b2bf4e436f3cf565d16d9f06c1a5eff0de26a734be7cd7f738af806771eaeee0

Analysis

max time kernel
58s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 18:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

rbxidle-installer.exe
Size

120.0MB
MD5

a65cf13a1bd10b8e31ea4d17c6311f40
SHA1

4001ba724e509eb9cf0bb7e9a7fd749bbc9fb2f0
SHA256

b2bf4e436f3cf565d16d9f06c1a5eff0de26a734be7cd7f738af806771eaeee0
SHA512

b54ffe85471ff80f1be302eafbfd6d46aff9bc95c9c78ad5e25dea9abf0f2ba8665de29a1874943758127b7d76cc8b6d863a8ad3422acdc4639c0bddb9146b44
SSDEEP

3145728:yDTWP26XRY9WbYdABFhd6o4zeh1RtJIGu9eRKgnZLxSVs6r100gV7k:yn4XR2BduHnh3tmGucKgeVAQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
300	rbxidle-installer.tmp
2872	RBXIDLE.exe

Loads dropped DLL 9 IoCs

pid	Process
2164	rbxidle-installer.exe
300	rbxidle-installer.tmp
300	rbxidle-installer.tmp
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
2872	RBXIDLE.exe
1192	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
384	schtasks.exe
1824	schtasks.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
300	rbxidle-installer.tmp
300	rbxidle-installer.tmp
2200	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2200	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
300	rbxidle-installer.tmp

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 300	2164	rbxidle-installer.exe	28
PID 2164 wrote to memory of 300	2164	rbxidle-installer.exe	28
PID 2164 wrote to memory of 300	2164	rbxidle-installer.exe	28
PID 2164 wrote to memory of 300	2164	rbxidle-installer.exe	28
PID 2164 wrote to memory of 300	2164	rbxidle-installer.exe	28
PID 2164 wrote to memory of 300	2164	rbxidle-installer.exe	28
PID 2164 wrote to memory of 300	2164	rbxidle-installer.exe	28
PID 300 wrote to memory of 1672	300	rbxidle-installer.tmp	30
PID 300 wrote to memory of 1672	300	rbxidle-installer.tmp	30
PID 300 wrote to memory of 1672	300	rbxidle-installer.tmp	30
PID 300 wrote to memory of 1672	300	rbxidle-installer.tmp	30
PID 300 wrote to memory of 2032	300	rbxidle-installer.tmp	31
PID 300 wrote to memory of 2032	300	rbxidle-installer.tmp	31
PID 300 wrote to memory of 2032	300	rbxidle-installer.tmp	31
PID 300 wrote to memory of 2032	300	rbxidle-installer.tmp	31
PID 300 wrote to memory of 1648	300	rbxidle-installer.tmp	33
PID 300 wrote to memory of 1648	300	rbxidle-installer.tmp	33
PID 300 wrote to memory of 1648	300	rbxidle-installer.tmp	33
PID 300 wrote to memory of 1648	300	rbxidle-installer.tmp	33
PID 300 wrote to memory of 752	300	rbxidle-installer.tmp	36
PID 300 wrote to memory of 752	300	rbxidle-installer.tmp	36
PID 300 wrote to memory of 752	300	rbxidle-installer.tmp	36
PID 300 wrote to memory of 752	300	rbxidle-installer.tmp	36
PID 300 wrote to memory of 2872	300	rbxidle-installer.tmp	37
PID 300 wrote to memory of 2872	300	rbxidle-installer.tmp	37
PID 300 wrote to memory of 2872	300	rbxidle-installer.tmp	37
PID 300 wrote to memory of 2872	300	rbxidle-installer.tmp	37
PID 1672 wrote to memory of 2200	1672	cmd.exe	39
PID 1672 wrote to memory of 2200	1672	cmd.exe	39
PID 1672 wrote to memory of 2200	1672	cmd.exe	39
PID 1672 wrote to memory of 2200	1672	cmd.exe	39
PID 2872 wrote to memory of 1280	2872	RBXIDLE.exe	40
PID 2872 wrote to memory of 1280	2872	RBXIDLE.exe	40
PID 2872 wrote to memory of 1280	2872	RBXIDLE.exe	40
PID 752 wrote to memory of 384	752	cmd.exe	43
PID 752 wrote to memory of 384	752	cmd.exe	43
PID 752 wrote to memory of 384	752	cmd.exe	43
PID 752 wrote to memory of 384	752	cmd.exe	43
PID 2032 wrote to memory of 1824	2032	cmd.exe	41
PID 2032 wrote to memory of 1824	2032	cmd.exe	41
PID 2032 wrote to memory of 1824	2032	cmd.exe	41
PID 2032 wrote to memory of 1824	2032	cmd.exe	41
PID 1280 wrote to memory of 576	1280	cmd.exe	44
PID 1280 wrote to memory of 576	1280	cmd.exe	44
PID 1280 wrote to memory of 576	1280	cmd.exe	44
PID 2872 wrote to memory of 912	2872	RBXIDLE.exe	45
PID 2872 wrote to memory of 912	2872	RBXIDLE.exe	45
PID 2872 wrote to memory of 912	2872	RBXIDLE.exe	45
PID 2872 wrote to memory of 912	2872	RBXIDLE.exe	45

