://www.yumpu.com/en/document/view/55505308/the-history-of-the-darkseoul-gro
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-thre
Source: vnwareupdate.exe, 00000003.00000003.241595025.0000000005951000.00000004.00000001.sdmp	String found in binary or memory: https://www.zingbox.com/blog/ploutus-d-malware-turns-atms-into-iot-devices/
Source: vnwareupdate.exe, 00000003.00000003.234668873.00000000061F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/cnacom-open-source-exploitation-strategicWatering
Source: vnwareupdate.exe, 00000003.00000002.539674279.0000000003681000.00000004.00000001.sdmp, vnwareupdate.exe, 00000003.00000003.237233008.00000000036C1000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/ispy-keyloggerfFidelis
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/neutrino-malvertising-campaign-drops-gamaIThe
Source: vnwareupdate.exe, 00000003.00000002.543787913.0000000003707000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/neutrino-malvertising-campaign-drops-gamalRetefe
Source: vnwareupdate.exe, 00000003.00000003.233308423.0000000006233000.00000004.00000001.sdmp, vnwareupdate.exe, 0000000A.00000003.287952784.00000000060E3000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/blogs/research/new-infostealer-trojan-uses-fiddler-proxyTWO
Source: vnwareupdate.exe, 00000003.00000003.234063890.0000000005AD1000.00000004.00000001.sdmp	String found in binary or memory: https://www.zscaler.com/pdf/technicalbriefs/tb_advanced_persistent_threats.pdf
Source: vnwareupdate.exe, 00000003.00000003.242436168.0000000003BA7000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf
Source: vnwareupdate.exe, 00000003.00000002.527918576.0000000002831000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf8
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdfAPT30
Source: vnwareupdate.exe, 00000003.00000003.241919530.0000000005791000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdfHiding
Source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp	String found in binary or memory: https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdfTofsee
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-fl
Source: vnwareupdate.exe, 00000003.00000002.570785608.0000000004161000.00000004.00000001.sdmp	String found in binary or memory: https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flFrom

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

0_2_00405205

E-Banking Fraud:

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Spam, unwanted Advertisements and Ransom Demands:

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\SQSJKEBWDT.docx	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\BNAGMGSPLO\EEGWXUHVUG.xlsx	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\ZGGKNSUKOP.jpg	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\PIVFAGEAAV.docx	Jump to behavior
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File deleted: C:\Users\user\Desktop\EEGWXUHVUG.xlsx	Jump to behavior

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Jump to dropped file

System Summary:

Malicious sample detected (through community Yara rule)

Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.436058475.0000000006B94000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.316101546.000000000684D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 00000013.00000003.464557374.0000000006D87000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file h6ss.php Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects NoPowerShell hack tool Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects JQuery File Upload vulnerability CVE-2018-9206 Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from FIN7 report in August 2018 Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious Doc from FIN7 campaign Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Dsniff hack tool Author: Florian Roth
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HOPLIGHT malware used by HiddenCobra APT group Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects NoPowerShell hack tool Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects JQuery File Upload vulnerability CVE-2018-9206 Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from FIN7 report in August 2018 Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious Doc from FIN7 campaign Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Dsniff hack tool Author: Florian Roth
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HOPLIGHT malware used by HiddenCobra APT group Author: Florian Roth
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.454771924.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file h6ss.php Author: Florian Roth
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.sh Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.asp Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-psh.vba Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.vba Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.psh Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.aspx Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.aspx Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vbs Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vba Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-cmd.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.hta Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-ref.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PowerShell ISESteroids obfuscation Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader - suspicious - Possible FP could be program crack Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript cloaked as Favicon file used in Leviathan incident Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a ZxShell - CN threat group Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EternalRocks Malware - file taskhost.exe Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects BeyondExec Remote Access Tool - file rexesvr.exe Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy RAT Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from OilRig malware and malicious scripts Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related custom port scaner output file Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Red Sails Hacktool - Python Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Rehashed RAT incident Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy backdoor Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware sample mentioned in Microcin technical report by Kaspersky Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Fireball malware - file clearlog.dll Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects CactusTorch Hacktool Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware related to Operation Cloud Hopper - Page 25 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Tools related to Operation Cloud Hopper Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimipenguin Password Extractor - Linux Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Word Dropper from Proofpoint FIN7 Report Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file WMImplant.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Osiris Device Guard Bypass - file Invoke-OSiRis.ps1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects powershell script used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a Windows scheduled task as used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects hack tool used in Operation Wilted Tulip - Windows Tasks Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Compiled Impacket Tools Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elgingamble Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsd Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file eggbasket Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file sambal Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file envisioncollision Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsex Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file DUL Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file slugger2 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file jackpop Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file estesfox Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool set Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects output generated by EQGRP scanner.exe Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: IEC-104 Interaction Module Program Strings Author: Dragos Inc
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in VBS obfuscation Author: Florian Roth
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in JS obfuscation Author: Florian Roth
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file PHP1.php Author: Florian Roth
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file h4ntu shell [powered by tsoi Author: unknown
Source: 00000013.00000003.458084749.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.470647242.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file cmdjsp.jsp Author: Florian Roth
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file 404super.php Author: Florian Roth
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file Asp.asp Author: Florian Roth
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt Author: Florian Roth
Source: 00000013.00000003.473662008.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.481442342.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.325135478.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.455300807.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file h6ss.php Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file cmdjsp.jsp Author: Florian Roth
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file 404super.php Author: Florian Roth
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file Asp.asp Author: Florian Roth
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.470556930.0000000006B92000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file PHP1.php Author: Florian Roth
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file h4ntu shell [powered by tsoi Author: unknown
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.sh Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.asp Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-psh.vba Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.vba Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.psh Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.aspx Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.aspx Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vbs Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.vba Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-cmd.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.hta Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-ref.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PowerShell ISESteroids obfuscation Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader - suspicious - Possible FP could be program crack Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript cloaked as Favicon file used in Leviathan incident Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from StoneDrill threat report Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a ZxShell - CN threat group Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EternalRocks Malware - file taskhost.exe Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects BeyondExec Remote Access Tool - file rexesvr.exe Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy RAT Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from OilRig malware and malicious scripts Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related custom port scaner output file Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Red Sails Hacktool - Python Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Rehashed RAT incident Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy backdoor Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware sample mentioned in Microcin technical report by Kaspersky Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Fireball malware - file clearlog.dll Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects CactusTorch Hacktool Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware related to Operation Cloud Hopper - Page 25 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Tools related to Operation Cloud Hopper Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimipenguin Password Extractor - Linux Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Word Dropper from Proofpoint FIN7 Report Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Crypto Miner strings Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-WmiExec or Invoke-SmbExec Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file WMImplant.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Osiris Device Guard Bypass - file Invoke-OSiRis.ps1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects powershell script used in Operation Wilted Tulip Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a Windows scheduled task as used in Operation Wilted Tulip Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects hack tool used in Operation Wilted Tulip - Windows Tasks Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Compiled Impacket Tools Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elgingamble Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsd Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file eggbasket Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file sambal Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file envisioncollision Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file cmsex Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file DUL Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file slugger2 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file jackpop Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file estesfox Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7 Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Equation Group hack tool set Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EquationGroup Tool - April Leak Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects output generated by EQGRP scanner.exe Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: IEC-104 Interaction Module Program Strings Author: Dragos Inc
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in VBS obfuscation Author: Florian Roth
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects cloaked Mimikatz in JS obfuscation Author: Florian Roth
Source: 0000000A.00000003.322872020.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php Author: Florian Roth
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.464807403.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file shankar.php.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1 Author: Florian Roth
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - from files Shell [ci Author: unknown
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file b37.php Author: Florian Roth
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Volgmer malware as reported in US CERT TA17-318B Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects export from Gold Dragon - February 2018 Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Lazarus malware from incident in Dec 2017 Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malicious obfuscated VBS observed in February 2018 Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file Scan Copy.pdf.com Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unspecified malware sample Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a command to execute PowerShell from String Author: Florian Roth
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: DLL implant, originally rights.dll and runs as a service Author: David Cannings
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect netwire in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Web shells - generated from file PHP1.php Author: Florian Roth
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Semi-Auto-generated - file h4ntu shell [powered by tsoi Author: unknown
Source: 0000000A.00000003.313078570.000000000661F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-psh.vba Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-exe.vba Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.psh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.aspx Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-cmd.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf-ref.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PowerShell ISESteroids obfuscation Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Codoso APT CustomTCP Malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Gh0st RAT mentioned in Cylance\' Ghost Dragon Report Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Gh0st RAT mentioned in Cylance\' Ghost Dragon Report Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a malware sysdll.exe from the Rocket Kitten APT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader - suspicious - Possible FP could be program crack Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Reflective DLL Loader Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects all QuarksPWDump versions Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file create_dns_injection.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file screamingplow.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file MixText.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file tunnel_state_reader Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file payload.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file eligiblecandidate.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BUSURPER-2211-724.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file networkProfiler_orderScans.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file epicbanana_2.1.0.1.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file sniffer_xml2pcap Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BananaAid Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file config_jp1_UA.pl Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file userscript.FW Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BUSURPER-3001-724.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file workit.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file tinyhttp_setup.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file EPBA.script Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file jetplow.sh Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file sploit.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file uninstallPBD.bat Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BICECREAM-2140 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BFLEA-2201.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file StoreFc.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - file BBALL_E28F6-2201.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BARPUNCH-3110, BPICKER-3100 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files pandarock_v1.11.1.1.bin, pit Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BananaUsurper-2120, writeJetPlow-2130 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230, BLIQUER-3030, BLIQUER-3120 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files BLIAR-2110, BLIQUER-2230 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files sploit.py, sploit.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - from files ssh.py, telnet.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - Extrabacon exploit output Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EQGRP Toolset Firewall - Unique strings Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file kerberoast.py Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPowerCat.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedPotato.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedExploits.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedBinaries.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedAmsiBypass.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: p0wnedShell Runspace Post Exploitation Toolkit - from files p0wnedShell.cs, p0wnedShell.cs Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects PlugX Malware Samples from June 2016 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Venom Linux Rootkit Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects IronGate APT Malware - Step7ProSim DLL Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a ZxShell - CN threat group Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hack Deep Panda - lot1.tmp-pwdump Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hack Deep Panda - htran-exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects EternalRocks Malware - file taskhost.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Linux hack tools - file a Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Linux Port Scanner Shark Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups - file pstgdump.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups - from files cachedump.exe, cachedump64.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool used by APT groups - file PwDump.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects an XML that executes Mimikatz on an endpoint via MSBuild Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a process injection utility that can be used ofr good and bad purposes Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects NoPowerShell hack tool Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy RAT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT and similar malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla Agent.BTZ Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CommentCrew Malware MiniASP APT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: X-Agent/CHOPSTICK Implant by APT28 Author: US CERT
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related custom port scaner output file Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Industroyer related malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware by Chinese APT PLA Unit 78020 - Generic Rule Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware by Chinese APT PLA Unit 78020 - Generic Rule - Chong Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - file s3.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - file s1.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - from files keygen.exe, s1.exe, s2.exe, s3.exe, s4.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects simple Windows shell - from files s3.exe, s4.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PassCV Malware mentioned in Cylance Report Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla malware (based on sample used in the RUAG APT case) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla malware (based on sample used in the RUAG APT case) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Turla malware (based on sample used in the RUAG APT case) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Red Sails Hacktool - Python Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects an APT malware related to PutterPanda Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Rehashed RAT incident Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pupy backdoor Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Iron Panda malware DnsTunClient - file named.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Iron Panda Malware Htran Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from the Proofpoint CN APT ZeroT incident Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from the Proofpoint CN APT ZeroT incident Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Chinese APT by Proofpoint ZeroT RAT - file Mcutil.dll Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware sample mentioned in Microcin technical report by Kaspersky Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Fireball malware - file clearlog.dll Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimikatz strings Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20123_cmdDef.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20123.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20120_cmdDef.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FiveEyes QUERTY Malware - file 20121_cmdDef.xml Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects JQuery File Upload vulnerability CVE-2018-9206 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects CactusTorch Hacktool Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects strings from FIN7 report in August 2018 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Quasar RAT Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CCProxy config known from Operation Cleaver Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware from Operation Cloud Hopper Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware related to Operation Cloud Hopper - Page 25 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Tools related to Operation Cloud Hopper Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware Sample - maybe Regin related Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationDrug - HDD/SSD firmware operation - nls_933w.dll Author: Florian Roth @4nc4p
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects RevengeRAT malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire - a pure PowerShell post-exploitation agent - file Invoke-Mimikatz.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Mimipenguin Password Extractor - Linux Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs a tool used in the Australian Parliament House network compromise Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pirpi Backdoor - and other malware (generic rule) Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Pirpi Backdoor Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool that can be used for privilege escalation - file gp3finder_v4.0.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a tool that can be used for privilege escalation - file folderperm.ps1 Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects a Metasploit Loader by RSMudge - file loader.exe Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Armitage component Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects APT34 PowerShell malware Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects malware sample mentioned in the Silence report on Securelist Author: Florian Roth
Source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Invoke-Mimikatz String Author: Florian Roth

Yara detected Xtreme RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\vnwareupdate.exe

