Malware Analysis Report

2025-08-10 12:07

Sample ID 240222-zkeeesfa41
Target https://rbxidle.com/rbxidle-installer.exe?__cf_chl_tk=OCpUeNSmM5k1DefE0VxdjEPBW5IDlh3W.Cg9HDKuXVg-1708634756-0.0-4221
Tags
xmrig discovery miner persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://rbxidle.com/rbxidle-installer.exe?__cf_chl_tk=OCpUeNSmM5k1DefE0VxdjEPBW5IDlh3W.Cg9HDKuXVg-1708634756-0.0-4221 was found to be: Known bad.

Malicious Activity Summary

xmrig discovery miner persistence

xmrig

XMRig Miner payload

Downloads MZ/PE file

Registers COM server for autorun

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Modifies system certificate store

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Creates scheduled task(s)

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:46

Reported

2024-02-22 20:51

Platform

win10v2004-20240221-en

Max time kernel

144s

Max time network

305s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rbxidle.com/rbxidle-installer.exe?__cf_chl_tk=OCpUeNSmM5k1DefE0VxdjEPBW5IDlh3W.Cg9HDKuXVg-1708634756-0.0-4221

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\system32\\dxdiagn.dll" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\system32\\dxdiagn.dll" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Windows\system32\dxdiag.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Windows\system32\dxdiag.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Windows\system32\dxdiag.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531083963455159" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{77A02F0E-269C-4CF6-9DCE-9F043424FBD5} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\system32\\dxdiagn.dll" C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{84D4782F-14B4-4AEE-B456-68DACF20B3ED} C:\Windows\system32\dxdiag.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} C:\Windows\system32\dxdiag.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" C:\Windows\system32\dxdiag.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\dxdiag.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2720 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 5048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rbxidle.com/rbxidle-installer.exe?__cf_chl_tk=OCpUeNSmM5k1DefE0VxdjEPBW5IDlh3W.Cg9HDKuXVg-1708634756-0.0-4221

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffcd3c29758,0x7ffcd3c29768,0x7ffcd3c29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5176 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5680 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5796 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4164 --field-trial-handle=1848,i,11336083487159146808,5695062061403540550,131072 /prefetch:8

C:\Users\Admin\Downloads\rbxidle-installer.exe

"C:\Users\Admin\Downloads\rbxidle-installer.exe"

C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp" /SL5="$110044,125013378,776192,C:\Users\Admin\Downloads\rbxidle-installer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault004a6447hd24eh4339hb2cch9db6543d236f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcc0b546f8,0x7ffcc0b54708,0x7ffcc0b54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1280012483325310682,6012165667665751052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1280012483325310682,6012165667665751052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1280012483325310682,6012165667665751052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c schtasks.exe /F /create /TN netidlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netmkr.txt && schtasks.exe /F /create /TN netstartup /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netstartup.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netstartmkr.txt

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath "'C:\Users\Admin\AppData\Local\rbxidle-updater'" > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output2.txt"

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

"C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c schtasks.exe /F /create /TN idlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\mkr.txt

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Programs\RBXIDLE' > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output.txt" && "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\RBXIDLE' > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output2.txt"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /F /create /TN idlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath "'C:\Users\Admin\AppData\Local\rbxidle-updater'"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /F /create /TN netidlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /F /create /TN netstartup /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netstartup.xml

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\system32\chcp.com

chcp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

"C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=gpu-process --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1676 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

"C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --app-path="C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

"C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --mojo-platform-channel-handle=2104 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

"C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --app-path="C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar" --enable-sandbox --field-trial-handle=1668,8357277042724535198,6197423008387360937,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe"

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "explorer https://discord.gg/XB94k6SxWN"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\explorer.exe

explorer https://discord.gg/XB94k6SxWN

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/XB94k6SxWN

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0b546f8,0x7ffcc0b54708,0x7ffcc0b54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml"

C:\Windows\system32\dxdiag.exe

dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml

C:\Windows\system32\dxdiag.exe

dxdiag /x C:\Users\Admin\AppData\Roaming\RBXIDLE\dx.xml

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\xm\xmrig.exe

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\xm\xmrig.exe -a rx/0 -k -o stratum+tcp://xmr-us-east1.nanopool.org:10300 -u 47KJeHrhm2xQzgxg3kYx4m8SsxDAgSXSPJAroo1aCWQN2XLdDUtFaYrgKqCbkxCQ2C9KWgGqCy94UByPc3EMVkNC88Ef6By.USER-F5wxEmlCOaT9vqA --cpu-max-threads-hint=75%

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15414619023818720812,14897947681140636277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4352 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /FI "ImageName eq netmanager.exe*" /T /F"

C:\Windows\system32\taskkill.exe

taskkill /FI "ImageName eq netmanager.exe*" /T /F

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 rbxidle.com udp
US 104.26.1.132:443 rbxidle.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 104.17.2.184:443 challenges.cloudflare.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 132.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 184.2.17.104.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 167.109.18.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 92.123.128.175:443 www.bing.com tcp
GB 23.214.133.66:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 175.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 66.133.214.23.in-addr.arpa udp
US 8.8.8.8:53 prizes.poq.gg udp
US 8.8.8.8:53 static.wikia.nocookie.net udp
US 8.8.8.8:53 www.mygiftcardsupply.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 d13080yemosbe2.cloudfront.net udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.66.137:443 code.jquery.com tcp
DE 74.120.188.204:443 static.wikia.nocookie.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 172.67.27.71:443 www.mygiftcardsupply.com tcp
US 172.67.27.71:443 www.mygiftcardsupply.com tcp
DE 54.230.206.115:443 d13080yemosbe2.cloudfront.net tcp
US 104.21.91.108:443 prizes.poq.gg tcp
US 104.21.91.108:443 prizes.poq.gg tcp
DE 74.120.188.204:443 static.wikia.nocookie.net tcp
US 172.67.27.71:443 www.mygiftcardsupply.com tcp
DE 54.230.206.115:443 d13080yemosbe2.cloudfront.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 108.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 204.188.120.74.in-addr.arpa udp
US 8.8.8.8:53 115.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 71.27.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 36.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
GB 142.250.200.14:443 tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
GB 142.250.200.14:443 tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 rbxidle.com udp
GB 142.250.200.14:443 udp
US 104.26.0.132:443 rbxidle.com tcp
US 8.8.8.8:53 132.0.26.104.in-addr.arpa udp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 s1dmkhhza8g.s3.amazonaws.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 3.5.1.13:443 s1dmkhhza8g.s3.amazonaws.com tcp
US 8.8.8.8:53 13.1.5.3.in-addr.arpa udp
US 8.8.8.8:53 pxnid.com udp
NL 23.109.55.108:443 pxnid.com tcp
US 8.8.8.8:53 108.55.109.23.in-addr.arpa udp
US 8.8.8.8:53 nl.node.soax.com udp
NL 23.109.105.124:443 nl.node.soax.com tcp
US 8.8.8.8:53 124.105.109.23.in-addr.arpa udp
GB 142.250.187.194:443 tcp
GB 172.217.16.230:443 tcp
US 104.26.0.132:443 rbxidle.com tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 o1015326.ingest.sentry.io udp
US 162.159.135.234:443 discord.gg tcp
US 34.120.195.249:443 o1015326.ingest.sentry.io tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
GB 142.250.187.194:443 udp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
GB 142.250.200.14:443 udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
US 8.8.8.8:53 xmr-us-east1.nanopool.org udp
CA 51.222.200.133:10300 xmr-us-east1.nanopool.org tcp
GB 216.58.213.22:443 tcp
US 8.8.8.8:53 133.200.222.51.in-addr.arpa udp
US 8.8.8.8:53 22.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 104.26.0.132:443 rbxidle.com tcp
GB 142.250.200.14:443 udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 104.26.0.132:443 rbxidle.com tcp
NL 23.109.105.124:443 nl.node.soax.com tcp
US 104.26.0.132:443 rbxidle.com tcp
US 104.26.0.132:443 rbxidle.com tcp
GB 142.250.187.194:443 udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 162.159.136.232:443 discord.com tcp
US 104.26.0.132:443 rbxidle.com tcp

