babylonrat | cb831ca08798bcea49874f81a7fe08368c057bd3bf9d1bfba6d7bb92fa61c4c1

Analysis

max time kernel
205s
max time network
161s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
14/03/2025, 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ws4.exe
Size

355KB
MD5

474885a0b7d7ce32f93b1b141f716a6b
SHA1

d3b796ebc8b1121a80972d6d5bb3bcfecefce3ef
SHA256

cb831ca08798bcea49874f81a7fe08368c057bd3bf9d1bfba6d7bb92fa61c4c1
SHA512

6a05d281970222ebb7868ba0653ac64ef3973cd62165da78404cb5a7589b977be0a01b4bd5c3d7e4d2210fefef1e4de340741e912bf8532cb7bd2a7184bb371b
SSDEEP

6144:RL1ncfWwN0oc35jeRh8Xqfy/Ka1OHAH0tMrKCTEABG+Z9d3cQT/9nR4Ioy19K:RLdcfxaeM6fy/KaVUtgKkTZ73coNRJ

Score

10^/10

babylonrat discovery persistence trojan upx

Malware Config

Signatures

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat
Babylonrat family
babylonrat

Executes dropped EXE 7 IoCs

pid	Process
252	client.exe
2188	client.exe
1644	client.exe
3864	client.exe
1760	client.exe
1672	client.exe
1112	client.exe

Adds Run key to start application 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	ws4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	ws4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	ws4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	ws4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	ws4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	ws4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Babylon RAT = "C:\\ProgramData\\Babylon RAT\\client.exe"	ws4.exe

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/756-0-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/files/0x0008000000028205-1.dat	upx
behavioral1/memory/252-2-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/756-4-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/252-5-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/252-6-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/252-7-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/252-10-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/252-49-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/5740-51-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/2188-53-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/2188-55-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/252-56-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/4088-58-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/1644-61-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/252-62-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/6060-65-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/3864-67-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/5244-72-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/1760-75-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/1880-78-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/1672-80-0x0000000000390000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/3452-88-0x0000000000600000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/1112-90-0x0000000000390000-0x0000000000459000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ws4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ws4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ws4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ws4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ws4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ws4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ws4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
252	client.exe
252	client.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
252	client.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	756	ws4.exe
Token: SeDebugPrivilege	756	ws4.exe
Token: SeTcbPrivilege	756	ws4.exe
Token: SeShutdownPrivilege	252	client.exe
Token: SeDebugPrivilege	252	client.exe
Token: SeTcbPrivilege	252	client.exe
Token: SeShutdownPrivilege	5740	ws4.exe
Token: SeDebugPrivilege	5740	ws4.exe
Token: SeTcbPrivilege	5740	ws4.exe
Token: SeShutdownPrivilege	2188	client.exe
Token: SeDebugPrivilege	2188	client.exe
Token: SeTcbPrivilege	2188	client.exe
Token: SeShutdownPrivilege	4088	ws4.exe
Token: SeDebugPrivilege	4088	ws4.exe
Token: SeTcbPrivilege	4088	ws4.exe
Token: SeShutdownPrivilege	1644	client.exe
Token: SeDebugPrivilege	1644	client.exe
Token: SeTcbPrivilege	1644	client.exe
Token: SeShutdownPrivilege	6060	ws4.exe
Token: SeDebugPrivilege	6060	ws4.exe
Token: SeTcbPrivilege	6060	ws4.exe
Token: SeShutdownPrivilege	3864	client.exe
Token: SeDebugPrivilege	3864	client.exe
Token: SeTcbPrivilege	3864	client.exe
Token: SeShutdownPrivilege	5244	ws4.exe
Token: SeDebugPrivilege	5244	ws4.exe
Token: SeTcbPrivilege	5244	ws4.exe
Token: SeShutdownPrivilege	1760	client.exe
Token: SeDebugPrivilege	1760	client.exe
Token: SeTcbPrivilege	1760	client.exe
Token: SeShutdownPrivilege	1880	ws4.exe
Token: SeDebugPrivilege	1880	ws4.exe
Token: SeTcbPrivilege	1880	ws4.exe
Token: SeShutdownPrivilege	1672	client.exe
Token: SeDebugPrivilege	1672	client.exe
Token: SeTcbPrivilege	1672	client.exe
Token: SeShutdownPrivilege	3452	ws4.exe
Token: SeDebugPrivilege	3452	ws4.exe
Token: SeTcbPrivilege	3452	ws4.exe
Token: SeShutdownPrivilege	1112	client.exe
Token: SeDebugPrivilege	1112	client.exe
Token: SeTcbPrivilege	1112	client.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
252	client.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 252	756	ws4.exe	81
PID 756 wrote to memory of 252	756	ws4.exe	81
PID 756 wrote to memory of 252	756	ws4.exe	81
PID 5740 wrote to memory of 2188	5740	ws4.exe	91
PID 5740 wrote to memory of 2188	5740	ws4.exe	91
PID 5740 wrote to memory of 2188	5740	ws4.exe	91
PID 4088 wrote to memory of 1644	4088	ws4.exe	93
PID 4088 wrote to memory of 1644	4088	ws4.exe	93
PID 4088 wrote to memory of 1644	4088	ws4.exe	93
PID 6060 wrote to memory of 3864	6060	ws4.exe	95
PID 6060 wrote to memory of 3864	6060	ws4.exe	95
PID 6060 wrote to memory of 3864	6060	ws4.exe	95
PID 5244 wrote to memory of 1760	5244	ws4.exe	97
PID 5244 wrote to memory of 1760	5244	ws4.exe	97
PID 5244 wrote to memory of 1760	5244	ws4.exe	97
PID 1880 wrote to memory of 1672	1880	ws4.exe	99
PID 1880 wrote to memory of 1672	1880	ws4.exe	99
PID 1880 wrote to memory of 1672	1880	ws4.exe	99
PID 3452 wrote to memory of 1112	3452	ws4.exe	101
PID 3452 wrote to memory of 1112	3452	ws4.exe	101
PID 3452 wrote to memory of 1112	3452	ws4.exe	101

