Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Babylon RAT' = '%PROGRAMDATA%\Babylon RAT\client.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '_DefaultEx' = '<REG_NONE>'
- %PROGRAMDATA%\babylon rat\client.exe
- '%PROGRAMDATA%\babylon rat\client.exe'
- '%PROGRAMDATA%\babylon rat\client.exe' 1676
- '%WINDIR%\syswow64\cmd.exe' [zoneTransfer]ZoneID = 2 > "%PROGRAMDATA%\Babylon RAT\client.exe":ZONE.identifier' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' [zoneTransfer]ZoneID = 2 > "%PROGRAMDATA%\Babylon RAT\client.exe":ZONE.identifier