hxxps://github[.]com/Ezz-lol/boiii-free/releases

Analysis

max time kernel
150s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
13/06/2023, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Ezz-lol/boiii-free/releases

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1824	boiii.exe
2904	boiii.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133311273135221916"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000a857f4fb5145d901d0098cfd5145d901378082fd5145d90114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000a693effb5145d901fd8d865e5945d901fd8d865e5945d90114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
5024	chrome.exe
5024	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
1824	boiii.exe
2904	boiii.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 380	2060	chrome.exe	66
PID 2060 wrote to memory of 380	2060	chrome.exe	66
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 3672	2060	chrome.exe	69
PID 2060 wrote to memory of 2056	2060	chrome.exe	68
PID 2060 wrote to memory of 2056	2060	chrome.exe	68
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70
PID 2060 wrote to memory of 1676	2060	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Ezz-lol/boiii-free/releases
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x44,0xd8,0x7ffaa4529758,0x7ffaa4529768,0x7ffaa4529778
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:2
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4912 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4684 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Users\Admin\Downloads\boiii.exe
  "C:\Users\Admin\Downloads\boiii.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5024 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4928 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1624 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5480 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5180 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3228 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5720 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4308 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4336 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5656 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5732 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6052 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6292 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5976 --field-trial-handle=1760,i,429862448868369310,15784282289531222495,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:408

C:\Users\Admin\Downloads\boiii.exe
"C:\Users\Admin\Downloads\boiii.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000072

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

Filesize
162KB

MD5
5d1325194ab19e5446660cfba923e18d

SHA1
1e3c2ca9abbedc852231c72f321207c4cee69276

SHA256
54ad7e76fb07c695cdf95f30ebb6047a552b61ece067cc50b74c2f755722bc03

SHA512
0aee70c35a38942cf88cc655f7f19cb858549cf4e883eb249dbdf70274c96e24c552a187ea0eb44b2943ffb3f9b8be968e066ce9619a43c55004b52419c735bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
f29df256a86aec5480f03664657179a6

SHA1
a9fdb5cf62fe2f2d9e5d54073b3671fe010e1f73

SHA256
622abc222310fa0a0073fb9d47613d7f0a621e6f672fa476efd1b64f10a0cabc

SHA512
f00dc9819acf9f2014b8d522155732276650e9d1d745e7d4898342ad992251b36753e7bde6139c22f0879cad0c9d52bcab0b054956f476ed5e0d225b6ed59f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cc19c5f3d1fd505470b7b941e0acad5d

SHA1
4df98b99cbd6ec3d2f56a57420e0b9a5425bf83f

SHA256
e2520dd50b42689a9e2d9364ebb812124151a85c30342cb9509d236852bc0302

SHA512
672836d792fb835626bb5b3e4fd04ae63652045fad251c33dd1b27c1f5c30ef56b29ba6cc9de6d65de86d283346c9b7d7aff967199b45a5e4b9456b0bcab781a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\08d08e1d-1166-4997-a5af-b54c8d51fd40.tmp

Filesize
1KB

MD5
fe62fd0ac22d544ee4eeebac227ca386

SHA1
2f72ffdb25d90a661aa89450c61ffb1fbaf8cb4a

SHA256
8cd1c52eea1517e37492701d357c2692a69c0634d17ef91784806e2da4c6aef0

SHA512
9e5db38652d53f79249867428e94badf0391c8df630c704983028f4fcc8e954843324c90827d21eaa93c5d83bebe97dc651df905b24027773f1c799e7acea55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c84187918f28402c0471c64031493f48

SHA1
13cbebd0d6d65faac4a4c8f56a06c26986576ca3

SHA256
a27979345481c5af011cc50e832a371f496db10d7c3350019b91b585d636c1be

SHA512
fc9ea002a5e564e3801e39b5ac006a70270051bc8ef819a152db423b682366b852771074336394493bb7b15fbb40daa71032301d74614dc18d44f0b6d7d2397f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b1ae807768e855df104a3812470343e4

SHA1
8ec27d5f63810c76b78f5184212eefc78a26c55b

SHA256
04f41a5e3a563c73456ef1cf0fae6455dfe41155610f7ff8319f9bcb8131994e

SHA512
3a4f74f8e8c863e7aecc7824d2a151692775fd271955c86cb71a74e2102c16c392e4303ed11e8a22bb14fc2cb681aaf1a8b84d5a2b95b3c890936cca45c1626a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d226ea34c9e12f64634ae840a5843819

