Malware Analysis Report

2024-11-16 13:38

Sample ID 240530-pr5j3saa49
Target rbxfpsunlocker.exe
SHA256 77b09fdd0b43a407f40f5ea1d86bdfd1c0863cf13608f2750fc25d5665417530
Tags
xworm evasion persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

77b09fdd0b43a407f40f5ea1d86bdfd1c0863cf13608f2750fc25d5665417530

Threat Level: Known bad

The file rbxfpsunlocker.exe was found to be: Known bad.

Malicious Activity Summary

xworm evasion persistence rat trojan

Xworm

Detect Xworm Payload

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks computer location settings

Executes dropped EXE

Checks BIOS information in registry

Maps connected drives based on registry

Adds Run key to start application

Enumerates physical storage devices

Unsigned PE

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 12:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 12:34

Reported

2024-05-30 12:37

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FpsUnlocker = "C:\\Users\\Admin\\AppData\\Roaming\\FpsUnlocker.exe" C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 912 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 912 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 912 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 912 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1948 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1948 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2756 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe C:\Windows\System32\schtasks.exe
PID 2756 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe C:\Windows\System32\schtasks.exe
PID 1964 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1964 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1964 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1964 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 3656 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 3656 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 3656 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 3656 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2908 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2908 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2908 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2908 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2012 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2012 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2012 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2012 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1080 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1080 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1080 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1080 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 3356 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 3356 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 3356 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 3356 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2088 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2088 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2088 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2088 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2504 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2504 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2504 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2504 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2932 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2932 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2932 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2932 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1336 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1336 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1336 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1336 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1044 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1044 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 1044 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 1044 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2500 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2500 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2500 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2500 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2892 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2892 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2892 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2892 wrote to memory of 524 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe
PID 2336 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
PID 2336 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FpsUnlocker" /tr "C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe

C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe

C:\Users\Admin\AppData\Roaming\FpsUnlocker.exe

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe

"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

"C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 blood-sticker.gl.at.ply.gg udp
US 147.185.221.19:65461 blood-sticker.gl.at.ply.gg tcp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/912-0-0x00007FFD4E233000-0x00007FFD4E235000-memory.dmp

memory/912-1-0x0000000000390000-0x0000000000402000-memory.dmp

memory/912-2-0x0000000002490000-0x00000000024D8000-memory.dmp

memory/912-3-0x00007FFD4E230000-0x00007FFD4ECF1000-memory.dmp

memory/1948-6-0x00007FFD4E230000-0x00007FFD4ECF1000-memory.dmp

memory/1948-7-0x00007FFD4E230000-0x00007FFD4ECF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FpsUnlocker.exe

MD5 13b1f52af285016c137d37646b99e2fd
SHA1 985926d09d6d231621f4e4c53547737381af356e
SHA256 57cf877bbf970e3ad2fa0877dab961a96e16e5745aa27badfd9ff6be27f5515f
SHA512 b235fb7870f9483f255b706180bf2f681b8d7cb129b41f411a4c07cfff96f0dcd738afb9e4ec67560124d90512efc7407e856eaad31f9304d6a098801cedcb7c

memory/2756-19-0x00000000009E0000-0x00000000009F0000-memory.dmp

memory/912-20-0x00007FFD4E230000-0x00007FFD4ECF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rbxfpsunlocker.exe.log

MD5 cd7e88a5c1b5023aa2e9647a22a3ea87
SHA1 25473742a40fe87a4323fd311f9543c9243443ad
SHA256 716972434bed208012b57e2b6e93a1e0e2035b7b04083e5724e0c2b860d2944d
SHA512 3799e686c3a4af7f0049be86031c1c08b7d36aec88b909cae8181db7879eb6c6a1a56f42bb51b2f55f509220a1f827584b382b261ace4c6366a015fe57f93e90

memory/1948-23-0x00007FFD4E230000-0x00007FFD4ECF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\FpsUnlocker.exe.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1