Process Stats: CPU usage > 98%

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

0_2_0040320C

Detected potential crypto function

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00404A44	0_2_00404A44
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00406F54	0_2_00406F54
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_0040677D	0_2_0040677D
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C3A220	3_2_02C3A220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C86360	3_2_02C86360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C72310	3_2_02C72310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C376E0	3_2_02C376E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8AFB0	3_2_02C8AFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CA9F50	3_2_02CA9F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8B4C0	3_2_02C8B4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8A590	3_2_02C8A590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C8ADB0	3_2_02C8ADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D4A220	5_2_02D4A220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D96360	5_2_02D96360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D82310	5_2_02D82310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D476E0	5_2_02D476E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9AFB0	5_2_02D9AFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02DB9F50	5_2_02DB9F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9B4C0	5_2_02D9B4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9A590	5_2_02D9A590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D9ADB0	5_2_02D9ADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DAA220	8_2_02DAA220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DF6360	8_2_02DF6360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DE2310	8_2_02DE2310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DA76E0	8_2_02DA76E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFAFB0	8_2_02DFAFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E19F50	8_2_02E19F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFB4C0	8_2_02DFB4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFA590	8_2_02DFA590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DFADB0	8_2_02DFADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BE42F0	9_2_02BE42F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BAA220	9_2_02BAA220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C60200	9_2_02C60200
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C463F0	9_2_02C463F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4A3F0	9_2_02C4A3F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C523B0	9_2_02C523B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4E340	9_2_02C4E340
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C36360	9_2_02C36360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BE2310	9_2_02BE2310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44370	9_2_02C44370
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BF6360	9_2_02BF6360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4C040	9_2_02C4C040
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44050	9_2_02C44050
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C521C0	9_2_02C521C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BD2180	9_2_02BD2180
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44110	9_2_02C44110
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4A130	9_2_02C4A130
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C50610	9_2_02C50610
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C48630	9_2_02C48630
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C447C0	9_2_02C447C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BD07D0	9_2_02BD07D0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4A7B0	9_2_02C4A7B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C50730	9_2_02C50730
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C504F0	9_2_02C504F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42440	9_2_02C42440
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C64460	9_2_02C64460
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C445C0	9_2_02C445C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFA590	9_2_02BFA590
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C425F0	9_2_02C425F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C525A0	9_2_02C525A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C44AF0	9_2_02C44AF0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42AB0	9_2_02C42AB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCEA30	9_2_02BCEA30
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C48A60	9_2_02C48A60
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCEA59	9_2_02BCEA59
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C40BC0	9_2_02C40BC0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C52BE0	9_2_02C52BE0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3EBF0	9_2_02C3EBF0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C468C0	9_2_02C468C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C449B0	9_2_02C449B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42930	9_2_02C42930
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BD6EA0	9_2_02BD6EA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C48E90	9_2_02C48E90
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4CEB0	9_2_02C4CEB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C06E50	9_2_02C06E50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C62E70	9_2_02C62E70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFAFB0	9_2_02BFAFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BC8FC0	9_2_02BC8FC0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C50C10	9_2_02C50C10
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFADB0	9_2_02BFADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C26D80	9_2_02C26D80
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C34DA0	9_2_02C34DA0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C46DB0	9_2_02C46DB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C64D40	9_2_02C64D40
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C42D70	9_2_02C42D70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C432F0	9_2_02C432F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4B280	9_2_02C4B280
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C532B0	9_2_02C532B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C07210	9_2_02C07210
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45380	9_2_02C45380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C49380	9_2_02C49380
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43396	9_2_02C43396
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43398	9_2_02C43398
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3F370	9_2_02C3F370
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C0737C	9_2_02C0737C
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BED378	9_2_02BED378
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C51330	9_2_02C51330
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C430C6	9_2_02C430C6
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C430C8	9_2_02C430C8
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C47080	9_2_02C47080
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BED020	9_2_02BED020
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C41060	9_2_02C41060
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C2F010	9_2_02C2F010
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43020	9_2_02C43020
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C451A0	9_2_02C451A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C51110	9_2_02C51110
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3F120	9_2_02C3F120
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43136	9_2_02C43136
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C55130	9_2_02C55130
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BED6B0	9_2_02BED6B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C016E0	9_2_02C016E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BA76E0	9_2_02BA76E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C49650	9_2_02C49650
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5F610	9_2_02C5F610
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCF640	9_2_02BCF640
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C437F0	9_2_02C437F0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5F790	9_2_02C5F790
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45750	9_2_02C45750
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C4D710	9_2_02C4D710
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BFB4C0	9_2_02BFB4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C41470	9_2_02C41470
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BCF450	9_2_02BCF450
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C27430	9_2_02C27430
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45589	9_2_02C45589
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C1B5A0	9_2_02C1B5A0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C435B0	9_2_02C435B0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45510	9_2_02C45510
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C51AD0	9_2_02C51AD0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43A40	9_2_02C43A40
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5FA50	9_2_02C5FA50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C45A70	9_2_02C45A70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C41A20	9_2_02C41A20
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C43BE0	9_2_02C43BE0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C1BB80	9_2_02C1BB80
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C63B80	9_2_02C63B80
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C5D8C0	9_2_02C5D8C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3B950	9_2_02C3B950
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C3F930	9_2_02C3F930
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C69930	9_2_02C69930
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C35E70	9_2_02C35E70
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02B9A220	10_2_02B9A220
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BD2310	10_2_02BD2310
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BE6360	10_2_02BE6360
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02B976E0	10_2_02B976E0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEAFB0	10_2_02BEAFB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C09F50	10_2_02C09F50
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEB4C0	10_2_02BEB4C0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEADB0	10_2_02BEADB0
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BEA590	10_2_02BEA590

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BDC5A0 appears 43 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C5A840 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD5810 appears 69 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C65870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C6A840 appears 577 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BE99B0 appears 67 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BDAA60 appears 34 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02CFA840 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02E6A840 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD57D0 appears 130 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02D5D470 appears 45 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BB4570 appears 34 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02D75870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02DD5870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BAD470 appears 45 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD5890 appears 43 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BD5870 appears 398 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02C00EC0 appears 47 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BC5870 appears 63 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BE3160 appears 111 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BB43E0 appears 318 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02BBD470 appears 37 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02DBD470 appears 45 times
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: String function: 02E0A840 appears 63 times

PE file contains strange resources

Source: GZe6EcSTpO.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GZe6EcSTpO.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GZe6EcSTpO.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Uses 32bit PE files

Source: GZe6EcSTpO.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Yara signature match

Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.323793714.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.321850832.00000000068D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.321850832.00000000068D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.321850832.00000000068D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 00000013.00000003.473985141.0000000006BA5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.428708026.0000000006BA5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.436058475.0000000006B94000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.445137935.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.316101546.000000000684D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.316101546.000000000684D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.312404128.0000000006667000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit date = 2014/01/28, author = Florian Roth, description = Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, score = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.323779225.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit author = Florian Roth, description = PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, hash = b2b797707e09c12ff5e632af84b394ad41a46fa4
Source: 00000013.00000003.464557374.0000000006D87000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_gzinflated date = 2021/01/12, author = Arnim Rupp, description = PHP webshell which directly eval()s obfuscated string, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 49e5bc75a1ec36beeff4fbaeb16b322b08cf192d
Source: 00000013.00000003.464557374.0000000006D87000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_h6ss date = 2014/01/28, author = Florian Roth, description = Web Shell - file h6ss.php, score = 272dde9a4a7265d6c139287560328cd5
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Lazagne_Gen_18 date = 2018-12-11, author = Florian Roth, description = Detects Lazagne password extractor hacktool, reference = https://github.com/AlessandroZ/LaZagne, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 51121dd5fbdfe8db7d3a5311e3e9c904d644ff7221b60284c03347938577eecf
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NoPowerShell date = 2018-12-28, hash1 = 2dad091dd00625762a7590ce16c3492cbaeb756ad0e31352a42751deb7cf9e70, author = Florian Roth, description = Detects NoPowerShell hack tool, reference = https://github.com/bitsadmin/nopowershell
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_LNX_Pnscan date = 2019-05-27, author = Florian Roth, description = Detects Pnscan port scanner, reference = https://github.com/ptrrkssn/pnscan, score =
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Script_Obfuscation_Char_Concat date = 2018-10-04, hash1 = b30cc10e915a23c7273f0838297e0d2c9f4fc0ac1f56100eef6479c9d036c12b, author = Florian Roth, description = Detects strings found in sample from CN group repo leak in October 2018, reference = https://twitter.com/JaromirHorejsi/status/1047084277920411648
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Netsh_PortProxy_Command date = 2019-04-20, author = Florian Roth, description = Detects a suspicious command line with netsh and the portproxy command, reference = https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-interface-portproxy, score = 9b33a03e336d0d02750a75efa1b9b6b2ab78b00174582a9b2cb09cd828baea09
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VUL_JQuery_FileUpload_CVE_2018_9206 date = 2018-10-19, reference3 = https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html, author = Florian Roth, description = Detects JQuery File Upload vulnerability CVE-2018-9206, reference2 = https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f, reference = https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_Strings_Aug18_1 date = 2018-08-01, hash1 = b6354e46af0d69b6998dbed2fceae60a3b207584e08179748e65511d45849b00, author = Florian Roth, description = Detects strings from FIN7 report in August 2018, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_MalDoc_Aug18_1 date = 2018-08-01, hash1 = 9c12591c850a2d5355be0ed9b3891ccb3f42e37eaf979ae545f2f008b5d124d6, author = Florian Roth, description = Detects malicious Doc from FIN7 campaign, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_PowerKatz_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Unknown_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_1 date = 2019-04-17, hash1 = b1d621091740e62c84fc8c62bcdad07873c8b61b83faba36097ef150fd6ec768, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_2 date = 2019-04-17, hash1 = 2943e69e6c34232dee3236ced38d41d378784a317eeaf6b90482014210fcd459, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_3 date = 2019-04-17, hash1 = 27e03b98ae0f6f2650f378e9292384f1350f95ee4f3ac009e0113a8d9e2e14ed, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Dsniff date = 2019-02-19, author = Florian Roth, description = Detects Dsniff hack tool, score = https://goo.gl/eFoP4A
Source: 00000013.00000003.416430149.0000000000884000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_MAL_HOPLIGHT_NK_HiddenCobra_Apr19_1 date = 2019-04-13, hash1 = d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39, author = Florian Roth, description = Detects HOPLIGHT malware used by HiddenCobra APT group, reference = https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Source: 0000000A.00000003.324847009.0000000006648000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Lazagne_Gen_18 date = 2018-12-11, author = Florian Roth, description = Detects Lazagne password extractor hacktool, reference = https://github.com/AlessandroZ/LaZagne, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 51121dd5fbdfe8db7d3a5311e3e9c904d644ff7221b60284c03347938577eecf
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NoPowerShell date = 2018-12-28, hash1 = 2dad091dd00625762a7590ce16c3492cbaeb756ad0e31352a42751deb7cf9e70, author = Florian Roth, description = Detects NoPowerShell hack tool, reference = https://github.com/bitsadmin/nopowershell
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_LNX_Pnscan date = 2019-05-27, author = Florian Roth, description = Detects Pnscan port scanner, reference = https://github.com/ptrrkssn/pnscan, score =
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Script_Obfuscation_Char_Concat date = 2018-10-04, hash1 = b30cc10e915a23c7273f0838297e0d2c9f4fc0ac1f56100eef6479c9d036c12b, author = Florian Roth, description = Detects strings found in sample from CN group repo leak in October 2018, reference = https://twitter.com/JaromirHorejsi/status/1047084277920411648
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Netsh_PortProxy_Command date = 2019-04-20, author = Florian Roth, description = Detects a suspicious command line with netsh and the portproxy command, reference = https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-interface-portproxy, score = 9b33a03e336d0d02750a75efa1b9b6b2ab78b00174582a9b2cb09cd828baea09
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VUL_JQuery_FileUpload_CVE_2018_9206 date = 2018-10-19, reference3 = https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html, author = Florian Roth, description = Detects JQuery File Upload vulnerability CVE-2018-9206, reference2 = https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f, reference = https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_Strings_Aug18_1 date = 2018-08-01, hash1 = b6354e46af0d69b6998dbed2fceae60a3b207584e08179748e65511d45849b00, author = Florian Roth, description = Detects strings from FIN7 report in August 2018, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_FIN7_MalDoc_Aug18_1 date = 2018-08-01, hash1 = 9c12591c850a2d5355be0ed9b3891ccb3f42e37eaf979ae545f2f008b5d124d6, author = Florian Roth, description = Detects malicious Doc from FIN7 campaign, reference = https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_PowerKatz_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Unknown_Feb19_1 date = 2019-02-18, author = Florian Roth, description = Detetcs a tool used in the Australian Parliament House network compromise, reference = https://twitter.com/cyb3rops/status/1097423665472376832
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_1 date = 2019-04-17, hash1 = b1d621091740e62c84fc8c62bcdad07873c8b61b83faba36097ef150fd6ec768, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_2 date = 2019-04-17, hash1 = 2943e69e6c34232dee3236ced38d41d378784a317eeaf6b90482014210fcd459, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_APT34_PS_Malware_Apr19_3 date = 2019-04-17, hash1 = 27e03b98ae0f6f2650f378e9292384f1350f95ee4f3ac009e0113a8d9e2e14ed, author = Florian Roth, description = Detects APT34 PowerShell malware, reference = https://twitter.com/0xffff0800/status/1118406371165126656
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Dsniff date = 2019-02-19, author = Florian Roth, description = Detects Dsniff hack tool, score = https://goo.gl/eFoP4A
Source: 0000000A.00000003.305047164.0000000003324000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_MAL_HOPLIGHT_NK_HiddenCobra_Apr19_1 date = 2019-04-13, hash1 = d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39, author = Florian Roth, description = Detects HOPLIGHT malware used by HiddenCobra APT group, reference = https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Source: 0000000A.00000003.316213218.0000000006859000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.461202031.0000000006E05000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.461202031.0000000006E05000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.461202031.0000000006E05000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 0000000A.00000003.323605826.0000000006667000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.433232225.00000000052E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.413817784.00000000052A4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit date = 2014/01/28, author = Florian Roth, description = Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, score = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.324801435.0000000006627000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit author = Florian Roth, description = PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, hash = b2b797707e09c12ff5e632af84b394ad41a46fa4
Source: 00000013.00000003.460017323.0000000006DFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.460017323.0000000006DFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.460017323.0000000006DFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 0000000A.00000003.318816470.000000000688B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.308810849.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.481677976.0000000006BA6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.310723677.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.456923467.0000000006DC6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.456923467.0000000006DC6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.456923467.0000000006DC6000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 0000000A.00000003.325411258.0000000006626000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.454771924.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_gzinflated date = 2021/01/12, author = Arnim Rupp, description = PHP webshell which directly eval()s obfuscated string, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 49e5bc75a1ec36beeff4fbaeb16b322b08cf192d
Source: 00000013.00000003.454771924.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_h6ss date = 2014/01/28, author = Florian Roth, description = Web Shell - file h6ss.php, score = 272dde9a4a7265d6c139287560328cd5
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.423368197.00000000051EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf date = 2017-02-09, hash1 = 320a01ec4e023fb5fbbaef963a2b57229e4f918847e5a49c7a3f631cb556e96c, author = Florian Roth, description = Metasploit Payloads - file msf.sh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_2 date = 2017-02-09, hash1 = e52f98466b92ee9629d564453af6f27bd3645e00a9e2da518f5a64a33ccf8eb5, author = Florian Roth, description = Metasploit Payloads - file msf.asp, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_psh date = 2017-02-09, hash1 = 5cc6c7f1aa75df8979be4a16e36cece40340c6e192ce527771bdd6463253e46f, author = Florian Roth, description = Metasploit Payloads - file msf-psh.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe date = 2017-02-09, hash1 = 321537007ea5052a43ffa46a6976075cee6a4902af0c98b9fd711b9f572c20fd, author = Florian Roth, description = Metasploit Payloads - file msf-exe.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_3 date = 2017-02-09, hash1 = 335cfb85e11e7fb20cddc87e743b9e777dc4ab4e18a39c2a2da1aa61efdbd054, author = Florian Roth, description = Metasploit Payloads - file msf.psh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_4 date = 2017-02-09, hash1 = 26b3e572ba1574164b76c6d5213ab02e4170168ae2bcd2f477f246d37dbe84ef, author = Florian Roth, description = Metasploit Payloads - file msf.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe_2 date = 2017-02-09, hash1 = 3a2f7a654c1100e64d8d3b4cd39165fba3b101bbcce6dd0f70dae863da338401, author = Florian Roth, description = Metasploit Payloads - file msf-exe.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_6 date = 2017-02-09, hash1 = 8d6f55c6715c4a2023087c3d0d7abfa21e31a629393e4dc179d31bb25b166b3f, author = Florian Roth, description = Metasploit Payloads - file msf.vbs, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_7 date = 2017-02-09, hash1 = 425beff61a01e2f60773be3fcb74bdfc7c66099fe40b9209745029b3c19b5f2f, author = Florian Roth, description = Metasploit Payloads - file msf.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_8 date = 2017-02-09, hash1 = 519717e01f0cb3f460ef88cd70c3de8c7f00fb7c564260bd2908e97d11fde87f, author = Florian Roth, description = Metasploit Payloads - file msf.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_cmd date = 2017-02-09, hash1 = 9f41932afc9b6b4938ee7a2559067f4df34a5c8eae73558a3959dd677cb5867f, author = Florian Roth, description = Metasploit Payloads - file msf-cmd.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_11 date = 2017-02-09, hash1 = d1daf7bc41580322333a893133d103f7d67f5cd8a3e0f919471061d41cf710b6, author = Florian Roth, description = Metasploit Payloads - file msf.hta, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_ref date = 2017-02-09, hash1 = 4ec95724b4c2b6cb57d2c63332a1dd6d4a0101707f42e3d693c9aab19f6c9f87, author = Florian Roth, description = Metasploit Payloads - file msf-ref.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CVE_2017_8759_SOAP_Excel date = 2017-09-15, author = Florian Roth, description = Detects malicious files related to CVE-2017-8759, reference = https://twitter.com/buffaloverflow/status/908455053345869825, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_ISESteroids_Obfuscation date = 2017-06-23, author = Florian Roth, description = Detects PowerShell ISESteroids obfuscation, reference = https://twitter.com/danielhbohannon/status/877953970437844993, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_1 date = 2017-08-20, hash1 = f2f85855914345eec629e6fc5333cf325a620531d1441313292924a88564e320, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_2 date = 2017-08-20, hash2 = b90831aaf8859e604283e5292158f08f100d4a2d4e1875ea1911750a6cb85fe0, author = Florian Roth, description = Detects Reflective DLL Loader - suspicious - Possible FP could be program crack, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score = c2a7a2d0b05ad42386a2bedb780205b7c0af76fe9ee3d47bbe217562f627fcae
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_3 date = 2017-08-20, hash1 = d10e4b3f1d00f4da391ac03872204dc6551d867684e0af2a4ef52055e771f474, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript_Favicon_File date = 2017-10-18, hash1 = 39c952c7e14b6be5a9cb1be3f05eafa22e1115806e927f4e2dc85d609bc0eb36, author = Florian Roth, description = VBScript cloaked as Favicon file used in Leviathan incident, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Redosdru_Jun17 date = 2017-06-04, hash1 = 4f49e17b457ef202ab0be905691ef2b2d2b0a086a7caddd1e70dd45e5ed3b309, author = Florian Roth, description = Detects malware Redosdru - file systemHome.exe, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Nitol_Jun17 date = 2017-06-04, hash1 = cba19d228abf31ec8afab7330df3c9da60cd4dae376552b503aea6d7feff9946, author = Florian Roth, description = Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WScript_Shell_PowerShell_Combo date = 2018-02-07, author = Florian Roth, description = Detects malware from Middle Eastern campaign reported by Talos, reference = http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 15f5aaa71bfa3d62fd558a3e88dd5ba26f7638bf2ac653b8d6b8d54dc7e5926b
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_with_WScript_Shell date = 2017-06-21, author = Florian Roth, description = Detects WScript Shell in HTA, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_Embedded date = 2017-06-21, author = Florian Roth, description = Detects an embedded HTA file, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill date = 2017-03-07, hash3 = 69530d78c86031ce32583c6800f5ffc629acacb18aac4c8bb5b0e915fc4cc4db, hash2 = 62aabce7a5741a9270cddac49cd1d715305c1d0505e620bbeaec6ff9b6fd0260, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 2bab3716a1f19879ca2e6d98c518debb107e0ed8e1534241f7769193807aac83
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill_VBS_1 date = 2017-03-07, hash1 = 0f4d608a87e36cb0dbf1b2d176ecfcde837070a2b2a049d532d3d4226e0c9587, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ZxShell_Jul17 date = 2017-07-08, hash1 = 5d2a4cde9fa7c2fdbf39b2e2ffd23378d0c50701a3095d1e91e3cf922d7b0b16, author = Florian Roth, description = Detects a ZxShell - CN threat group, reference = https://blogs.rsa.com/cat-phishing/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EternalRocks_taskhost date = 2017-05-18, hash1 = cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30, author = Florian Roth, description = Detects EternalRocks Malware - file taskhost.exe, reference = https://twitter.com/stamparm/status/864865144748298242, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: BeyondExec_RemoteAccess_Tool date = 2017-03-17, hash1 = 3d3e3f0708479d951ab72fa04ac63acc7e5a75a5723eb690b34301580747032c, author = Florian Roth, description = Detects BeyondExec Remote Access Tool - file rexesvr.exe, reference = https://goo.gl/BvYurS, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Disclosed_0day_POCs_injector date = 2017-07-07, hash1 = ba0e2119b2a6bad612e86662b643a404426a07444d476472a71452b7e9f94041, author = Florian Roth, description = Detects POC code from disclosed 0day hacktool set, reference = Disclosed 0day Repos, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_PupyRAT_PY date = 2017-02-17, hash1 = 8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71, author = Florian Roth, description = Detects Pupy RAT, reference = https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OilRig_Strings_Oct17 date = 2017-10-18, author = Florian Roth, description = Detects strings from OilRig malware and malicious scripts, reference = https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_Script_Running_from_HTTP author = Florian Roth, description = Detects a suspicious , reference = https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-20
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_1 date = 2017-06-13, hash2 = 018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81, hash1 = ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Portscan_3_Output date = 2017-06-13, author = Florian Roth, description = Detects Industroyer related custom port scaner output file, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_4 date = 2017-06-13, hash1 = 21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_5 date = 2017-06-13, hash1 = 7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: redSails_PY date = 2017-10-02, hash2 = 5ec20cb99030f48ba512cbc7998b943bebe49396b20cf578c26debbf14176e5e, hash1 = 6ebedff41992b9536fe9b1b704a29c8c1d1550b00e14055e3c6376f75e462661, author = Florian Roth, description = Detects Red Sails Hacktool - Python, reference = https://github.com/BeetleChunks/redsails, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Rehashed_RAT_2 date = 2017-09-08, hash1 = 49efab1dedc6fffe5a8f980688a5ebefce1be3d0d180d5dd035f02ce396c9966, author = Florian Roth, description = Detects malware from Rehashed RAT incident, reference = https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Pupy_Backdoor date = 2017-08-11, hash5 = 06bb41c12644ca1761bcb3c14767180b673cb9d9116b555680073509e7063c3e, hash4 = 20e19817f72e72f87c794843d46c55f2b8fd091582bceca0460c9f0640c7bbd8, hash3 = 90757c1ae9597bea39bb52a38fb3d497358a2499c92c7636d71b95ec973186cc, hash2 = 83380f351214c3bd2c8e62430f70f8f90d11c831695027f329af04806b9f8ea4, hash1 = ae93714203c7ab4ab73f2ad8364819d16644c7649ea04f483b46924bd5bc0153, author = Florian Roth, description = Detects Pupy backdoor, hash7 = 8784c317e6977b4c201393913e76fc11ec34ea657de24e957d130ce9006caa01, hash6 = be83c513b24468558dc7df7f63d979af41287e568808ed8f807706f6992bfab2, reference = https://github.com/n1nj4sec/pupy-binaries, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Microcin_Sample_5 date = 2017-09-26, hash1 = b9c51397e79d5a5fd37647bc4e4ee63018ac3ab9d050b02190403eb717b1366e, author = Florian Roth, description = Malware sample mentioned in Microcin technical report by Kaspersky, reference = https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: clearlog date = 2017-06-02, hash1 = 14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3, author = Florian Roth, description = Detects Fireball malware - file clearlog.dll, reference = https://goo.gl/4pTkGQ, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PS_AMSI_Bypass date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1, license = https://creativecommons.org/licenses/by-nc/4.0/, score = file