SHA1
e7d563b889f07e61251805b5fa6d3d5d566544c5

SHA256
326d30b8a81c0f3eaccaa58328c7535f802204e7dfc72897562b8f4fd4939eb5

SHA512
e2ea23edc02cd231593e1d5c855b33cf3185ad9954be9b7061d014663a2efa55f4f080cf0f2cc1baf19651e093447055c31f06034fb4fc98a7af32578573a29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
187eb998ce76572342b4f916b796c556

SHA1
9184858a82f2978f576d1a7c3eeaaa007d3da907

SHA256
149efc04cdf74275cdd8b488c5144346db088c109e380a94d1315f9ad187e867

SHA512
db3e6199ef729d451c840b03380b727d0e716d345fd6ef5ac09a0c7986c56033b231e83139942faf6591b685829f05a566fd29bc0bb1f6e1551f6af299dca026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
04169720992d01fd906a90ef29444bb0

SHA1
78dd0c07bbe1e3d006aa6b31b1f83b63b1901c90

SHA256
60ca26e5ebc60df27737338a6dd3bdad73fbaeb81252f976d47ecd164b007278

SHA512
cc0e0e1bf386db2dd92023a566e5a32919744096fdace0b3dd95c0a95a0e62035d704df762eb4e70a83b7574ffce01acc50f105885034a7efe17b0dbb7120afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e382efd3ae8544e8ff186a809d956650

SHA1
665d772a745749f43a4bbdb10400d3c346de5210

SHA256
706261724afc44e80d877ecb74140038b7e8317cfccb0eccaccd89e3292dad7b

SHA512
e3e9719535c5e00db7a5803ca80196440e5e0fb4c874ff3cc9c42cd07362334a6fbedc7a28f041535bbe1c28d9e7e2508af5bb2f2209b533844222e5a521671b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
33350b1f641e8ec1215c0293e789558e

SHA1
12c361990866603b8b9d1c823397d6d585593790

SHA256
2141f6c85790271aa6c19554c798877faef5c3f395fd7bf293709ee5390731f8

SHA512
4786583929050b8d0758230b6b3f0e82efef6303195d35053dd53801d2ab16e5f9f70d9a137e22a151bc87fa2e2d32813ac48216047d7c2378bbbffe1ea6f278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
71225bcc385a29f9eaef8493f4d6386a

SHA1
2070f38c1363e65f19990b63cb8b6eae50671ec2

SHA256
72636d834bc950e977c37e9c6f6c9031474858db5e56914ed018a6f1672002a5

SHA512
d1265018741a262e71c247e016480aebe55463ca856895975c6c519f8f060b183ac2ab52931b7f0b0600dff8de91319bee20b06329842844ca9604dba3e6ab14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bb103574a12636a0ccc90bfc6b2e0ec8

SHA1
cfe1b35bbbf037e28de3d0a5aa8bd722fb3a3cfd

SHA256
29894bd764f2a0d439bababc17e2361591cb35bfbbebbba8fca231e41dead9ec

SHA512
cf12ff7ea189a2e6228479d20cbba9cb58a1bd013a93de0ae103ca149a5d7790f5621e30d705a8499ccdb3a76261f5aabc09c6f3c94218da8c2677f520e26c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
008c31e726ec8275bde12d70c3b3b40e

SHA1
42ad7cad897f0f6e767a9fb3e4ff0581d9df65ad

SHA256
2b0c3b5c3fdcb7d12bc83c08809ae4ad786d25c6eb797dc3ca204edb0188d547

SHA512
5202576ef891cb0a2faa07eb1ae2f0cc5adb0b8facc4a9f188a0858557a72f232c0a1333f8ac555ef0c7b412dcae2ef5d3c930a6911a11c79c8a7dadd0eae6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f8dfddd2f83f3bef353065c60199119