C:\Users\Admin\AppData\Local\Temp\rbxidle-installer.exe
"C:\Users\Admin\AppData\Local\Temp\rbxidle-installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\is-8FIL3.tmp\rbxidle-installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-8FIL3.tmp\rbxidle-installer.tmp" /SL5="$5014E,125013378,776192,C:\Users\Admin\AppData\Local\Temp\rbxidle-installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:300
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Programs\RBXIDLE' > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output.txt" && "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\RBXIDLE' > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output2.txt"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1672
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Programs\RBXIDLE' -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\RBXIDLE'
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2200
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c schtasks.exe /F /create /TN netidlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netmkr.txt && schtasks.exe /F /create /TN netstartup /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netstartup.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\netstartmkr.txt
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks.exe /F /create /TN netidlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml
      4⤵
      Creates scheduled task(s)
      PID:1824
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "powershell.exe -ExecutionPolicy Bypass Add-MPPreference -ExclusionPath "'C:\Users\Admin\AppData\Local\rbxidle-updater'" > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\whitelist-output2.txt"
    3⤵
    PID:1648
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c schtasks.exe /F /create /TN idlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml > C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\mkr.txt
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:752
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks.exe /F /create /TN idlr /XML C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml
      4⤵
      Creates scheduled task(s)
      PID:384
- - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe
    "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "chcp"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1280
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:576
  - - C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe
      "C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe" --type=gpu-process --field-trial-handle=1012,12965354705143877924,7551594481836786083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\RBXIDLE" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1096 /prefetch:2
      4⤵
      PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
85.5MB

MD5
60aee4ad486744262244f982626fd4e9

SHA1
f3499f61d94a696e80702d4d834623b4f49d9482

SHA256
73fcd8395922d9eeae20214a2176727b2564c33ba2e8950b044c1dc3feeffab4

SHA512
7ff573629a50dc767cc4cf83b02cff43abacd32181e5dbb36f0752d7b8e73ff552c5c70ad7df188b594ac7a5f2caeaa1b565185a7bde853af4db844eb25d90c4

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
2.7MB

MD5
227273e9f444a2c9df47164e19c67f0d

SHA1
fdd07240168a8afde448ac988cac1d0d4f818c77

SHA256
f7bdb75d9c99cac3cec9b57895d6b23013e4df58c63081c242fb10afe7dbb5b3

SHA512
2f8b70540fcfbae1bf3d9a5e1a332cd6be50f87a3f5225c9ca387c02c1ac48ca6efd2f43f8c51b5353883fb5c5f976f3a10b5420a24a8c1f90d51526b58500f8

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

Filesize
2.1MB

MD5
8a45ea02d84a6920bb6cc601ed40ac72

SHA1
c974a0ed1426d657c070a3d72080ae91ff8563bf

SHA256
81880f00902755abe7033efd5e7a9ffd250e3db19ccd32e3421247cdb084fe11

SHA512
af3c481bca7d90a2b2ba73f15ee1fbc2d90f41b07e6f6f2dca09cd4820b8a7ef7f3f01888310bb6b671bb740f7882bd8e8796ca22dcc529c3f92bcb510db13bf

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\icudtl.dat

Filesize
896KB

MD5
cada81a3f223626b3e5d86a27ac2ede2

SHA1
62ce2bd19929f97bee0a6c1c14811ec77f3793b6

SHA256
271b773fc66fa78f8fbc6f0c0d4b27989bd91c2166bd253b4a6654a5cb8fad2e

SHA512
46e838b44a29e471a5958c44204b76655559491e241850b37959f0d0a2946a4742fa745ca1b454ade6d549236756a2f839687f39a621af74c545732cadfa17e9