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_Obfuscation_Dropbox date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_MSHTA_Bypass date = 2017-07-19, author = Florian Roth, description = Detects MSHTA Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JavaScript_Run_Suspicious author = Florian Roth, description = Detects a suspicious Javascript Run command, reference = https://twitter.com/craiu/status/900314063560998912, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-23
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_Spring1 date = 2017-02-04, hash5 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash2 = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a, hash1 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, author = Florian Roth, description = Ysoserial Payloads - file Spring1.bin, hash7 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, hash6 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload date = 2017-02-04, hash5 = 747ba6c6d88470e4d7c36107dfdff235f0ed492046c7ec8a8720d169f6d271f4, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, hash2 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, author = Florian Roth, description = Ysoserial Payloads, hash10 = 0143fee12fea5118be6dcbb862d8ba639790b7505eac00a9f1028481f874baa8, hash11 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash12 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, hash9 = 1fea8b54bb92249203d68d5564a01599b42b46fc3a828fe0423616ee2a2f2d99, hash8 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash7 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, hash6 = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = f756c88763d48cb8d99e26b4773eb03814d0bd9bd467cc743ebb1479b2c4073e, super_rule = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_3 date = 2017-02-04, hash2 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, author = Florian Roth, description = Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CACTUSTORCH date = 2017-07-31, hash3 = a52d802e34ac9d7d3539019d284b04ded3b8e197d5e3b38ed61f523c3d68baa7, hash2 = 0305aa32d5f8484ca115bb4888880729af7f33ac99594ec1aa3c65644e544aea, hash1 = 314e6d7d863878b6dca46af165e7f08fedd42c054d7dc3828dc80b86a3a9b98c, author = Florian Roth, description = Detects CactusTorch Hacktool, reference = https://github.com/mdsecactivebreach/CACTUSTORCH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_2 date = 2017-04-03, hash1 = c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_3 date = 2017-04-03, hash1 = c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_5 date = 2017-04-03, hash1 = beb1bc03bb0fba7b0624f8b2330226f8a7da6344afd68c5bc526f9d43838ef01, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_WmiDLL_inMemory date = 2017-04-07, author = Florian Roth, description = Malware related to Operation Cloud Hopper - Page 25, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_WMIExec_Tool_Apr17_1 date = 2017-04-07, hash1 = 21bc328ed8ae81151e7537c27c0d6df6d47ba8909aebd61333e32155d01f3b11, author = Florian Roth, description = Tools related to Operation Cloud Hopper, reference = https://github.com/maaaaz/impacket-examples-windows, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, modified = 2020-07-27
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Mimipenguin_SH date = 2017-04-01, author = Florian Roth, description = Detects Mimipenguin Password Extractor - Linux, reference = https://github.com/huntergregal/mimipenguin, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: POSHSPY_Malware date = 2017-07-15, author = Florian Roth, description = Detects, reference = https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FIN7_Backdoor_Aug17 date = 2017-08-04, author = Florian Roth, description = Detects Word Dropper from Proofpoint FIN7 Report, reference = https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec date = 2017-06-14, hash1 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen_1 date = 2017-06-14, hash2 = 7565d376665e3cd07d859a5cf37c2332a14c08eb808cc5d187a7f0533dc69e07, hash1 = 140c23514dbf8043b4f293c501c2f9046efcc1c08630621f651cfedb6eed8b97, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec_Invoke_WMIExec_1 date = 2017-06-14, hash2 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen date = 2017-06-14, hash3 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, hash2 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 56c6012c36aa863663fe5536d8b7fe4c460565d456ce2277a883f10d78893c01
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WMImplant date = 2017-03-24, hash1 = 860d7c237c2395b4f51b8c9bd0ee6cab06af38fff60ce3563d160d50c11d2f78, author = Florian Roth, description = Auto-generated rule - file WMImplant.ps1, reference = https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBrokers_Jan17_Screen_Strings date = 2017-01-08, author = Florian Roth, description = Detects strings derived from the ShadowBroker\'s leak of Windows tools/exploits, reference = https://bit.no.com:43110/theshadowbrokers.bit/post/message7/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_OSiRis date = 2017-03-27, hash1 = 19e4a8b07f85c3d4c396d0c4e839495c9fba9405c06a631d57af588032d2416e, author = Florian Roth, description = Osiris Device Guard Bypass - file Invoke-OSiRis.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_KHRAT_script date = 2017-08-31, hash1 = 8c88b4177b59f4cac820b0019bcc7f6d3d50ce4badb689759ab0966780ae32e3, author = Florian Roth, description = Rule derived from KHRAT script but can match on other malicious scripts as well, reference = https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_powershell date = 2017-07-23, hash1 = e5ee1f45cbfdb54b02180e158c3c1f080d89bce6a7d1fe99dd0ff09d47a36787, author = Florian Roth, description = Detects powershell script used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_Windows_UM_Task date = 2017-07-23, hash1 = 4c2fc21a4aab7686877ddd35d74a917f6156e48117920d45a3d2f21fb74fedd3, author = Florian Roth, description = Detects a Windows scheduled task as used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_WindowsTask date = 2017-07-23, hash5 = 984c7e1f76c21daf214b3f7e131ceb60c14abf1b0f4066eae563e9c184372a34, hash4 = 5046e7c28f5f2781ed7a63b0871f4a2b3065b70d62de7254491339e8fe2fa14a, hash3 = b6f515b3f713b70b808fc6578232901ffdeadeb419c9c4219fbfba417bba9f01, hash2 = 340cbbffbb7685133fc318fa20e4620ddf15e56c0e65d4cf1b2d606790d4425d, hash1 = c3cbe88b82cd0ea46868fb4f2e8ed226f3419fc6d4d6b5f7561e70f4cd33822c, author = Florian Roth, description = Detects hack tool used in Operation Wilted Tulip - Windows Tasks, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Impacket_Tools_Generic_1 date = 2017-04-07, hash5 = e2205539f29972d4e2a83eabf92af18dd406c9be97f70661c336ddf5eb496742, hash4 = ab909f8082c2d04f73d8be8f4c2640a5582294306dffdcc85e83a39d20c49ed6, hash3 = 2d8d500bcb3ffd22ddd8bd68b5b2ce935c958304f03729442a20a28b2c0328c1, hash2 = d256d1e05695d62a86d9e76830fcbb856ba7bd578165a561edd43b9f7fdb18a3, hash20 = 202a1d149be35d96e491b0b65516f631f3486215f78526160cf262d8ae179094, description = Compiled Impacket Tools, hash9 = 21d85b36197db47b94b0f4995d07b040a0455ebbe6d413bc33d926ee4e0315d9, hash8 = 0f7f0d8afb230c31fe6cf349c4012b430fc3d6722289938f7e33ea15b2996e1b, hash7 = dc85a3944fcb8cc0991be100859c4e1bf84062f7428c4dc27c71e08d88383c98, hash6 = 27bb10569a872367ba1cfca3cf1c9b428422c82af7ab4c2728f501406461c364, reference = https://github.com/maaaaz/impacket-examples-windows, super_rule = 4f7fad0676d3c3d2d89e8d4e74b6ec40af731b1ddf5499a0b81fc3b1cd797ee3, author = Florian Roth, hash10 = 4c2921702d18e0874b57638433474e54719ee6dfa39d323839d216952c5c834a, hash11 = 47afa5fd954190df825924c55112e65fd8ed0f7e1d6fd403ede5209623534d7d, hash12 = 7d715217e23a471d42d95c624179fe7de085af5670171d212b7b798ed9bf07c2, hash17 = e300339058a885475f5952fb4e9faaa09bb6eac26757443017b281c46b03108b, hash18 = 19544863758341fe7276c59d85f4aa17094045621ca9c98f8a9e7307c290bad4, license = https://creativecommons.org/licenses/by-nc/4.0/, hash19 = 2527fff1a3c780f6a757f13a8912278a417aea84295af1abfa4666572bbbf086, hash13 = 9706eb99e48e445ac4240b5acb2efd49468a800913e70e40b25c2bf80d6be35f, hash14 = d2856e98011541883e5b335cb46b713b1a6b2c414966a9de122ee7fb226aa7f7, hash15 = 8ab2b60aadf97e921e3a9df5cf1c135fbc851cb66d09b1043eaaa1dc01b9a699, hash16 = efff15e1815fb3c156678417d6037ddf4b711a3122c9b5bc2ca8dc97165d3769
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Auditcleaner date = 2017-04-08, hash1 = 8c172a60fa9e50f0df493bf5baeb7cc311baef327431526c47114335e0097626, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elgingamble date = 2017-04-08, hash1 = 0573e12632e6c1925358f4bfecf8c263dd13edf52c633c9109fe3aae059b49dd, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elgingamble, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsd date = 2017-04-08, hash1 = 634c50614e1f5f132f49ae204c4a28f62a32a39a3446084db5b0b49b564034b8, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsd, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_ebbshave date = 2017-04-08, hash1 = eb5e0053299e087c87c2d5c6f90531cc1946019c85a43a2998c7b66a6f19ca4b, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_eggbasket date = 2017-04-08, hash1 = b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file eggbasket, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_sambal date = 2017-04-08, hash1 = 2abf4bbe4debd619b99cb944298f43312db0947217437e6b71b9ea6e9a1a4fec, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file sambal, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_envisioncollision date = 2017-04-08, hash1 = 75d5ec573afaf8064f5d516ae61fd105012cbeaaaa09c8c193c7b4f9c0646ea1, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file envisioncollision, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsex date = 2017-04-08, hash1 = 2d8ae842e7b16172599f061b5b1f223386684a7482e87feeb47a38a3f011b810, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsex, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_DUL date = 2017-04-08, hash1 = 24d1d50960d4ebf348b48b4db4a15e50f328ab2c0e24db805b106d527fc5fe8e, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file DUL, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_slugger2 date = 2017-04-08, hash1 = a6a9ab66d73e4b443a80a69ef55a64da7f0af08dfaa7e17eb19c327301a70bdf, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file slugger2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_jackpop date = 2017-04-08, hash1 = 0b208af860bb2c7ef6b1ae1fcef604c2c3d15fc558ad8ea241160bf4cbac1519, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file jackpop, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_epoxyresin_v1_0_0 date = 2017-04-08, hash1 = eea8a6a674d5063d7d6fc9fe07060f35b16172de6d273748d70576b01bf01c73, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_estesfox date = 2017-04-08, hash1 = 33530cae130ee9d9deeee60df9292c00242c0fe6f7b8eedef8ed09881b7e1d5a, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file estesfox, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elatedmonkey_1_0_1_1 date = 2017-04-08, hash1 = bf7a9dce326604f0681ca9f7f1c24524543b5be8b6fcc1ba427b18e2a4ff9090, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell_ftshell_v3_10_3_0 date = 2017-04-08, hash2 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__scanner_scanner_v2_1_2 date = 2017-04-08, hash2 = 9807aaa7208ed6c5da91c7c30ca13d58d16336ebf9753a5cea513bcb59de2cff, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = dcbcd8a98ec93a4e877507058aa26f0c865b35b46b8e6de809ed2c4b3db7e222
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ghost_sparc_ghost_x86_3 date = 2017-04-08, hash2 = 82c899d1f05b50a85646a782cddb774d194ef85b74e1be642a8be2c7119f4e33, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = d5ff0208d9532fc0c6716bd57297397c8151a01bf4f21311f24e7a72551f9bf1
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__jparsescan_parsescan_5 date = 2017-04-08, hash2 = 942c12067b0afe9ebce50aa9dfdbf64e6ed0702d9a3a00d25b4fca62a38369ef, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 8c248eec0af04300f3ba0188fe757850d283de84cf42109638c1c1280c822984
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__funnelout_v4_1_0_1 date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 457ed14e806fdbda91c4237c8dc058c55e5678f1eecdd78572eff6ca0ed86d33
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__magicjack_v1_1_0_0_client date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 63292a2353275a3bae012717bb500d5169cd024064a1ce8355ecb4e9bfcdfdd1
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell date = 2017-04-08, hash4 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_noclient_3_3_2 date = 2017-04-09, hash1 = 3cf0eb010c431372af5f32e2ee8c757831215f8836cabc7d805572bb5574fc72, author = Florian Roth, description = Equation Group hack tool set, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Eternalromance date = 2017-04-15, hash2 = b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f1ae9fdbb660aae3421fd3e5b626c1e537d8e9ee2f9cd6d56cb70b6878eaca5d
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Gen2 date = 2017-04-15, hash4 = 8f7e10a8eedea37ee3222c447410fd5b949bd352d72ef22ef0b2821d9df2f5ba, hash3 = f2e90e04ddd05fa5f9b2fec024cd07365aebc098593d636038ebc2720700662b, hash2 = 561c0d4fc6e0ff0a78613d238c96aed4226fbb7bb9ceea1d19bc770207a6be1e, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 7fe425cd040608132d4f4ab2671e04b340a102a20c97ffdcf1b75be43a9369b5
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_ntevt date = 2017-04-15, hash1 = 4254ee5e688fc09bdc72bcc9c51b1524a2bb25a9fb841feaf03bc7ec1a9975bf, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld date = 2017-04-15, hash5 = 8419866c9058d738ebc1a18567fef52a3f12c47270f2e003b3e1242d86d62a46, hash4 = 551174b9791fc5c1c6e379dac6110d0aba7277b450c2563e34581565609bc88e, hash3 = c10f4b9abee0fde50fe7c21b9948a2532744a53bb4c578630a81d2911f6105a3, hash2 = 320144a7842500a5b69ec16f81a9d1d4c8172bb92301afd07fb79bc0eca81557, hash1 = 9ab667b7b5b9adf4ff1d6db6f804824a22c7cc003eb4208d5b2f12809f5e69d0, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0 date = 2017-04-15, hash2 = 5db457e7c7dba80383b1df0c86e94dc6859d45e1d188c576f2ba5edee139d9ae, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 052e778c26120c683ee2d9f93677d9217e9d6c61ffc0ab19202314ab865e3927
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4 date = 2017-04-15, hash5 = 5c0896dbafc5d8cc19b1bc7924420b20ed5999ac5bee2cb5a91aada0ea01e337, hash4 = c5e119ff7b47333f415aea1d2a43cb6cb322f8518562cfb9b90399cac95ac674, hash3 = 9d16d97a6c964e0658b6cd494b0bbf70674bf37578e2ff32c4779a7936e40556, hash2 = c4152f65e45ff327dade50f1ac3d3b876572a66c1ce03014f2877cea715d9afd, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 3e181ca31f1f75a6244b8e72afaa630171f182fbe907df4f8b656cc4a31602f6
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_scanner_output date = 2017-04-17, author = Florian Roth, description = Detects output generated by EQGRP scanner.exe, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: dragos_crashoverride_moduleStrings author = Dragos Inc, description = IEC-104 Interaction Module Program Strings, reference = https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_VBS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in VBS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_JS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in JS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.324570617.0000000006668000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.323986177.0000000002E7D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_PHP1 date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file PHP1.php, score = 14c7281fdaf2ae004ca5fec8753ce3cb
Source: 0000000A.00000003.323415245.0000000006628000.00000004.00000001.sdmp, type: MEMORY	Matched rule: h4ntu_shell__powered_by_tsoi_ description = Semi-Auto-generated - file h4ntu shell [powered by tsoi
Source: 0000000A.00000003.313108656.0000000006641000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.458084749.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.438854953.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.443343261.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000002.524614024.000000000242B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000002.524614024.000000000242B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.470647242.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.428675269.0000000006B79000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000002.552309239.00000000036C7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.310922017.00000000050BA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.325437911.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_jsp_cmdjsp date = 2014/01/28, author = Florian Roth, description = Web Shell - file cmdjsp.jsp, score = b815611cc39f17f05a73444d699341d4
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_sig_404super date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file 404super.php, score = 7ed63176226f83d36dce47ce82507b28
Source: 0000000A.00000003.322843197.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_Asp date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file Asp.asp, score = 32c87744ea404d0ea0debd55915010b7
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.485624536.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.458213135.0000000006DE1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.458213135.0000000006DE1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.458213135.0000000006DE1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.422640827.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_OSX date = 2017-12-24, hash2 = b7b506f38d0553cd2beb4111c7ef383c821f04cee5169fed2ef5d869c9fbfab3, hash1 = 2680d9900a057d553fcb28d84cdc41c3fc18fd224a88a32ee14c9c1b501a86af, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Silence_malware_2 date = 2017-11-01, hash1 = 75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27, author = Florian Roth, description = Detects malware sample mentioned in the Silence report on Securelist, reference = https://securelist.com/the-silence/83009/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://minergate.com/faq/what-pool-address
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_unspecified_Jan18_1 date = 2018-01-19, hash1 = f87879b29ff83616e9c9044bd5fb847cf5d2efdd2f01fc284d1a6ce7d464a417, author = Florian Roth, description = Detects unspecified malware sample, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_PSImage date = 2017-12-16, author = Florian Roth, description = Detects a command to execute PowerShell from String, reference = https://github.com/peewpw/Invoke-PSImage, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: malware_apt15_royaldll sha256 = bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d, author = David Cannings, description = DLL implant, originally rights.dll and runs as a service
Source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY	Matched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000003.312268650.0000000006667000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.324870228.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: multiple_webshells_0015 hash3 = 38fd7e45f9c11a37463c3ded1c76af4c, hash2 = 09609851caa129e40b0d56e90dfc476c, hash1 = 44542e5c3e9790815c49d5f9beffbbf2, hash0 = 9c5bb5e3a46ec28039e8986324e42792, author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt, super_rule = _wacking_php_php_1_SpecialShell_99_php_php_c100_php
Source: 00000013.00000003.441709320.0000000006BFE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Webshell_27_9_acid_c99_locus7s date = 2016-01-11, hash5 = bbe0f7278041cb3a6338844aa12c3df6b700a12a78b0a58bce3dce14f1c37b96, hash4 = 07f9ec716fb199e00a90091ffba4c2ee1a328a093a64e610e51ab9dd6d33357a, hash3 = 960feb502f913adff6b322bc9815543e5888bbf9058ba0eb46ceb1773ea67668, hash2 = 7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549, author = Florian Roth, description = Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt, hash8 = ba87d26340f799e65c771ccb940081838afe318ecb20ee543f32d32db8533e7f, hash7 = ef3a7cd233a880fc61efc3884f127dd8944808babd1203be2400144119b6057f, hash6 = 5ae121f868555fba112ca2b1a9729d4414e795c39d14af9e599ce1f0e4e445d3, reference = https://github.com/nikicat/web-malware-collection, score = 2b8aed49f50acd0c1b89a399647e1218f2a8545da96631ac0882da28810eecc4