SHA1
e70bc5cbaf4c88ee0a4387311348ddb29deccefe

SHA256
f3df169279bda8eff671ec12a8359215670ed35dde622d79119e66b884f247de

SHA512
ebd7235272949b2b9b40bad267c38727599960b833a0f98b5ab9203fb21eb62d1d389b95266a616ce5bfcb348ac7cc2fa36fce7a4a89c791b958aa9d1c00b073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ddecdbc9f29dd3e59d91697c3654543e

SHA1
84352ff4416245a7705140b7c0c4882cb5446c98

SHA256
8c6d50db9f669843e0db4f68dbbe64816663a0d811e5153c282e581714424714

SHA512
48be9a486934fbff240b8e370bd86cc2fb0c28f252ce3b95efcad884d01f2c442d511c7a39d2a74629be6ed561b1880643b5539b4ad55496d3ff202536312ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9fb835681ce9b5fd61053a7e29366c4d

SHA1
e8499ea756798bfa9e22bfda3e2c7e2725dbfc7d

SHA256
9b7d9e6d0dcc9ea951278096fb213865e4c3ebf1a174c4af5dc83d7579a46c43

SHA512
ded19c13e26c0e57823640afd65275325cdee2d28c9b0e849166990dfac8e8d19246b3d3d87f7314322bcec537e3f8995d6bef92a44202fabeca3e9ba3969346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
17728048ae43e1f51c92d0c0cd2fecad

SHA1
a915d43240f0b7bcfcd0fd2725e8a6453e119469

SHA256
1e0080b9fdcf223526560cb3279073a06549aa3963f964cf8af15e02549ed337

SHA512
2589dc95d0b4fcaa118f31ad829121e0c45e60766c202ab32c03b443104c3f63896402e36ba2f8f67b06caf346a9facfc35af73e26d95545efd8e5dccb1e4b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d186425404c45cb8bf30880632ac1750

SHA1
894b31b545ac25085899f89ee5c8424c2278a71b

SHA256
2159818b2b18a3f34bf535fcd9d40ccbff6799f029a7619bd3bde1c6184fa589

SHA512
aedf9b1ec5aee395fc01111b7cd8cdefe62020a9c21e118f39883d0482c6f2b17507c9257acfee2fb3a6f5947ee0ce2983b946bf9a36c694c438a967e5ffe23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
55347f43eeb8b4711a73b1c46605644f

SHA1
3924ce2a2a057c73f38646f45c29fc80914d509d

SHA256
88c32be47d467af5707cf78ca2401e90b07dc434e309856ea7067ce5715f0fbb

SHA512
ddafbc62d674c3e872b543b9de1a0fb95c9f59bf19c4a489d3c47e4ca1b510fddc3ed733b5a98030f7d0367995f61f35641eea6885d506a694cd02e11f03f35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
1025d589dff15543829c472e4cc61fb2

SHA1
31a9bc7052a5cfc17ff95ac9a33067d2604e0f00

SHA256
1d28f9db8a45b180032a383f7549197c23afc7e16633606fde79b7fcaf948c9c

SHA512
43812cfbb52607e064f45f8b68837f99818d7e8e03bac8f67eb23ad7c75f85b59131c038119203c207cfaa40c0c797c583313088683b736a99c31734482b7e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
a7fe6383d5627fb444ff0acbeb6f57f4

SHA1
2b0b7c29822676b507cfdd8a88f00d2dfc84b4ab

SHA256
d9b6bba08c5f77400a19a7cb2394bc0980e9c181a7b229a5bbdfec2faa59ce54

SHA512
c387a8b404ec5d1eb7f7d1949c560d4d72ecfddd62c624ee76b0634611872d11c293008bf79f3e419a59798475e8719aafd5a376412d68dfb0a3fe6f18abb17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
3ea2b29218319c1cbd6db9079c7b9194

SHA1
c7aa8cab34f67355aef0edd393f87196f965c0fe

SHA256
ab9caffc362b0cf8165971891717f622f1c0a93e37d3de854fd13d4a3f241715

SHA512
609695a4ea6400c8cfb285c8e83335eca4e774782787f2a896c8882b705e323bcf64f21ea1ca19128d28f42d06c9e01aa81d6b04d1ecb043328146ba92df41cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57a25a.TMP