Files

\??\pipe\crashpad_2720_RUOSURTBMSOOJNIW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 511161bcf91cb66ba46225d917fa83c8
SHA1 5f6ee294e102ef966a942e245bd9b653799d7b9a
SHA256 e19da6ec0b31262fe9b86d347c8f2bc5a5c009683eab2437b80d1cdab8699802
SHA512 7889b361717b30cb8c726b57e7bd220a0a02906c98f8c1a219ba0e8b6be7012a6707f425ba8bb079af97a3eac96b5e94da496a9a407422dabfbcce65fbf9cff4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 072a41550fec946c8882a25e6ba7cf78
SHA1 956ae5a66ed3ab31a5c33de7ffda947dd17672d7
SHA256 7c18c00d46b2b0445740c63c6652a5d6f089ef4369509c6bc94213ab821c349a
SHA512 da8aec715bb4c97f3f61de9ed694215124b90ca59e1c860ec25b2661654d4453adf221f951e97ca1376008194de271fa8d9c6a947eb709f7843287e4d4989457

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4234377d890264c333984bcedc534d5
SHA1 f610986b02072ef6ec009513f3e7fd997ec4802d
SHA256 c99644b62431103452f64807bd2c9c0c20d6dc028fb64f91eb6081420df3f596
SHA512 58f26ab5aaedfdf38f49130190bd614bf44f6e27464be6ee0cbc08f8df5d2ee3151ccb4d3e69b0207d5f39f8e9ab49971e433976d5422e755a308bca64442a90

C:\Users\Admin\Downloads\rbxidle-installer.exe

MD5 88cfd44049ca966be713de4e2a2c7d68
SHA1 cf57333640f44c2182fef467afcbdacba35b15c6
SHA256 8b8a48162f888ef01e6175b62b7b6246cfdc0b7f863fa328b66351c23c274730
SHA512 00411f5bfab666b3c152b355f087f1bf6b04802c4d181129bc92d45304c650cda874668ac281d24d384f0c03e3ba23b45e16f7faa3087d5dc1cc6caac576c909

C:\Users\Admin\Downloads\rbxidle-installer.exe

MD5 f726533259a17da51177b2aaf1c7b760
SHA1 bd2929bd26ab6deb3f1aaada090e5bdd8d67a101
SHA256 4ef6f86e080f350374537c41b056b7d566b9807ba340ad5db2aeb99e89c4e454
SHA512 af7b82f78ebdc958c73a61785fa9a564f341a81d4adafe8fbfbe7cfe92bb9a9b600c5308c70917c1d96b8513d8e4aa17709ba3fc4e4d7ce3246cd5faf61f42cc

memory/2288-80-0x0000000000400000-0x00000000004CB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-5HIDA.tmp\rbxidle-installer.tmp

MD5 5d2b340269b80b8539565c734805b3a6
SHA1 473c11b4cd6890e1adae273f4b6f4ea90afa7338
SHA256 ef161a55ba9a195c92a394d598fb1dccd5a2932a0b7cfd0376c499123d0ecca0
SHA512 d83e51af7a181abf9db1c0a622660a1779b91c0a60cd5a93c6dbcce2c8ca60b964dbb4d2f3d68cccbda375b12d4b19ab3e2c97c9dea8dce08f678a1534a133d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93fa50d67994d9e626922add29e557a6
SHA1 a40cd30e41d320393ae313532ac2691f27a79484
SHA256 dc2fcbb2fd5fbc139ad581ffc23d24f6ff82fd8730695f24f6a9a70c93ffb7ee
SHA512 eae490f40523b3e6645788f50c4711f1dc2026ddef9bc6b6fd2a65a2bbe5e160d41209d24d5212bf0653cc4e30c891f72abd97312dbf98c9070150486c18dc72

memory/3452-95-0x0000000000920000-0x0000000000921000-memory.dmp

memory/2288-99-0x0000000000400000-0x00000000004CB000-memory.dmp

memory/3452-101-0x0000000000400000-0x0000000000705000-memory.dmp

memory/3452-141-0x0000000000400000-0x0000000000705000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

MD5 6b6689fec09d20c078ca64eeaa717c1b
SHA1 6a20c63892b01cd63b59ae89eef718973439ecfa
SHA256 55698a54c614136560850d1682382dc8f6f8162c4b14c2b088244d862b5b8d4a
SHA512 511de77e9c2d27fc1ff1d00a1ba325f51698a147229a9815d4c870f8572c9c8797828ada887f87f451dacc34663a4730ec2f2f9ccdd34813d75dba9cb925b979

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\is-2B1UJ.tmp

MD5 6dbc4226a62a578b815c4d4be3eda0d7
SHA1 eb23f90635a8366c5c992043ccf2dfb817cf6512
SHA256 0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5
SHA512 3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\is-LI057.tmp

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\is-B71VB.tmp

MD5 4cdcdd8071d02ede6173232f7bb19bdb
SHA1 b70c045a79039e50417958fddb7fea8b4b9efbfd
SHA256 6f2a0cd9dbfc52578dc28a25abe671d0ae63c36cdd06b6be8f08c56f02fbba13
SHA512 049c467eed33d2d19ceeea6a00218dc3236ff27310277416cf8891243d774498172755cd7d5f0433ee0e8dc677fb350a25e44d9c763498e4906ab13dd92074f5

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\is-9FS9V.tmp

MD5 9ace56046961a8104d0f5121872cc010
SHA1 80fe32788daf39b1c16ff4c471191d1d212423fb
SHA256 dd9aa7a2c61535a9a49645f7f049a5581be150456ec1f18193d43ea0b6cc273a
SHA512 330ad8371fccf39efffc847a32be32cfea8a8693474d7d0537e80c0b0200ee8561a732fb98072caa5a4d65382b417d78430586b640266c811c51f3ef3ac1529e

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\is-C3BNI.tmp

MD5 bb97e2ae9bc6bf8e171d26e40f59361f
SHA1 9bcd87d5bca1e18efbd118d93d76002aa12baa12
SHA256 1f93d65a2692da30ba3997fdfbfbbe5880c2ea76d6cab9102faa8a6431350e02
SHA512 606111b939b1fbe3008f90af616470e9c9d320a70021348540c03d32355892c5989df28d08158930bda313d3f0d9549aaaaa7ea6c1788ce4e283340abb954163

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\is-C87IA.tmp

MD5 db6f4017a24d2cb070ad3de12adb78f4
SHA1 94fdbee3e734a2df38fd68be4837e8fef066f005
SHA256 412d70757c4fdecdd73355ac4bb3ba80c6705110d15cfbc9fe925e7b4faf7962
SHA512 decf0a4297001fe030bbeba5748a72e9685a4590c83a90ec512dc28412a4a4f89e8ce97d1c8824309f50d9ea111e42c9428714017bdad47ff3fd7d241e19a352