Source: 00000013.00000003.481501193.0000000006DCE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.324781029.00000000068E9000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.473662008.0000000006B9B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.481442342.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.325135478.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 00000013.00000003.463235186.0000000006E38000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.470663077.0000000006BA5000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hacktool_Strings_p0wnedShell date = 2017-01-14, hash1 = e1f35310192416cd79e60dba0521fc6eb107f3e65741c344832c46e9b4085e60, author = Florian Roth, description = p0wnedShell Runspace Post Exploitation Toolkit - file p0wnedShell.cs, reference = https://github.com/Cn33liz/p0wnedShell, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.324504797.0000000006892000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.325168966.0000000006892000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.477379778.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.312103557.0000000006629000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000002.541755283.0000000002FA0000.00000004.00000040.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.455300807.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_gzinflated date = 2021/01/12, author = Arnim Rupp, description = PHP webshell which directly eval()s obfuscated string, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 49e5bc75a1ec36beeff4fbaeb16b322b08cf192d
Source: 00000013.00000003.455300807.0000000006D6F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_php_h6ss date = 2014/01/28, author = Florian Roth, description = Web Shell - file h6ss.php, score = 272dde9a4a7265d6c139287560328cd5
Source: 00000013.00000003.477128932.00000000052EB000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_OSX date = 2017-12-24, hash2 = b7b506f38d0553cd2beb4111c7ef383c821f04cee5169fed2ef5d869c9fbfab3, hash1 = 2680d9900a057d553fcb28d84cdc41c3fc18fd224a88a32ee14c9c1b501a86af, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Silence_malware_2 date = 2017-11-01, hash1 = 75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27, author = Florian Roth, description = Detects malware sample mentioned in the Silence report on Securelist, reference = https://securelist.com/the-silence/83009/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://minergate.com/faq/what-pool-address
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_unspecified_Jan18_1 date = 2018-01-19, hash1 = f87879b29ff83616e9c9044bd5fb847cf5d2efdd2f01fc284d1a6ce7d464a417, author = Florian Roth, description = Detects unspecified malware sample, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_PSImage date = 2017-12-16, author = Florian Roth, description = Detects a command to execute PowerShell from String, reference = https://github.com/peewpw/Invoke-PSImage, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: malware_apt15_royaldll sha256 = bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d, author = David Cannings, description = DLL implant, originally rights.dll and runs as a service
Source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY	Matched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000002.536292107.0000000002E75000.00000004.00000040.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.312201086.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_jsp_cmdjsp date = 2014/01/28, author = Florian Roth, description = Web Shell - file cmdjsp.jsp, score = b815611cc39f17f05a73444d699341d4
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_sig_404super date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file 404super.php, score = 7ed63176226f83d36dce47ce82507b28
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_Asp date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file Asp.asp, score = 32c87744ea404d0ea0debd55915010b7
Source: 0000000A.00000003.315807326.000000000684B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 00000013.00000003.470556930.0000000006B92000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.308279629.00000000050AA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit date = 2014/01/28, author = Florian Roth, description = Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, score = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_webshells_new_PHP1 date = 2014/03/28, author = Florian Roth, description = Web shells - generated from file PHP1.php, score = 14c7281fdaf2ae004ca5fec8753ce3cb
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: h4ntu_shell__powered_by_tsoi_ description = Semi-Auto-generated - file h4ntu shell [powered by tsoi
Source: 0000000A.00000003.304349540.00000000065DE000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit author = Florian Roth, description = PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php, hash = b2b797707e09c12ff5e632af84b394ad41a46fa4
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf date = 2017-02-09, hash1 = 320a01ec4e023fb5fbbaef963a2b57229e4f918847e5a49c7a3f631cb556e96c, author = Florian Roth, description = Metasploit Payloads - file msf.sh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_2 date = 2017-02-09, hash1 = e52f98466b92ee9629d564453af6f27bd3645e00a9e2da518f5a64a33ccf8eb5, author = Florian Roth, description = Metasploit Payloads - file msf.asp, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_psh date = 2017-02-09, hash1 = 5cc6c7f1aa75df8979be4a16e36cece40340c6e192ce527771bdd6463253e46f, author = Florian Roth, description = Metasploit Payloads - file msf-psh.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe date = 2017-02-09, hash1 = 321537007ea5052a43ffa46a6976075cee6a4902af0c98b9fd711b9f572c20fd, author = Florian Roth, description = Metasploit Payloads - file msf-exe.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_3 date = 2017-02-09, hash1 = 335cfb85e11e7fb20cddc87e743b9e777dc4ab4e18a39c2a2da1aa61efdbd054, author = Florian Roth, description = Metasploit Payloads - file msf.psh, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_4 date = 2017-02-09, hash1 = 26b3e572ba1574164b76c6d5213ab02e4170168ae2bcd2f477f246d37dbe84ef, author = Florian Roth, description = Metasploit Payloads - file msf.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_exe_2 date = 2017-02-09, hash1 = 3a2f7a654c1100e64d8d3b4cd39165fba3b101bbcce6dd0f70dae863da338401, author = Florian Roth, description = Metasploit Payloads - file msf-exe.aspx, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_6 date = 2017-02-09, hash1 = 8d6f55c6715c4a2023087c3d0d7abfa21e31a629393e4dc179d31bb25b166b3f, author = Florian Roth, description = Metasploit Payloads - file msf.vbs, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_7 date = 2017-02-09, hash1 = 425beff61a01e2f60773be3fcb74bdfc7c66099fe40b9209745029b3c19b5f2f, author = Florian Roth, description = Metasploit Payloads - file msf.vba, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_8 date = 2017-02-09, hash1 = 519717e01f0cb3f460ef88cd70c3de8c7f00fb7c564260bd2908e97d11fde87f, author = Florian Roth, description = Metasploit Payloads - file msf.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_cmd date = 2017-02-09, hash1 = 9f41932afc9b6b4938ee7a2559067f4df34a5c8eae73558a3959dd677cb5867f, author = Florian Roth, description = Metasploit Payloads - file msf-cmd.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_11 date = 2017-02-09, hash1 = d1daf7bc41580322333a893133d103f7d67f5cd8a3e0f919471061d41cf710b6, author = Florian Roth, description = Metasploit Payloads - file msf.hta, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_ref date = 2017-02-09, hash1 = 4ec95724b4c2b6cb57d2c63332a1dd6d4a0101707f42e3d693c9aab19f6c9f87, author = Florian Roth, description = Metasploit Payloads - file msf-ref.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CVE_2017_8759_SOAP_Excel date = 2017-09-15, author = Florian Roth, description = Detects malicious files related to CVE-2017-8759, reference = https://twitter.com/buffaloverflow/status/908455053345869825, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_ISESteroids_Obfuscation date = 2017-06-23, author = Florian Roth, description = Detects PowerShell ISESteroids obfuscation, reference = https://twitter.com/danielhbohannon/status/877953970437844993, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_1 date = 2017-08-20, hash1 = f2f85855914345eec629e6fc5333cf325a620531d1441313292924a88564e320, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_2 date = 2017-08-20, hash2 = b90831aaf8859e604283e5292158f08f100d4a2d4e1875ea1911750a6cb85fe0, author = Florian Roth, description = Detects Reflective DLL Loader - suspicious - Possible FP could be program crack, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score = c2a7a2d0b05ad42386a2bedb780205b7c0af76fe9ee3d47bbe217562f627fcae
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Reflective_DLL_Loader_Aug17_3 date = 2017-08-20, hash1 = d10e4b3f1d00f4da391ac03872204dc6551d867684e0af2a4ef52055e771f474, author = Florian Roth, description = Detects Reflective DLL Loader, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBScript_Favicon_File date = 2017-10-18, hash1 = 39c952c7e14b6be5a9cb1be3f05eafa22e1115806e927f4e2dc85d609bc0eb36, author = Florian Roth, description = VBScript cloaked as Favicon file used in Leviathan incident, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Redosdru_Jun17 date = 2017-06-04, hash1 = 4f49e17b457ef202ab0be905691ef2b2d2b0a086a7caddd1e70dd45e5ed3b309, author = Florian Roth, description = Detects malware Redosdru - file systemHome.exe, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Backdoor_Nitol_Jun17 date = 2017-06-04, hash1 = cba19d228abf31ec8afab7330df3c9da60cd4dae376552b503aea6d7feff9946, author = Florian Roth, description = Detects malware backdoor Nitol - file wyawou.exe - Attention: this rule also matches on Upatre Downloader, reference = https://goo.gl/OOB3mH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WScript_Shell_PowerShell_Combo date = 2018-02-07, author = Florian Roth, description = Detects malware from Middle Eastern campaign reported by Talos, reference = http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 15f5aaa71bfa3d62fd558a3e88dd5ba26f7638bf2ac653b8d6b8d54dc7e5926b
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_with_WScript_Shell date = 2017-06-21, author = Florian Roth, description = Detects WScript Shell in HTA, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HTA_Embedded date = 2017-06-21, author = Florian Roth, description = Detects an embedded HTA file, reference = https://twitter.com/msftmmpc/status/877396932758560768, license = https://creativecommons.org/licenses/by-nc/4.0/, score = ca7b653cf41e980c44311b2cd701ed666f8c1dbc
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill date = 2017-03-07, hash3 = 69530d78c86031ce32583c6800f5ffc629acacb18aac4c8bb5b0e915fc4cc4db, hash2 = 62aabce7a5741a9270cddac49cd1d715305c1d0505e620bbeaec6ff9b6fd0260, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 2bab3716a1f19879ca2e6d98c518debb107e0ed8e1534241f7769193807aac83
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: StoneDrill_VBS_1 date = 2017-03-07, hash1 = 0f4d608a87e36cb0dbf1b2d176ecfcde837070a2b2a049d532d3d4226e0c9587, author = Florian Roth, description = Detects malware from StoneDrill threat report, reference = https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ZxShell_Jul17 date = 2017-07-08, hash1 = 5d2a4cde9fa7c2fdbf39b2e2ffd23378d0c50701a3095d1e91e3cf922d7b0b16, author = Florian Roth, description = Detects a ZxShell - CN threat group, reference = https://blogs.rsa.com/cat-phishing/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EternalRocks_taskhost date = 2017-05-18, hash1 = cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30, author = Florian Roth, description = Detects EternalRocks Malware - file taskhost.exe, reference = https://twitter.com/stamparm/status/864865144748298242, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: BeyondExec_RemoteAccess_Tool date = 2017-03-17, hash1 = 3d3e3f0708479d951ab72fa04ac63acc7e5a75a5723eb690b34301580747032c, author = Florian Roth, description = Detects BeyondExec Remote Access Tool - file rexesvr.exe, reference = https://goo.gl/BvYurS, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Disclosed_0day_POCs_injector date = 2017-07-07, hash1 = ba0e2119b2a6bad612e86662b643a404426a07444d476472a71452b7e9f94041, author = Florian Roth, description = Detects POC code from disclosed 0day hacktool set, reference = Disclosed 0day Repos, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_PupyRAT_PY date = 2017-02-17, hash1 = 8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71, author = Florian Roth, description = Detects Pupy RAT, reference = https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OilRig_Strings_Oct17 date = 2017-10-18, author = Florian Roth, description = Detects strings from OilRig malware and malicious scripts, reference = https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_Script_Running_from_HTTP author = Florian Roth, description = Detects a suspicious , reference = https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-20
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_1 date = 2017-06-13, hash2 = 018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81, hash1 = ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Portscan_3_Output date = 2017-06-13, author = Florian Roth, description = Detects Industroyer related custom port scaner output file, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_4 date = 2017-06-13, hash1 = 21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Industroyer_Malware_5 date = 2017-06-13, hash1 = 7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad, author = Florian Roth, description = Detects Industroyer related malware, reference = https://goo.gl/x81cSy, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: redSails_PY date = 2017-10-02, hash2 = 5ec20cb99030f48ba512cbc7998b943bebe49396b20cf578c26debbf14176e5e, hash1 = 6ebedff41992b9536fe9b1b704a29c8c1d1550b00e14055e3c6376f75e462661, author = Florian Roth, description = Detects Red Sails Hacktool - Python, reference = https://github.com/BeetleChunks/redsails, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Rehashed_RAT_2 date = 2017-09-08, hash1 = 49efab1dedc6fffe5a8f980688a5ebefce1be3d0d180d5dd035f02ce396c9966, author = Florian Roth, description = Detects malware from Rehashed RAT incident, reference = https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Malware_QA_vqgk date = 2016-08-29, author = Florian Roth, description = VT Research QA uploaded malware - file vqgk.dll, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 99541ab28fc3328e25723607df4b0d9ea0a1af31b58e2da07eff9f15c4e6565c
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Pupy_Backdoor date = 2017-08-11, hash5 = 06bb41c12644ca1761bcb3c14767180b673cb9d9116b555680073509e7063c3e, hash4 = 20e19817f72e72f87c794843d46c55f2b8fd091582bceca0460c9f0640c7bbd8, hash3 = 90757c1ae9597bea39bb52a38fb3d497358a2499c92c7636d71b95ec973186cc, hash2 = 83380f351214c3bd2c8e62430f70f8f90d11c831695027f329af04806b9f8ea4, hash1 = ae93714203c7ab4ab73f2ad8364819d16644c7649ea04f483b46924bd5bc0153, author = Florian Roth, description = Detects Pupy backdoor, hash7 = 8784c317e6977b4c201393913e76fc11ec34ea657de24e957d130ce9006caa01, hash6 = be83c513b24468558dc7df7f63d979af41287e568808ed8f807706f6992bfab2, reference = https://github.com/n1nj4sec/pupy-binaries, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Microcin_Sample_5 date = 2017-09-26, hash1 = b9c51397e79d5a5fd37647bc4e4ee63018ac3ab9d050b02190403eb717b1366e, author = Florian Roth, description = Malware sample mentioned in Microcin technical report by Kaspersky, reference = https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: clearlog date = 2017-06-02, hash1 = 14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3, author = Florian Roth, description = Detects Fireball malware - file clearlog.dll, reference = https://goo.gl/4pTkGQ, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PS_AMSI_Bypass date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1, license = https://creativecommons.org/licenses/by-nc/4.0/, score = file
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_Obfuscation_Dropbox date = 2017-07-19, author = Florian Roth, description = Detects PowerShell AMSI Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JS_Suspicious_MSHTA_Bypass date = 2017-07-19, author = Florian Roth, description = Detects MSHTA Bypass, reference = https://twitter.com/ItsReallyNick/status/887705105239343104, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: JavaScript_Run_Suspicious author = Florian Roth, description = Detects a suspicious Javascript Run command, reference = https://twitter.com/craiu/status/900314063560998912, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 2017-08-23
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBroker_Auct_Dez16_Strings date = 2016-12-17, author = Florian Roth, description = String from the ShodowBroker Files Screenshots - Dec 2016, score = https://bit.no.com:43110/theshadowbrokers.bit/post/message6/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_Spring1 date = 2017-02-04, hash5 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash2 = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a, hash1 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, author = Florian Roth, description = Ysoserial Payloads - file Spring1.bin, hash7 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, hash6 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload date = 2017-02-04, hash5 = 747ba6c6d88470e4d7c36107dfdff235f0ed492046c7ec8a8720d169f6d271f4, hash4 = 5c44482350f1c6d68749c8dec167660ca6427999c37bfebaa54f677345cdf63c, hash3 = 1da04d838141c64711d87695a4cdb4eedfd4a206cc80922a41cfc82df8e24187, hash2 = adf895fa95526c9ce48ec33297156dd69c3dbcdd2432000e61b2dd34ffc167c7, author = Florian Roth, description = Ysoserial Payloads, hash10 = 0143fee12fea5118be6dcbb862d8ba639790b7505eac00a9f1028481f874baa8, hash11 = 8cfa85c16d37fb2c38f277f39cafb6f0c0bd7ee62b14d53ad1dd9cb3f4b25dd8, hash12 = bf9b5f35bc1556d277853b71da24faf23cf9964d77245018a0fdf3359f3b1703, hash9 = 1fea8b54bb92249203d68d5564a01599b42b46fc3a828fe0423616ee2a2f2d99, hash8 = 95f966f2e8c5d0bcdfb34e603e3c0b911fa31fc960308e41fcd4459e4e07b4d1, hash7 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, hash6 = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = f756c88763d48cb8d99e26b4773eb03814d0bd9bd467cc743ebb1479b2c4073e, super_rule = 9c0be107d93096066e82a5404eb6829b1daa6aaa1a7b43bcda3ddac567ce715a
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Ysoserial_Payload_3 date = 2017-02-04, hash2 = 5466d47363e11cd1852807b57d26a828728b9d5a0389214181b966bd0d8d7e56, author = Florian Roth, description = Ysoserial Payloads - from files JavassistWeld1.bin, JBossInterceptors.bin, reference = https://github.com/frohoff/ysoserial, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f0d2f1095da0164c03a0e801bd50f2f06793fb77938e53b14b57fd690d036929
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CACTUSTORCH date = 2017-07-31, hash3 = a52d802e34ac9d7d3539019d284b04ded3b8e197d5e3b38ed61f523c3d68baa7, hash2 = 0305aa32d5f8484ca115bb4888880729af7f33ac99594ec1aa3c65644e544aea, hash1 = 314e6d7d863878b6dca46af165e7f08fedd42c054d7dc3828dc80b86a3a9b98c, author = Florian Roth, description = Detects CactusTorch Hacktool, reference = https://github.com/mdsecactivebreach/CACTUSTORCH, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_2 date = 2017-04-03, hash1 = c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_3 date = 2017-04-03, hash1 = c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_Malware_5 date = 2017-04-03, hash1 = beb1bc03bb0fba7b0624f8b2330226f8a7da6344afd68c5bc526f9d43838ef01, author = Florian Roth, description = Detects malware from Operation Cloud Hopper, reference = https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: OpCloudHopper_WmiDLL_inMemory date = 2017-04-07, author = Florian Roth, description = Malware related to Operation Cloud Hopper - Page 25, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_WMIExec_Tool_Apr17_1 date = 2017-04-07, hash1 = 21bc328ed8ae81151e7537c27c0d6df6d47ba8909aebd61333e32155d01f3b11, author = Florian Roth, description = Tools related to Operation Cloud Hopper, reference = https://github.com/maaaaz/impacket-examples-windows, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, modified = 2020-07-27
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Mimipenguin_SH date = 2017-04-01, author = Florian Roth, description = Detects Mimipenguin Password Extractor - Linux, reference = https://github.com/huntergregal/mimipenguin, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: POSHSPY_Malware date = 2017-07-15, author = Florian Roth, description = Detects, reference = https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FIN7_Backdoor_Aug17 date = 2017-08-04, author = Florian Roth, description = Detects Word Dropper from Proofpoint FIN7 Report, reference = https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PUA_CryptoMiner_Jan19_1 date = 2019-01-31, hash1 = ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05, author = Florian Roth, description = Detects Crypto Miner strings, reference = Internal Research
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec date = 2017-06-14, hash1 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen_1 date = 2017-06-14, hash2 = 7565d376665e3cd07d859a5cf37c2332a14c08eb808cc5d187a7f0533dc69e07, hash1 = 140c23514dbf8043b4f293c501c2f9046efcc1c08630621f651cfedb6eed8b97, author = Florian Roth, description = Detects Invoke-WmiExec or Invoke-SmbExec, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_SMBExec_Invoke_WMIExec_1 date = 2017-06-14, hash2 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_WMIExec_Gen date = 2017-06-14, hash3 = b41bd54bbf119d153e0878696cd5a944cbd4316c781dd8e390507b2ec2d949e7, hash2 = 674fc045dc198874f323ebdfb9e9ff2f591076fa6fac8d1048b5b8d9527c64cd, author = Florian Roth, description = Auto-generated rule - from files Invoke-SMBClient.ps1, Invoke-SMBExec.ps1, Invoke-WMIExec.ps1, Invoke-WMIExec.ps1, reference = https://github.com/Kevin-Robertson/Invoke-TheHash, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 56c6012c36aa863663fe5536d8b7fe4c460565d456ce2277a883f10d78893c01
