hxxp://malware[.]com

Resubmissions

04/08/2023, 17:55

230804-whtjsaef5v 8

04/08/2023, 17:52

230804-wf4xqsef31 5

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://malware.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\settings	rbxfpsunlocker.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1498570331-2313266200-788959944-1000\{58869C60-5C2A-40C9-BB6C-5F79CE57D63A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
4960	msedge.exe
4960	msedge.exe
4600	identity_helper.exe
4600	identity_helper.exe
5084	msedge.exe
5084	msedge.exe
4268	msedge.exe
4268	msedge.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe
3680	rbxfpsunlocker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
3680	rbxfpsunlocker.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
3680	rbxfpsunlocker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 5012	4960	msedge.exe	85
PID 4960 wrote to memory of 5012	4960	msedge.exe	85
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 5112	4960	msedge.exe	88
PID 4960 wrote to memory of 3292	4960	msedge.exe	87
PID 4960 wrote to memory of 3292	4960	msedge.exe	87
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89
PID 4960 wrote to memory of 2832	4960	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://malware.com
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff936a646f8,0x7ff936a64708,0x7ff936a64718
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1751572752622932791,4272531459348536399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:6000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64-hotfix1.zip\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64-hotfix1.zip\rbxfpsunlocker.exe"
1⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64-hotfix1.zip\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64-hotfix1.zip\rbxfpsunlocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d8588a7d7bb0b66fb439edf73ee37563

SHA1
a2398d543e3fbeb197e2128654bb5a1afd599585

SHA256
2210c60cbfec62e2bebd2c77783511100072459b3d0cc296216eab8e72d8af35

SHA512
7c87e7b4ec1d643ce2672ef9badefad6832c6fcc4053cedad2d34c52004aed4e0a589e2f839ace7bcdb0f409fff836ca7ce20dc882d9982568176d4b1c830bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
17KB

MD5
c67d4a3d3138d3caa7d1b4c39bf7bc5c

SHA1
c0968a1c8266360ec5e8cfc0cd415739a32f413c

SHA256
d1fd9f6089b502cebdd5f8f44cb38becdb045e9f1643352fcb03b02240f1f7bf

SHA512
19c5b3ae70b66b574ce42c9b4f2ee490fa44ef7e2ebe59ccabaf5bb28afc4a2b9b5bc6261d047c76b0bac997cf40c6406bd509b03bf9367aa40a5b4b1638c30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
88KB

MD5
0243d388e8b9f0f12f7d2b67e719cf73

SHA1
39bd292a8a602c774ce189103b51cbdbee85c14e

SHA256
f7a8bf314a7a54ef1a2ce6d2ed661c6ed9c41dcf756783254739cf72416c0c73

SHA512
c5dbfb863e46ecb046727f23444f1748b24085618e423d00a936ce6870a00a670c9fad389d5b95a1527713c987a73432b43973a30439c59b4f137388b544acde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
fddae0c2f82e1e61f6c30bf147f0c219

SHA1
4ce056135b1451c9c94980d67cf65d92415af232

SHA256
9b77cea1a3ea736aa5e73ef381b71103b46e891f91472c54f803b5c8020e895f

SHA512
100b3dd9a491b48a0e190cc0639ef77cab69cec5f79faaeccb56e5d54d0c67a0fa5527e02bef7f0ea558258780f511fc3bc0ae7a210f492f1725d0165d4c9b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ac021e6b385f94d4acfc06924f172517

SHA1
ddaa162ee9ba40412ebf8b75a382a84cd60a4f46

SHA256
badddee45387379819311803db40139edecee44410a67c9d8a47f7d74c9d99aa

SHA512
a8b27feeec24b3d3d6edd83927d492030853efb3ca834625ba77b145df103af373456aacf27208e87dafb63aecc0c92ad23573e5c5457954ab36601345e01af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c57e0b7ce72dfd6d24834d4da732e8cf

SHA1
9909a88b9122718ec45436a0f44a94dd2cbacab5

SHA256
3a9b4687402c79e6938019dca709cdeace0c37f1315c944b55f513a833200bce

SHA512
4b065adf6f3d1cceaf8fdc91b92b50e239d0d3af7df49adc3793a6c21da7d2e9e606f5e30cbecd839bcd412ecb2a340c8574c1975d1c8610b115b5db6747a589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8f91dec59e011ff8b8f0e90c988a405b

SHA1
69984ffd016853156e2147ba7302f5741238fa58

SHA256
9624e813541bfeb0c615c46809597d08e9e11aa0d29fe7ed080b4aaad5ca74d8

SHA512
ba1ba3001d5d5e94a9fa7091c0cf4b9703c7c3e514d201282a8347bc7759eaf482f2e64cfc77239bca39494606d9d76d357fa62bb3cec4d3baf6b668ed722e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
784B

