Malicious
Classifications
Spyware
Threat Names
RedLine.Ev1 Mal/HTMLGen-A RedLine.E
Dynamic Analysis Report
Created on 2023-12-28T10:41:09+00:00
MONITOR.EXE
Windows Exe (x86-32)
Remarks
(0x0200004A): 1 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 190 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\MONITOR.EXE | Sample File | Binary |
Malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 6.51 MB |
| MD5 |
4c512d7d31cdb78bbfb451d5c4a854ac
|
| SHA1 |
6de240db122380c895f241c406b5c89e58f1e7dc
|
| SHA256 |
698cdfaf8a202dbac69809be1861e390a013bac64522e29b6b3fd7d9b7e0c450
|
| SSDeep |
196608:K762phT8RX3ws1tNFtQzV+hxFJosO8tTbxhdZTG:wvpRUHwsRFtQzV+hxlxtvdZTG
|
| ImpHash |
e569e6f445d32ba23766ad67d1e3787f
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x004B5EEC |
| Size Of Code | 0x000B5200 |
| Size Of Initialized Data | 0x0004FA00 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2021-10-27 07:16 (UTC+2) |
Version Information (5)
»
| FileVersion | 7.4.8.3 |
| OriginalFilename | MONITOR.EXE |
| LegalCopyright | Copyright 2013 |
| FileDescription | PHOTOMONITOR PORTABLE |
| ProductName | PHOTOMONITOR PORTABLE |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x000B39E4 | 0x000B3A00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.31 |
| .itext | 0x004B5000 | 0x00001688 | 0x00001800 | 0x000B3E00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.97 |
| .data | 0x004B7000 | 0x000037A4 | 0x00003800 | 0x000B5600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.05 |
| .bss | 0x004BB000 | 0x00006DE8 | 0x00000000 | 0x00000000 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .idata | 0x004C2000 | 0x00000FDC | 0x00001000 | 0x000B8E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.03 |
| .didata | 0x004C3000 | 0x000001A4 | 0x00000200 | 0x000B9E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.75 |
| .edata | 0x004C4000 | 0x0000009A | 0x00000200 | 0x000BA000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.88 |
| .tls | 0x004C5000 | 0x00000018 | 0x00000000 | 0x00000000 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rdata | 0x004C6000 | 0x0000005D | 0x00000200 | 0x000BA200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.38 |
| .rsrc | 0x004C7000 | 0x0004AAF4 | 0x0004AC00 | 0x000BA400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.04 |
Imports (7)
»
kernel32.dll (100)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetACP | - | 0x004C22F4 | 0x000C20A0 | 0x000B8EA0 | 0x00000000 |
| GetExitCodeProcess | - | 0x004C22F8 | 0x000C20A4 | 0x000B8EA4 | 0x00000000 |
| LocalFree | - | 0x004C22FC | 0x000C20A8 | 0x000B8EA8 | 0x00000000 |
| CloseHandle | - | 0x004C2300 | 0x000C20AC | 0x000B8EAC | 0x00000000 |
| SizeofResource | - | 0x004C2304 | 0x000C20B0 | 0x000B8EB0 | 0x00000000 |
| VirtualProtect | - | 0x004C2308 | 0x000C20B4 | 0x000B8EB4 | 0x00000000 |
| VirtualFree | - | 0x004C230C | 0x000C20B8 | 0x000B8EB8 | 0x00000000 |
| GetFullPathNameW | - | 0x004C2310 | 0x000C20BC | 0x000B8EBC | 0x00000000 |
