babylonrat | 77c64394f2e7191d28d11392886b109cd5a3c3ac2f704ecae063ea64f6528461

Analysis

max time kernel
266s
max time network
374s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02-07-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BuilderBabylonRAT/Babylon RAT/Babylon RAT.exe
Size

6.7MB
MD5

aecdce1d7e2a637d1dcacd2b4580487b
SHA1

d5cd12f7a18d6777c9ec8458694aa3a74fd23701
SHA256

9157a48c53ca7a4543bac5b771886c87ea407bab6bbb053b50bc22709111d572
SHA512

8bb5ad64f1b2e75e47c4671396a713018c74c44e84803887c6b4a200ea85f4c020ccfe15211af3899cdcf9d0f46ef994bfd939e462f61062044874f7a64d7a35
SSDEEP

98304:KbldsCQTcsBL54TRRTk3w0ZIWoPzSSosDlh7OLifNLxu2UVaCS2e7Csb6j9cgl36:GnPsHqRwvoPzSSosDlhCKzi9/2BO4T

Score

10^/10

babylonrat trojan upx

Malware Config

Signatures

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat

Executes dropped EXE 2 IoCs

pid	Process
1584	upx.exe
236	ass.exe

Loads dropped DLL 2 IoCs

pid	Process
2396	Babylon RAT.exe
2396	Babylon RAT.exe

UPX packed file 21 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x002f000000015d09-15.dat	upx
behavioral3/memory/1584-24-0x0000000000400000-0x000000000059C000-memory.dmp	upx
behavioral3/memory/1584-30-0x0000000000400000-0x000000000059C000-memory.dmp	upx
behavioral3/files/0x0006000000016d68-32.dat	upx
behavioral3/memory/236-33-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-34-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-91-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-154-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-682-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-735-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-788-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-868-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-888-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-915-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-1013-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-1223-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-1257-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-1287-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-1493-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-1511-0x0000000001340000-0x0000000001409000-memory.dmp	upx
behavioral3/memory/236-1530-0x0000000001340000-0x0000000001409000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
23	discord.com
82	discord.com
21	discord.com
22	discord.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe	Babylon RAT.exe
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe	Babylon RAT.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 47 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Babylon RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "2"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Babylon RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings	Babylon RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Babylon RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	Babylon RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Babylon RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000	Babylon RAT.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2396	Babylon RAT.exe
236	ass.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	236	ass.exe
Token: SeDebugPrivilege	236	ass.exe
Token: SeTcbPrivilege	236	ass.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2396	Babylon RAT.exe
2396	Babylon RAT.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
2396	Babylon RAT.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2396	Babylon RAT.exe
2396	Babylon RAT.exe
236	ass.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 1584	2396	Babylon RAT.exe	31
PID 2396 wrote to memory of 1584	2396	Babylon RAT.exe	31
PID 2396 wrote to memory of 1584	2396	Babylon RAT.exe	31
PID 2396 wrote to memory of 1584	2396	Babylon RAT.exe	31
PID 2464 wrote to memory of 2192	2464	chrome.exe	35
PID 2464 wrote to memory of 2192	2464	chrome.exe	35
PID 2464 wrote to memory of 2192	2464	chrome.exe	35
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2424	2464	chrome.exe	37
PID 2464 wrote to memory of 2236	2464	chrome.exe	38
PID 2464 wrote to memory of 2236	2464	chrome.exe	38
PID 2464 wrote to memory of 2236	2464	chrome.exe	38
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39
PID 2464 wrote to memory of 604	2464	chrome.exe	39

C:\Users\Admin\AppData\Local\Temp\BuilderBabylonRAT\Babylon RAT\Babylon RAT.exe
"C:\Users\Admin\AppData\Local\Temp\BuilderBabylonRAT\Babylon RAT\Babylon RAT.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\BuilderBabylonRAT\Babylon RAT\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\BuilderBabylonRAT\Babylon RAT\upx.exe" "C:\Users\Admin\Desktop\ass.exe"
  2⤵
  - Executes dropped EXE
  PID:1584

