050fe7c0127dbd4fdc0cecf3ba46248ba7e14d37edba1a54eac40602c130f2f8

Analysis

max time kernel
207s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2023 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rbxfpsunlocker.exe
Size

501KB
MD5

f6722f9f28173138464a22fd516c0275
SHA1

247c828444f9ed61037704b4e2b6f5431f410a73
SHA256

19f11c65f6c8dc386e9e8fdc79326fd7580395d9931a5e952feac40d26a88907
SHA512

2ddff2df9e550e6dae9b3ece908e9887e4ab4a26d056d73a6f224b0f0ad981c499819c211701f953abbc79512c821725330e35f905ea743d9aeb3f23a1646c50
SSDEEP

6144:Ry2RPslBVptHpJA5mmWRTzSVRkzyNXf6tyRqgrOEqV7DIyohcqSHP4ooXHE:FPAJJBRaVS+NXGyRq/x7noCq+w/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\settings	rbxfpsunlocker.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\rbxfpsunlocker-x64.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe
4220	rbxfpsunlocker.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1408	firefox.exe
Token: SeDebugPrivilege	1408	firefox.exe
Token: SeDebugPrivilege	1408	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4220	rbxfpsunlocker.exe
1408	firefox.exe
1408	firefox.exe
1408	firefox.exe
1408	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
4220	rbxfpsunlocker.exe
1408	firefox.exe
1408	firefox.exe
1408	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1408	firefox.exe
1408	firefox.exe
1408	firefox.exe
1408	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 4136 wrote to memory of 1408	4136	firefox.exe	103
PID 1408 wrote to memory of 4424	1408	firefox.exe	104
PID 1408 wrote to memory of 4424	1408	firefox.exe	104
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 2204	1408	firefox.exe	105
PID 1408 wrote to memory of 384	1408	firefox.exe	106
PID 1408 wrote to memory of 384	1408	firefox.exe	106
PID 1408 wrote to memory of 384	1408	firefox.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.0.1391862684\2067834406" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8ffadde-86da-4922-80ec-a7e6381cc54a} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 1912 208e30a5258 gpu
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.1.552874754\665909091" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19bc1419-d593-4289-9470-110f08480133} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 2300 208d5070158 socket
    3⤵
    PID:2204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.2.717824473\2092308954" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2972 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {014c82a7-3023-480b-b878-9432a0422eb4} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 2880 208e5e34d58 tab
    3⤵
    PID:384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.3.1287452251\899310508" -childID 2 -isForBrowser -prefsHandle 3240 -prefMapHandle 3160 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af22872-30f9-45f3-8bf5-a522dc457b37} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 1252 208d5071958 tab
    3⤵
    PID:2696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.4.469224828\436317084" -childID 3 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10630853-105c-4216-966f-98b8671d35ca} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 3988 208e4b21f58 tab
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.6.1783355985\993813861" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5044 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f33992b-df72-45b6-aa8f-556943893c05} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 5156 208e823f658 tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.5.1477101384\1493060081" -childID 4 -isForBrowser -prefsHandle 5288 -prefMapHandle 5252 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a663e3-fcc0-4c9e-904b-e4c4c8a0c8e3} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 5300 208d506a858 tab
    3⤵
    PID:3148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.7.618693194\1151999475" -childID 6 -isForBrowser -prefsHandle 5496 -prefMapHandle 5492 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f8690ab-4356-435e-9543-9830defa0422} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 2832 208e7f50958 tab
    3⤵
    PID:2792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.8.401660470\1045651263" -childID 7 -isForBrowser -prefsHandle 5776 -prefMapHandle 5844 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe54c29-9e61-4ccd-9525-4a23f2a96f79} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 5888 208e9e2eb58 tab
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.9.653988316\655797524" -childID 8 -isForBrowser -prefsHandle 6072 -prefMapHandle 6136 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02cc4543-ecdc-4195-b41f-bad9287f2af6} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 6156 208ea5e1b58 tab
    3⤵
    PID:3268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.10.781639134\1569526126" -parentBuildID 20221007134813 -prefsHandle 6380 -prefMapHandle 6184 -prefsLen 26930 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccc1c8e1-9ca1-4bb1-8504-512a28c648e5} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 6392 208ea6cd858 rdd
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.11.1237815332\106871160" -childID 9 -isForBrowser -prefsHandle 6488 -prefMapHandle 4464 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de85702c-2970-4420-ad97-40620366d7df} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 3604 208e1f1d358 tab
    3⤵
    PID:1164

C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64.zip\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64.zip\rbxfpsunlocker.exe"
1⤵
- Drops file in System32 directory
PID:1208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
142KB