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\locales\en-US.pak

Filesize
95KB

MD5
214e2b52108bbde227209a00664d30a5

SHA1
e2ac97090a3935c8aa7aa466e87b67216284b150

SHA256
1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab

SHA512
9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources.pak

Filesize
1.3MB

MD5
16d5e878081858d32391173ca7fce12a

SHA1
9979c1d5d5356558ae6189ef1d2e4e8e92e50d8a

SHA256
5887d4972109a52a4e2d42317b549138bb4accd066105c569c388441219dcaf2

SHA512
17bd716d10d27e846aecfdffe90b56b5ba71106cc82d06ecab8f130eb15bcace20ae562f75e6ea6254307b206a112ae3e6f4e53602b13fc1a3786425183db8e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar

Filesize
640KB

MD5
d397053a916fc3feeb84b57b6175dda1

SHA1
bd5d63bc13b73cab1233bab876f7039ca03a023c

SHA256
b14bb0187e5ff2612bb7419d6f1639bc3a19d83b004b68f414d9c3e924b5b8e4

SHA512
c29278de72a91cb8f7d93e63e522d50fd106f8ab765af40be619addd1d7f2ffced3441ad2d101d394109764d59ea3dcc0aa989362f38ea2de44a2087a250f15c

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\is-MGQLK.tmp

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\is-V8P4E.tmp

Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\is-MU4VT.tmp

Filesize
24KB

MD5
bb97e2ae9bc6bf8e171d26e40f59361f

SHA1
9bcd87d5bca1e18efbd118d93d76002aa12baa12

SHA256
1f93d65a2692da30ba3997fdfbfbbe5880c2ea76d6cab9102faa8a6431350e02

SHA512
606111b939b1fbe3008f90af616470e9c9d320a70021348540c03d32355892c5989df28d08158930bda313d3f0d9549aaaaa7ea6c1788ce4e283340abb954163

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts\is-S34HF.tmp

Filesize
526B

MD5
35aaeb5ecdda5864920916f04d2ec307

SHA1
266ee05dd4a3e1869e318825c97c3290ae4439e5

SHA256
21ff89939fd03764301b1ab1cef0baa277bd2245fc5b9b4b5aed08c1efedfff3

SHA512
00a609155a776cdfdb0a0cf4c6ea43e0dcb9a8ca2d3b842dacb426a83b835c053700388912b4f1575150167167aab442fcc5b436e1326d81c6bb8e10ac3a1520

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\description.rtfd\is-O4UAV.tmp

Filesize
102B

MD5
cb51e6fa885502ba84f7d85355106e28

SHA1
def335a818a1ade9e99cfe7144e83bed2723212d

SHA256
ca58c48c0f35c7768863f31357f68393f7709e9810818b3a06b3004274f03a56

SHA512
33dbeb9c18e2a54c7c41282d73284b0a8c6d3ed0bb5cc556ce5d02ef0c670c86b74b46589750b866d2f148ff3b7dea655e1f3403f50847d527de4d24a5cbb905

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\is-1Q6BN.tmp

Filesize
362B

MD5
4cdcdd8071d02ede6173232f7bb19bdb

SHA1
b70c045a79039e50417958fddb7fea8b4b9efbfd

SHA256
6f2a0cd9dbfc52578dc28a25abe671d0ae63c36cdd06b6be8f08c56f02fbba13

SHA512
049c467eed33d2d19ceeea6a00218dc3236ff27310277416cf8891243d774498172755cd7d5f0433ee0e8dc677fb350a25e44d9c763498e4906ab13dd92074f5

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\is-HUSMG.tmp

Filesize
55KB

MD5
9ace56046961a8104d0f5121872cc010

SHA1
80fe32788daf39b1c16ff4c471191d1d212423fb

SHA256
dd9aa7a2c61535a9a49645f7f049a5581be150456ec1f18193d43ea0b6cc273a

SHA512
330ad8371fccf39efffc847a32be32cfea8a8693474d7d0537e80c0b0200ee8561a732fb98072caa5a4d65382b417d78430586b640266c811c51f3ef3ac1529e

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\is-2IHH0.tmp

Filesize
960B

MD5
a0e3bdbe9880037f3c31443251b43932

SHA1
5786a415fd2dbcc2250751a15801225b88ab7993

SHA256
36f93f53854708454d6f6f05232e28b17b1dbfbe94cc194470e449c4e7e9dba3

SHA512
355863267b4e48ae9575ca1baab1c2a167fe60e7ea568df52ebfb317c89e0511b5c88f13fbd55b880b4b53ce0a688c0c005412bc31c67c0e895f123f713c75f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\is-560ME.tmp

