hxxps://www[.]google[.]com/search?q=google&oq=google&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg5MgYIAhBFGDkyBggDEEUYOTIGCAQQRRhBMgYI

Analysis

max time kernel
70s
max time network
69s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
31/05/2024, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?q=google&oq=google&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg5MgYIAhBFGDkyBggDEEUYOTIGCAQQRRhBMgYI

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\settings	rbxfpsunlocker.exe
File opened for modification	C:\Windows\System32\settings	rbxfpsunlocker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\rbxfpsunlocker-x64.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3932	msedge.exe
3932	msedge.exe
1536	identity_helper.exe
1536	identity_helper.exe
1932	msedge.exe
1932	msedge.exe
2672	msedge.exe
2672	msedge.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe
2524	rbxfpsunlocker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
2524	rbxfpsunlocker.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
2524	rbxfpsunlocker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 2860	3932	msedge.exe	76
PID 3932 wrote to memory of 2860	3932	msedge.exe	76
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3532	3932	msedge.exe	77
PID 3932 wrote to memory of 3268	3932	msedge.exe	78
PID 3932 wrote to memory of 3268	3932	msedge.exe	78
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79
PID 3932 wrote to memory of 1776	3932	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=google&oq=google&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg5MgYIAhBFGDkyBggDEEUYOTIGCAQQRRhBMgYI
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc6ed53cb8,0x7ffc6ed53cc8,0x7ffc6ed53cd8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6061578794396301193,16382754241895266177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64.zip\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_rbxfpsunlocker-x64.zip\rbxfpsunlocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
75f337945bff9ec6fd28c20e28250188

SHA1
007b7bb47ebc72356f442f900b48ca19e724c67a

SHA256
67c9ca38aba106e6231e7ae7e25251e452502a4cbfc013b2bb0a3ab0f7532d93

SHA512
99d47508d254cdc500394d2050df5823e2d0e371a50d61e2887d75cec09ac1a65e90db167bb8b7c78dc95df4e9ed5e30bec78319b016eb534749e1ef6133eba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ab411eb5b25837d14ae4d203e825f8b

SHA1
2f4bae384be2081c0ffb4cdc122bd5be3f8eb36a

SHA256
cfecafd2705b17a253cfb231ad5e4d21b8789b1a33d4534d5f989e2bee5f8ff6

SHA512
41b4c3c9d6fcebf8d0ed36f458fb55fd5b167c710c057b533df0d9e905dadd633c95f6db10cf5ef1f42884db45be167805e5e179e9315cc1b709bfed21e1acf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5729c96ba3de81b9da082b83663e8b8f

SHA1
eb01f99299ac03939ebb886aaa4f00d50056b5e4

SHA256
729f50f589f4d1ad6f3907d98407148d380fd32b27736ed7f4edc709cc94bb72

SHA512
9833074cd1540c836efcfb5690fbe7e03639c0a1906cd5121add45d5dd2ae39b3d18cd6ec10ed3ec75b0665c9735729311878a0da425f9c01f0000df35eafd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
344003306a364b96de5e235242c87108

SHA1
3fe094793701c27e751c3b43897b821e604c2f66

SHA256
16552944fc636ed53b9f6f5672a1595ca8ac595ad3b45cee0fadde1b10256ba6

SHA512
cf15430da43af72474520f2f74ca3775bcfa91732674634982849b2fcc0e81f1b7b6cd3cca01b393ed95f61487a923407f130161ac3215003378a679afc81ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46d28f2643a79101ee61451e708d66a1

SHA1
0e49405304e23a72ee814f1cb2a2faf61c455a7a

SHA256
314ec65e007e4dece0719b59e0afcb3013bfcab76fcaefded6dad985ff87d48a

SHA512
84d1cf5cf0ea813b8fa5392ed423bc0debe39106b4154efc740cb8b885170535d0a2167ad0874ebe39c9522a4a9f89511bd21fff4cb383c9a05d93ec44644c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
54e778d38e4e2f118cd24bf8be29775f

SHA1
c0639efb00102411cf23aa44d74ff86233863d84

SHA256
3396e0643eb074151786d302424f33fa53551ab9b28a06eeaa4794f1fe34a8be

SHA512
262e37fe44ad65209aaf30ab7726bf6604ccc9cc4790b21159e68e57fe922522e1bb2f101bea74fa0c3588d1f640e8ac59110b18dbfdf9413439957415bad8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57eb2b.TMP

