Resubmissions
30-06-2024 01:18
240630-bn62va1erg 1029-06-2024 22:53
240629-2t7tfaydje 1029-06-2024 22:33
240629-2gkhdayald 10Analysis
-
max time kernel
990s -
max time network
959s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 22:53
Behavioral task
behavioral1
Sample
Borat/BoratRat.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
Borat/BoratRat.exe
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral3
Sample
Borat/BoratRat.exe
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
Borat/BoratRat.exe
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral5
Sample
Borat/BoratRat.exe
Resource
debian9-mipsel-20240418-en
General
-
Target
Borat/BoratRat.exe
-
Size
20.0MB
-
MD5
65b694d69d327efe28fcbce125401e96
-
SHA1
049d4d71742b99a598c074458f1f2d5b0119e912
-
SHA256
de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab
-
SHA512
7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b
-
SSDEEP
393216:V+G+oTCP+Zw6NLIsFfskh1BmXGnfBd+Uw:IGpTCP+Zlnk0rmkBYUw
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641753536878224" chrome.exe -
Modifies registry class 64 IoCs
Processes:
BoratRat.exedescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5600310000000000cb58e7ac12004170704461746100400009000400efbecb58e7acdd58dab62e00000074e101000000010000000000000000000000000000006518b4004100700070004400610074006100000016000000 BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000cb58e7ac1100557365727300640009000400efbe874f7748dd58dab62e000000c70500000000010000000000000000003a00000000001e67c20055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5000310000000000dd58dab61000426f726174003c0009000400efbedd58dab6dd58dab62e000000e4340200000007000000000000000000000000000000dca8600042006f00720061007400000014000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff BoratRat.exe -
Suspicious behavior: EnumeratesProcesses 32 IoCs
Processes:
BoratRat.exechrome.exepid process 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 376 BoratRat.exe 3124 chrome.exe 3124 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
BoratRat.exepid process 376 BoratRat.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
chrome.exepid process 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
BoratRat.exechrome.exedescription pid process Token: SeDebugPrivilege 376 BoratRat.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe Token: SeCreatePagefilePrivilege 3124 chrome.exe Token: SeShutdownPrivilege 3124 chrome.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
Processes:
BoratRat.exechrome.exepid process 376 BoratRat.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 376 BoratRat.exe -
Suspicious use of SendNotifyMessage 27 IoCs
Processes:
BoratRat.exechrome.exepid process 376 BoratRat.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe 3124 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
BoratRat.exepid process 376 BoratRat.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3124 wrote to memory of 3332 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 3332 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4660 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 1232 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 1232 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe PID 3124 wrote to memory of 4596 3124 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Borat\BoratRat.exe"C:\Users\Admin\AppData\Local\Temp\Borat\BoratRat.exe"1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4172,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:81⤵PID:3584
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:4240
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fffd9b9ab58,0x7fffd9b9ab68,0x7fffd9b9ab782⤵PID:3332
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:22⤵PID:4660
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:82⤵PID:1232
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:82⤵PID:4596
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:12⤵PID:4944
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:12⤵PID:2856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:12⤵PID:5576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:82⤵PID:5604
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:82⤵PID:5612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4572 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:12⤵PID:5800
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4708 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:12⤵PID:5888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:82⤵PID:5528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:82⤵PID:5680
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:82⤵PID:5660
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5388
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4444,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:81⤵PID:1360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD57eb276eb106fef57fa2d57e488c2a106
SHA1d1d18037ebde9d8c655f1661a9226add50e0c83e