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\is-ECF6N.tmp

MD5 a0e3bdbe9880037f3c31443251b43932
SHA1 5786a415fd2dbcc2250751a15801225b88ab7993
SHA256 36f93f53854708454d6f6f05232e28b17b1dbfbe94cc194470e449c4e7e9dba3
SHA512 355863267b4e48ae9575ca1baab1c2a167fe60e7ea568df52ebfb317c89e0511b5c88f13fbd55b880b4b53ce0a688c0c005412bc31c67c0e895f123f713c75f6

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\is-BC94R.tmp

MD5 ddbfd5852e8bd2337f0cc8a40d9f4d80
SHA1 8479b510d385d3c4be23f6ffad3b1be2db329179
SHA256 bb6f80cccd928864f67dc6ddba48443dfb51191b9d6506b01823ec05c48a151d
SHA512 875490e7ff4c9bb387e48223ed91b4d5f18dfbdc27f045ab7fb302d4882c094371fed961f9eea85673ab41aa8fdd785412cc91fa3282270e24787949304bb146

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\is-FK4EA.tmp

MD5 60321adade3f5c1dfd761800fe1909d3
SHA1 39add6e5c395d04d3450874cbf79050d91674d04
SHA256 6a669fdc9331a3e8c4a75ff456bc66f96e85a8dfa3d28828307fc68d92e70fb1
SHA512 5f3c21dbc86318d0a3786313a433ae95a58241e7b8053ab9f2292a96e83b569219a6406b39d2e3a832d05314437e1d8db0c128858fe0a4b4369a65500c63e77e

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\description.rtfd\is-TN48E.tmp

MD5 cb51e6fa885502ba84f7d85355106e28
SHA1 def335a818a1ade9e99cfe7144e83bed2723212d
SHA256 ca58c48c0f35c7768863f31357f68393f7709e9810818b3a06b3004274f03a56
SHA512 33dbeb9c18e2a54c7c41282d73284b0a8c6d3ed0bb5cc556ce5d02ef0c670c86b74b46589750b866d2f148ff3b7dea655e1f3403f50847d527de4d24a5cbb905

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts\is-JQLD2.tmp

MD5 35aaeb5ecdda5864920916f04d2ec307
SHA1 266ee05dd4a3e1869e318825c97c3290ae4439e5
SHA256 21ff89939fd03764301b1ab1cef0baa277bd2245fc5b9b4b5aed08c1efedfff3
SHA512 00a609155a776cdfdb0a0cf4c6ea43e0dcb9a8ca2d3b842dacb426a83b835c053700388912b4f1575150167167aab442fcc5b436e1326d81c6bb8e10ac3a1520

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\rex\is-T2MFP.tmp

MD5 2d979cfc95c6a20e03b679240d0a761d
SHA1 56b4e450a1584df0a6df666e1df6bb0e59923a13
SHA256 ca5f8b2b53eb90262156507e13d49dd3b22f47ccffb8b7cd427c1d28a8cf6d81
SHA512 b1c6fb5dc0d8034b7174bbbd2600506379ccbb9ea35dfc432ec090243a64f4d52f38ad152f4c764b5a3029d571bd65c924fff46f9a8f06f15853b32b3cd6cac7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ccf8b7b618672b2da2775b890d06c7af
SHA1 83717bc0ff28b8775a1360ef02882be22e4a5263
SHA256 ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420
SHA512 eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac2217621073f89f3152e569e9000eaa
SHA1 529357fb8350b0bb131f5ff4a4ee77f94dda5113
SHA256 eedb94e36a0325edf716beaba1ee878f81e67b88c974f97b613669d403328db3
SHA512 236884b763d7fa01fb8c647506500ce64b070bf7f737f93f5700da33b9fc3384b41dab85e09b3c742492b4ae777de6f07359fbaf326e0f54306f44e14e53dba7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f983034d04d54b66021ecd0743c6c5f8
SHA1 56bd9c0d2f852e4a47160c013b4aa6d81e0ff874
SHA256 af11e256ab7f8e2c154cc36795a0e76bec25bc9a25670aff165106d08ad5b8a5
SHA512 15bcc714a06cac8690a33efa1e95a6eee8ca0b9f3f92acab59229c8cb9c93fcbca629a9468a485393fe0882317044902ee2975eabc4b0e19a9796c2ecdebd313

memory/3452-961-0x0000000000400000-0x0000000000705000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a51d3f8a28ff34f9eb40c027af2fa9d5
SHA1 d1089dbf53f46ea4b517c816482ce7ad099cd491
SHA256 9f3b56e628b7c1328ba8ed7d5d803bba7973cff35fc2836e001ccdf5f9cfc953
SHA512 9c93256a6d20eb0db5471276583a2b585bd9e55c5dd2d650039633d33e74abb6f59e57482a89bdfcf11cbc1eafd2614b3f96d8fb2eff49877d950033aded0c73

memory/3452-1090-0x0000000000400000-0x0000000000705000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml

MD5 480a741af8ce19faead029edc0ccbd1a
SHA1 87be7d55ebf72b28d551398baeccfa9687d48729
SHA256 cedf0f77769f73eaf66111d626a4475c4486df1837196bc6d2c319e0d90157d2
SHA512 e8bd9b101a7e29e110fbe350c9344b41951f253bd3d6adf34b236404283b4e9db9b34ad6aca1fa65acd374776d77d66e3e2d5492926649d447bfbb7b1db6df28

memory/3452-1094-0x0000000000920000-0x0000000000921000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml

MD5 ddc7934f07ca9e4bd7afd60ea2e0b33e
SHA1 d4f42dbf63fff98928170d3098528b1e97a6c5f2
SHA256 4f054e8953caf176702af3d28330b52d4064c3f54038a1bbc79e693c67e507b0
SHA512 45416e7f1e41bc57ec59913afd4b85e7504522637a86420f0d93bedf31b552ed7ac8e32701622b60da9d0897d77e7bf281575c5b7e1a27642a2a7cf7416b9c5c

memory/4404-1096-0x0000000073AD0000-0x0000000074280000-memory.dmp

memory/4404-1097-0x0000000005230000-0x0000000005240000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netstartup.xml

MD5 62c809ee14b9f58783f3c8160d2564f9
SHA1 adb2b1111e3c191c6d577db4910f5f0061331244
SHA256 46562a4eac05a5e825050448a41d975717d0b28c098081f54f181621d9e7104f
SHA512 5332e877bf8f1d9a10444dce06173448244a4264f57d188fc794ebce135051869f91dd41705a5079e107eb6d2ce31371ae03ad6bc56edbce518f358e1cf52f5c

memory/4404-1098-0x0000000002CF0000-0x0000000002D26000-memory.dmp

memory/4404-1101-0x0000000005870000-0x0000000005E98000-memory.dmp

memory/4404-1102-0x0000000005760000-0x0000000005782000-memory.dmp

memory/4404-1108-0x0000000005F50000-0x0000000005FB6000-memory.dmp

memory/4404-1109-0x0000000005FC0000-0x0000000006026000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4cnjiw5r.5v3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4404-1114-0x00000000061D0000-0x0000000006524000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

MD5 7910249df5f557110d446fadf2c0b4b4
SHA1 4ff9e5833e837ece662606855b8339c27b2847d8
SHA256 5e78211b1a395225879db74f8f5ad308863dc0526896d4a5887b8ca7bdd73935
SHA512 49fbbf1eb79d74db0bfe11affaac4c21c18658e381f5420b074d216ac13def82685746c5cf2ff5be87bf12df8cf0b7e35404a708cae3e811d1facbe13b24e6cf

