hxxps://github[.]com/rbxfps/roblox-fps-unlocker/releases/download/v5[.]2/rbxfpsunlocker-x64[.]zip

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/rbxfps/roblox-fps-unlocker/releases/download/v5.2/rbxfpsunlocker-x64.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
2244	msedge.exe
2244	msedge.exe
4812	identity_helper.exe
4812	identity_helper.exe
4008	msedge.exe
4008	msedge.exe
5608	powershell.exe
5608	powershell.exe
5608	powershell.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5608	powershell.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 4844	2244	msedge.exe	68
PID 2244 wrote to memory of 4844	2244	msedge.exe	68
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 3516	2244	msedge.exe	72
PID 2244 wrote to memory of 4164	2244	msedge.exe	77
PID 2244 wrote to memory of 4164	2244	msedge.exe	77
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73
PID 2244 wrote to memory of 2252	2244	msedge.exe	73

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c6c046f8,0x7ff8c6c04708,0x7ff8c6c04718
1⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/rbxfps/roblox-fps-unlocker/releases/download/v5.2/rbxfpsunlocker-x64.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15843037173678463159,7675418211761253197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64.zip\RobloxFpsUnlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64.zip\RobloxFpsUnlocker.exe"
1⤵
PID:5484
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3928f80c-e340-49e6-9c62-37b0d517c8c2.tmp

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
250f06c014a8ecf372f92d8e73af7b7e

SHA1
8bf0e1c74fa153f6901611f89b66ff5922436277

SHA256
c6328be14d55bda98191810b2e704cc4a65618419a5360ccd3df9343081f3422

SHA512
a678147f792fa89802ba3dba982442466ca55ba4550d204f7601c71d3d38c30fe7a0f52b3a369cf398759ea26b8326f5a8efe235712b99cbed177a160adbac6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9e5dceaf09de631b167cf57b4c172f3

SHA1
21c3350c35fa6ad6499a591815e4ce0ab4b605b5

SHA256
a85b1776e22fb296317e12f4d7d5ca0f5ceab061008c7977e3631be7b1c75b1a

SHA512
b82c3fcf8043a5714d48d011704de74deab5f6f3219bfa17cd3a00e3b3b5388c48c98b24bc55fb31e4e12ab2d61e41aaa2ea3bf9c9045b3bcfdec9cf56af772a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c770423f0049379e70d53f1dc0124e37

SHA1
d9d6ea379a8526a79b54eb0984747adaba27725f

SHA256
c7d0cd38e57d1bc047f02bb19fad654eb701bb4231607bded32d0274ff41a414

SHA512
a850ca5603276ddb6a7127efe0ab31cedefbd34cc42c8ad8d05c4548842488376f073dde4c80c07a54a6fd9bb7f468bced3a984481af263864d5b62163241910

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v1xags3e.qqr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\rbxfpsunlocker-x64.zip

Filesize
356KB

MD5
87d9faf35af9d290a84605cf97178f98

SHA1
7bd9d4593f59c6068ef0964aa8dc64e2664a9a9d

SHA256
9dfbd16fdc613403f21e693010aa1bbe6c93db284108279f54e441cc5a20b464

SHA512
4e57175dd873104565c6a6a41cfb2d5abc71b4df545d7eaa5e60fe06f42ac418fa88f49e7ad31e967796bcbbeeb12020e1745d1333b02f8c7723a11db06feebc

Download Submit
memory/5484-86-0x000001A76DA50000-0x000001A76DA70000-memory.dmp

Filesize
128KB

Download
memory/5484-87-0x00007FF8B2B10000-0x00007FF8B35D1000-memory.dmp

Filesize
10.8MB

Download
memory/5484-110-0x00007FF8B2B10000-0x00007FF8B35D1000-memory.dmp

Filesize
10.8MB

Download
memory/5608-99-0x00000245ADC60000-0x00000245ADC70000-memory.dmp

Filesize
64KB

Download
memory/5608-102-0x00000245AE500000-0x00000245AE576000-memory.dmp

Filesize
472KB

Download
memory/5608-97-0x00000245ADED0000-0x00000245ADEF2000-memory.dmp

Filesize
136KB

Download
memory/5608-98-0x00007FF8B2B10000-0x00007FF8B35D1000-memory.dmp

Filesize
10.8MB

Download
memory/5608-103-0x00000245ADC60000-0x00000245ADC70000-memory.dmp

Filesize
64KB

Download
memory/5608-107-0x00000245ADFA0000-0x00000245AE0EE000-memory.dmp

Filesize
1.3MB

Download
memory/5608-104-0x00000245ADC60000-0x00000245ADC70000-memory.dmp

Filesize
64KB

Download
memory/5608-108-0x00007FF8B2B10000-0x00007FF8B35D1000-memory.dmp

Filesize
10.8MB

Download
memory/5608-101-0x00000245AE430000-0x00000245AE474000-memory.dmp

Filesize
272KB

Download
memory/5608-100-0x00000245ADC60000-0x00000245ADC70000-memory.dmp

Filesize
64KB

Download