Filesize
106KB

MD5
d9a1d1d7446420fe4a12847720cc0fcb

SHA1
bcbc1ee688a10dc03a5996ba5c56ccb7c7c7973a

SHA256
4cb6cec4dd53ab654e5996900497ce7deabda37b8f9d8abdd7cafd5967db530b

SHA512
d20736d8a915ef3055e769df5f383642496642331c728dd3a89d69c12722195082db715df7c05a00715392b58207234ff3c25bdb3cc9309525ec6769b5129f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\gamesettings\mp\gamesettings_escort.cfg

Filesize
1KB

MD5
76e2e66489febe4abe9509ba0737182f

SHA1
6b97d13a010c5413f087411d1439ac6d7e79bf2a

SHA256
21a4acf60132f6be3d85d87f2e1fd14f38fd9252862ef3becc550e97df264cdd

SHA512
a67386d97edac5147e98c4363ac60a35fb691f65f8f806dee09565d56c65fc45ba9aaa0c33aa56f60ecf0669d083e870fcffb04171f79fb3527985189e44de02

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\launcher\bigboiii.jpg

Filesize
13KB

MD5
9778123bfdc2761ef03952144dc918c5

SHA1
48ef8dde6238a2e99bc37a1cfe844a0b2c94b6fc

SHA256
2cdf28e15bfd93b43d4978b80b27297432b7571e2561c3931cc5daa94779d503

SHA512
67c4b9440df1705af4fbdd69d3b4743cee552b02957f8b4d9361cf9383b34cba7a40c04fe29b31de368ad13ba1c4525dcafb37f44f306ec146f4813a8963047b

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\launcher\main.html

Filesize
3KB

MD5
c5427336c3b0244b97251224b7a16e03

SHA1
2ec9b7e642695415871c91b3f83e42738ed58af4

SHA256
99aec26599033fad604286da4eeba8cd361db2b880d7dc3a0b8d4f0c4dfc5a41

SHA512
d4a86039a44b3438bda51a08e8e3950e368d7a5d8503ccbe7be326a80171425a949bdef9e12753a86a56d1ac6108f7a33bd4d9faa5825df7e676ad28008b90c9

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\launcher\noise.jpg

Filesize
57KB

MD5
aba1fefdb1253e206ebdbab179421124

SHA1
3d82df203b01aae4f38687cb87bb666f97a5faf2

SHA256
815a7129c1511dbb247e4fd0bb7643f0b6c21719931527d8ba927f070525503d

SHA512
e4b4a46a30a26026bb55e5a0ff362d43a2c763474f4e5947baaeb3710abb17a5e6aab05048a9cc6235631a2fd3401644bbd66a80d50c109ec3228325dac1b576

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\lookup_tables\dvar_list.txt

Filesize
172KB

MD5
5e5ce6ed57b0f6642e27b72733082099

SHA1
27376dc7a045696a776b347ed8931603180b66e8

SHA256
7bc0d41e020fbaa9e2d2da35dac2677cf87472c3bb67e3387c7b3e159f91d8a3

SHA512
efd9e5915fb9fac37dba0edb2e0156654d1e84c132a6d11ac6a89b4ed1229b3b0860b6d02518bee98fe72de0987b7bbb55daf69a3f6b109dc472fda0935ec151

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\bots\_bot.gsc

Filesize
15KB

MD5
ce284252dee65e17471cb56fee3e8dad

SHA1
a9c684d25c5a53e52af5eb9e5a12c033e8ee56bd

SHA256
23f8c0754c51c368c974d91622b068eedb7bff229f2249518d7a87121ea64564

SHA512
80595e2766ecc66082192842a5c52df89855000603ba7f08bc059e239dfb24629d188554ad9411f6118aa4f70b8ab82e30d3d4cad93ce967f75fb9dae0f0c225

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\bots\_bot.gsc_raw

Filesize
21KB

MD5
be1f293c30a3c3032ce5bfbfc5163f86

SHA1
0cbd0789e7743ec82748136d08d4f859d3dafa89

SHA256
623af61f307add74914fcc525116507e5b10ddc69675896890bec44f873a2696

SHA512
1e6e7a0ab36c3c50b9df44d370c4438d177dae8c71bc2b0c4a47eac613852461f1549c7c352b76ae333b1baa7b4d65840075bc5f038ce23024b8addd44caab50