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

MD5 9292ea240bd5b91adbffc79d4513a2c7
SHA1 3cf9473474e41c13664922b159e8c418425539d6
SHA256 0cc07831da8bccdb31559f8e08ca2c54180d7753b6a3bc8ab5b82e293e1fd71a
SHA512 7e498ed8b32e0db231da7f7e0c874e7d2f731b3463dcf535d92f9ff456f89c66f2254ebed6db3e79e2b7cb31965ec78031f395df63b396c3ec025f5da780bf68

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

MD5 df4db1a7e25938b36bec3f8872ec0102
SHA1 d1fe93ba0a9a3770a9a73f2b3d2d20ca71ce2204
SHA256 77712941a7d9ed319428ecc2090569c4b739c25916ca988cf470ebfc565ed566
SHA512 099258d9c2e18062b82a425d08933d425a89b7c4c98d276ee0310e44ea30c9aaabf9398d6174323cd5a536eaf8d5259ad89fe06fa6cc865332076248c3b67e0f

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

MD5 226b0a81e2714765affd3b35381f06e5
SHA1 9f97102090b7c3358676e1bb9d73cd2298f7bfa9
SHA256 03a59b5c17a4e3dd09d4186b68228d331b2098374b4d22e5dfae67b147350507
SHA512 0afee9adf0972a232d04edb1a225a1068f9fd4d34438c45d2c6ed88a3116a16b06f4a1c10b48fcd21554326073fc392ab6fbf96e3e3fe3eaf442030cbafeecdd

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\icudtl.dat

MD5 dcf16523bf997886154a63763d48ee33
SHA1 e7b862c481378d2ceb78e384145a150156cfe357
SHA256 ef37541c188ebbc5b568bdefe396d0095cc0350a8dcd7c4635552fd2def81781
SHA512 8a14140a78b10e975ded980982b7a8735ce76d2285d95c5b8c462575ce5e853ae0e1e87022e02475828d6f4ce5b32a88d89f895e869434adad4f968cc7852c15

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\v8_context_snapshot.bin

MD5 03c3851343e11392b24b91897910b060
SHA1 9ec2de38a63ed606c1ed545f583ac427b48b3192
SHA256 0abf6a4b73a4abf6e43eb8eac6fa9399164166502de4fd23e9a659f47a416600
SHA512 80144fa894ff193027b4ff24a0d4301e41d5f0fbc39dc1e5c14f2834e9092765739a956260182396f275faabfe07329c685bb095a9aa72286141d9b1cb0a354a

memory/3452-1121-0x0000000000400000-0x0000000000705000-memory.dmp

memory/2288-1124-0x0000000000400000-0x00000000004CB000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar

MD5 fed1889b94580a7fe5f7da8ab492720f
SHA1 dccdab416da77a35351eeb31378b31b46adcde42
SHA256 41ac56e02a19042c910e750eb7872579271434c01244446aebcf00c22d42cb04
SHA512 6673d381b88f6b5c7af7e201186510167b8f102bb5e349098a069584c3687f066ebb92fe7395772eab5c0c7b37b75e69daa4704801d86561b4ed6db14a70e518

memory/4404-1127-0x0000000006640000-0x000000000665E000-memory.dmp

memory/4404-1128-0x0000000006680000-0x00000000066CC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 40fa42e1a199ff8f23bfee7c422a7f5d
SHA1 6b7a768b337df39056f6385c754e9c94e34dffda
SHA256 01d033fee900a4b5bf6c489a01812f29ebf6b8cb5540c5b35116df3fae6351cd
SHA512 2cb076f1496762b145f5250aaad13a91865e3a50c75167033b0f80be53cbeeb2f0a305b8f8b5b28d368e81133fc9a4c9a6ae3f0331ecd5745894c7effb730407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b780c3dd440a96576af3bf3ccb5d903d
SHA1 799c8a6bff3e26c1c01913db1c5b58fd0b1fe0db
SHA256 5cf18b8f18b2664d7190a78bee2d1722c4bf60b7f8c739a22746f3547237c23b
SHA512 71069acf4f5872c039654d14e812336e0e1d474a11127935b3afa8e42e664b185ceb86f87c63eb2dc0470b80f1058e11c089b433f017dd55e22a4d735608deb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97b72c35a1631153cc635fb4724ee92a
SHA1 a6927b52610d772d7af2b774c721c27fcfcaeb63
SHA256 6e9560bac2897bd113717cd65e71bee2419b91e64d77244d60b111f0db8ba5fc
SHA512 e9baeede5584e333d410d0bc5401ae6f56cc67842ab98cd0f6394b5410be20c4933cbbafddf1368432d180dc085da7ff2a064be9d4bcd4dad6139a0f7ecf26d6

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources.pak

MD5 7430f781126c1a161cb86323126b3da7
SHA1 43ca40610ac67fcf56415e5d8fadde78f7e55622
SHA256 ad75d02f395185e8c40e4642ec161e363b2e85b798a23107949771df0e08d026
SHA512 8249f5c902f6d5bef1a93f05717e0aa998d16452c05aea86d3b18195e5690d8623ce229f6a2ae60895ed6db57a3162d6f1be4ccdad2fee1ff0635ce250dfbd5b

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

MD5 64dcace29a4e8fe41210d009e82f5bae
SHA1 21655d250ad64743584140177e050bb362daf839
SHA256 d6a81756bf1d63969d22b705cb2f79062ff0917204ca4cb35ae5deaa61a3e517
SHA512 eb7c750eb7fa03987cb3208b330af6ff8bc441ee2b909f10eeaa8c1adde29342bf27f60f0fb624355c7ab2b607b4da42ab49cc404a9664fac14d5557b3877a66

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

MD5 77693a604a074dbfd1490afb34adab67
SHA1 e29cc8335266e1c8075f3db90695efb7f0bfc463
SHA256 e840ddbf803b233b98b98b5aee86c54231d7b42ee6e0d85dfa8727a1f0b24f12
SHA512 4d3a0c34b44a4781ad203df1727a102b263890787bda7a76b05c096be4034c67a2e1de07e51c7a6aa233c1dc9bf1532a99c3dc4a6724db53192e36b73e70a3fb

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

MD5 6364c7f0514292061c7caf987e9d1a65
SHA1 294933274e00fdfbe5834be8e3767f5a87e991c1
SHA256 a2be9432e4571b6cd47783547210b74e007e3d3cd064b68737c129187e6289f4
SHA512 0e4b1c2aa2ccdeeb775015d233fa9bf29bebe13509e302c4f88d4604f839cfdcc6330dd819fa9a3c7704f16184e00395d5cf3fa84afe6325b122976a1cafff5d

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vk_swiftshader.dll

MD5 b8fafa79700d671ad25eed246af67778
SHA1 b35435f34d1c3a0706e91602b3a3bd500fbf6232
SHA256 76485e8d527a78cc7dc2dabf358d1c7399c8811f3ed2e1036bee08ac2b0c825a
SHA512 b4ae186515029c5e3a44b3173ca0c8f18d31d6d8aa778d71fc7c309426824bb065dde8fdf815d114f3a21265221c76bdff97bbf9277ab9998f5d80eaf98ffc1d