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WMImplant date = 2017-03-24, hash1 = 860d7c237c2395b4f51b8c9bd0ee6cab06af38fff60ce3563d160d50c11d2f78, author = Florian Roth, description = Auto-generated rule - file WMImplant.ps1, reference = https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: FVEY_ShadowBrokers_Jan17_Screen_Strings date = 2017-01-08, author = Florian Roth, description = Detects strings derived from the ShadowBroker\'s leak of Windows tools/exploits, reference = https://bit.no.com:43110/theshadowbrokers.bit/post/message7/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_OSiRis date = 2017-03-27, hash1 = 19e4a8b07f85c3d4c396d0c4e839495c9fba9405c06a631d57af588032d2416e, author = Florian Roth, description = Osiris Device Guard Bypass - file Invoke-OSiRis.ps1, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_KHRAT_script date = 2017-08-31, hash1 = 8c88b4177b59f4cac820b0019bcc7f6d3d50ce4badb689759ab0966780ae32e3, author = Florian Roth, description = Rule derived from KHRAT script but can match on other malicious scripts as well, reference = https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_powershell date = 2017-07-23, hash1 = e5ee1f45cbfdb54b02180e158c3c1f080d89bce6a7d1fe99dd0ff09d47a36787, author = Florian Roth, description = Detects powershell script used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_Windows_UM_Task date = 2017-07-23, hash1 = 4c2fc21a4aab7686877ddd35d74a917f6156e48117920d45a3d2f21fb74fedd3, author = Florian Roth, description = Detects a Windows scheduled task as used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_WindowsTask date = 2017-07-23, hash5 = 984c7e1f76c21daf214b3f7e131ceb60c14abf1b0f4066eae563e9c184372a34, hash4 = 5046e7c28f5f2781ed7a63b0871f4a2b3065b70d62de7254491339e8fe2fa14a, hash3 = b6f515b3f713b70b808fc6578232901ffdeadeb419c9c4219fbfba417bba9f01, hash2 = 340cbbffbb7685133fc318fa20e4620ddf15e56c0e65d4cf1b2d606790d4425d, hash1 = c3cbe88b82cd0ea46868fb4f2e8ed226f3419fc6d4d6b5f7561e70f4cd33822c, author = Florian Roth, description = Detects hack tool used in Operation Wilted Tulip - Windows Tasks, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Impacket_Tools_Generic_1 date = 2017-04-07, hash5 = e2205539f29972d4e2a83eabf92af18dd406c9be97f70661c336ddf5eb496742, hash4 = ab909f8082c2d04f73d8be8f4c2640a5582294306dffdcc85e83a39d20c49ed6, hash3 = 2d8d500bcb3ffd22ddd8bd68b5b2ce935c958304f03729442a20a28b2c0328c1, hash2 = d256d1e05695d62a86d9e76830fcbb856ba7bd578165a561edd43b9f7fdb18a3, hash20 = 202a1d149be35d96e491b0b65516f631f3486215f78526160cf262d8ae179094, description = Compiled Impacket Tools, hash9 = 21d85b36197db47b94b0f4995d07b040a0455ebbe6d413bc33d926ee4e0315d9, hash8 = 0f7f0d8afb230c31fe6cf349c4012b430fc3d6722289938f7e33ea15b2996e1b, hash7 = dc85a3944fcb8cc0991be100859c4e1bf84062f7428c4dc27c71e08d88383c98, hash6 = 27bb10569a872367ba1cfca3cf1c9b428422c82af7ab4c2728f501406461c364, reference = https://github.com/maaaaz/impacket-examples-windows, super_rule = 4f7fad0676d3c3d2d89e8d4e74b6ec40af731b1ddf5499a0b81fc3b1cd797ee3, author = Florian Roth, hash10 = 4c2921702d18e0874b57638433474e54719ee6dfa39d323839d216952c5c834a, hash11 = 47afa5fd954190df825924c55112e65fd8ed0f7e1d6fd403ede5209623534d7d, hash12 = 7d715217e23a471d42d95c624179fe7de085af5670171d212b7b798ed9bf07c2, hash17 = e300339058a885475f5952fb4e9faaa09bb6eac26757443017b281c46b03108b, hash18 = 19544863758341fe7276c59d85f4aa17094045621ca9c98f8a9e7307c290bad4, license = https://creativecommons.org/licenses/by-nc/4.0/, hash19 = 2527fff1a3c780f6a757f13a8912278a417aea84295af1abfa4666572bbbf086, hash13 = 9706eb99e48e445ac4240b5acb2efd49468a800913e70e40b25c2bf80d6be35f, hash14 = d2856e98011541883e5b335cb46b713b1a6b2c414966a9de122ee7fb226aa7f7, hash15 = 8ab2b60aadf97e921e3a9df5cf1c135fbc851cb66d09b1043eaaa1dc01b9a699, hash16 = efff15e1815fb3c156678417d6037ddf4b711a3122c9b5bc2ca8dc97165d3769
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Auditcleaner date = 2017-04-08, hash1 = 8c172a60fa9e50f0df493bf5baeb7cc311baef327431526c47114335e0097626, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file Auditcleaner, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elgingamble date = 2017-04-08, hash1 = 0573e12632e6c1925358f4bfecf8c263dd13edf52c633c9109fe3aae059b49dd, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elgingamble, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsd date = 2017-04-08, hash1 = 634c50614e1f5f132f49ae204c4a28f62a32a39a3446084db5b0b49b564034b8, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsd, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_ebbshave date = 2017-04-08, hash1 = eb5e0053299e087c87c2d5c6f90531cc1946019c85a43a2998c7b66a6f19ca4b, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file ebbshave.v5, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_eggbasket date = 2017-04-08, hash1 = b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file eggbasket, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_sambal date = 2017-04-08, hash1 = 2abf4bbe4debd619b99cb944298f43312db0947217437e6b71b9ea6e9a1a4fec, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file sambal, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_envisioncollision date = 2017-04-08, hash1 = 75d5ec573afaf8064f5d516ae61fd105012cbeaaaa09c8c193c7b4f9c0646ea1, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file envisioncollision, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_cmsex date = 2017-04-08, hash1 = 2d8ae842e7b16172599f061b5b1f223386684a7482e87feeb47a38a3f011b810, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file cmsex, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_DUL date = 2017-04-08, hash1 = 24d1d50960d4ebf348b48b4db4a15e50f328ab2c0e24db805b106d527fc5fe8e, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file DUL, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_slugger2 date = 2017-04-08, hash1 = a6a9ab66d73e4b443a80a69ef55a64da7f0af08dfaa7e17eb19c327301a70bdf, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file slugger2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_jackpop date = 2017-04-08, hash1 = 0b208af860bb2c7ef6b1ae1fcef604c2c3d15fc558ad8ea241160bf4cbac1519, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file jackpop, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_epoxyresin_v1_0_0 date = 2017-04-08, hash1 = eea8a6a674d5063d7d6fc9fe07060f35b16172de6d273748d70576b01bf01c73, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file epoxyresin.v1.0.0.1, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_estesfox date = 2017-04-08, hash1 = 33530cae130ee9d9deeee60df9292c00242c0fe6f7b8eedef8ed09881b7e1d5a, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file estesfox, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_elatedmonkey_1_0_1_1 date = 2017-04-08, hash1 = bf7a9dce326604f0681ca9f7f1c24524543b5be8b6fcc1ba427b18e2a4ff9090, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- file elatedmonkey.1.0.1.1.sh, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell_ftshell_v3_10_3_0 date = 2017-04-08, hash2 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__scanner_scanner_v2_1_2 date = 2017-04-08, hash2 = 9807aaa7208ed6c5da91c7c30ca13d58d16336ebf9753a5cea513bcb59de2cff, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files scanner, scanner.v2.1.2, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = dcbcd8a98ec93a4e877507058aa26f0c865b35b46b8e6de809ed2c4b3db7e222
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ghost_sparc_ghost_x86_3 date = 2017-04-08, hash2 = 82c899d1f05b50a85646a782cddb774d194ef85b74e1be642a8be2c7119f4e33, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ghost_sparc, ghost_x86, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = d5ff0208d9532fc0c6716bd57297397c8151a01bf4f21311f24e7a72551f9bf1
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__jparsescan_parsescan_5 date = 2017-04-08, hash2 = 942c12067b0afe9ebce50aa9dfdbf64e6ed0702d9a3a00d25b4fca62a38369ef, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 8c248eec0af04300f3ba0188fe757850d283de84cf42109638c1c1280c822984
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__funnelout_v4_1_0_1 date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files funnelout.v4.1.0.1.pl, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 457ed14e806fdbda91c4237c8dc058c55e5678f1eecdd78572eff6ca0ed86d33
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__magicjack_v1_1_0_0_client date = 2017-04-08, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files magicjack_v1.1.0.0_client-1.1.0.0.py, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 63292a2353275a3bae012717bb500d5169cd024064a1ce8355ecb4e9bfcdfdd1
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup__ftshell date = 2017-04-08, hash4 = 0be739024b41144c3b63e40e46bab22ac098ccab44ab2e268efc3b63aea02951, author = Florian Roth, description = Equation Group hack tool leaked by ShadowBrokers- from files ftshell, ftshell.v3.10.3.7, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 9bebeb57f1c9254cb49976cc194da4be85da4eb94475cb8d813821fb0b24f893
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_noclient_3_3_2 date = 2017-04-09, hash1 = 3cf0eb010c431372af5f32e2ee8c757831215f8836cabc7d805572bb5574fc72, author = Florian Roth, description = Equation Group hack tool set, reference = https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Eternalromance date = 2017-04-15, hash2 = b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = f1ae9fdbb660aae3421fd3e5b626c1e537d8e9ee2f9cd6d56cb70b6878eaca5d
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_Gen2 date = 2017-04-15, hash4 = 8f7e10a8eedea37ee3222c447410fd5b949bd352d72ef22ef0b2821d9df2f5ba, hash3 = f2e90e04ddd05fa5f9b2fec024cd07365aebc098593d636038ebc2720700662b, hash2 = 561c0d4fc6e0ff0a78613d238c96aed4226fbb7bb9ceea1d19bc770207a6be1e, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 7fe425cd040608132d4f4ab2671e04b340a102a20c97ffdcf1b75be43a9369b5
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_ntevt date = 2017-04-15, hash1 = 4254ee5e688fc09bdc72bcc9c51b1524a2bb25a9fb841feaf03bc7ec1a9975bf, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld date = 2017-04-15, hash5 = 8419866c9058d738ebc1a18567fef52a3f12c47270f2e003b3e1242d86d62a46, hash4 = 551174b9791fc5c1c6e379dac6110d0aba7277b450c2563e34581565609bc88e, hash3 = c10f4b9abee0fde50fe7c21b9948a2532744a53bb4c578630a81d2911f6105a3, hash2 = 320144a7842500a5b69ec16f81a9d1d4c8172bb92301afd07fb79bc0eca81557, hash1 = 9ab667b7b5b9adf4ff1d6db6f804824a22c7cc003eb4208d5b2f12809f5e69d0, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__DoubleFeatureReader_DoubleFeatureReader_0 date = 2017-04-15, hash2 = 5db457e7c7dba80383b1df0c86e94dc6859d45e1d188c576f2ba5edee139d9ae, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 052e778c26120c683ee2d9f93677d9217e9d6c61ffc0ab19202314ab865e3927
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_Toolset_Apr17__EAFU_ecwi_ESKE_EVFR_RPC2_4 date = 2017-04-15, hash5 = 5c0896dbafc5d8cc19b1bc7924420b20ed5999ac5bee2cb5a91aada0ea01e337, hash4 = c5e119ff7b47333f415aea1d2a43cb6cb322f8518562cfb9b90399cac95ac674, hash3 = 9d16d97a6c964e0658b6cd494b0bbf70674bf37578e2ff32c4779a7936e40556, hash2 = c4152f65e45ff327dade50f1ac3d3b876572a66c1ce03014f2877cea715d9afd, author = Florian Roth, description = Detects EquationGroup Tool - April Leak, reference = https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 3e181ca31f1f75a6244b8e72afaa630171f182fbe907df4f8b656cc4a31602f6
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: EquationGroup_scanner_output date = 2017-04-17, author = Florian Roth, description = Detects output generated by EQGRP scanner.exe, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: dragos_crashoverride_moduleStrings author = Dragos Inc, description = IEC-104 Interaction Module Program Strings, reference = https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_VBS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in VBS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Obfuscated_JS_April17 date = 2017-04-21, author = Florian Roth, description = Detects cloaked Mimikatz in JS obfuscation, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.316499473.0000000006860000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000002.523349455.00000000022DB000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000002.523349455.00000000022DB000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 0000000A.00000003.322872020.0000000006854000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.323493568.00000000068EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.323493568.00000000068EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SQLMap date = 01.07.2014, author = Florian Roth, description = This signature detects the SQLMap SQL injection tool, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.323493568.00000000068EC000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PortRacer author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file PortRacer.exe, hash = 2834a872a0a8da5b1be5db65dfdef388
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.420266978.00000000051E4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat date = 2014/01/28, hash4 = 3f71175985848ee46cc13282fbed2269, hash3 = 4108f28a9792b50d95f95b9e5314fa1e, hash2 = 1d912c55b96e2efe8ca873d6040e3b30, hash1 = 513b7be8bd0595c377283a7c87b44b2e, author = Florian Roth, description = Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php, score = ae025c886fbe7f9ed159f49593674832
Source: 0000000A.00000003.322972936.00000000050C1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.464807403.0000000006D9C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: shankar_php_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file shankar.php.php.txt, hash = 6eb9db6a3974e511b7951b8f7e7136bb
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Empire_Invoke_Shellcode date = 2015-08-06, author = Florian Roth, description = Empire - a pure PowerShell post-exploitation agent - file Invoke-Shellcode.ps1, reference = https://github.com/PowerShellEmpire/Empire, license = https://creativecommons.org/licenses/by-nc/4.0/, score = fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438
Source: 0000000A.00000003.312897828.0000000006654000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 00000013.00000002.542830535.0000000002FAE000.00000004.00000040.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_OSX date = 2017-12-24, hash2 = b7b506f38d0553cd2beb4111c7ef383c821f04cee5169fed2ef5d869c9fbfab3, hash1 = 2680d9900a057d553fcb28d84cdc41c3fc18fd224a88a32ee14c9c1b501a86af, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Silence_malware_2 date = 2017-11-01, hash1 = 75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27, author = Florian Roth, description = Detects malware sample mentioned in the Silence report on Securelist, reference = https://securelist.com/the-silence/83009/, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://minergate.com/faq/what-pool-address
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_unspecified_Jan18_1 date = 2018-01-19, hash1 = f87879b29ff83616e9c9044bd5fb847cf5d2efdd2f01fc284d1a6ce7d464a417, author = Florian Roth, description = Detects unspecified malware sample, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Invoke_PSImage date = 2017-12-16, author = Florian Roth, description = Detects a command to execute PowerShell from String, reference = https://github.com/peewpw/Invoke-PSImage, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: malware_apt15_royaldll sha256 = bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d, author = David Cannings, description = DLL implant, originally rights.dll and runs as a service
Source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY	Matched rule: netwire author = JPCERT/CC Incident Response Group, description = detect netwire in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000003.325067585.0000000002E7E000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Amplia_Security_Tool description = Amplia Security Tool, score =
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Fierce2 date = 01.07.2014, author = Florian Roth, description = This signature detects the Fierce2 domain scanner, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_Shell_ci_Biz_was_here_c100_v_xxx description = Web Shell - from files Shell [ci
Source: 00000013.00000003.471467850.00000000051F3000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt, hash = 6163b30600f1e80d2bb5afaa753490b6
Source: 00000013.00000003.478269987.0000000002FAD000.00000004.00000001.sdmp, type: MEMORY	Matched rule: scanarator author = yarGen Yara Rule Generator by Florian Roth, description = Auto-generated rule on file scanarator.exe, hash = 848bd5a518e0b6c05bd29aceb8536c46
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: webshell_PHP_b37 date = 2014/01/28, author = Florian Roth, description = Web Shell - file b37.php, score = 0421445303cfd0ec6bc20b3846e30ff0
Source: 00000013.00000003.435493556.0000000006B8B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt, hash = c6eeacbe779518ea78b8f7ed5f63fc11
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Volgmer_Malware date = 2017-11-15, hash5 = 6dae368eecbcc10266bba32776c40d9ffa5b50d7f6199a9b6c31d40dfe7877d1, hash4 = e40a46e95ef792cf20d5c14a9ad0b3a95c6252f96654f392b4bc6180565b7b11, hash3 = eff3e37d0406c818e3430068d90e7ed2f594faa6bb146ab0a1c00a2f4a4809a5, hash2 = 8fcd303e22b84d7d61768d4efa5308577a09cc45697f7f54be4e528bbb39435b, hash1 = ff2eb800ff16745fc13c216ff6d5cc2de99466244393f67ab6ea6f8189ae01dd, author = Florian Roth, description = Detects Volgmer malware as reported in US CERT TA17-318B, hash8 = 1d0999ba3217cbdb0cc85403ef75587f747556a97dee7c2616e28866db932a0d, hash7 = 53e9bca505652ef23477e105e6985102a45d9a14e5316d140752df6f3ef43d2d, hash6 = fee0081df5ca6a21953f3a633f2f64b7c0701977623d3a4ec36fff282ffe73b9, reference = https://www.us-cert.gov/ncas/alerts/TA17-318B, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RemCom_RemoteCommandExecution date = 2017-12-28, author = Florian Roth, description = Detects strings from RemCom tool, reference = https://goo.gl/tezXZt, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ProcessInjector_Gen date = 2018-04-23, author = Florian Roth, description = Detects a process injection utility that can be used ofr good and bad purposes, reference = https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 456c1c25313ce2e2eedf24fdcd4d37048bcfff193f6848053cbb3b5e82cd527d
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazagne_PW_Dumper date = 2018-03-22, author = Markus Neis / Florian Roth, description = Detects Lazagne PW Dumper, reference = https://github.com/AlessandroZ/LaZagne/releases/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_shellpop_Bash date = 2018-05-18, hash1 = 36fad575a8bc459d0c2e3ad626e97d5cf4f5f8bedc56b3cc27dd2f7d88ed889b, author = Tobias Michalski, description = Detects susupicious bash command, reference = https://github.com/0x00-0x00/ShellPop
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: GoldDragon_Aux_File date = 2018-02-03, author = Florian Roth, description = Detects export from Gold Dragon - February 2018, reference = https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_dropper_script_Dec17_1 date = 2018-01-01, author = Florian Roth, description = Detects a supicious VBS script that drops an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lazarus_Dec_17_5 date = 2017-12-20, hash1 = db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471, author = Florian Roth, description = Detects Lazarus malware from incident in Dec 2017, reference = https://goo.gl/8U6fY2, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: APT_Turla_Agent_BTZ_Gen_1 date = 2018-06-16, author = Florian Roth, description = Detects Turla Agent.BTZ, reference = Internal Research, score = c905f2dec79ccab115ad32578384008696ebab02276f49f12465dcd026c1a615
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Suspicious_BAT_Strings date = 2018-01-05, author = Florian Roth, description = Detects a string also used in Netwire RAT auxilliary, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://pastebin.com/8qaiyPxs
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Turla_Mal_Script_Jan18_1 date = 2018-01-19, hash1 = 180b920e9cea712d124ff41cd1060683a14a79285d960e17f0f49b969f15bfcc, author = Florian Roth, description = Detects Turla malicious script, reference = https://ghostbin.com/paste/jsph7, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: VBS_Obfuscated_Mal_Feb18_1 date = 2018-02-12, hash3 = e1765a2b10e2ff10235762b9c65e9f5a4b3b47d292933f1a710e241fe0417a74, hash2 = c5c0e28093e133d03c3806da0061a35776eed47d351e817709d2235b95d3a036, hash1 = 06960cb721609fe5a857fe9ca3696a84baba88d06c20920370ddba1b0952a8ab, author = Florian Roth, description = Detects malicious obfuscated VBS observed in February 2018, reference = https://goo.gl/zPsn83, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_ScanCopyPDF_Feb18 date = 2018-02-14, hash1 = 6f8ff26a5daf47effdea5795cdadfff9265c93a0ebca0ce5a4144712f8cab5be, author = Florian Roth, description = Auto-generated rule - file Scan Copy.pdf.com, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
Source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Armitage_msfconsole date = 2017-12-24, hash1 = 662ba75c7ed5ac55a898f480ed2555d47d127a2d96424324b02724b3b2c95b6a, author = Florian Roth, description = Detects Armitage component, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: classification engine