| ExitProcess | - | 0x004C2314 | 0x000C20C0 | 0x000B8EC0 | 0x00000000 |
| HeapAlloc | - | 0x004C2318 | 0x000C20C4 | 0x000B8EC4 | 0x00000000 |
| GetCPInfoExW | - | 0x004C231C | 0x000C20C8 | 0x000B8EC8 | 0x00000000 |
| RtlUnwind | - | 0x004C2320 | 0x000C20CC | 0x000B8ECC | 0x00000000 |
| GetCPInfo | - | 0x004C2324 | 0x000C20D0 | 0x000B8ED0 | 0x00000000 |
| GetStdHandle | - | 0x004C2328 | 0x000C20D4 | 0x000B8ED4 | 0x00000000 |
| GetModuleHandleW | - | 0x004C232C | 0x000C20D8 | 0x000B8ED8 | 0x00000000 |
| FreeLibrary | - | 0x004C2330 | 0x000C20DC | 0x000B8EDC | 0x00000000 |
| HeapDestroy | - | 0x004C2334 | 0x000C20E0 | 0x000B8EE0 | 0x00000000 |
| ReadFile | - | 0x004C2338 | 0x000C20E4 | 0x000B8EE4 | 0x00000000 |
| CreateProcessW | - | 0x004C233C | 0x000C20E8 | 0x000B8EE8 | 0x00000000 |
| GetLastError | - | 0x004C2340 | 0x000C20EC | 0x000B8EEC | 0x00000000 |
| GetModuleFileNameW | - | 0x004C2344 | 0x000C20F0 | 0x000B8EF0 | 0x00000000 |
| SetLastError | - | 0x004C2348 | 0x000C20F4 | 0x000B8EF4 | 0x00000000 |
| FindResourceW | - | 0x004C234C | 0x000C20F8 | 0x000B8EF8 | 0x00000000 |
| CreateThread | - | 0x004C2350 | 0x000C20FC | 0x000B8EFC | 0x00000000 |
| CompareStringW | - | 0x004C2354 | 0x000C2100 | 0x000B8F00 | 0x00000000 |
| LoadLibraryA | - | 0x004C2358 | 0x000C2104 | 0x000B8F04 | 0x00000000 |
| ResetEvent | - | 0x004C235C | 0x000C2108 | 0x000B8F08 | 0x00000000 |
| GetVersion | - | 0x004C2360 | 0x000C210C | 0x000B8F0C | 0x00000000 |
| RaiseException | - | 0x004C2364 | 0x000C2110 | 0x000B8F10 | 0x00000000 |
| FormatMessageW | - | 0x004C2368 | 0x000C2114 | 0x000B8F14 | 0x00000000 |
| SwitchToThread | - | 0x004C236C | 0x000C2118 | 0x000B8F18 | 0x00000000 |
| GetExitCodeThread | - | 0x004C2370 | 0x000C211C | 0x000B8F1C | 0x00000000 |
| GetCurrentThread | - | 0x004C2374 | 0x000C2120 | 0x000B8F20 | 0x00000000 |
| LoadLibraryExW | - | 0x004C2378 | 0x000C2124 | 0x000B8F24 | 0x00000000 |
| LockResource | - | 0x004C237C | 0x000C2128 | 0x000B8F28 | 0x00000000 |
| GetCurrentThreadId | - | 0x004C2380 | 0x000C212C | 0x000B8F2C | 0x00000000 |
| UnhandledExceptionFilter | - | 0x004C2384 | 0x000C2130 | 0x000B8F30 | 0x00000000 |
| VirtualQuery | - | 0x004C2388 | 0x000C2134 | 0x000B8F34 | 0x00000000 |
| VirtualQueryEx | - | 0x004C238C | 0x000C2138 | 0x000B8F38 | 0x00000000 |
| Sleep | - | 0x004C2390 | 0x000C213C | 0x000B8F3C | 0x00000000 |
| EnterCriticalSection | - | 0x004C2394 | 0x000C2140 | 0x000B8F40 | 0x00000000 |
| SetFilePointer | - | 0x004C2398 | 0x000C2144 | 0x000B8F44 | 0x00000000 |
| LoadResource | - | 0x004C239C | 0x000C2148 | 0x000B8F48 | 0x00000000 |
| SuspendThread | - | 0x004C23A0 | 0x000C214C | 0x000B8F4C | 0x00000000 |
| GetTickCount | - | 0x004C23A4 | 0x000C2150 | 0x000B8F50 | 0x00000000 |
| GetFileSize | - | 0x004C23A8 | 0x000C2154 | 0x000B8F54 | 0x00000000 |
| GetStartupInfoW | - | 0x004C23AC | 0x000C2158 | 0x000B8F58 | 0x00000000 |
| GetFileAttributesW | - | 0x004C23B0 | 0x000C215C | 0x000B8F5C | 0x00000000 |