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vk_swiftshader.dll

MD5 5e24ad44776b85c433abce69ec4d9268
SHA1 5394e9aed0dd3533fd354dc2172296861dad13e3
SHA256 c255b563232fa45697fd9547d6d92fa7ed7db56b0b496253be24d65de129e226
SHA512 1c4900bcc1be7d9ec7b900b57a6a9db306e81a60b817ed3a49d26bf74eb5fdacf876fd5b60db3c1fdf21c7028d4fc205c302ee28e52ee79ed4684a8818980437

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\vulkan-1.dll

MD5 6a05b161245180545849155b1cf63253
SHA1 db0393114078ff56c8fab49e2ed680324f4e31f3
SHA256 05c6d4aff774c0ee8190749a8cdc359ca294e0410a56666d14730f9456ff51e2
SHA512 0e4c8a15e55c274513f60f0e57da2dfea8c9fdcf47694bc7a4c0e29eb9a1d00d10f7e9493da7985dc352cc006e5244fc84c5a048e1d8a1f911757a41684fe257

memory/4404-1286-0x0000000075A20000-0x0000000075A6C000-memory.dmp

memory/4404-1296-0x0000000006C10000-0x0000000006C2E000-memory.dmp

memory/4404-1297-0x0000000007860000-0x0000000007903000-memory.dmp

memory/4404-1299-0x0000000007950000-0x000000000796A000-memory.dmp

memory/4404-1298-0x0000000007FA0000-0x000000000861A000-memory.dmp

memory/4404-1300-0x00000000079C0000-0x00000000079CA000-memory.dmp

memory/4404-1285-0x0000000007620000-0x0000000007652000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\libEGL.dll

MD5 2abed6d1a85117fc8e319db10303df46
SHA1 b8adf5c210d4d8cb7fe47d1fcbe5aaffef6a7c1b
SHA256 13bba503fb0ad061b3b32f3a1580c50e3379c8f8da4de009c85bca294ad0d6e8
SHA512 020a3c1f58f3eecaa992ea59fa09ba49fe5da6d117988235a847eec7bfe4256093dd1fe2e8c017260eb6c23f7602a67d49c10d5f8d1afe21af848f2f96c11b7e

memory/4404-1301-0x0000000007BD0000-0x0000000007C66000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\libGLESv2.dll

MD5 2777a0e421950f27edf02c0da8bfd965
SHA1 8ed2f179aa8f688817ac3e34023dade3da53c0bb
SHA256 238da7a358bdfb18189053ce64e060264d55c3403a290ea57d1cb3126f4d979d
SHA512 37b1bf0f605186fb2b7246240d90125c43bdfc6ee0c909cf75349a9fb454b844466893f3887a5ec9d409621623378e19e0e18236d6b59e05204885d5c9d61fef

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\libglesv2.dll

MD5 e665935a233d990ca11c9022f2f1cfd7
SHA1 5899371eddb559aad484b488d4968e494d14ee8a
SHA256 8c2f671ef5aea0bf0cb16b4cd4c77e7dda874affd86ac1450da5d9eb98028bb4
SHA512 9b14365718674da2d13dee5f1eaf2c5913af2c3595ac46ac317e1d215952faf63e6049e00437da26366c6b381d0e38818a6f070d78f6828259975689ddd48e54

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\d3dcompiler_47.dll

MD5 a5ee15126188f28e9fbc2bd6fe015298
SHA1 e042049db5b1ba4bce0d952ec24f551f59cf5651
SHA256 8e4f07b3892cf602e0484b9d5d49f1d2c171788a2a652eef971efee9fdf978da
SHA512 bb8f6917b1a9e6ebc928479986693b71f6efad6d0395f48b446d1a3ed37c1df160455ad2f29804cd905741c95f588e2d8eb6eb0827104a2f1c6ef68a126267fb

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\D3DCompiler_47.dll

MD5 4bd170ae7b8e2e10a7f0a57be57657ad
SHA1 cb107d7a812d110223ebfd8d73332aed28703d2f
SHA256 ab0a6bbccdf3535bc6d0ab98008461428dc12eae42a0570f75b40d0a26296148
SHA512 9c83664cd3c88fed64a3a9347a306fb4579cc8584320707eaac69de516462f46cf6232ef495f851d0e28d39d60f6b1268de9e6fb1821e1aea6bbef853f2e5469

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

MD5 0846d89ddba407b3effc2d24b13632f4
SHA1 a27a9a43756fa0485293c8626546c9588ca16279
SHA256 552fbd2618a202639b2d0279d657cda40cbfbb44a339d891759c3351e52f1ff0
SHA512 9bce27d7afb5434e12dee903783fb0a6eb8969f701218e2fbdbfe1b7b47dfef0c3f2779a75a2b9f8337636a00d1afd8c9699a3dd8ef71c6fdeefd1e7f793f37b

memory/4404-1227-0x0000000005230000-0x0000000005240000-memory.dmp

memory/3112-1234-0x00007FFCE0B20000-0x00007FFCE0B21000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

MD5 d23363bc077873b26e49ab58e13c6155
SHA1 77a2f6853a6d35729754ca77bb57f5a2a4e38cab
SHA256 dd993e4f4c73b09853cb86760af1f27afab942bb2263bd245489dea85c5bf9dd
SHA512 33bdb9380f4482fee42e47f7b6e1a22c569337bf154876ae7ff4842346f979e0bd14089c8bdf69c8a477593b108137f79d03b1178c2c0ea731581a679d09bd95

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\locales\en-US.pak

MD5 214e2b52108bbde227209a00664d30a5
SHA1 e2ac97090a3935c8aa7aa466e87b67216284b150
SHA256 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab
SHA512 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\chrome_200_percent.pak

MD5 1014a2ee8ee705c5a1a56cda9a8e72ee
SHA1 5492561fb293955f30e95a5f3413a14bca512c30
SHA256 ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57
SHA512 ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\chrome_100_percent.pak

MD5 0fd0a948532d8c353c7227ae69ed7800
SHA1 c6679bfb70a212b6bc570cbdf3685946f8f9464c
SHA256 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf
SHA512 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

memory/4404-1303-0x000000007F000000-0x000000007F010000-memory.dmp

memory/4404-1302-0x0000000007B50000-0x0000000007B61000-memory.dmp

memory/4404-1307-0x0000000007B90000-0x0000000007BA4000-memory.dmp

memory/4404-1306-0x0000000007B80000-0x0000000007B8E000-memory.dmp

memory/4404-1308-0x0000000007C90000-0x0000000007CAA000-memory.dmp

memory/4404-1309-0x0000000007C70000-0x0000000007C78000-memory.dmp

memory/4404-1335-0x0000000073AD0000-0x0000000074280000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

MD5 612305fb25c18890a7c8194cd1e92517
SHA1 91a5a144eba21a0d395a4c4f8eb89d364d1497d0
SHA256 51c03e3238b388848041903c2994c84b34ffe09395b29219ae24aa4c07dcb84e
SHA512 fa1a7f14bfff7b6c2bf8bc1800901e540c5824ec368f13863307608f9bf035173b4cabe25e40fc5c9f362d714e173e084c10fd9bf126c1ba6dfbe2cc073d4bcf

memory/5308-1340-0x00007FFCE2190000-0x00007FFCE2191000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

MD5 0bac82e1c60eb81b0fc03a87faa10165
SHA1 64468c30c728cd8c3671872d90497931b9592cf5
SHA256 9f63fbbee9f84a55b234a248e95103b8417ee8b88cbbd2cfb30d7c2332b5bc16
SHA512 71ced9558f5c14bc91f13048fb9fc359000d39bef2825b8164c704f3698743a091b5d6e5ebbbdd5b09ca3e8eb800d52107cf488adc17484b73ab4c563443c930

memory/5308-1341-0x00007FFCE2630000-0x00007FFCE2631000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe

MD5 3321d2efa325e03bbf17c2a88791f519
SHA1 93ddfff3ce9592126f5ccc20481ab59527f58a45
SHA256 1ca919aedd68e15b0ea91cf945b4dd953b26bd70512982793fd6f8a6a9f72774
SHA512 c20729b82a4e500f21679db134336144eea0ecf8f8192d05aa0c67287a2ffe23f04b916d36cd0970ccf5d0110b2eb6d8aa168c4e5fb8dfaf88047534ed734790

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\netmanager.exe.config

MD5 29de2c28e23204909e646ee3489ce4ab
SHA1 1f75258825661c5e0464414de06805fc57de6686
SHA256 b1677d78346f02aa0ffaff28c796ba8f292ff801ec1a646909357a8298e372d2
SHA512 0cac4a63219b4f72e10bf2f9ec78a38a0e646028ca784b0208a380fe93e092ac6fb58a4d14f931765c99a352f314c90214e292504d843192fb2e5db9c5708d89

memory/3112-1373-0x000001EE5D8F0000-0x000001EE5D98B000-memory.dmp

memory/5100-1378-0x0000000000840000-0x0000000000848000-memory.dmp

memory/5100-1384-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\librbxidle_amd64.dll

MD5 af87de6b1d3091706724fe2c9b98a4cd
SHA1 465af2e9b3be7bfc1c8611df2cb497663db3074d
SHA256 9ec7a64aea06bae47dbdc92689b4f55fcfe21e8af3e365142b17902734782c84
SHA512 5c77e44754e337a2ac273c13deb8e8a4614e9ff09f56d9ab0a0065bff80ee1f7f883b066db14542fca8e668465b328db9579bddf36da9f834a23f1099ea0db73

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\modules\net\librbxidle_amd64.dll

MD5 862ff7c048e81a27f40903df5de97d68
SHA1 755248df622ed113a25d3a38f4bb35802abeb8ec
SHA256 e41e58a4f6d199cebf8e2018fb7185ea93593e75245de37a2017e197b3fd2848
SHA512 d34790c002c83b3922fc7f67aee5879b7f92d23eaea9fcf7f0eac571c66b6e266f5d90583a8ca38aa224c9fa8b696898a0270667b75a619c9fabb8f84197a75f

memory/5564-1385-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/5564-1387-0x0000019DF5830000-0x0000019DF5840000-memory.dmp

memory/5564-1386-0x0000019DF5830000-0x0000019DF5840000-memory.dmp

memory/3628-1388-0x00000213F3FD0000-0x00000213F3FE0000-memory.dmp

C:\Users\Admin\AppData\Roaming\RBXIDLE\settings.json

MD5 e6e02a6dd7ebbf81f234af83b4c67061
SHA1 4fbe7e6ae08d2139e27c6ef5452793ea79efc2d5
SHA256 d9e0207adb46dd2f854d7305b2e10aef47d702c034e00f20d7485f8e63ec020c
SHA512 666c92a4890113f353c9f5e9cc5b1bb065e0c718742c5b591c69845334bb7426ca234c14cf60f1371003fe697431c9429a73cc06df0c91de7c1567bfa984db7e

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\mkr.txt

MD5 b382149206b68f897a994d17a048a0dd
SHA1 1f8e92af065f48baf39ff49df49828111c4c626e
SHA256 7aec1cd7286d0b1382f207a27da79febe195dbd656a6373e5f096c4fae1fb3f5
SHA512 8a39e6ec36acc9d2f8d5ce577b0b7419eedd3b4eb7c36bed42eae74ee82f4e72a4f8d2ad41117c2e7447cdcf9d9f78bc0cb49d3b7334a6f7ad20bbbc45805eef

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netmkr.txt

MD5 c42a1b325e82f6e9e4a3e60c7689792c
SHA1 8f7a5ba6e7d89d7f6626a3eb85929b9b7ed6a251
SHA256 78f8586c3555da9f25f85e271e275838a3d7dab8e045fee0c1970fd618e2fab5
SHA512 2aa7670a40a5fda58489dbe882201653c6db9362ab84a4c753fad242223ae55ba93e772108d538a5222580594e54642fa5fe36942b06fb1f764e4b751880b7d7

memory/3472-1394-0x000002A5C7C70000-0x000002A5C7C80000-memory.dmp

memory/6080-1393-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/5232-1395-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/5232-1396-0x0000021F75DC0000-0x0000021F75DD0000-memory.dmp

memory/5556-1418-0x00000203E3B90000-0x00000203E3BA0000-memory.dmp

memory/3628-1417-0x00000213DB960000-0x00000213DB982000-memory.dmp

memory/1920-1424-0x000001DCD1140000-0x000001DCD1150000-memory.dmp

memory/5556-1407-0x00000203E3B90000-0x00000203E3BA0000-memory.dmp

memory/6080-1457-0x000001CD7A510000-0x000001CD7A520000-memory.dmp

memory/1920-1425-0x000001DCD1140000-0x000001DCD1150000-memory.dmp

memory/5556-1406-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/3636-1515-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

C:\Users\Admin\AppData\Roaming\e64900fa-585c-4f9f-8547-ce9312ef3f14.tmp

MD5 2756ff2211ea9a389dfd0903e2c2c772
SHA1 1d4dadc37b71ddbbfaff6ff51caf506f82a2143b
SHA256 2214b04d306eff9128956596add3b110a42addd6ad081b2c40871c135efa9584
SHA512 1450f168ade31298aaa83a95362e0364ee4f471767237d1d010406c03ec6274354c6e3ff0c89cf9614b396d3a510c083dfb85f2ca0505554b667825a0b91d85e

memory/4356-1540-0x0000021E47BD0000-0x0000021E47BE0000-memory.dmp

memory/4356-1541-0x0000021E47BD0000-0x0000021E47BE0000-memory.dmp

memory/4356-1539-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/4844-1542-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/3636-1543-0x0000023A2A060000-0x0000023A2A070000-memory.dmp

memory/5308-1544-0x000001A4FB980000-0x000001A4FBA1B000-memory.dmp

memory/5156-1546-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/4844-1545-0x0000020DD8EC0000-0x0000020DD8F04000-memory.dmp

memory/2368-1547-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/2512-1548-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/5100-1549-0x0000000057BE0000-0x00000000583A7000-memory.dmp

memory/2512-1550-0x000002B35FC40000-0x000002B35FC50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 91746379e314b064719e43e3422d0388
SHA1 65f1a2b5a93922d589142a6edf99b5b35d986dba
SHA256 0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7
SHA512 a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

memory/2368-1554-0x0000019CFDE30000-0x0000019CFDE40000-memory.dmp

memory/4844-1556-0x0000020DD8930000-0x0000020DD8940000-memory.dmp

memory/4844-1555-0x0000020DD8F90000-0x0000020DD9006000-memory.dmp

memory/5564-1559-0x0000019DF5830000-0x0000019DF5840000-memory.dmp

memory/5156-1560-0x000002C1207F0000-0x000002C120800000-memory.dmp

memory/5536-1557-0x00007FFCC1CB0000-0x00007FFCC2771000-memory.dmp

memory/5156-1553-0x000002C1207F0000-0x000002C120800000-memory.dmp

memory/2512-1551-0x000002B35FC40000-0x000002B35FC50000-memory.dmp

C:\Users\Admin\AppData\Roaming\RBXIDLE\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4cd4f11e-8420-41ef-af94-63ea63952581.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2f6da5b7f8dc997cc2ac7ee8a2411f76
SHA1 409ab9cbee1d06d925ec1a4470cbf14f4dcd9a3a
SHA256 6b1d2f8f00e45a3cc3fb419b8f59421644ac589a870e9c30102719eabb914006
SHA512 97743933919810b591fd9dac84bf793f07735180e5ed88e0a773a5c4db55228ce9f0f30627c8e0b16e038dcf152cf36e4f22ff787c815e739296d17239ef09c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03482f365179a88c1a111ac70b614f74
SHA1 bb4ebaf0387cd0d0406855e14097d462ca31ff10
SHA256 5826a006bccea79dfa5588091e9a7c5e3faa51c41beb578d5b186d455d5337ff
SHA512 1ab47400cf60c8dc9bc3bab217ffbec172be1446671ad7faa58317bba862ccb93db8e777ccffd35daf28b54d32c8540c4edf97b28ab7e76e0d63804ec253ffaa