C:\Users\Admin\AppData\Local\Temp\ws4.exe
"C:\Users\Admin\AppData\Local\Temp\ws4.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:756
- C:\ProgramData\Babylon RAT\client.exe
  "C:\ProgramData\Babylon RAT\client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\ws4.exe
"C:\Users\Admin\AppData\Local\Temp\ws4.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5740
- C:\ProgramData\Babylon RAT\client.exe
  "C:\ProgramData\Babylon RAT\client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2188

C:\Users\Admin\AppData\Local\Temp\ws4.exe
"C:\Users\Admin\AppData\Local\Temp\ws4.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4088
- C:\ProgramData\Babylon RAT\client.exe
  "C:\ProgramData\Babylon RAT\client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1644

C:\Users\Admin\AppData\Local\Temp\ws4.exe
"C:\Users\Admin\AppData\Local\Temp\ws4.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:6060
- C:\ProgramData\Babylon RAT\client.exe
  "C:\ProgramData\Babylon RAT\client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3864

C:\Users\Admin\AppData\Local\Temp\ws4.exe
"C:\Users\Admin\AppData\Local\Temp\ws4.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5244
- C:\ProgramData\Babylon RAT\client.exe
  "C:\ProgramData\Babylon RAT\client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1760

C:\Users\Admin\AppData\Local\Temp\ws4.exe
"C:\Users\Admin\AppData\Local\Temp\ws4.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1880
- C:\ProgramData\Babylon RAT\client.exe
  "C:\ProgramData\Babylon RAT\client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1672

C:\Users\Admin\AppData\Local\Temp\ws4.exe
"C:\Users\Admin\AppData\Local\Temp\ws4.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3452
- C:\ProgramData\Babylon RAT\client.exe
  "C:\ProgramData\Babylon RAT\client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Babylon RAT\client.exe

Filesize
355KB

MD5
474885a0b7d7ce32f93b1b141f716a6b

SHA1
d3b796ebc8b1121a80972d6d5bb3bcfecefce3ef

SHA256
cb831ca08798bcea49874f81a7fe08368c057bd3bf9d1bfba6d7bb92fa61c4c1

SHA512
6a05d281970222ebb7868ba0653ac64ef3973cd62165da78404cb5a7589b977be0a01b4bd5c3d7e4d2210fefef1e4de340741e912bf8532cb7bd2a7184bb371b

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2025 03 14 - 06 21 PM

Filesize
82B

MD5
1e3d429a9b7ebcee23ea29302d4f7e0e

SHA1
4242f0e605572bb2cccff1066b2bd7f6ab7b34c0

SHA256
06878b276e3fa2b975c18483ee816b6dc8cf3aeafd02ce886f918c55f0b10ca1

SHA512
e4674739026e89f628c7c93342b060260f6dfa103eab7d4b957e419165a0100f34894ced18535b759ba02bef9ba674b6177c6cfac97f8b5b29063393cae93beb

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2025 03 14 - 06 21 PM

Filesize
106B

MD5
00e5a53a9f8fa6ed1495898d19078d33

SHA1
d4b5d30e42851fb6983052b56a5c967f1aa4556e

SHA256
4d271db58fad4f8153c824b8b707949dede286ad56c305ba7e2dcd6a34fd5ed2

SHA512
f133e6c1a7982e904b222328e9864ff53405d1e4c55bab42424cd7f6c22453dfdda3869ec8168f41b0c58dc2da815d0c09b19ddd897bf0952084106d9f9567e8

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2025 03 14 - 06 21 PM

Filesize
112B

MD5
3459dfca89e40b3adcf47a00c74c2072

SHA1
0d79122f802c128171faa6bd696b06422f490ea5

SHA256
4b790feddca6749e0d086eac403e0b3cc01cddcb4feeb131d598552b74b6a25d

SHA512
dfe4990b6d82b84f9c9269636c49719e7fbd509f7ac3300099fdc4565fa7859108474ab6741b30d388cdb5fcee183a38d209c7f6194dfbef4219232da85137d0

Download Submit
memory/252-62-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/252-56-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/252-7-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/252-10-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/252-5-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/252-6-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/252-2-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/252-49-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/756-0-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download
memory/756-4-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download
memory/1112-90-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/1644-61-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/1672-80-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/1760-75-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/1880-78-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download
memory/2188-55-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/2188-53-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/3452-88-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download
memory/3864-67-0x0000000000390000-0x0000000000459000-memory.dmp

Filesize
804KB

Download
memory/4088-58-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download
memory/5244-72-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download
memory/5740-51-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download
memory/6060-65-0x0000000000600000-0x00000000006C9000-memory.dmp

Filesize
804KB

Download