Classification label: mal100.rans.troj.expl.evad.mine.winEXE@15/1031@0/0

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	0_2_0040320C
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C46250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	3_2_02C46250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02D56250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	5_2_02D56250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02DB6250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	8_2_02DB6250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02BB6250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	9_2_02BB6250
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02BA6250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,	10_2_02BA6250

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Code function: 0_2_004044D1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004044D1

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,

0_2_004020D1

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File created: C:\Users\user\Desktop\00554e26-4141-4a67-98c4-9454bf8d1c70.dll

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File created: C:\Users\user\AppData\Local\Temp\nswAFA.tmp

Jump to behavior

Source: GZe6EcSTpO.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: GZe6EcSTpO.exe	Virustotal: Detection: 52%
Source: GZe6EcSTpO.exe	ReversingLabs: Detection: 41%

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File read: C:\Users\user\Desktop\GZe6EcSTpO.exe

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: GZe6EcSTpO.exe

Static file information: File size 16770272 > 1048576

Source: C:\Users\user\Desktop\vnwareupdate.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_508df7e2bcbccb90\MSVCR90.dll

Jump to behavior

Source: GZe6EcSTpO.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: $x1 = "\\BeyondExecV2\\Server\\Release\\Pipes.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\exeruner.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\T+M\\Result\\DocPrint.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\RbDoorX64.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\UACElevator_RID2B2C.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\shellcodegenerator.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Gubed\\Release\\Gubed.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\pstgdump_RID2A85.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\FakeRun.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\BypassUAC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\archer_lyl\\Release\\Archer_Input.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\ASGT.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = /\\Debug\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "ntfltmgr.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "\\Debug\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ScreenMonitorService\\Release\\smmsrv.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\AllTheThings_RID2BB8.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\injector.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\ChromePasswordDump\\Release\\FireMaster.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\svc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "Desktop\\Htran\\Release\\Htran.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\Documents and Settings\\Administrator\\Desktop\\GetPAI\\Out\\IE.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\EWSTEW.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\beacon\\Release\\beacon.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\dloader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\RoyalCli.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\BisonNewHNStubDll\\Release\\Goopdate.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\InjectDll.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "c:\\Development\\ghps\\nps\\nps\\obj\\x86\\Release\\nps.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Cobra\\Release\\Cobra.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Debug\\Sharpire_RID2A4F.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\milk\\Release\\milk.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\NoPowerShell.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "S:\\Lidstone\\renewing\\HA\\disable\\In.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "\\x86\\Release\\word.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "D:\\gitpoc\\UAC\\src\\x64\\Release\\lpe.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\Release\\Loader.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Release\\CnCerT.CCdoor.Client.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "D:\\Work\\Project\\VS\\HSSL\\HSSL_Unicode _2\\Release\\ServiceClient.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cPrivileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-cStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauStrider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sau source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "F:\\Projects\\Bot\\Bot\\Release\\Ism.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Step7ProSim.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Release\\AppInitHook_RID2B57.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\inject.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "bin\\oSaberSvc.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "C:\\WRK\\GHook\\gHook\\x64\\Debug\\gHookx64.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Projets\\vbsedit_source\\script2exe\\Release\\mywscript.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "srv\\newclient\\lib\\win32\\obj\\i386\\mstsc.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\Decompress\\obj\\Release\\Decompress.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "ipsearcher_RID2B37\\ipsearcher_RID2B37\\Release\\ipsearcher_RID2B37.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\x64\\x64passldr.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\epathobj_exp\\x64\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Celesty Binder\\Stub\\STATIC\\Stub.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDbBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\reflective_dll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "src\\build\\Release\\dllConfig\\dllConfig.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\obj\\Release\\Myrtille.Services.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\x86\\Debug\\secure_scan.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\Win32Project1\\Release\\Win32Project1.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\RTLBot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\Potato.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\ClearLog\\Release\\logC.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "Agent Injector\\PolicyConverter\\Joiner\\obj\\Release\\Joiner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "\\Release\\PhantomNet-SSL.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\CWoolger.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\Release\\Bot Fresh.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\BypassUacDll.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\Layer.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\kasper.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x3 = "Agent Injector\\PolicyConverter\\Inner\\obj\\Release\\Inner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\not copy\\obj\\Debug\\not copy.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\amd64\\elrawdsk.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s16 = ".\\lsasrv.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\FTPCom_vs10\\Release\\Engine.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: BlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pdBlackEnergy attacking mining and railway companies in Ukraine http://documents.trendmicro.com/assets/resources/IOC-KillDisk_and_BlackEnergy.pd source: vnwareupdate.exe, 00000003.00000002.565250671.0000000003FA1000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\PSAttack.pdb" fullword source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\Release\\WindowXarbot.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\objfre_w2k_x86\\i386\\guava.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "\\custact\\x86\\AICustAct.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Lenovo\\Desktop\\test\\Release\\test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\WinMain\\Release\\WinMain.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "Excalibur\\bin\\Shell.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x2 = "\\SkeyMan2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD dBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDoBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD9Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDcBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDdBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDiBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDOThe Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/4dec74bc41c581b82459;APTnotes 2014 Operation_Poisoned_Hurricane.pdf source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\ReflectivLoader.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\fgexec_RID2983.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x7 = "\\obj\\Release\\botkill.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x6 = "Bot\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\PowerShellRunner.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x5 = "Bot5\\Release\\Ism.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/The Maudi Operation (2012) https://raw.githubusercontent.com/lukaszbb/apt-analysis/master/reports_txt/2012/Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDh source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\instlsp\\Release\\Lancer.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\MiniAsp4\\Release\\MiniAsp.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\scout\\Release\\scout.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\epathobj_exp\\Release\\epathobj_exp.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = /\\Release\\[a-z]{0,8}katz.pdb/ source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x4 = "BypassUac.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s5 = "%windows%\\mfc42l00.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s1 = "\\obj\\Release\\TempRacer_RID2A94.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\exploit.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s0 = "\\i386\\Hello.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s6 = "\\obj\\Release\\ZPP.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s3 = "uac\\bin\\install_test.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "C:\\Users\\Logintech\\Dropbox\\Projects\\New folder\\Latest\\Benchmark\\Benchmark\\obj\\Release\\Benchmark.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\Release\\dnscat2.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "c:\\ntevt.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD5Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDaBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDtBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDeBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD-Bankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDABankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDTBankshot Lazarus Malware https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PD8@ source: vnwareupdate.exe, 00000003.00000003.237137501.0000000002B8E000.00000004.00000001.sdmp
Source:	Binary string: $x1 = "\\support\\Release\\ab.pdb" ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s4 = "C:\\v3\\exe\\de_svr_inst.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp
Source:	Binary string: $s2 = "\\ms11080\\Debug\\ms11080.pdb" fullword ascii source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