C:\Users\Admin\AppData\Roaming\eb83554f-a20d-44ce-90c5-fc03d1e9c220.tmp

MD5 1a7cdad19d059d5921cd4ee3211d4688
SHA1 8a4c2d10312cf7c37153a48ad110b3e1086d0386
SHA256 547c7a1f29f74fbfa14891760bfc14482762de05304fd10620bd0b84db0ec7c4
SHA512 1b6b5c6e6b6cd5aafe6eecd6c2df0a8c2c637292dd105ca1ca07fbd6eae35e2ee02bba747cbb9f7f370f3ef204ba0aa5cd4f21f972a50c59c980776e031aa84b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afcc337cef201e73828191e1b6f2990f
SHA1 70bbe4e6abef2cdb7f15032f48a9748d41f56c24
SHA256 4fced404fc274b4531281638200489513663a8afbd407e4161c8ebd11ecb45d5
SHA512 d1c232bea7fb24de04f60f744c9e32c22f4e6a217e059b1ad9c2861207c76aa40d1504ae4003285b7d32ebf093b9f5c907ba04c3d449f48ba4e58c9d8f11b078

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34218264cdcd458007002aa6a42bc915
SHA1 c36eddae24604dc20af81abce91f6de8e1e24c6a
SHA256 32ce712f0ca9047628bef275dffe34891318efd079507621a80a8ca0c5ac8890
SHA512 3e2f451a908fe02441948b0a5db077df6c8401e908e440e4282f2730e73af6cf28159f42605ed31544076c1d6458768f8a8a8807d86d2ffb582bcfa552e5993e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 a26df49623eff12a70a93f649776dab7
SHA1 efb53bd0df3ac34bd119adf8788127ad57e53803
SHA256 4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245
SHA512 e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

C:\Users\Admin\AppData\Roaming\RBXIDLE\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Roaming\RBXIDLE\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 51c682641e52bbf7bcac2d9934022e39
SHA1 eb997e477d89fb0b0d4cdd6dca54bdf80a458437
SHA256 2e6ee7092701714bfcad7841961650d9827cfe608940693af0be3617f5f1af35
SHA512 57f79dfb4508bb78d303f804cc11915c7e65d57fe474fbf847e9607b54db7c1eb259d4700a7d0b9c835d6a70562dcab022b4a5c889e14383d3ad5c9bf0a336e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 2f87410b0d834a14ceff69e18946d066
SHA1 f2ec80550202d493db61806693439a57b76634f3
SHA256 5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65
SHA512 a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

C:\Users\Admin\AppData\Roaming\RBXIDLE\settings.json

MD5 9f26401d59d52ae1200e1a940cf594f7
SHA1 90d9606cd7ffbb7788a4ce93da099e91b02d1d99
SHA256 5690c23eee7302a80f92c200ebcb618293c3a67ea191c4e25c15c20ea816a48b
SHA512 f92f884a4fc08f492218561aec3e44d0b70127a8b0b18907851ec4a4f7cc6d1509307a9c0fc6eb3ee3160813b91b269c45c5ed7664f91f599bced0a21e0fd538

C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

MD5 0ec92faf12f2a29e189a10a700e184e4
SHA1 678348df400258c6cb314ad8cc2776b8aa2f5700
SHA256 c77db5a0a3d812480d25b325dbb9b080d2d70a0b748574d203dbd9986df8ea8d
SHA512 bebdfeeb7f6ac17767061b1778c96319b97144160bf19fb18659fd3ba9dabd1d0e7b58dd42e7d5d4cbda03897d8d628c7ef30a98b76d435045b58aea5c54c923

C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

MD5 f50f767c838b69905500d6203689fc86
SHA1 a66cbdd011a5f59ecea26f3d206121c01a05f037
SHA256 05486c10b987fb3922f2d60f2d9281529f9acb827e3338a867d39fe680834c92
SHA512 3522f438889fd4267af36d45966d2c4a3567e520408c6223331109f25fb3ce3c5868990312465b0675f09e4d4ac673b7fd75cfd67e5b506fb86fdde18068bf18

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\xm\xmrig.exe

MD5 23f799acd2d55e6d7915950e7328b068
SHA1 7c3f9bc703f0ff86a599913ccde4f4c33c39c5b0
SHA256 64a896322fe6d34f7bfbeed5e25c12451448d9169b24be10cf763f2b97f3e49e
SHA512 27ac8ffef4ffd8505a713a6fefebef1f426eb3649701c350a2f8ec4e5fae32aa1565695451141cb761e92082773aa1a4b3e3d4521c9182566ba6219439e5ce61

memory/5860-1916-0x000001D690AB0000-0x000001D690AD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\RBXIDLE\yarn.txt

MD5 6352253c82df1675251f97eab2adeb46
SHA1 568f919a4b2aeb20a1b92163de18cba1c8973bff
SHA256 e2d0eda9294cea7695f1264745cd6b1b21abc9751081168378b974cc09defb5e
SHA512 991a7d4d433b7c76ca6b627ad8cc57bc4ecfb288c81c7f585f1ec767679dc039e15baf50703dc8863e5adb4a1f834818ed808b730aa32a310a8a37feb2da1e79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36892276e6b1619fb09c8056ab8535d8
SHA1 86e345c0abce5230cdcfb5d4c1febbc8fa52ad9a
SHA256 11cb0ffc7db88d754d0491525c041514230ae1b88494f44127677e84f81e9544
SHA512 a96f1ef88c31dfef47d90cc9d4bdfb0c8fd371fb294ffcc496ed7b86b039ffc174df788096ded1151d840ad7940221ba8a11e58833ee350f23cf29018642ce0b

memory/6612-1964-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1965-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1963-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1969-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1970-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1971-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1972-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1973-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1974-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/6612-1975-0x0000028BC1680000-0x0000028BC1681000-memory.dmp

memory/5100-1983-0x0000000057BE0000-0x00000000583A7000-memory.dmp

C:\Users\Admin\AppData\Roaming\fb69ebc4-f5f1-4b91-af02-de2598a345f9.tmp

MD5 ac917da1092f1d93b7ea3c0e11f8b043
SHA1 6c6e5ad5ac251758c270c721d600e0b69cbe9cbc
SHA256 9edfd7bbd0173446bfbb61219b3f0ee9acbb653916c72ba33cc319f2ec86d70e
SHA512 329de0c4eee5c861c525b18769f25bd2db4ed1ac98031e6a82d76bcb30d2e148e541d338e068af42f10a89f6fe17e629aabba959b9107a72994c411385069cad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be8b534b697fec65ce3310b4908f66db
SHA1 8230d708910f7fef6e31d57c6f7b554fa35c4f63
SHA256 d8c212809da47a6a721081f3f9c83af6cb415cedc7cf99618828e7ad5ca133c6
SHA512 237766141bff35252b5ebd3c0634673c9d01bbebb93d6bd97627ec5b1b5ac856729ad2fcd7ecf1db2a3bfc560371635f4db32cc4758ae51e03b974f1bc96b805