| InitializeCriticalSection | - | 0x004C23B4 | 0x000C2160 | 0x000B8F60 | 0x00000000 |
| GetSystemWindowsDirectoryW | - | 0x004C23B8 | 0x000C2164 | 0x000B8F64 | 0x00000000 |
| GetThreadPriority | - | 0x004C23BC | 0x000C2168 | 0x000B8F68 | 0x00000000 |
| SetThreadPriority | - | 0x004C23C0 | 0x000C216C | 0x000B8F6C | 0x00000000 |
| GetCurrentProcess | - | 0x004C23C4 | 0x000C2170 | 0x000B8F70 | 0x00000000 |
| VirtualAlloc | - | 0x004C23C8 | 0x000C2174 | 0x000B8F74 | 0x00000000 |
| GetSystemInfo | - | 0x004C23CC | 0x000C2178 | 0x000B8F78 | 0x00000000 |
| GetCommandLineW | - | 0x004C23D0 | 0x000C217C | 0x000B8F7C | 0x00000000 |
| LeaveCriticalSection | - | 0x004C23D4 | 0x000C2180 | 0x000B8F80 | 0x00000000 |
| GetProcAddress | - | 0x004C23D8 | 0x000C2184 | 0x000B8F84 | 0x00000000 |
| ResumeThread | - | 0x004C23DC | 0x000C2188 | 0x000B8F88 | 0x00000000 |
| GetVersionExW | - | 0x004C23E0 | 0x000C218C | 0x000B8F8C | 0x00000000 |
| VerifyVersionInfoW | - | 0x004C23E4 | 0x000C2190 | 0x000B8F90 | 0x00000000 |
| HeapCreate | - | 0x004C23E8 | 0x000C2194 | 0x000B8F94 | 0x00000000 |
| GetWindowsDirectoryW | - | 0x004C23EC | 0x000C2198 | 0x000B8F98 | 0x00000000 |
| VerSetConditionMask | - | 0x004C23F0 | 0x000C219C | 0x000B8F9C | 0x00000000 |
| GetDiskFreeSpaceW | - | 0x004C23F4 | 0x000C21A0 | 0x000B8FA0 | 0x00000000 |
| FindFirstFileW | - | 0x004C23F8 | 0x000C21A4 | 0x000B8FA4 | 0x00000000 |
| GetUserDefaultUILanguage | - | 0x004C23FC | 0x000C21A8 | 0x000B8FA8 | 0x00000000 |
| lstrlenW | - | 0x004C2400 | 0x000C21AC | 0x000B8FAC | 0x00000000 |
| QueryPerformanceCounter | - | 0x004C2404 | 0x000C21B0 | 0x000B8FB0 | 0x00000000 |
| SetEndOfFile | - | 0x004C2408 | 0x000C21B4 | 0x000B8FB4 | 0x00000000 |
| HeapFree | - | 0x004C240C | 0x000C21B8 | 0x000B8FB8 | 0x00000000 |
| WideCharToMultiByte | - | 0x004C2410 | 0x000C21BC | 0x000B8FBC | 0x00000000 |
| FindClose | - | 0x004C2414 | 0x000C21C0 | 0x000B8FC0 | 0x00000000 |
| MultiByteToWideChar | - | 0x004C2418 | 0x000C21C4 | 0x000B8FC4 | 0x00000000 |
| LoadLibraryW | - | 0x004C241C | 0x000C21C8 | 0x000B8FC8 | 0x00000000 |
| SetEvent | - | 0x004C2420 | 0x000C21CC | 0x000B8FCC | 0x00000000 |
| CreateFileW | - | 0x004C2424 | 0x000C21D0 | 0x000B8FD0 | 0x00000000 |
| GetLocaleInfoW | - | 0x004C2428 | 0x000C21D4 | 0x000B8FD4 | 0x00000000 |
| GetSystemDirectoryW | - | 0x004C242C | 0x000C21D8 | 0x000B8FD8 | 0x00000000 |
| DeleteFileW | - | 0x004C2430 | 0x000C21DC | 0x000B8FDC | 0x00000000 |
| GetLocalTime | - | 0x004C2434 | 0x000C21E0 | 0x000B8FE0 | 0x00000000 |
| GetEnvironmentVariableW | - | 0x004C2438 | 0x000C21E4 | 0x000B8FE4 | 0x00000000 |
| WaitForSingleObject | - | 0x004C243C | 0x000C21E8 | 0x000B8FE8 | 0x00000000 |
| WriteFile | - | 0x004C2440 | 0x000C21EC | 0x000B8FEC | 0x00000000 |
| ExitThread | - | 0x004C2444 | 0x000C21F0 | 0x000B8FF0 | 0x00000000 |
| DeleteCriticalSection | - | 0x004C2448 | 0x000C21F4 | 0x000B8FF4 | 0x00000000 |
| TlsGetValue | - | 0x004C244C | 0x000C21F8 | 0x000B8FF8 | 0x00000000 |