Filesize
8B

MD5
db6f4017a24d2cb070ad3de12adb78f4

SHA1
94fdbee3e734a2df38fd68be4837e8fef066f005

SHA256
412d70757c4fdecdd73355ac4bb3ba80c6705110d15cfbc9fe925e7b4faf7962

SHA512
decf0a4297001fe030bbeba5748a72e9685a4590c83a90ec512dc28412a4a4f89e8ce97d1c8824309f50d9ea111e42c9428714017bdad47ff3fd7d241e19a352

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\is-CERUI.tmp

Filesize
1KB

MD5
ddbfd5852e8bd2337f0cc8a40d9f4d80

SHA1
8479b510d385d3c4be23f6ffad3b1be2db329179

SHA256
bb6f80cccd928864f67dc6ddba48443dfb51191b9d6506b01823ec05c48a151d

SHA512
875490e7ff4c9bb387e48223ed91b4d5f18dfbdc27f045ab7fb302d4882c094371fed961f9eea85673ab41aa8fdd785412cc91fa3282270e24787949304bb146

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\is-16H4M.tmp

Filesize
27KB

MD5
60321adade3f5c1dfd761800fe1909d3

SHA1
39add6e5c395d04d3450874cbf79050d91674d04

SHA256
6a669fdc9331a3e8c4a75ff456bc66f96e85a8dfa3d28828307fc68d92e70fb1

SHA512
5f3c21dbc86318d0a3786313a433ae95a58241e7b8053ab9f2292a96e83b569219a6406b39d2e3a832d05314437e1d8db0c128858fe0a4b4369a65500c63e77e

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\idler.xml

Filesize
3KB

MD5
480a741af8ce19faead029edc0ccbd1a

SHA1
87be7d55ebf72b28d551398baeccfa9687d48729

SHA256
cedf0f77769f73eaf66111d626a4475c4486df1837196bc6d2c319e0d90157d2

SHA512
e8bd9b101a7e29e110fbe350c9344b41951f253bd3d6adf34b236404283b4e9db9b34ad6aca1fa65acd374776d77d66e3e2d5492926649d447bfbb7b1db6df28

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\netidler.xml

Filesize
4KB

MD5
ddc7934f07ca9e4bd7afd60ea2e0b33e

SHA1
d4f42dbf63fff98928170d3098528b1e97a6c5f2

SHA256
4f054e8953caf176702af3d28330b52d4064c3f54038a1bbc79e693c67e507b0

SHA512
45416e7f1e41bc57ec59913afd4b85e7504522637a86420f0d93bedf31b552ed7ac8e32701622b60da9d0897d77e7bf281575c5b7e1a27642a2a7cf7416b9c5c

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\resources\components\rex\is-G36SV.tmp

Filesize
77B

MD5
2d979cfc95c6a20e03b679240d0a761d

SHA1
56b4e450a1584df0a6df666e1df6bb0e59923a13

SHA256
ca5f8b2b53eb90262156507e13d49dd3b22f47ccffb8b7cd427c1d28a8cf6d81

SHA512
b1c6fb5dc0d8034b7174bbbd2600506379ccbb9ea35dfc432ec090243a64f4d52f38ad152f4c764b5a3029d571bd65c924fff46f9a8f06f15853b32b3cd6cac7

Download Submit
C:\Users\Admin\AppData\Local\Programs\RBXIDLE\v8_context_snapshot.bin

Filesize
160KB

MD5
03c3851343e11392b24b91897910b060

SHA1
9ec2de38a63ed606c1ed545f583ac427b48b3192

SHA256
0abf6a4b73a4abf6e43eb8eac6fa9399164166502de4fd23e9a659f47a416600

SHA512
80144fa894ff193027b4ff24a0d4301e41d5f0fbc39dc1e5c14f2834e9092765739a956260182396f275faabfe07329c685bb095a9aa72286141d9b1cb0a354a

Download Submit
\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
5.1MB

MD5
565fffdbfc132e671039e9eae7351cb6

SHA1
2b716be3f09420bc43fe70702ed64f85a6fecbc5

SHA256
201f639a3c425cd122ea58a561818bc19218dedcf022332a2d8e4813e13358a5

SHA512
71c338059035e8004c37bcfef95aad77f52fbb100ad371d7b5d9b16595497d3a5d82a39a3da23caf64f5f3845115189c651dcff649f2a70a7ecaa0ef0a214343