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\bots\_bot_loadout.gsc

Filesize
15KB

MD5
a7a26611d6c8c1b8259c1e43965738aa

SHA1
f8ab0766a622f414b4d371c838bd1baf4c34292e

SHA256
76ef83ff2328239638923ed1b65016de5b014f6c59483cf9fba267dc06b3b514

SHA512
59e401a208150d038886d551d662006b26dbb8628a4a0aeb320e8d5504d03830b20afc1327dc56dbc850e3e51f46733e5b0d65ac676e710de524c0192695d2aa

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\bots\_bot_loadout.gsc_raw

Filesize
20KB

MD5
b7cc86abc68ead7b741fa7fc5fe43036

SHA1
b68066d8064a079749f7169be82f9ce8dc847db6

SHA256
5582b883efa664f3929742397be9635ffb12d1cf79be57a6652663263f155c00

SHA512
d740d1ebf7a375bae50bd098fd4f657a29d76998546a642ead73506d7958d89ddb2f05d612cba6ee78277314effd7de20aa2a87fb56afb0249a76e1bd49e84aa

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\gametypes\_globallogic_player.gsc

Filesize
89KB

MD5
9540ca9bebfc9616538f16944a2d723c

SHA1
79f35e2fc5713d3d5cb65521e0e79904b0394e04

SHA256
6b19041cdebb63f5d69ca29953f56f62658938bf08e0777a199ea9202d4e4837

SHA512
5c46e9186f80ee74ab022e0ead36351954ced95256a3f50ede448e4d646e67e6a2447d26b6384c37219bf97fba390e083b35a4a9c2fb99b4201c78b804054ffb

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\gametypes\_globallogic_player.gsc_raw

Filesize
140KB

MD5
ed1a1c493bdc18081da3472d2dff05c3

SHA1
869c129c269c66022095ed6e042a63ff4cd260a2

SHA256
8767b97f6e7100a3ae53381e002337288582eeef3f9902d264515f4dce63c1b3

SHA512
13b2406e0086469ba84aea33091701054c31bb86e278eb5797f2db7eb4e00a36523f585c6fa7b96f688f2b1554ed6e9572e712e92339d86dd8e05f9aa3dda0de

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\gametypes\_serversettings.gsc

Filesize
4KB

MD5
943986ee54a59668300a0bcdd2c41fb8

SHA1
cf2674d28ce7864b91631ffd49cf8fabb81e474e

SHA256
45fc01bc95280dd871f0f4753d053ff3e85dfd2aee32a19beb47019992532c17

SHA512
d3538df05c4fec99dadefe7209ad3bb9a99390f3226f40135562aca8baa32c6fae837422403ba9e94e89a917b24615771d582765cea0a5f16d407bcbfbc37496

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\gametypes\_serversettings.gsc_raw

Filesize
5KB

MD5
02d329ff74ff7572796b508fe4b7e0df

SHA1
10ca7b670c2d049a0dc5b4a2221e67cb6a61dedd

SHA256
4a2cafed18b07aef14dd14ba138313441db6d69f6af2faca399a06258ca86e52

SHA512
195743c3ac47dc5aa5a020c6211e3e5bea22936e9625b84e391ada4f00c79a239294fc0f33ddcf7a29fad24a1d7510819ce22fd3799e50b425c3fdc2e15d01af

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\teams\_teams.gsc

Filesize
11KB

MD5
81489c4e39434bb2b5c088d3ed8a93f6

SHA1
e94cc290695d6cd359ebedd5e4036beb33c2bece

SHA256
0ae17223352ab613b4e4c7ee2009d3041796db3784a9120a6a17b08d1bb618cc

SHA512
e99a1e45ca91277ca3402a8ae32101ebb894f00698aabc3b53aabace7f926e04bc34a4746ce4fece36208af41fb2388f2b14a9b38c12322881aff92644e428cb

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\scripts\mp\teams\_teams.gsc_raw

Filesize
14KB

MD5
26dd8fbf65c02ce23f18a002dba537a0

SHA1
9a4bd7de33066a7dbeba9f3a33446f89da72a1ec

SHA256
1661ffb7d405db58fcf096804f7b78699094f1eebd342a34ffd511a3a2de0c32

SHA512
192f62c2a222fc3d55ad17ddda22db52af9d46902e097ae1182f02a81623fd956202ddf69f4c74ed37516c8ac3751a1ed0be9fdbf7e60c6feea9bb1a5f9da21c