Filesize
48B

MD5
d57f2caf348c5d8f2068f31ca4f47b95

SHA1
15ae26eaa605534008b702c5c41939de23c2da29

SHA256
1414a034cc1bf7b8b97a2bf73a945cfedccd90e645a1041efabc39b3a79f52fa

SHA512
8958e3d84bd1a2c94db73165c25954b6a7b1a82f5f3406d73f7b5e2b779ee6d24d36d6f07b083cf34cb3b6efaaf49580f20307bd4a2af86efd1eed41db16eafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
278248953bce5dccf848f9e16c31ae7c

SHA1
a3e165dc15fdfd61b80c855a43b76ba8dd6bf605

SHA256
8be18ab3517c0bc757e918b9b922af3924467284f4b5690e8d1a35f6a66914a6

SHA512
2ccd1ac5d1c21afc5e4128a0a2a25c5979a803468a463ec13063514b405014e86c45e86a768c81187561d9127dd50becb8bdd356f30b1611fb1b354e84787ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
093f8d1fbb51e62e9919d418b54b615f

SHA1
4bc1d608b0751054b2cb7293a60ae0469d7b555d

SHA256
c20058bd2c2adeb26ce0fcf0b07936a4467d11205578b7037aedf5847be31b99

SHA512
c305bbc5f072815a06dad11da98448dcfc058eaf51d7ae6ae4d6fd282104f4564af4daaecb772d091cd5f26da20d57d53d7278d43ac9f313c54f07622fb7b121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ac6c.TMP

Filesize
539B

MD5
cd8627033971e82b9d4d442f618fa92a

SHA1
2e5aff1e6312f007279977bc6414cb14ee761ed0

SHA256
60aec3449bfbe646e8c94250ca91a09419b64b1c903a9b98b16385751d249077

SHA512
dab1b019ada91bc297b4a8fe52f29f65857183435513203e7d6e14b01e35a723d2b280e288f01848daa187b6b90b1e3077eb73a4d1a4dc2f878a3e8a1b0d4a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
888e8b4f8324691dc13a261fe8248e4f

SHA1
45b6e7f8ce8cd693f599e6558e8cbdef8df968ad

SHA256
0909b3f8dc11178a662ddc501c280e7e1d76b2b9c9eb08908e19ca9e8e9f3ee3

SHA512
8d91e087dca2192c993458d192c0b3d7d946d968a03e50cd9cd16bd7de3659c1d1accfeee34babb84834b4fcf8450edd407b1ea2a3e1cdc9e2a890c0271ed3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29c69a6cc52460c53980bb489105cce7

SHA1
352d7a6363f120c5c694b55a638bef2c7a874962

SHA256
14e4c24ed86175757ce0fb315119339071d08534c4f31127ba289490c13c42c5

SHA512
4eee04f616dce60255f09a3c3495d01630b9680388a5b8e8bf6e246628e78a7bd171137f360c703cca17eeacc2791fd10fe90c65d99ab8211dc3653aa646cada

Download Submit
C:\Users\Admin\Downloads\rbxfpsunlocker-x64.zip

Filesize
250KB

MD5
994c2bc7d966516aab11896b8a4cbc8e

SHA1
350502479588c281ea67747288f9f2469e6c34f1

SHA256
92b2d2a44e57ae9d47806eba7e62ef0d0e3b152e822803845e9bfe74adb6efc3

SHA512
12b8bb979bc8d8f7def35cc8e727c715b442d30a9b5bf2568931d3fbe43963e540bdaf44aba88b3db37df876476b3c940dbd454ba53ef5ab9c70c8b68d58abaf

Download Submit
C:\Users\Admin\Downloads\rbxfpsunlocker-x64.zip:Zone.Identifier

Filesize
656B

MD5
ad59cdca04318f43106ff5ba9fbd3fea

SHA1
9b0df0b80285b1e03c85b5506cf42b5f9a85964e

SHA256
062f830046210bcebe6768de5beeafb2cbe399f79e81874ab7fa1c03c77c7bb5

SHA512
ce2e453bc87c511eacb1ced692bf9f10198736280cc243b9056eb68484476c5c1f02150472a5a4918f88f3dda4747593798ddfa2ea74ce76a4015c5c05b88f99

Download Submit