Download Submit
\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
1.9MB

MD5
e7f0d4f64c4dcd844e91989e48c53686

SHA1
4938318d08eb0db82b46b482c61a2b1adcc749d7

SHA256
1f7607f63718b38172ea9749a87452bb8cdacc42246df23750566464028cf8c8

SHA512
dd99121c53d33e86ebc16bf4d7bf4871e4d1f790feeb6d662e8ae775a191cf6708545151caa978bef0aeab0d0655763e516bf4ad0ef15a68db1f6b3f0c380164

Download Submit
\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
1.5MB

MD5
aea64074d439a500a7f1b64eb70dc9db

SHA1
a6c52edee0eba86842211161d341744c6d21a215

SHA256
6f6666908e44fd4e02b87450f1bc846d4aec1144492f621a12864c15004d4c03

SHA512
70b902d4c5fa3caeb2dd88a06a42e52701be9ef087f03204896fae67cd8ef20013baa19349b9371983a92df439fbdd5c99269510614b28edc881f94b6af48323

Download Submit
\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
1.2MB

MD5
71157157929ebc52bc2ec677c03127ca

SHA1
a4a0feca875fd2d49fac7e84cfa2f08c84f00184

SHA256
0f832bb5dc2fd9bfcc876fc50b382451e7a35ff63c28712ee69564d0ca108469

SHA512
90f3c72fd9212b0fb6b47662206656b5337beba62b8c71df069709be4f088ac265578d5714d45f44f263df6cbc72288f8df521808573d180273c9ee2b48173ea

Download Submit
\Users\Admin\AppData\Local\Programs\RBXIDLE\RBXIDLE.exe

Filesize
1.4MB

MD5
f65e635a2549f2b29dba658209a3388b

SHA1
0502f67ddb414999c5b41bffaa872ee8356ca1eb

SHA256
6ada1816d1132d02cb3651994643a014795bb25392e7eef961844e968ee60c45

SHA512
a3fc1dcfefeac4e040d1c06defa112a2fc8b912d19ee76178898651fd85693abf3f32ffc70907cc69c1d5cf98dcc0d73c43001612d6e284a7c2f25a8369f815e

Download Submit
\Users\Admin\AppData\Local\Programs\RBXIDLE\ffmpeg.dll

Filesize
1.4MB

MD5
585a42a40ff9996edbf8fafb506144d8

SHA1
5caf83b7643831e99b2dc04e02731ab7458870f0

SHA256
276fffb79ae6bf8ca6f4ca1bb88a49adbaae688747f05e0a5fca15b5a32cc5ef

SHA512
24fbbf17b182c8e2e794c4fba1409b203514359ba96d2089bfcc7c02a692ad5e2f92c7e09cc96e88982eb466e3a9864df4205570650fb4d443a86b41c8cf2f83

Download Submit
\Users\Admin\AppData\Local\Temp\is-8FIL3.tmp\rbxidle-installer.tmp

Filesize
3.0MB

MD5
5d2b340269b80b8539565c734805b3a6

SHA1
473c11b4cd6890e1adae273f4b6f4ea90afa7338

SHA256
ef161a55ba9a195c92a394d598fb1dccd5a2932a0b7cfd0376c499123d0ecca0

SHA512
d83e51af7a181abf9db1c0a622660a1779b91c0a60cd5a93c6dbcce2c8ca60b964dbb4d2f3d68cccbda375b12d4b19ab3e2c97c9dea8dce08f678a1534a133d3

Download Submit
memory/300-948-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/300-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/300-598-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/912-960-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2164-951-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/2164-0-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/2164-592-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/2200-966-0x0000000002F70000-0x0000000002FB0000-memory.dmp

Filesize
256KB

Download
memory/2200-985-0x0000000074540000-0x0000000074AEB000-memory.dmp

Filesize
5.7MB

Download
memory/2200-984-0x0000000002F70000-0x0000000002FB0000-memory.dmp

Filesize
256KB

Download
memory/2200-981-0x0000000074540000-0x0000000074AEB000-memory.dmp

Filesize
5.7MB

Download
memory/2200-987-0x0000000074540000-0x0000000074AEB000-memory.dmp

Filesize
5.7MB

Download
memory/2872-963-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download