Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 31, 2024, 7:29 a.m.	May 31, 2024, 7:48 a.m.

Size	30.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0c2564813f2b9fc088cfb6938214d3cb`
SHA256	`1043faf46b5a19cbe10410e01725b38caf0db7f36b73c68e103ebca8da2d18d2`
CRC32	`FBCA6AA7`
ssdeep	`384:pNZ3hei0OblBcTZPR6Vc+nEscc/IJlNVVNDpSIw39qWrDk2kMK6KUkyoseNegUE5:X/3ZsZPR6VdBgJlNzOSJ0C1No6Y4`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)

ADServices.exe "C:\Users\test22\AppData\Local\Temp\ADServices.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 31, 2024, 7:22 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 31, 2024, 7:22 a.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 31, 2024, 7:22 a.m.	stacktrace: 0x7ff0016097c 0x7ff001604b0 0x7ff0016017d IEE+0xda16 GetUserStore-0xa7e mscorwks+0x2c1612 @ 0x7fef3ca1612 CreateAssemblyNameObject+0x5cbb CompareAssemblyIdentity-0x6ff9 mscorwks+0x1eee13 @ 0x7fef3bcee13 PreBindAssembly+0x79a91 LoadStringRC-0x2544f mscorwks+0x69bc51 @ 0x7fef407bc51 GetCLRFunction+0xccaf CreateApplicationContext-0xa211 mscorwks+0x117dc7 @ 0x7fef3af7dc7 StrongNameErrorInfo-0x31f0 mscorwks+0xf4118 @ 0x7fef3ad4118 GetAssemblyIdentityFromFile+0x195bd LegacyNGenFreeZapper-0x17af3 mscorwks+0x787e3d @ 0x7fef4167e3d StrongNameErrorInfo-0x10ded mscorwks+0xe651b @ 0x7fef3ac651b _CorExeMain+0xac GetCLRFunction-0x72b8 mscorwks+0x103e60 @ 0x7fef3ae3e60 _CorExeMain+0x5d CLRCreateInstance-0x2bd3 mscoreei+0x74e5 @ 0x7fef4e874e5 _CorExeMain+0x69 ND_RU1-0x1707 mscoree+0x5b21 @ 0x7fef4f25b21 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 00 4c 8b 5d 28 48 8b 4d 28 ff 50 40 48 89 exception.instruction: mov rax, qword ptr [rax] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7ff0016097c registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 8796092104728 registers.rbx: 0 registers.rsp: 2883152 registers.r11: 518 registers.r8: 2877696 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

May 31, 2024, 7:22 a.m.

stacktrace:

0x7ff0016097c
0x7ff001604b0
0x7ff0016017d
IEE+0xda16 GetUserStore-0xa7e mscorwks+0x2c1612 @ 0x7fef3ca1612
CreateAssemblyNameObject+0x5cbb CompareAssemblyIdentity-0x6ff9 mscorwks+0x1eee13 @ 0x7fef3bcee13
PreBindAssembly+0x79a91 LoadStringRC-0x2544f mscorwks+0x69bc51 @ 0x7fef407bc51
GetCLRFunction+0xccaf CreateApplicationContext-0xa211 mscorwks+0x117dc7 @ 0x7fef3af7dc7
StrongNameErrorInfo-0x31f0 mscorwks+0xf4118 @ 0x7fef3ad4118
GetAssemblyIdentityFromFile+0x195bd LegacyNGenFreeZapper-0x17af3 mscorwks+0x787e3d @ 0x7fef4167e3d
StrongNameErrorInfo-0x10ded mscorwks+0xe651b @ 0x7fef3ac651b
_CorExeMain+0xac GetCLRFunction-0x72b8 mscorwks+0x103e60 @ 0x7fef3ae3e60
_CorExeMain+0x5d CLRCreateInstance-0x2bd3 mscoreei+0x74e5 @ 0x7fef4e874e5
_CorExeMain+0x69 ND_RU1-0x1707 mscoree+0x5b21 @ 0x7fef4f25b21
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 8b 00 4c 8b 5d 28 48 8b 4d 28 ff 50 40 48 89
exception.instruction: mov rax, qword ptr [rax]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7ff0016097c
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 8796092104728
registers.rbx: 0
registers.rsp: 2883152
registers.r11: 518
registers.r8: 2877696
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0

Allocates read-write-execute memory (usually to unpack itself) (41 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000006e0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000810000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a21000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9e000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9e000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3ca1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c9e000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00022000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00012000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00023000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00112000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000ed000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff0002c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00160000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00024000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff00026000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory May 31, 2024, 7:22 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007ff000d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Bladabindi.4!c
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojan.GenericFC.S20328187
Skyhigh	GenericRXCN-ZP!0C2564813F2B
ALYac	Gen:Variant.Application.MSILPerseus.82594
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Application.MSILPerseus.82594
Sangfor	Trojan.Msil.Bladabindi.Vzle
K7AntiVirus	Trojan ( 00507d2e1 )
BitDefender	Gen:Variant.Application.MSILPerseus.82594
K7GW	Trojan ( 00507d2e1 )
Cybereason	malicious.13f2b9
Arcabit	Trojan.Application.MSILPerseus.D142A2
VirIT	Trojan.Win32.Dnldr24.CJC
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Bladabindi.HP
APEX	Malicious
McAfee	GenericRXCN-ZP!0C2564813F2B
Avast	MSIL:Agent-CIB [Trj]
ClamAV	Win.Packed.Bladabindi-9857493-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/CoinMiner.a9d4117e
NANO-Antivirus	Trojan.Win32.Bladabindi.klzdlf
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
MicroWorld-eScan	Gen:Variant.Application.MSILPerseus.82594
Rising	Backdoor.njRAT!1.9E49 (CLASSIC)
Emsisoft	Gen:Variant.Application.MSILPerseus.82594 (B)
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	Trojan.DownLoader26.5584
Zillya	Trojan.Bladabindi.Win32.87998
TrendMicro	BKDR_BLADABI.SMC
McAfeeD	Real Protect-LS!0C2564813F2B
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.0c2564813f2b9fc0
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Agent
Jiangmin	Trojan.Generic.atrdw
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=77)
Kingsoft	malware.kb.c.1000
Gridinsoft	Backdoor.Win32.Bladabindi.vl!ni
Microsoft	Trojan:Win32/CoinMiner!pz
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	MSIL.Backdoor.Bladabindi.AV
Varist	W32/MSIL_Troj.AP.gen!Eldorado
AhnLab-V3	Trojan/Win32.Bladabindi.R198280
BitDefenderTheta	Gen:NN.ZemsilF.36806.bm0@aWWNiGl

ADServices.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All