MD5
840cf698e84d1e6034fac01104f9bf95

SHA1
38a6ece112cadde4486e677a33fb6062a097b1f7

SHA256
d362c2e35b9024a315e65c7c345cc7d0a6cf36efdfc2155d5b1f24304055ac4b

SHA512
d854932c82e3c95b35ded2cd2c732ae8e915e2a602a4ad890e81c3951ba46ac0fde65048da074fbc84bd7c4995739bb51f599fd7cfb605e59c37a7867d84c544

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15393

Filesize
15KB

MD5
af44194447d14985a298369f56b5836a

SHA1
694af9abffd4160d6912f394fa6f683ab2d151ea

SHA256
56004399ebdff72a1c3453964edcb5a633e5a5c8a27c80f46367d7c0ec2a780b

SHA512
5305cd3eeb7691e68a136b1a1b0677cd874fa0e0df2876d3ce932000cf2af5ca29794c7ab905f136ca7284f8a01371341f78437441500e583ccd06ca5472b295

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\32665

Filesize
14KB

MD5
e59c8dd3a7c4c05fa6a341d621a0ca9c

SHA1
ff686ce4377557593f819d57bc66bf1d2ef21e65

SHA256
fa02a5b55c07b89c46de44ef694d77452f4b8ff8300635595a44327a48389afe

SHA512
e8e44f6b501d3e78269f3a8ca7ff9344db03f8741416d685f81aa1b98a5e7549e45f7d65dcea66281d5fabb08876f667b4ec1dd1cde40e9d9172fd5af1dfc0cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
fac90a94d5e023bed3828e7eccf15289

SHA1
988a2a904fb431c2b024c779d5493e5645edc1a2

SHA256
a6a50763cd7c2d7443fefce08efed13228a9b0d747f4d28458f9de2fb9a73ecb

SHA512
3125fb0cd025aa547ebe67caffb099302b23e8bc7d551784d0d94d6147104dfc12b5d509125a588e36123394221e20108b3cd6b7a192527445f63d4dbb527fde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
ab66d8cb8aaaf626872c35b939ab8d54

SHA1
7485b7a624cf877ed543de137e3bcc381e065eef

SHA256
76d7a8b325daf6a749962b3280818db72455b7bfdb0e5cc358a282c8cefacf81

SHA512
0b06ba9255d63021557a5c5579d3d5a1af94a35b64bcbc88539594d077102041469f503a67b71ccdee458c53442295a3edd95db8c9f54a0903fb215f3fca0390

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
ccadf9c6d9e6c5a534d181cbca266dbd

SHA1
926c00349f69035e816f34d18eaa433a48e083a7

SHA256
fcdf6fb9a7661bae14d7021ad8b7e7782f0bd607f21f597dbaff67b831835cb6

SHA512
db55d0374c0e5768ddfd8266ee0ffd4dd889c962d75130c4bfeb07ab0bf92294ec4a65dd7f193f5be36de65978fe25d73f52c4b257ce8f262ab38407718b9a2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
458abcc40c24b67ee80e8ac4ee334a38

SHA1
2dc1849dbb5fe4fb6999232b726fa1d401a02937

SHA256
9e5875f792b3cc363c2a47732ec81001a3b11c9f14f0aa04f1be13ae56b84717

SHA512
b91320ddcee5e9171c0a5bc6d5f357ca32d5fc5222fd64197795037595624dde0d83ce07a8734e7a1591085a469d9238089c4a6f05699561677e5ffa1c5b37d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
cde149db1d58dc52aa7e8d4364f57a52

SHA1
58027ce1a6be0f3639895fc2c582d349756e1f70

SHA256
c5d213f55de889634602ff768c371d06320dab75311407a5250d7bb6ae4b4186

SHA512
fd07b310ed573deed866d92c233ca8c2d7a509db8f4f34111c307a1898bec7d8b8a44165a99f80154a05de9a523e3ed5a8808708cc75f4ebf6637a6430ba76fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9d129ade850cb5248a9fc25bef695710

SHA1
2c3cf815a67146b49e9ec7185d82f0868ff4e30f

SHA256
378c4d2929a1ccec92ec834101bc6080503abcddb7e27d73189c9270e6662d01

SHA512
94e641434c39100561b376af154ac3415df4f4124b4c678d279e82f0aa8c97f7ab8c9eb50d70982e4e6da772619995b9a0e6d7b7c52b5a79a50301510620f5a8

Download Submit
C:\Users\Admin\Downloads\rbxfpsunlocker-x64.0abDVocw.zip.part

Filesize
35KB

MD5
7361084b0059b13f500c798276b0e14a

SHA1
bb9517bdd406d25a03fab1c4289e3d3d178d2416

SHA256
210adefd74b2f966061573db661ceed183d29fd305fc8b88fde149c45dbec551

SHA512
89168801b4b0e6b2882aa33310f88ec5e019b416695aec18e6f72fd7068d16af8b7c932110a57c9af08af098dd7e23776fdc1f9803069b41d6e333263b4e3caf

Download Submit