| GetDateFormatW | - | 0x004C2450 | 0x000C21FC | 0x000B8FFC | 0x00000000 |
| SetErrorMode | - | 0x004C2454 | 0x000C2200 | 0x000B9000 | 0x00000000 |
| IsValidLocale | - | 0x004C2458 | 0x000C2204 | 0x000B9004 | 0x00000000 |
| TlsSetValue | - | 0x004C245C | 0x000C2208 | 0x000B9008 | 0x00000000 |
| CreateDirectoryW | - | 0x004C2460 | 0x000C220C | 0x000B900C | 0x00000000 |
| GetSystemDefaultUILanguage | - | 0x004C2464 | 0x000C2210 | 0x000B9010 | 0x00000000 |
| EnumCalendarInfoW | - | 0x004C2468 | 0x000C2214 | 0x000B9014 | 0x00000000 |
| LocalAlloc | - | 0x004C246C | 0x000C2218 | 0x000B9018 | 0x00000000 |
| GetUserDefaultLangID | - | 0x004C2470 | 0x000C221C | 0x000B901C | 0x00000000 |
| RemoveDirectoryW | - | 0x004C2474 | 0x000C2220 | 0x000B9020 | 0x00000000 |
| CreateEventW | - | 0x004C2478 | 0x000C2224 | 0x000B9024 | 0x00000000 |
| SetThreadLocale | - | 0x004C247C | 0x000C2228 | 0x000B9028 | 0x00000000 |
| GetThreadLocale | - | 0x004C2480 | 0x000C222C | 0x000B902C | 0x00000000 |
comctl32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InitCommonControls | - | 0x004C2488 | 0x000C2234 | 0x000B9034 | 0x00000000 |
version.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoSizeW | - | 0x004C2490 | 0x000C223C | 0x000B903C | 0x00000000 |
| VerQueryValueW | - | 0x004C2494 | 0x000C2240 | 0x000B9040 | 0x00000000 |
| GetFileVersionInfoW | - | 0x004C2498 | 0x000C2244 | 0x000B9044 | 0x00000000 |
user32.dll (16)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateWindowExW | - | 0x004C24A0 | 0x000C224C | 0x000B904C | 0x00000000 |
| TranslateMessage | - | 0x004C24A4 | 0x000C2250 | 0x000B9050 | 0x00000000 |
| CharLowerBuffW | - | 0x004C24A8 | 0x000C2254 | 0x000B9054 | 0x00000000 |
| CallWindowProcW | - | 0x004C24AC | 0x000C2258 | 0x000B9058 | 0x00000000 |
| CharUpperW | - | 0x004C24B0 | 0x000C225C | 0x000B905C | 0x00000000 |
| PeekMessageW | - | 0x004C24B4 | 0x000C2260 | 0x000B9060 | 0x00000000 |
| GetSystemMetrics | - | 0x004C24B8 | 0x000C2264 | 0x000B9064 | 0x00000000 |
| SetWindowLongW | - | 0x004C24BC | 0x000C2268 | 0x000B9068 | 0x00000000 |
| MessageBoxW | - | 0x004C24C0 | 0x000C226C | 0x000B906C | 0x00000000 |
| DestroyWindow | - | 0x004C24C4 | 0x000C2270 | 0x000B9070 | 0x00000000 |
| CharUpperBuffW | - | 0x004C24C8 | 0x000C2274 | 0x000B9074 | 0x00000000 |
| CharNextW | - | 0x004C24CC | 0x000C2278 | 0x000B9078 | 0x00000000 |
| MsgWaitForMultipleObjects | - | 0x004C24D0 | 0x000C227C | 0x000B907C | 0x00000000 |
| LoadStringW | - | 0x004C24D4 | 0x000C2280 | 0x000B9080 | 0x00000000 |
| ExitWindowsEx | - | 0x004C24D8 | 0x000C2284 | 0x000B9084 | 0x00000000 |
| DispatchMessageW | - | 0x004C24DC | 0x000C2288 | 0x000B9088 | 0x00000000 |
oleaut32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysAllocStringLen | - | 0x004C24E4 | 0x000C2290 | 0x000B9090 | 0x00000000 |
| SafeArrayPtrOfIndex | - | 0x004C24E8 | 0x000C2294 | 0x000B9094 | 0x00000000 |
| VariantCopy | - | 0x004C24EC | 0x000C2298 | 0x000B9098 | 0x00000000 |