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2720

C:\Users\Admin\Desktop\ass.exe
"C:\Users\Admin\Desktop\ass.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6299758,0x7fef6299768,0x7fef6299778
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1496 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:8
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2804 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:2
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3400 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3696 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2444 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2648 --field-trial-handle=1148,i,12754123041003630344,5805808994901387948,131072 /prefetch:1
  2⤵
  PID:2964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
4fee25b9ddb4340f8bf37042ef8b263d

SHA1
edec0c7db41fbe7f88fa426fdbeef94dc443655a

SHA256
59792d00a4ca739f546a3e1ad2d0a542ff81c312a65ba4a83c12aaba755ff37e

SHA512
fd0b7d75c83896b074fceca54b03dfaf0bdc0bd5277832de17823018b6e6708ea66d206e87070c20a035dd54f7abfdd8a96e72818b1288febffa987a845338eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
257545fd07335f8212d4e3e153590187

SHA1
dbfd05c7eb3c7f2389a7b6848ca80c2a595f8bfe

SHA256
24f7ab15ec89e4e9061ea57205fa3586a96ba19f8072c766d364cb3a03830fbe

SHA512
6351bf97b90d6719d1a7a363a6c8b03e77d354b0ba08ddebdecf8f36374bf491894aacbe03f1766561602a29c58b0ee3e343282c63f103e9eefd25ab57722c25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
502d9ce2af1258de0dff5a4c033f165c

SHA1
b5a27d53733c651171cf5308306d49bf6ce0d722

SHA256
595244aea0900462b6e41e62564491eb22dad7cb98f023a0bb5097b3febab6d1

SHA512
cff4ac1c0852a211ec97967801c04bfba0c29e09597fdbdd86448e8b2c7f8aabfa10c17ea0c1a841ae70f3ff9b0ba0dec71c2a38148fc277b937e3d34c13ef57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
552e4c4579a2d90d3de64f16ff241e30

SHA1
2c9e2755fae85d3f317704e1462c4a2dae297e66

SHA256
eb50f68a7395a45fc0227f4b45994ba6aff5c1e892ee704b2718ce16533971c8

SHA512
a28d5af840131b27256b7479e737acff399b21845509e1d6411c78bd81bd3c1a3dc6dfc225324706f694207b910d62c993189e3058b5da15081248a8aaa3a88b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69e8da63d6d40aa1ade2323f0a1b5e6d

SHA1
b877a10a02cc71ea85841e1f64334f63f0221e27

SHA256
5be3a8f96b9d798b24009ff8e616777a050f9972f41bfa4280a4c004120f6437

SHA512
c571d95f35dc77168f7e914ce2b2c7de527e693e48d4172103e82786a2470254a0e749cbde980eaa48faeec6fbe2c0f36c85c3a5542c476012022181c8b3a81b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abb0681b354ec495113c65abdbd61682

SHA1
a8a5d449ead72135124be0e150e45eb8a8279e07

SHA256
8fa1b7df59a6f55addc01f9d507afaff56780c3128a0e1f7636aae087b777df6

SHA512
c3ebd29c469304756f0141dd53f5cf2664e096d24b1c86cf29da61412944ac1120b17a8988dbcd1f4416944ed3bdce29de5f7c96c41e067e2bb7eb0e920d7ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8453a38a60e2ddf3118dbbbb3e99a29d

SHA1
ea08f732a343175f99a936406dbb114560ca7996

SHA256
5da18098b9ffb65692702df87d96f632b988e4a33e9ab9f59f9f057b75fbf930

SHA512
ff90170e6cbe1c8eb7688a318076f487da602c7a9e12559a2da9a61a26840baf52d46662f7297e74ad2d834a99318e9199707b9a7b79e8615aa51f3af4412650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9c1fbb4ac6b85c532c5865302608d28

SHA1
979f67da24acc5352f24cfce202032b11eb0e88a

SHA256
7c6a87af85240370282a9f289c1f55c1f2a900d51f52127d4a2333a7dcd31d66

SHA512
6fd611a3ae4aefa80d56422d5a791148da091c162c3e64b94b7a8eebeb34751bd874d0aa7be2974343b096524159d2688b15df375201193fce8e8cc83c3e518b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98a722062e2ec0fd58fe4e8e8168faa4

