92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe
Size

69KB
MD5

98251ccdedc6de7a72a6696c03d5090d
SHA1

ffcbacf6a9aba6f0239647d715c71f1c9b82710b
SHA256

92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004
SHA512

df489b8efb941f36f640d79b44c8a6dde310e1a286f7e2de238cbe046a594952ed94f03e5c3437340f8b0e20db2eb149e69e7effcd3fc6bab7f6200da646260f
SSDEEP

1536:TfgLdQAQfcfymNg7fruKCq5MF5GBe1HH22irdWKHZQGDR2gjqrbl:TftffjmNg7Mq5MDHH22ihnDlGr5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1644	Logo1_.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactNative\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.513.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\XboxIdp.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\onenote\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmprph.exe	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\or_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sw-KE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateOnDemand.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-tw\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe
File created	C:\Windows\Logo1_.exe	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe
1644	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 4800	1984	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe	81
PID 1984 wrote to memory of 4800	1984	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe	81
PID 1984 wrote to memory of 4800	1984	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe	81
PID 1984 wrote to memory of 1644	1984	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe	82
PID 1984 wrote to memory of 1644	1984	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe	82
PID 1984 wrote to memory of 1644	1984	92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe	82
PID 1644 wrote to memory of 2128	1644	Logo1_.exe	83
PID 1644 wrote to memory of 2128	1644	Logo1_.exe	83
PID 1644 wrote to memory of 2128	1644	Logo1_.exe	83
PID 2128 wrote to memory of 4048	2128	net.exe	86
PID 2128 wrote to memory of 4048	2128	net.exe	86
PID 2128 wrote to memory of 4048	2128	net.exe	86
PID 1644 wrote to memory of 3472	1644	Logo1_.exe	55
PID 1644 wrote to memory of 3472	1644	Logo1_.exe	55

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3472
- C:\Users\Admin\AppData\Local\Temp\92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe
  "C:\Users\Admin\AppData\Local\Temp\92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a319F.bat
    3⤵
    PID:4800
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
533ce215a7c274602dc456ca375cef93

SHA1
76c502d7c45eca3fd96f6b04eb850e751bc785dd

SHA256
d70c9f73bbeed5cbc0df4a4d14bae68789f84d8092281337d2919322b288ce9c

SHA512
09d9dee36c48567921de4b7c31c4a822d5f9ed5e0b1cb0330031b320f40b5ba9b15e89dc37d52561094642c0ff16c14d32e81ed5b1dac06150fefbbd6f3365bf

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
36a4b162d18128e31de9133a9b4ec603

SHA1
0c4c5051416b774d60b97b85a973366984e4ac73

SHA256
ae5313cb92bcd23b2ef28c2b476df0a24b3c27b046524656240fa4c4dbf15da5

SHA512
496ba693e19d840bd76393ecc06b35610c0305f9b506a6ee0de0bfb2f52979d717dff2b8bcc3e6f831c5bf411794ce3b805800b5e15a13be8b3c013f81599565

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a319F.bat

Filesize
722B

MD5
d04bd7797d60101899e2a42310815040

SHA1
f50b2b48815841d9712705a028d6fa66a2d5e094

SHA256
440c6add45132ba3c8f3351190b7ee6d3bf303923f6eec555926dfd97a39c9bd

SHA512
a5b10dfb9bce5b88eff666da32d2defc1a5395150fa1c3b86b64611170fa4512679c7162e0a04ec2ae04449fcd55cdb6128083c05c4c5b83a44ae7a0dd08bd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\92e1e01f8701852db9a1e65b1f2c5d2c9ae70b5fdd560b895c88840e6d350004.exe.exe

Filesize
43KB

MD5
014e9e117ea251d7afd81e5851c67cc2

SHA1
5bb10fa016ae167b81ee6eecbfcd876cbaf24fef

SHA256
52bee7d83624e3d994bf35420afdd113f710241859092cb07092901e49872854

SHA512
d34f3901a92682102940600caf52f60aa69364e232caf84d2fce2a092b27052e3e680cde6132562893a5f538477495c27731a1363e722fd3bc5ede95955ad1bd

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
2763933e4242551014d36b1dfcb631f7

SHA1
8fd2f3892904d8eb8ae9889e9d535a53caa9555b

SHA256
887c8250188b2f2c82d30ebfbe6ffb550d6a295464ac2d348063620577cdbd7d

SHA512
a018b563efd1fcaa228590aa68b772392e719ac46fd5bb76b04a82de265135b1baabb94bba9ed15bfd1824b12b797fc73ba70effb25ba01506d150dc449bb202

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2539840389-1261165778-1087677076-1000\_desktop.ini

Filesize
8B

MD5
8ca26bb1fe4da60eed2a231635eb2857

SHA1
405090f7801e12b524dae9c7d0fef9a3fa8b41d8

SHA256
503d5e11de7bb526313442e7b0380b9fb27430b5ada8ad10b5008827c8a4fc54

SHA512
6852196fcd3912e037e41764f999dbb155b95d7b706e496159ac06845e46ec03a875d8a6a3a54e1316d9ce2986fdc17fdaa98024aa3a3c69f276d34ebf0c7426

Download Submit
memory/1644-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1644-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1644-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1644-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1644-1230-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1644-4786-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1644-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1644-5225-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1984-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1984-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download