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

MD5 05f3904a93e12b5807106910e78174ae
SHA1 41d1fcd641c8904338f579329558abcc267cf678
SHA256 5c715537642dd43c1fcbfbf1abe5b3643755a00a2cd66997353727ae9190d574
SHA512 edff3935bb2d60b8ee577fc79acfc90acf11e918b1ecc1dd6d99be894f089ed5aefd2ca5bccd330c1cdd0f4fac0d5f0e44b2ba9e35bb7f9bd11d8c503ae6491a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3488050da44192dac6a9a844a22e5351
SHA1 36826c0e8f37721de4e89cd3c6d5a0be185414fb
SHA256 2dd378a10c44d9ec2d190e7f856f05a6606924dc0720cda43d38f31d2c2fb1a1
SHA512 3c31c9afb9c89f8466c4df0acc8b9c3463864558cb8e06dd8b55086a9428f0c458bc9971fbec24745108081cfb23924672d76d4c0a98f9e4fee174ec37a06792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59dab6.TMP

MD5 c4b3929d2af316939e7e2c9aa36ce3f9
SHA1 713c30d71120bf840f4d2a538c71e7e7e995ec57
SHA256 61a941827feb9f3510458bc849c7772d938975bf118d011bf69acdcdcc78adc7
SHA512 9c2d1022defb3385449a41875de45c4adf2b86248d39c417b1ce3947429dfd8f3b8a1c1e7d25e217321117e9a7ec920ee09f06a17e46b36dda8d4dbeabbb6690

C:\Users\Admin\AppData\Roaming\RBXIDLE\settings.json

MD5 8c57d2d5ce8e60321593255fdb3ed64b
SHA1 cf117285c609fd1780c17b8ad79d24a77e2c1139
SHA256 b4f87a9e7512880142ea34b32bfef6ac536535e68f67f079feab1187d4bf6e3e
SHA512 63ced16e792f724caa13517df30f147570d63efce4b2087e08a8e10602c4b8440bf3c52002c4b50fd530df737ed1bba79127de2373d137eb873d1df83f65f848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7a13fccf906ab8d6157c8d8835522cab
SHA1 c73b06e4391fea80802ab4aeff0c5227e54033fe
SHA256 43d936770d28977f4249dc2544ef096354b4683bfa2661ce2dd83329e993855f
SHA512 b13558e4b85eeabb5446e636c7982bbdcf46ca4fffa6ecebb1bc52b82e72e7aa32c4b13dcedcf4d78fd3f0ae5e36ff9d5f3719f9cf485731c96a560e0728e7e8

C:\Users\Admin\AppData\Roaming\RBXIDLE\Network Persistent State

MD5 15bf1425a5e90bf765bbb09c06b2f319
SHA1 b63e6f8150f22006e2069a945832f254c1853316
SHA256 40dbd834ddb2e01f527c2eaff1dd55276e49ec5ad61f1d6218547cdebe4f32ba
SHA512 ed5d91a4a7cba56be3e0e00cb8609542ce246b763d572bc36ff637a27fc46162a835d426bec9e141d6f664448b69edd65cb208b479add7532cdbccfbdea2a5fa

C:\Users\Admin\AppData\Roaming\RBXIDLE\Network Persistent State~RFe59e98b.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\2f5b14b6-4af1-4d8a-b260-41c82013bfc8.tmp

MD5 27a2c6509abc5d56b3c268b73858c4a5
SHA1 c1a82c810d8915eab2d3487512cd981fdf0c7594
SHA256 b9f06f0f1d86798bec30047ee0b9fb378a202ef8ab9b08a7b351c3bea20490f9
SHA512 e41689ad2435f65c1902a0ced054e4c8b2c03e8318a4fb322e6d2eaf4622129bfe78ad24353c5784662c1523c612b733e0273ce96b654b12e84f46aa456323ab

C:\Users\Admin\AppData\Roaming\RBXIDLE\Code Cache\js\index-dir\the-real-index

MD5 3837269e5915c8be2b4cfb962e17976c
SHA1 c9dbf1685feb5fa91fd0d75aab2088cabc4848a4
SHA256 9b14736eed3de11efa0768387ad070ef835ecb9865e63837cf0cbda5ec762899
SHA512 5fc964c2d42d8fe60ab157bf7b804dd35a675138ba2895325677556ccd7d3dc2ad94a244635810c5e03e971ebd6c68388b5963476dca7b15ed0152a1d31f6261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1eaf2f4407244a1168b2d6fc8ca87880
SHA1 6b1b7aa5a43b129d90ec32a0e906a061ed9d8b1b
SHA256 12e0f5280e07cd6ee13b9cdd280096fb7ee853aaa614d6e7894e017d55f0972c
SHA512 387f366d44dba0b3c10cfae93b095d8ba2951d0933a3fca82ea6e3b0bb8b12b914d563406b975f98d60135e1fdb7b5006c116b4a651373dc3da22915e9f7055c

C:\Users\Admin\AppData\Roaming\RBXIDLE\Network Persistent State

MD5 7d1b10a2fce75896e70f833ab9121662
SHA1 e1786398c33c90de9ee1311e6fb9ee30af07aee7
SHA256 8f285e3191dd3f1e034d426021d3b5a65e4c3e61fcf9cc016d2255db066fc5cf
SHA512 f0296b26e131a2b039b83b4ed80f0cc60240602b0f9567ec56890822111cee93cb0e6d5c010b3c995d9da58f5a94ad05b931dd2dff15c69f280df981a999f971

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b13b25d64776c12a24b384e871821f57
SHA1 aa2421ae8b1857030e3b42175f5498bb1329dbd9
SHA256 a73ddf7b08b2ff843fbbb9a70c6bc82da23ef6735ca43d433db70a695a764e52
SHA512 003d06c4d8e6d4114a97126e5aeccc7f9e4659cda86ba9a4851a17061627da89ddb263ca2da4243e9b22d6e53ca302ecfb06eaf672c67dcc32f3cc9012abd9ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1d2e3d67-35e8-42f2-9a27-083ceb98f9fb.tmp

MD5 814f0d145acf9ccaf1a444320093c809
SHA1 1d10140f53f7f8464c6e2081331c949b5153255e
SHA256 45ed2ac510d3f0cf3ab500267bbaaf1cc678a794a3b2fef10f08a6f3eebe55c4
SHA512 28f1b2c5efd92a1e3d7ea7a009d242cbf66c879132e43ffd2ce959ba26cb6ee81e7f2f220c944702c889765dbc923f7012334d4af8651d3eac38e6fd670bc428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 197afe1c5a0e00f1aaa81b6fa4d06391
SHA1 4dfff48d22238da747724194dc5336eb64cdcfee
SHA256 43aa8e943254b4464fc11e7f563fb225cc2721580dd2c41c85d1c7a9db4badee
SHA512 ef7438e3b8049771037ba24c1c7b4f38388bfbb8fdeef4bf69ae4c9e5216172d56b277126bda33895ba16955e8416ca01ff0d99a82372efce8b06c65fe0fb582