SHA256760ef353e11ef7c94be32145f295c0516753ffcbe651e98c95a59f32e113e761
SHA5123f7933fffb1279065e52938f8fc4d0498536da542885da60dc20b7c09db2cced9403d35b0c4091a7e486b125868427c6189fb0dcabb058a41738d00b1b6095e8
-
Filesize
2KB
MD5d6d355dabdbe76bfb147376df035e7dd
SHA1d53a52771e5ef6ba1deddee0a80710c151021a7f
SHA256f7b3d44e74db1a76625b37b4c6c7d4e0109fa8d58012bb7ba9d04f8801b98ac7
SHA5124aefaef69e948cb8261a893460fd6902f4281b454c24b0dee8ecb4511b0e43a99692745634829537a91c4a11ec4b3ef29228d3b2c6d83729373733b20828655e
-
Filesize
2KB
MD50e97347361fa72b31fce4b3f3760a14e
SHA1d44fa2f7bececde236f4bf7d5cb0370cd768f210
SHA256bef03623f25f305e70f29e89b58ffb2f83e20d794892d0fbe3104e30016cbe2e
SHA5125f1bafb572a46fd46326cdbac5774725d723cd9f7bc32f95342147fd56ee5577e67767aba1265aebc5697a7a49473f05788a37c956bafc8712f1b8432f8fdc51
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
690B
MD5e7c013a428cdb5bfe13d076d0d4b8aa6
SHA1749d37ac6ad02c32172dc577d22b43fa9fb94562
SHA25662f44886119f44e99c13f06a823873c5cedf7a7c9290920d02052753ebebef67
SHA512def237a01aa0a412fa669ae2a21e4fbe7f6aae63e544bb70ca29cd18e849abbb898471fc6e4daaa0b688f6c21203334777ea3544df8f712d64fc64d38d993fec
-
Filesize
690B
MD55c82d4b8801b5d11bb277049baba3442
SHA198d260e1404a0ac7d4d6fc3fdc7124e2867621cf
SHA2566dd9d464e730eef904a527e9ec6e1714c695be7249365a90dc1d5c58436af980
SHA5123adce75e98a7956730e3b1820ec3d1061e91f5ce51bc48a70242389f8c2af9c89e436ca8b4dae9b06c0ed3befeb00a318176af22f08420c611eda5850075e6e4
-
Filesize
7KB
MD54aa4c5efb807d8957214ebb4ac37bfa5
SHA115a933ce383b9716e9b98fd11e7220d687b43f97
SHA2560fcf21374dfd042d76e2df3c1e564ee55c4243ec6b7af1d92b6b70464b9d2b35
SHA512bd336c7461d74ef96993eb57c256753cd0072e6fdcf7b58dce5563d82cd0d7fa5475703a534a7fbdfc4898c54cfa0d6d555919ed8495eed1556ff68383474952
-
Filesize
7KB
MD5ab4c5a72c317b484736bbc6eff6c0cfa
SHA1eff59dd21e768805134e1eaa5f554542d9179819
SHA2568ef26ff51b38ee4450f4b587fef9228726f8648760aa4545837f329f5a733a96
SHA5121f6d3155c5df100ab38817ccb80b82b8a9a339bd74a53d0f7f834b12f82bb81778d3b1d7bd92eeb8af3efb5e3476a742852b7b6e08fe99af425a19faab205b44
-
Filesize
7KB
MD5bbe1b57c064b4a0fdf1c80706061e382
SHA13cce56c5ff8e6c95de76f369ace577a5d4e96d37
SHA2567904ecf3f4ab7517919370ec555c5865cf8067461e15a4e6cdcd51c072fa8ebd
SHA51284ce31f6a3c0bddf1b8544538af10f48c14f285770b20e8d3742b99a86b9adb04e61a8bdc6333100b1fdd628501c84eeed14f113aa8763d97942259a1c85ec34
-
Filesize
16KB
MD5020c815a37adade9230b9ee201dddf77
SHA1ccef89da10a6fda73011dc2382f919a0f26faa15
SHA25624f1dbfdc263b9361e8f0ea07e3de857fe85c4b59b6e80f63952042640f0d662
SHA512690396de10321bda0080e897e49371c13f1ed85f4e4837a978bf76285aac82178b077d118d47f3f5ff979bed3d939e13a0e095bef32f72d3e2a117787c707375
-
Filesize
281KB
MD54a209dae4b10eb5989c9a11772a7ef97
SHA1d95101a597d02c629857f3b0a9ed616cc75b3a3d
SHA256d906269c1a72426b7ae908db22985d91d87cfa57e3986d8b154999517226e7b6
SHA512540a39ef231045d1914eb3a674655de4914e4b9342745e18a9910c70b6a7e913676da5cc1daccbb9df6234fbfacdb13632619e68b2d09457e503257629020556
-
Filesize
281KB
MD55d2f0046d68a8f329f62ae749934a0d2
SHA190d16bd21848766b06db8b8a6467ec6cf5c49168
SHA2566af1973969599bdddbcb41dbedfdaaa7fcdb7263df7ae7b7fd525cdb855d7d46
SHA5121320f4484cc06a0b3a3c7f9d09a030e137cc09029e7da505f0e6a6b51d3ceb20e1963be778b97f7c4d4443545c89d45b24c53f798d329650869465e0da61e0a2
-
Filesize
264KB
MD51ff15e033e737c936ff436ea263b09b6
SHA1a751f65c9aaa4e9fbf5a28b637c54b228b329975
SHA2565c0c2d58b38064c89d7db12670481d2074502ab047fd31603203cbfa2d1c0785
SHA512528b7b3b3e2ad7c9076d15ef72a14c20bb7bf01afb15aa427df2f121d5ea91a31c36559897a010ab85b268b8908d2f52f86a5d591512d36fa4a787e58d98a43a
-
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\bpbknf1n.newcfg
Filesize693B
MD5cfc46b49161d7d887f90489823ebde9f
SHA131b1decc98c6e232cafb2ac18d689b11967675f6
SHA25656c7d323f68deb8e64e4a9ac5aaee4b8ce8e8b72b3f4817f3dc8eb826e557e10
SHA512697934b591747282c2714f65c47698989af049d1ffb927f05fab7659c78e838e03a33ca2ef1ec119343537a8628f8b6df0c4dc3d5264376ff604841116e2bf75
-
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\user.config
Filesize309B
MD50c6e4f57ebaba0cc4acfc8bb65c589f8
SHA18c021c2371b87f2570d226b419c64c3102b8d434
SHA256a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c
SHA512c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0
-
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\user.config
Filesize422B
MD5389aafca07a441b28d6e8997e55938d8
SHA1b20636d21fc2643649a497b4ccc29e566b980e75
SHA256f1b0349f3c2a25efb0b7ffc9a09c3ed6d9c684b9ee592bba2fbe6b4b11263fa8
SHA512e0cc2fc0975264159f44ba15c4291bc6843e6ac94425da843a431630af7c1eabb4f739aedb2816c82b09925385d5515a57cf5ef64b15e6415557eaa4220c818d
-
Filesize
56KB
MD59c722da4cf215d6fbb5717f638e0991d
SHA1d40d0c454aa0fab75c48216c41743f2782a69a48
SHA256eba63358762f36ca02e6081636206a3cd832b3d3e6edd04ae643b14467c725fe
SHA512728c64f6fd9a63649398a03fb763a40bf771620c9b5468f7437aa38668f7956365c0b0b6042f751c0a3f1b786ffe62c30ba529ea454f21327913c6edd5537038
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e