Data Obfuscation:

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_00401D61 push ecx; ret	3_2_00401D74
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CFB2B1 push ecx; ret	3_2_02CFB2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02C39F8F pushfd ; ret	3_2_02C39F96
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02E0B2B1 push ecx; ret	5_2_02E0B2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E6B2B1 push ecx; ret	8_2_02E6B2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C30678 push es; ret	9_2_02C3067A
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C6B2B1 push ecx; ret	9_2_02C6B2C4
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C5B2B1 push ecx; ret	10_2_02C5B2C4

Source: initial sample

Static PE information: section name: .text entropy: 6.92175980221

Persistence and Installation Behavior:

Drops PE files

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\winxpgui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\python27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_cffi_backend.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.adsi.adsi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\yara.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\mfc90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._constant_time.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32clipboard.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32pdh.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\msvcp90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\tk85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32pipe.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.directsound.directsound.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.mapi.mapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\python27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.authorization.authorization.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._openssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\msvcm90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\pywintypes27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.taskscheduler.taskscheduler.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\tcl85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.mapi.exchange.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.bits.bits.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\MSVCR90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\pythoncom27.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.ifilter.ifilter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.internet.internet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\MSVCR90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.axcontrol.axcontrol.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.axscript.axscript.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32gui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.mapi.exchdapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.propsys.propsys.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.axdebug.axdebug.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\vnwareupdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32file.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\cryptography.hazmat.bindings._padding.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32com.shell.shell.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	File created: C:\Users\user\Desktop\lib\win32process.pyd	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Deletes itself after installation

Source: C:\Users\user\Desktop\vnwareupdate.exe

File deleted: c:\users\user\desktop\gze6ecstpo.exe

Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM3

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $S5 = "WIRESHARK.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $A2 = "DUMPCAP.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $X12 = "ANTISNIFF -A WIRESHARK.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $S3 = "WINDUMP.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $S2 = "TCPDUMP.EXE" FULLWORD ASCII
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $X1 = ";PROCMON64.EXE;NETMON.EXE;TCPVIEW.EXE;MINISNIFFER.EXE;SMSNIFF.EXE" ASCII

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\winxpgui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.taskscheduler.taskscheduler.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\tcl85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.mapi.exchange.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.bits.bits.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.adsi.adsi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\yara.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\mfc90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.ifilter.ifilter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.internet.internet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32clipboard.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.axcontrol.axcontrol.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.axscript.axscript.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32pdh.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32gui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\msvcp90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.mapi.exchdapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\tk85.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32pipe.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.mapi.mapi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.directsound.directsound.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.propsys.propsys.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32event.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\msvcm90.dll	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.axdebug.axdebug.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32com.authorization.authorization.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32process.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lib\win32ui.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405768
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004062A3 FindFirstFileA,FindClose,	0_2_004062A3
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE

Source: C:\Users\user\Desktop\vnwareupdate.exe

Code function: 3_2_02C46250 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetSystemInfo,

3_2_02C46250

Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	File opened: C:\Documents and Settings\All Users\Application Data\Application Data\	Jump to behavior

Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: Check_VMWare_DeviceMap
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: Check_VmTools
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $v1 = "vmware" fullword ascii
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: Check_Qemu_Description
Source: GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	Binary or memory string: "C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=C:\Users\user\Desktop\Uninstall.exesmVath_DakotaxpTheme.tclluler.taskscheduler.pyde.pydx
Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp	Binary or memory string: .tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=q
Source: GZe6EcSTpO.exe, 00000000.00000002.225965765.000000000042C000.00000004.00020000.sdmp	Binary or memory string: "C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=GhT1
Source: vnwareupdate.exe, 00000003.00000002.516989975.00000000021F1000.00000004.00000001.sdmp	Binary or memory string: tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=
Source: vnwareupdate.exe, 00000003.00000002.522468680.00000000022F1000.00000004.00000001.sdmp	Binary or memory string: antivm_vmware
Source: GZe6EcSTpO.exe, 00000000.00000002.226025578.0000000000470000.00000004.00000020.sdmp	Binary or memory string: C:\Users\user\Desktop\C:\Users\user\Desktop\vnwareupdate.exe"C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBV\Registry\Machine\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_InitializeS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=C:\Users\user\Desktop\vnwareupdate.exeWinsta0\Default=::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=computerComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\U\Registry\Machine\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\Users\userp
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	Binary or memory string: $v3 = "VMWVMCIHOSTDEV" fullword ascii
Source: vnwareupdate.exe, 00000003.00000002.516586653.00000000021E0000.00000004.00000040.sdmp	Binary or memory string: C:\Users\user\Desktop\vnwareupdate.exe-rtNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=
Source: vnwareupdate.exe, 00000003.00000002.522931627.000000000237B000.00000004.00000001.sdmp	Binary or memory string: tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=q
Source: GZe6EcSTpO.exe, 00000000.00000002.225936254.000000000040A000.00000004.00020000.sdmp	Binary or memory string: "C:\Users\user\Desktop\vnwareupdate.exe" -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=

Anti Debugging:

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\vnwareupdate.exe

Code function: 3_2_00401E98 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,

3_2_00401E98

Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_00401A91 SetUnhandledExceptionFilter,	3_2_00401A91
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_00401E98 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	3_2_00401E98
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 3_2_02CFAD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	3_2_02CFAD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 5_2_02E0AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	5_2_02E0AD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 8_2_02E6AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	8_2_02E6AD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 9_2_02C6AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	9_2_02C6AD3E
Source: C:\Users\user\Desktop\vnwareupdate.exe	Code function: 10_2_02C5AD3E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	10_2_02C5AD3E

HIPS / PFW / Operating System Protection Evasion:

Yara detected Powershell download and execute

Source: Yara match	File source: 00000013.00000003.416791801.00000000051F5000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1092'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1136'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1244'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1236'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1256'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1300'	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=			Jump to behavior

Source: vnwareupdate.exe, 00000003.00000002.528939253.000000000297B000.00000004.00000001.sdmp

Binary or memory string: DOF_PROGMAN

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\ad421c32-aaf8-4995-847c-18069215aace.md VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\ad421c32-aaf8-4995-847c-18069215aace.md VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\9703e260-d265-4332-8de3-4e5fab56a248.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\9703e260-d265-4332-8de3-4e5fab56a248.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\9703e260-d265-4332-8de3-4e5fab56a248.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\status.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\00554e26-4141-4a67-98c4-9454bf8d1c70.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\00554e26-4141-4a67-98c4-9454bf8d1c70.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\2a5e15fa-fe3f-471c-b784-6a56e4aeac95.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\fc38c7ee-ad18-4c74-a67c-9df763b1d8a4.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\28f4fa56-e109-42e0-9d12-1e216cf1181f.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\a6be3467-9cec-43b3-8e87-ded73d446923.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\93d72046-08db-4412-ab52-b014148c1823.bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-filename-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\falsepositive-hashes.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation
Source: C:\Users\user\Desktop\vnwareupdate.exe	Queries volume information: C:\Users\user\Desktop\otx-hash-iocs.txt VolumeInformation

Source: C:\Users\user\Desktop\vnwareupdate.exe

Code function: 3_2_00401DC8 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

3_2_00401DC8

Source: C:\Users\user\Desktop\GZe6EcSTpO.exe

0_2_0040320C

Source: C:\Users\user\Desktop\vnwareupdate.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Codoso Ghost

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected GhostRat

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Mimikatz

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Mini RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY

Yara detected Nukesped

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected PupyRAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected WebMonitor RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Remote Access Functionality:

Detected HawkEye Rat

Source: vnwareupdate.exe, 00000003.00000002.538970312.00000000035E1000.00000004.00000001.sdmp	String found in binary or memory: \HawkEye_Keylogger_
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: rule MAL_HawkEye_Keylogger_Gen_Dec18_RID324D : DEMO GEN HKTL MAL T1056 T1113 {
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: rule HawkEye_Keylogger_Feb18_1_RID302C : DEMO EXE FILE MAL T1056 {

Detected Nanocore Rat

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $x2 = "NanoCore.ClientPluginHost" fullword ascii
Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp	String found in binary or memory: $x1 = "NanoCore.ClientPluginHost" fullword ascii

Detected xRAT

Source: vnwareupdate.exe, 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp

String found in binary or memory: $x5 = "<description>My UAC Compatible application</description>" fullword ascii

Yara detected CobaltStrike

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Codoso Ghost

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected GhostRat

Source: Yara match

File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Mini RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY

Yara detected Nukesped

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected PupyRAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Quasar RAT

Source: Yara match	File source: 0000000A.00000003.305199649.00000000050F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416539900.0000000005222000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected RevengeRAT

Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected Turla ComRAT XORKey

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Yara detected WebMonitor RAT

Source: Yara match	File source: 0000000A.00000003.304068846.0000000005000000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.416659119.0000000005137000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.415404464.0000000005130000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.305422889.0000000005007000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.270488025.00000000063E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vnwareupdate.exe PID: 2540, type: MEMORY

Source: unknown	Process created: C:\Users\user\Desktop\GZe6EcSTpO.exe 'C:\Users\user\Desktop\GZe6EcSTpO.exe'
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1092'
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1136'
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1244'
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1236'
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1256'
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1300'
Source: C:\Users\user\Desktop\GZe6EcSTpO.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' -r tNdLZso+RbiqYzcNMmDUvJn8W3VMjDSxgB461SVTbrzMmtabvNhkHuZIvNduUGjO7UzqsUnmuPq7GKNjbUUEmbjXWxezy7xJ04G+icWNgQLiwxU/H/LMW24G/9O1+8K4oWZz+411UOx9sxEV6gpox/NT3jtp1cMUSmDDWI3Abi8XrFiOXG8AgMkOFBVNgdv0d+Dha+cRprvunFNJBh/+mVDp1EkdsXXU0eMQcUpns8p6kdiZ4rFZD4y5oVgqOEZ9Po4Z4HgwiHmPwR8ajszuHS68AdaUj0pH0IEHv2mNV71t2soPIKLuE6vIlqTHadsqd5m4qTWlE5yUZYw6YMMgmll72lf1E232p9MVl4yhetYBzNx+sWPE+DpILBlSmddPucuORCpaLa5yzRa7ZbJ98jQfjCVZUbyNMn5Vxk30OIGoBOyrsN0VmKcdDsRZxUCHQhupf0BXrgN7wh46haut8zZzv6puQEmuGL/8u2wQFQEd9pNBJ0Rlv3QP/bjyE945wMYCc6Xz4QLd03mLiDwTqcCYAP/KGG8Yhr3pv/YbSaeW0WUI4zwTjoJArSp8wQL4F7Eb5XLV6Id8VVowmbmosktt/RQUrLvThJExvG5SvJP/mUR4/fnp2sNhMJrQ0VYv8PabCT5DFqxapVfyOG02/QYIIhU=	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1092'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1136'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1244'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1236'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1256'	Jump to behavior
Source: C:\Users\user\Desktop\vnwareupdate.exe	Process created: C:\Users\user\Desktop\vnwareupdate.exe 'C:\Users\user\Desktop\vnwareupdate.exe' '--multiprocessing-fork' '1300'	Jump to behavior

ID:	380813
Product:	CloudBasic
Start time:	13:45:10
Start date:	02.04.2021
Sample:	GZe6EcSTpO
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	87e0355c098d2dfd890ae4c9da26bbdd
SHA1:	5f300f4dd15cccbe51cd4df51ac30b7c2c84fc75
SHA256:	570c3c298c2d30bfd7d824b0ec8e28b3efa51bf269297348fc5fc30cb81a2d7e
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Analysis Report GZe6EcSTpO

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Cryptography:

Exploits:

Privilege Escalation:

Bitcoin Miner:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Behavior Graph

Network Map