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\doubleclick_join_server\__init__.lua

Filesize
3KB

MD5
8d5f882ecbfcbef379ae4afd6065dd51

SHA1
a5df469722eb0098a6d743cffff4e98f02a01379

SHA256
0ea0065c9a706eb41f219b7014349b938b2318d886b6f0c592376a9bf46d3937

SHA512
d8fd52654475c5476fdd8c6f9ae14f4ea32769704698fb3523572ff67790a15f11a82bc7a331ed08d56e12178bce2aecc4437d3caecaee40bd183ba9c6fbf262

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\frontend_menus\__init__.lua

Filesize
5KB

MD5
9487d3356bf9d9eb791412fdb3e3df87

SHA1
0549f25bca8a8e7fe0a15270088475fc72699527

SHA256
7cadf9515688733bdbf360a4071392a3979bd0c91e6f38961668a270f893176b

SHA512
8fc2442e2248908ba24e61c3045ef4149bd2e9bae8421481bef9497abd3b4538cdb3360689328a7068ed5e7ed6cebb1503804dbbb88f4564fb3d8a36672bb1b7

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\frontend_menus\datasources_change_map_categories.lua

Filesize
3KB

MD5
0236305645cf996200509aef49997f22

SHA1
62360c76e9b0941657ce56a0f61f7d18b7acdb28

SHA256
468320779107c84553062a5151a338f21782e0bafee6d3a0d30f6d7a1e1c65c0

SHA512
b70d667af2febf32e57938e93ae6a7c28cc263be3647fa8086b56ac36e181ccce3a1b58a03ebcb8a72946421b62f2d1a51b1dcb82c7b2ecd051c6d83bcff53e2

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\frontend_menus\datasources_gamesettingsflyout_buttons.lua

Filesize
8KB

MD5
cd0ece59795044b4e8aaeff2b741a5d0

SHA1
7c0f66275b131e3ea7b33e46ddfd8a529064fcd3

SHA256
66154685ab03d93e02a93705c113ab3eb0d9308e05ad72e02d5d94f5f7e85a94

SHA512
873cc7fdcbef683123e7d2836d1a52452ec67b3329238340049f580a2b8db3e8ce4c7669306da6b2b3f9437d5d6896d43aec35ed3488302615405468c07cde0c

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\frontend_menus\datasources_start_menu_tabs.lua

Filesize
5KB

MD5
11b64cf4ee0697a22d870d3a6d98542a

SHA1
e8a05f97d9586744a74ae794d93487f8e6381610

SHA256
e226bf82cb23ef35b83df3e8d8a5a23ad72d4115c43f71a69201985e7006221b

SHA512
801b9d7159c4e21635cc02923d1a3922e78eb01d12a6837c8b4620ec87329fb9255186240529a8455c0cd6505f0ce4c74b8b4e7b7966dc520d11eae86a01a230

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\frontend_menus\utils.lua

Filesize
4KB

MD5
e0092abc478b7e8b4fd0a01d79d3a48e

SHA1
f77caa4069ca8478bbe7f0c8c36cb7436650fac1

SHA256
0c5d61ce1479cad3c66af8224b9fc65519d0b500282a51f1230fdbb4114753a7

SHA512
b4400380f27084357988929885cb91395d712da2fa4a25e532d9f372e4d006b90b040b267196c6b092cb9438de83aadefc923d3046a7855b933f2a7e922c87bf

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\graphics_settings\__init__.lua

Filesize
4KB

MD5
761bc06a747f93f8c495f240e1b805c2

SHA1
50381e6d842df5375a06ce51d1a9122fd51af4c9

SHA256
bdbea7688d5f77f44110c8ba57d6a9cdbfa17b166e87f63bda3609cffcfcd1b7

SHA512
f6c60c297b559ea6f16ff5d91b8560856916cb5cf98dba9aeb1820803591d54a4d2dcfc4de365f82a3969fc9700b941d8846b047fc729b2576fac7606ada93b4