SHA1
c0a2c1d4a11ed4fb9bc0cc7983ef186ab309c0aa

SHA256
ccce2a7aefe72914139d5ef4911614e5c41deb3317316af3f96d1ab0b2f4cd30

SHA512
f391e634f333fbf8c475f2ea3ba6bb4ff062c1d0114f72d85502eb627c121b3a506b9cfad7d001e846ada6c0bc67d2cb43dc6f2643fb579d35cdb5531f77ea60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a4dc76a8c7222a83fa1ecc84c0be8c9

SHA1
5994e548de5edd49b8d532f9e9350ab97b50fa82

SHA256
51423656639d0a5b4000fb876fab0bf27330f18a2dbcd5275f1b251eed481f97

SHA512
8d01bd6d192ab4c581a43787615fb6b844547cb2bc4c5e386f12b40248fe4f89481ebfc93ee49b57cc1b0d9a0fa18662346f76f2fcac2e0d8be1b864c4838353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e6a0bcc557a223081ade7723eaa04203

SHA1
920b8937e98f36bd687c424691fa848bdbc36ef8

SHA256
4cec6c9f7d1975613df2a4ba514fc75befccbd3ac7b072f723beea2fc0c5afa3

SHA512
b996854dab9356c8aa9127d936e5f2812f3091228f5be17a4bc870cda8eb19a424478f098a756acf675903a45d57af9d5f2f81195c94d2c8e7ff7b289177e504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
68388336a388bb3de79d745407cde66c

SHA1
2add5198669ab3039dd50f8f3d288073df0b1b13

SHA256
3c104259fd69731d137c3684de5c79937df3b4f0a9dc9a06e1f4d60214d45df7

SHA512
ad35222d9cb0513603785292f7b7b21db7d85af93e69b58493b39623ed86056bbb064dbe9aeeaf54b3d2ac192ac5164264825fdbad6af37e04ff29bba2f46469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
aa141d8d5ed4afa7e49cb055b707e279

SHA1
561e3fdb30a908291349fff0ae7e59bd99531243

SHA256
21af42b32de3602d6a3acccf9572e88febb2a1c97f9cf96312ef656084fb5d08

SHA512
52f0f5b0a49be3c2d51da731be8610324b1ed38226e5b475bd7764fdc39ccc36188a3073ed9e97828ec0bafc4853a47ed00c2730ed22f5053f6cf9f344a1df24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4bacc9c0f00f4ab902a6e3a0e9be5d6d

SHA1
904b1775eaeacd69422e77487fda8e3550e3f233

SHA256
17fccbd2b09e233eb1f7dd332bff00215ac7db86f0f5055a24b34c8b338067c2

SHA512
9520ec9a1aef5889a14bf754847d696fa3d92d68c683b7407e65a7abfb3e59d7af2a289a3381c5e7e93c9d0f3f83fd6cdcbf4d3703aa171421ee497ee1f06f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
24f27cc8d586b71ad921912aa681d555

SHA1
84aebfcb417cef1fef232e77b2ad566fc5d77ed2

SHA256
7b94e81335c71c0243e4edbd6e976bd84486e416b5f9acbb7230d82ff98d7c4a

SHA512
9215c75ed962b205b6e3898cc284209871203f2fef9d1b2a6abf1883a7d24fb7b6c93971f2bc0ee8210491ad192df869a39c7ed6061d388438c4904755f512f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
73f029a40b7565f082e223ebc035e47d

SHA1
98f46ba22ef1ab606117a59ff484165da45382e4

SHA256
e08c7b3465c61d6e5b0b48457daaa115c81ce099f11ccb62e564415f4423ee27

SHA512
27f25d33ecdd1b8db6a115cb38b78005452d4506c9d5cda02bbc052295559a298f5120e855592c4b11f8893222e136387ad7609a1851e21a46b7db4b200273fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
799eafc7431020cae7f0c7c513816e4c