MD5
289bacc8bca793e8f013b05605d82eee

SHA1
f5e0bc67e0e5773bfd91e85b6e327f16d25d294c

SHA256
463e8943fd90d93c246a327a8c425944373301097a8ea645299e8964118139ce

SHA512
4e83664098a2a51c35fe19035f45473f7723e09d502607559bba5d7970d536e4ad9bea3b8b42430d33217a645dce09d2cc9dbbe9fb8103ff1cd526555ce3ed9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dafe4cea31bd302240e4c1c6405de14f

SHA1
fce21596c36d09569065584516cebfe0eddd9aec

SHA256
17ee6d877d65c9f5760b23ec55eccb05faf731ef2ba5090e618c7bc5e3bf3a0f

SHA512
2355d75c0ede60c4f0238a1bcd8d6f3262207cd8dc48bca06c7dc34343579079ad047c0e899cc518922484355fe7426218f1febb861dc18f4196fd64f2bd20cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cc255e18a767cb9cc1f71d1472c4329

SHA1
bb06131050563d4f3db14120d3ee2acb99de82bd

SHA256
8a242eb2f27f707d6f18908912ce1dc85a1238615da3ae29998d48ca9816e678

SHA512
60264dc1fe0023fb88cddccdf3a5fa1d0fdd5a709324622ad0e9053ea1bf49cdd789c403c79e0fe2efe57de775cc338aa37c01a5d9ea0507beda9de23906ed05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6504b2e4106eb3dc16c23cd2c879133e

SHA1
978b0720458c4a2037d0b0b371dd07d8107b7d89

SHA256
b5eeff785e8a9bb9357efe88a44fd481c709f1249a4d0e42e63e75a3ec5c222e

SHA512
4a4203dbf1216eba8bc30f4e37b2ded859233d988f49aea0c0c984aa0b62c91d2fb5368f243fb1507a24e14e8cbf705a230b3b21bf79bd76257ab521de4b71f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26381d5a7903c795d64ff086ef8a1fe8

SHA1
ec5e1bffb34cb432b233c616e6f1bfdb9c54c9c2

SHA256
a79caa32125708c1ed954b62b99c0a929d7b47d6ab288ef1f9ecd4111bd11ffa

SHA512
4595aab317fe0277e2def1fccbc64a0de5542af96dc7e191fb336969b09daacfbd5a731825b29452879a37d795e37937318d17b3ae87c9d2be7121dc642f62a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e50ae6a5f8c63c28df15b44a32c27c7

SHA1
37d4d5871f82bff561cd1faa57fb85629c6e5a47

SHA256
abccfdc11dd2a02bbf9da2d6f760e02e1b934bed4f6e1962b5e6acd61d818e92

SHA512
cf92c461a2ce915c308f9c83e8b82414904c201433a168686ac643e384a3c38741d4e7de6b8d65e5ddc2046bb86aeaddd3eb1ad4d9d29d9ab1f2450a17315bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3de69a78c8298764fd6911db30d38e6

SHA1
45335b26c4a8fb75052244115c63d62764e550f4

SHA256
c786036ba5d0739ebd56b58d8941d67aa077d7032b50f3e3f5b48f724b068b38

SHA512
840d67498b61734a8c514a7a879189c63e1370f0aa9ca4d34705dcc7030f2e853f6f6b0b448fbf1b083009ef23f492064c7db1d68a4f986c62bcc8f31ab74c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
385e6af336933baf3b299672441a8e80

SHA1
2c863b36b6328317854bbeffee753c2b3db6f7d6

SHA256
780d3db042f00fda98ca9b28a2b2e07e4c75cd9042d7d3ccc26ffae75e33513d

SHA512
1a06136b2b6fe6527d84075346e6bfd6e4cad7f63480f3d744747b2c960395f27653e14866df6efa839152a67ecc2ea9eca46c8b0d134ec7c961f357cee52a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5fab8f3240218410a18c4de531986c96

SHA1
b40740beb9cece34ac7e0ba1c05548220ce2aa66

SHA256
720d4d80c3b25267eb3521248ca1beaef27172d838a60ee3b9506d7bc6f1f243

SHA512
9c3f44ccbc11298c50eedb94fde32a5c582178b7ef517771d7151c2e4060ff4558c1d16720fd0ba165ff9cb17c70df535325c8e52fe63a316e01a5d98eda8bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
035258c19aa92c9501f3fd937225b038