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\lua_fixes\__init__.lua

Filesize
107B

MD5
f006781d4cdd0f3f14d969a51d634520

SHA1
5176804cff5a0d94c820e408d2ddbbe1c5af578a

SHA256
d57ce004124671d6ff51cfb3561c5533355057ebb1180be5ffa747d0e393c1db

SHA512
8b05bd84854948fcc1d72dce125b18dbe22b67a9ba7188d7dba16accd6d7cb22542b6896f8c3fb235ec7d2ef9c3deb4109c1560289ffd37762ff908871dd1dc3

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\party\__init__.lua

Filesize
910B

MD5
68ebf1b1e3fcfae462942c28808fb646

SHA1
4e79743a6e955449625f0201b6c762dfe85dfdb7

SHA256
af38eb50df014795977faf1c0d616acce5868a4cae682a448d449e8e0906e6a4

SHA512
5d7e66e1150cc77a8d98405a2c3d4014fcdc364e29af47b0d0879dc995822f32cf50a88e62f265cebf75ec7b8660ea7f42a173366cd718a2bd4f96f2e0080bde

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\party\datasources_start_menu_game_options.lua

Filesize
4KB

MD5
d07d0f2eae0ca7b44cdf3c67c7871bed

SHA1
5da528d38d483976cc86b76cfe768dbead000cc9

SHA256
1399b74731d72b96ceea5a2ed82b1f78fa2936ecceeff42e8005fdd6fa7734f2

SHA512
4931f31c458834b43eaf6662190af7c6bbe29e59c6d15fc5662858c143e5169696f99a95da3da927ad04e3ffdc8acfce8cb48fbba87039d5922086ba09ffbe6c

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\playlist\__init__.lua

Filesize
973B

MD5
93811bd95e211257ec120d665a8dce22

SHA1
97bff0bb26eb65644554f1b18c6df9f6a2f3d996

SHA256
6fc2f1d28bfe5a6239c75a8b2bb6c9dfb392f3e022b0efd23e207564646de8ea

SHA512
fcdd9cc3b5fcb575c7193ceed43118a7c5a48e0bc777d4e3c9d67a2a3bdb26d69e46b8fd8c86d3ca786f8d6068648fe57c91b1a0e0a31148f93f0e7937992537

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\playlist\widget_playlist_category_match_settings_info.lua

Filesize
421B

MD5
51b94baf31117bd783a04aa795b3360f

SHA1
3e7d9e08311997f743e6e7a63ef444cb7e4d27fd

SHA256
b53b11c3dc1049289a744918b55ef2723e459c7924e8d9317ac63e9bed743cc5

SHA512
b5473b14d7fe28719be9f352ebf07e9d5a4eb630e6fdfa068caa3e0ccfe4da06e5e47dcc38307e1faa9da60eefe19641cd2f63d80b446fa116b7341ffa28dca4

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\playlist\widget_playlist_match_settings_info.lua

Filesize
381B

MD5
f4468cba3ec8a789e3285e62744f8689

SHA1
2ed403f35c8220e918e3f7dfe38403ff0e63e7e4

SHA256
5dc525e9439be2fce22ca9dc0c1ac75947d43763f54c67330e3cd2532883f5d3

SHA512
9d4cb5ba2b8207dc40e91a2d63d7e222c5e8f4d9f6017ed92e80cd039c06599c553a4794274cce84cc556766e3e796b17d1594792c564eeee11103158b2b4d7a

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\ranked\__init__.lua

Filesize
31B

MD5
6ada2bff73ba4ef46333d7e14b8ee6d5

SHA1
afea670205ae14b532d377e066208db3efb4c823

SHA256
8516c63a49e69b9d1d358bdcf29df9a2b7935084961c164d7feda77323d7d18f

SHA512
61850dada78a3f19fd7ba8635d21942e1e4735ecfbeb7fab44bea5b0d7da9da9801d28e521e8449819579bf5a44912c789eb6a0ba1da0e5fed05dfa7c791720e

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\ranked\online_mods_loaded.lua

Filesize
726B

MD5
6ead5a6b332fda50ebb5baa5301f2eb1

SHA1
d136e6d2a817be4762840f3a7e32774e2aeb2940

SHA256
cbf1a49c9d341bed32045f09e7cb078b24e4600116852d4db9a73d6d092e79be

SHA512
29cb443e1d348d036f3a5a3950fd2a6089e391799f15d5fbb514deea73c6f93c26828af5eb52953de5731c969c2398df50e88075e35fe6e6c674594495565432