SHA1
2d11eb9a30e1685b0877ff500bbeabcbdb269143

SHA256
e5bd5d8335fcf634d023d2d29b4770692291153fd3adaafb826a2637c1a215ff

SHA512
0244236cec81b7895c9a0dfe69581b0d888f3c5f7ac15d6b3b128da3e5e31b291ebcf093ff1d1801d77d372d87a38ce22357ea3e17bff1de0ba1c8b78b896ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
14de4e04ad42f0aa818340c921163eef

SHA1
64b3c6906bf0fd0b20c3db066ab3511dcaf23067

SHA256
5d6929e67b92620b7a7bb41c0f00ebbddb4249e8d98daa0d2cf784df9316dd1c

SHA512
a9de3c97a1e7a087d862f9e212950acc41334a79d3d05ce08a4b6e68a13f4a57889c3b72db91e57489ff1f37c65d10cbbb2aaa4ca8dc8e60ac592f14a2e38348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c7a956d618ebe5e95865cb2e5f04bb4

SHA1
cf5896cf87fb328b19392449f56d4504b7da684a

SHA256
2102a7138dd7805b498f643d7cbada396583afdff5e55fa95f6ac5fad6153aac

SHA512
744431cbc91dcb4b2db4e4eefbaf8c05ef28c0511b320ff5690b1f6095559a8584bd3843a01c437230468b662b24d9563370b5642c22a9f5fe5368b16e1f9495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d8319b3214f4633cb4a95d14815a5916

SHA1
ef16483482cebe3123ce47792ec91d8bd9b5b8db

SHA256
f2973cca6f1780c3bd66fe3790eeaa2c5a528f745c639c1bf4dd2869ce7837d8

SHA512
e567fce3d4d3d4851293df6114f2e65cc4cf525e5d695c35df5af82d9994d1df557003f0ba48990b58261f1aaa6e81b914a0c43c5fcd405af79695d5b347b2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
06d2efca41ff70bd86134d84eb7d25bf

SHA1
1f707432b5eaf6ce58599a1281e0bf3963284011

SHA256
a4115c7e6ea07e55cb7ba900b4582e5e620dfb77a86850d4c8c9f893263b7ede

SHA512
1d2a01950ade139ca0a0d37d3c4bfd4194522a7af5941af98b9919caa81cecb7ad84331e9fa3c2397bcc2469a022883b9b564290531ca3ccd1c636595a93fdfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9ee42d1f1ae3ab27b6fa24d9172d404

SHA1
7a0279cc8346cbce6cda396ef2a53302d10fab5f

SHA256
29bb354dacbe408bc733244a5f594b25e3b5359dc4878fb2f97efffd801a45ed

SHA512
63ac850f28e32bbfc1ed21985b19a8605929073c9b57a664d77db8927a8a55bdaa9cec09fbd790a32bcdbce0a03210ac7fe2fe50efaaadcb656ffa5c088ed2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
365469258abd8f03273d64bb50008a54

SHA1
cd7098740f1fd934ac0b4b435031016aa30143b3

SHA256
425320362a58b5b94708b544418fbf2631096be29bcadb4e705b79b6b8ef7002

SHA512
ac48ef1c048ccd26edd2c7c394beb080fe4c855152b423cc79289fdaf7da8fad5634443a6ace6c885a5a7c8044ed302ea57d791cf8fd007b2565a426a0269217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5bf0743ee6958016fa4934688c2921e4

SHA1
729d14af09e15aad7beda5e68da63886a83269a2

SHA256
9f19790ebc2df12be9b0a434087425819c1d3bb185b3b272f2aa1d288f6fa59e

SHA512
113cff7a0d061c2bccee40df0bc88bac89a4cc6a60ec7661fdfc86b917e28e517259d2096bf896efd4f981cf438b464e3485f46ccab5592829bfa87e583686fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
48b93774b4fc1c366042110207220aea

SHA1
27b10add3d2ab6196616c7ffa3810e585929ba5d

SHA256
4abe18d847d378a46b65b7a12a5bc3bb903596caea2e57a1122c86e7b67b23f4

SHA512
7cd64c3668cac7caf62e181f6985352b7e3b5e0e7621c33d6b507dd51e56879dc7001046923bc80d86018e34d49a468887772e375a2d5a0876fa39fc11af6bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b6a84373d5aca030820084549b7c18f2