| SafeArrayGetLBound | - | 0x004C24F0 | 0x000C229C | 0x000B909C | 0x00000000 |
| SafeArrayGetUBound | - | 0x004C24F4 | 0x000C22A0 | 0x000B90A0 | 0x00000000 |
| VariantInit | - | 0x004C24F8 | 0x000C22A4 | 0x000B90A4 | 0x00000000 |
| VariantClear | - | 0x004C24FC | 0x000C22A8 | 0x000B90A8 | 0x00000000 |
| SysFreeString | - | 0x004C2500 | 0x000C22AC | 0x000B90AC | 0x00000000 |
| SysReAllocStringLen | - | 0x004C2504 | 0x000C22B0 | 0x000B90B0 | 0x00000000 |
| VariantChangeType | - | 0x004C2508 | 0x000C22B4 | 0x000B90B4 | 0x00000000 |
| SafeArrayCreate | - | 0x004C250C | 0x000C22B8 | 0x000B90B8 | 0x00000000 |
netapi32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetWkstaGetInfo | - | 0x004C2514 | 0x000C22C0 | 0x000B90C0 | 0x00000000 |
| NetApiBufferFree | - | 0x004C2518 | 0x000C22C4 | 0x000B90C4 | 0x00000000 |
advapi32.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ConvertStringSecurityDescriptorToSecurityDescriptorW | - | 0x004C2520 | 0x000C22CC | 0x000B90CC | 0x00000000 |
| RegQueryValueExW | - | 0x004C2524 | 0x000C22D0 | 0x000B90D0 | 0x00000000 |
| AdjustTokenPrivileges | - | 0x004C2528 | 0x000C22D4 | 0x000B90D4 | 0x00000000 |
| GetTokenInformation | - | 0x004C252C | 0x000C22D8 | 0x000B90D8 | 0x00000000 |
| ConvertSidToStringSidW | - | 0x004C2530 | 0x000C22DC | 0x000B90DC | 0x00000000 |
| LookupPrivilegeValueW | - | 0x004C2534 | 0x000C22E0 | 0x000B90E0 | 0x00000000 |
| RegCloseKey | - | 0x004C2538 | 0x000C22E4 | 0x000B90E4 | 0x00000000 |
| OpenProcessToken | - | 0x004C253C | 0x000C22E8 | 0x000B90E8 | 0x00000000 |
| RegOpenKeyExW | - | 0x004C2540 | 0x000C22EC | 0x000B90EC | 0x00000000 |
Exports (3)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| TMethodImplementationIntercept | 0x000541A8 | 0x00000003 |
| __dbk_fcall_wrapper | 0x0000D0A0 | 0x00000002 |
| dbkFCallWrapperAddr | 0x000BE63C | 0x00000001 |
Memory Dumps (12)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| monitor.exe | 1 | 0x00400000 | 0x00511FFF | Relevant Image |
|
32-bit | 0x0040B3E8 |
|
...
|
| buffer | 1 | 0x024A0000 | 0x026BFFFF | First Execution |
|
32-bit | 0x024A0048 |
|
...
|
| buffer | 1 | 0x024A0000 | 0x026BFFFF | Content Changed |
|
32-bit | 0x024A1000 |
|
...
|
| amsi.dll | 1 | 0x6FC00000 | 0x6FC0CFFF | Content Changed |
|
32-bit | - |
|
...
|
| amsi.dll | 1 | 0x6FC00000 | 0x6FC0CFFF | Content Changed |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x10C00000 | 0x10C3FFFF | Reflectively Loaded .NET Assembly |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x024A0000 | 0x026BFFFF | Content Changed |
|
32-bit | 0x02666022 |
|
...
|
| buffer | 1 | 0x108BC000 | 0x108BFFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x00197000 | 0x0019FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x02280000 | 0x023BFFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 1 | 0x024A0000 | 0x026BFFFF | First Network Behavior |
|
32-bit | 0x02669332 |
|
...
|
| monitor.exe | 1 | 0x00400000 | 0x00511FFF | First Network Behavior |
|
32-bit | - |
|
...
|