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\server_browser\__init__.lua

Filesize
13KB

MD5
0bf5bfce5c3b0f4212c13c98bae7489d

SHA1
de7d46a9d2d40e26725b9c3992c039bc44238711

SHA256
7d9d892efaadee3479ab11430622f95ddaf694c44306b9033b4a22c82104cc6e

SHA512
f046fdfa95010cf02ae92bca44fc588e22cb632861bcce9b5096f56064a69f91e8abe13db21f54316c97fbd2a46c8f7ad15f9450378a32cd1c3b493e8388afb2

Download Submit
C:\Users\Admin\AppData\Local\boiii\data\ui_scripts\stats\__init__.lua

Filesize
14KB

MD5
7d97afdb7669fbb2bd1dbf69907fab9a

SHA1
a547a53ef10422d16e29309cec72031d706294a0

SHA256
e909c9afdd5f551f9bb124232d7614a33cbd5149a78e70b35542c70334c7298b

SHA512
086466478c4b5c44940ff4dbaeeb9a7f48af36071939970dd85f32343d9bc210f242cdc0490f1ae9c5cf8bec9f6e949b02eaad0908460dd37c4739ca33fba806

Download Submit
C:\Users\Admin\AppData\Local\boiii\ext.dll

Filesize
482KB

MD5
bbec33a1547cb863436d55b3314885f4

SHA1
4097fad7992be246ffed72c6a2e515c123f2b3b8

SHA256
d8b8f1971621e5a581cd0519c87585dd5afad50f8237dd0d563ae081335bd7a3

SHA512
440a185d662fd9c2baa41b8da7b3f6e37252661a43b014a494f5c368e8e6f60c9853cbf72c912878029844e1341fbe678053a83e391a74d637e59f909e4028f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 765997.crdownload

Filesize
2.6MB

MD5
7e6e663f4dfaece4a933d89edd91ec51

SHA1
41fc1a34fb2f8cfb5ca6203f16c1feede0a69c5d

SHA256
34fc689c03516ed4f7c24a276848c9e56f2764be43bca09265693a1526a34a88

SHA512
0c94c0d1b5d87da1d52a5e7117a337bde2d8c864e3c66e59d5fc44ce316d88c4bd06e2434774a56c3e1ae69e39de675ad83bde1e7fe19691ff17a63933c40a6b

Download Submit
C:\Users\Admin\Downloads\boiii.exe

Filesize
2.6MB

MD5
7e6e663f4dfaece4a933d89edd91ec51

SHA1
41fc1a34fb2f8cfb5ca6203f16c1feede0a69c5d

SHA256
34fc689c03516ed4f7c24a276848c9e56f2764be43bca09265693a1526a34a88

SHA512
0c94c0d1b5d87da1d52a5e7117a337bde2d8c864e3c66e59d5fc44ce316d88c4bd06e2434774a56c3e1ae69e39de675ad83bde1e7fe19691ff17a63933c40a6b

Download Submit
C:\Users\Admin\Downloads\boiii.exe

Filesize
2.6MB

MD5
7e6e663f4dfaece4a933d89edd91ec51

SHA1
41fc1a34fb2f8cfb5ca6203f16c1feede0a69c5d

SHA256
34fc689c03516ed4f7c24a276848c9e56f2764be43bca09265693a1526a34a88

SHA512
0c94c0d1b5d87da1d52a5e7117a337bde2d8c864e3c66e59d5fc44ce316d88c4bd06e2434774a56c3e1ae69e39de675ad83bde1e7fe19691ff17a63933c40a6b

Download Submit
C:\Users\Admin\Downloads\boiii.exe

Filesize
2.6MB

MD5
7e6e663f4dfaece4a933d89edd91ec51

SHA1
41fc1a34fb2f8cfb5ca6203f16c1feede0a69c5d

SHA256
34fc689c03516ed4f7c24a276848c9e56f2764be43bca09265693a1526a34a88

SHA512
0c94c0d1b5d87da1d52a5e7117a337bde2d8c864e3c66e59d5fc44ce316d88c4bd06e2434774a56c3e1ae69e39de675ad83bde1e7fe19691ff17a63933c40a6b

Download Submit