SHA1
d0b037448c927321d4e6912b674c9e6276a7825b

SHA256
a9ab0a750fbf544996fd3ae7708505080e4e8e7ea30808eac53a895e5949c7ba

SHA512
23d0650f147f23d9ee2cccee332131f998d1cab31579ac472cf238b4c202912211eab5fa37cdc99a5b78d54c4244991cc657739f58cec9efd852225e78ef4b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e5382324b34582b90fd625ed6c07e9ee

SHA1
f7f167d5bd4c26f60c6af1639135b843d19c6188

SHA256
75e9de530a8cd640c8e6195b955bf1f5e6a258df232b28b01ef8f24f0c97b71a

SHA512
045d1e0127d65ee1b4559148f24407e608c256b62f0bf85e6fe4cc8755052c816ca8edf26abaaf090d606cd663de795ac771b92007eae1e4740247d42e2f2ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
35d822f1b38411b35ab16d60159a0d4b

SHA1
79607690dbec5770930a895184236a224e1c8345

SHA256
30d54e7460b29f9fb7b8c7d6613d33d282eaf898c27baa01ee972d17bb7e46d6

SHA512
768d02567a3a3fa18b897fb274fc1b16a2a2185f3c0311dec81daef110699b3e607bd18d82a02c3d1b243628e756fdaee4a8cd1b27a9745116c32c9239b73836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
812cb5ef6729d0e207ca120d9d99dd50

SHA1
a86d3cd74c47045cc997426876bfa1f8adc420cb

SHA256
59943c605315b3df6adf6da932a746cf15f591501666e84dbebd94585a2e30ea

SHA512
afdda9ec3f03f7a14fe67892b5c43f4023a159289aa7198995d9d0494516bfb36e95d6002ee8a5b503888accf509b4cb3e442113fd8955415baec414166d91ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
19e891e4a0724c707c4b1f16390bd134

SHA1
3465d5f71ad99521329f9a7a902d628903b5a1e3

SHA256
85ca10c383551b95f7ba9a07a585092dc9572b95daea4e5b5de22b3344f364f1

SHA512
72eb69343a906095de32f0425d0b4273aab49cd55c63a0591f8673ea57fd620073d17f46cd76f9fcb5bc7c19600b76ea3f74add0784244ab3e32aca7a0543846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8fd6e1cfe8a53d9da04ef46cb4273758

SHA1
566339004c7d43c2f7ad8ae471bdae1181cd9b44

SHA256
ae388477c6ce8c3b7c6becda458328e853aa64fb2a593cae6dbaaab7c046f7a9

SHA512
f7ff75330ca7a33d1bc91534a7dc50bd362d58b848f853839b52451b162f268406ff5bcf800ac85936862ce2ab3a724d429b99d47f2caa9bf6e44babaa8fae57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b22dbe73a294ee7ed4dde992be7fc10

SHA1
18c60815ba21dfc57eb2ad081e3ab74649d33a0e

SHA256
cc3ed69727a0f7172a0133436334e94fd719187a7169d7e0bb9aacb3f564ec41

SHA512
fa283b29007a96322bb1091e801a87870d07797910068564c4651637351f1c3c649a666c64bf68317518274ed43ec3316067e0bd4689f1b5a135ccfa770aebf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd520cf45314b3653df77e59e365d172

SHA1
b5b510688b727cf2faacfdfcfd254e75561d075b

SHA256
7f8865676c0186f92589d3936a31eb758d6b0ea24943ab88094fc98bd15d8ec3

SHA512
a31a08815d7b6fd9031cd76375c53e3bd6e7b4db6b78ecaf1a4dd71d84da134bd27c9a54fd34d065949e4c671cd292a2172da3db5c77e095709b3feff6b26e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4A6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 07 02 - 01 21 AM

Filesize
486B

MD5
9580179ee3ae137e015a67c3de073279

SHA1
26ed4e8d070ad09c647a6f6085708ee47c8df35d

SHA256
13ae70f5b87f6f0c84a1794e2f69de8a25d4282c98529d58168117fd6f6ea24c

SHA512
1cc8a7bb8056f34513e4dc213ac077c7d82a8b587edc16c2987893a7218304587b0e4058c93fe12b50c7c0171552128dfb50b4e6bb9efe35dd0ff3315b044944