SHA1
0e9f1461d64fd19e6c2a21d974d86b9c6d8e3ed8

SHA256
caa820191bc76b4feef7443431bf9d278a6645b2a4e01f7ab5ace179393f9f95

SHA512
7db177d5fecc2bc8891add3a405c50a4e185c590969a03263c420ab3664b439adc4b8dfc31386574f3a9e08a4952d6cb8cec6e51efd10b65836fcc58f508eb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f003438ad7355daa85370b11fd8c882

SHA1
7d2ad1ede9b206ed0694dbbecb56b1df04c8575e

SHA256
f244ee5690cde445d307de834d8a41c006e057521edf8b57ef63ceb7bc40c6ae

SHA512
e96bd64b385aafff3b697e6f1eb58eb1bb322fd5df56893ab85cfeb7f41fc2757453da8de1305e2b9e927fd81a8f009b9173b3fd84337e39572a6c1e3937b389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6d7b71d2d9848848e2ad99789861a58b

SHA1
ac89a9c4f17acb401cfb1c539b403efe7e79df02

SHA256
2867a49aa07a1567f38814b8b5aff2f3764552c15d05316680d489b839102f50

SHA512
210a0b247685d5913f5223f7e50c2a2713f339582e285bc154e23c247bd3d310f47d370b5a32f79dff9cc5314a4f094837f29f49419881fc7c46c1f6e9782b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592c94.TMP

Filesize
536B

MD5
2fcfbf1a11679aa679c8ddb80d0ffac4

SHA1
4baa4961d05dc3662356cb36f0202c438dfcbc4f

SHA256
c5c53e30373485a927d22227b08d046870b351fc59f32e2bc8dc9cdf3a502eb5

SHA512
e5c5456fdf3343a9dddaf78146ed92bd13fc80e14076e7430a2046f3d3bcd204901673ad35e388eb4937fda38af59259a693de6fee2a887d53bae4c48bf9d714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a6c6aec6f2eec49672b1e21a233c9c5c

SHA1
28a0537514d41612e9f25b661458d9e09eb07308

SHA256
22f552a6dc6e35e49e3728cb10d18f0c8d939222c6f2dfbc71a104870bcb54f1

SHA512
8d153c2fa617addc00ee771d7fb806a181c1034058dc5abcf5a61d04280c42c7b6e1ce036bd96ae4a3071cbc51d65c0c31d4b5576d7694493147bcfb327c56e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
911bbe4d5d92c780c0c8b2922707aa72

SHA1
73f96e7a93a8fdf4b272cf78cbcadd5278e3b4d7

SHA256
2e6cb73e230f57ff732f2e56a7f6eb9e0bfa8e48e5caeec3e814e93b3308167a

SHA512
b2803139ff3f4b06c9e2cec72aeaa38553082df34bb8fd9dda20d2ebd30b6b22b48ff25442e770f9aae8a1091dae6b64d9e5a5e1a071bf91ba947d65f7fe71e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
5c1031fc4b848de930b93047f60a103a

SHA1
fd67fe499ac7a5ff8efaec71861f20c79f457ef0

SHA256
7dbfb4ecc773d76d540f1817adef8799c1d1632466a6dbd3bee9a0f56c0e16f0

SHA512
6197cfed97ac3ea0c0bef37d516fa0532df872fdc3dee65431e3922e31ca3872dfd00fb7d3b2e032e5e68762d50c6946d4ba79aca37db21b98cbdceaa6ced29e

Download Submit
C:\Users\Admin\Downloads\rbxfpsunlocker-x64-hotfix1.zip

Filesize
248KB

MD5
c01ddc6071780ef458afdeba257d2e60

SHA1
3dbd463263aca86b2124a584cd9ae049fb87eb9d

SHA256
8d272076d23767fc6d36be4af12ee3c87fe3b9602605f10685cc4d6df643dc25

SHA512
c6e19f83f74ff087f8167fab01c68e33f8184c948cc9044de9f114f0698f7c46e5e35e6eca30f7643046d443556ee6743d78c3a9d4da6c2e33f7cfeb64d71b04

Download Submit
C:\Windows\System32\settings

Filesize
283B

MD5
133f4c41695f5735f3eb050a8b7e2a0d

SHA1
08fee1931863b2cd9a5bb02512b7f3359f1a719b

SHA256
cde855529a5b7a536c038dd405861716c1bdb3d6326742bb3fc49e37c08537d1

SHA512
b1de820f9c1fa8c9e1b6c91aa77d06a2d3b831a5ddcefebd98ea5702ad9c42582229afd87be55a7756aae7d7097dd119525d5dbad75691c05871bec2e392a55a

Download Submit