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 07 02 - 01 21 AM

Filesize
270B

MD5
7c5160da9a45ef7ebac46aaeb3759510

SHA1
406da183b5d16bd5ec78982634e49efc790eb7f0

SHA256
f7ef7676aaf79071badc7639ea3240f87986dfe5d55953f16957df891550bb84

SHA512
8fa531ac037156d7108d0683c7c1c11450a972e6728f892a6abaee7f26975d880b7ad4e13baf3c950bec979748ee45ef8575e26c088964e80ab28bee3439fd69

Download Submit
C:\Users\Admin\Desktop\ass.exe

Filesize
733KB

MD5
5d76d6c7ec7a4a2fb3f3e1cbd40bffbb

SHA1
13117e8347818759fa6bf051e0d8a51a60efe5a4

SHA256
20fea6a3fe12f140e49a259195b46bfd3e1b87c6f3046349060ee8fe0c7840cd

SHA512
a1e40deb884ee1196b07b650af95b533db52a8e4ca68f9872b25e5d90934321721b7fe73eb5dbaf032881427232a1202e799ffd37bc97f30a81cfbd63cf39803

Download Submit
C:\Users\Admin\Desktop\ass.exe

Filesize
355KB

MD5
54f1d5d16467c4a51888eda95d1c6daf

SHA1
27238eed0ff0c02bce63387765fd7bd163476e45

SHA256
47f4c2bd34854af9c4403634f9997fc29fc0a2b1eb2853015105d7cc979a5da7

SHA512
317fd6e1c2e8a559cfb672143ed3e76830d4fa8e6bb3fc35cdf84f16d3b16b41feae7606c259c2cf5673d0369d7fdf33f603857cea2f92267e3ee7e828dfc8eb

Download Submit
\Users\Admin\AppData\Local\Temp\BuilderBabylonRAT\Babylon RAT\upx.exe

Filesize
298KB

MD5
e9eacbb7ab4b3f66019e0a2f13a1dba9

SHA1
ae30894b29e52bf04afc4a54795d438fb910acff

SHA256
0c3dc789d0a46493bd097526b920d913d930d96b1052cb331eec3ac560c89996

SHA512
925445d20c93c65a282fc59f773551d824bff1f8e2623fd8ea0c587831a9550c400f121defb3d82c8f0401903fa69e3154dc98e29688d02af1d5d01247914a06

Download Submit
memory/236-1223-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-682-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-868-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-735-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-888-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-915-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-1530-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-1013-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-154-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-33-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-1511-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-1493-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-1287-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-34-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-91-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-788-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/236-1257-0x0000000001340000-0x0000000001409000-memory.dmp

Filesize
804KB

Download
memory/1584-30-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/1584-24-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/2396-6-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2396-5-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2396-7-0x00000000740FE000-0x00000000740FF000-memory.dmp

Filesize
4KB

Download
memory/2396-22-0x000000000E720000-0x000000000E8BC000-memory.dmp

Filesize
1.6MB

Download
memory/2396-8-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2396-0-0x00000000740FE000-0x00000000740FF000-memory.dmp

Filesize
4KB

Download
memory/2396-35-0x000000000DC10000-0x000000000DDAC000-memory.dmp

Filesize
1.6MB

Download
memory/2396-9-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2396-21-0x000000000DC10000-0x000000000DDAC000-memory.dmp

Filesize
1.6MB

Download
memory/2396-4-0x0000000000AB0000-0x0000000000B1C000-memory.dmp

Filesize
432KB

Download
memory/2396-10-0x000000000C880000-0x000000000C882000-memory.dmp

Filesize
8KB

Download
memory/2396-3-0x0000000000A80000-0x0000000000A9E000-memory.dmp

Filesize
120KB

Download
memory/2396-2-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2396-84-0x000000000E720000-0x000000000E8BC000-memory.dmp

Filesize
1.6MB

Download
memory/2396-1-0x00000000000D0000-0x0000000000792000-memory.dmp

Filesize
6.8MB

Download