Analysis Overview
SHA256
962c8870b6d6b8a962edab0265ae1aa483b8653da30741aa8ccd6f7c5ecb5411
Threat Level: Likely malicious
The file 962c8870b6d6b8a962edab0265ae1aa483b8653da30741aa8ccd6f7c5ecb5411.zip was found to be: Likely malicious.
Malicious Activity Summary
CryptOne packer
Uses browser remote debugging
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-17 12:31
Signatures
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-17 12:31
Reported
2024-12-17 12:34
Platform
win7-20241010-en
Max time kernel
66s
Max time network
124s
Command Line
Signatures
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pets GO Modded.rbxl.exe | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pets GO Modded.rbxl.exe | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Google\Chrome\Application\debug.log | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe
"C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless --user-data-dir="C:\Users\Admin\AppData\Local\google\chrome\User Data"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\google\chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x9c,0xd8,0x7fef6579758,0x7fef6579768,0x7fef6579778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=848 --field-trial-handle=908,i,8095420228545502310,8436192306887213695,131072 --disable-features=PaintHolding /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1220 --field-trial-handle=908,i,8095420228545502310,8436192306887213695,131072 --disable-features=PaintHolding /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=9222 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1544 --field-trial-handle=908,i,8095420228545502310,8436192306887213695,131072 --disable-features=PaintHolding /prefetch:1
Network
| Country | Destination | Domain | Proto |
| NL | 178.23.190.70:3000 | tcp | |
| NL | 178.23.190.70:3000 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| N/A | 127.0.0.1:9222 | tcp |
Files
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.dll
| MD5 | aa3c3668e72cf81c8364a923e6ef5dd9 |
| SHA1 | 67990e237f45e33ff976c6d3df3cf0565a36aa18 |
| SHA256 | b8493a46e602cf769bf864553d55bb425e4d4c54b9fa1f8588c7dc607d56de53 |
| SHA512 | e1ed39f8bdcdff20cc39af33caf53197b143e1d8c2d7d2b06dad2ea48f53cce6633886dba56c3343ccdfafdbe9e57d3fa620abb73bdf6938eaa118500ff1ed80 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Process.dll
| MD5 | 4eb2207595fef7efdd73e61bf9efe5e9 |
| SHA1 | e38510d48dfdb0a1be55dc18a6ddd4a093cb5de8 |
| SHA256 | 75ba3a9dc221d9ea99435710bf879efdf80572d026f36042276ebb84b339191d |
| SHA512 | cb7e05274ec3b7d8ef77a7b2ae8abc8249beec2767df6e0d2b8409e8ca46874f0f3e0dd09a2f65bfaeaf7529371010dc4fbc5dc6e9cf2a0fb3003ecc4c488068 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.dll
| MD5 | ef1d3ca8063f98cbf243dab09ffff101 |
| SHA1 | a7fefb953810ae58d1f7e43e35b4eb1e55dd5ff0 |
| SHA256 | 547a49b3df65b2abe615848157f38e55d9bb3cf455c95858a3a90694816fe90d |
| SHA512 | 991b5f653473334ab43f4f2def6b3979196edcc4464e536326d7dec9a34071bcf46a45dd09b7c2098b0a9b837733d1957ae641c31e22cf46999fce753d37af1e |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Newtonsoft.Json.dll
| MD5 | adf3e3eecde20b7c9661e9c47106a14a |
| SHA1 | f3130f7fd4b414b5aec04eb87ed800eb84dd2154 |
| SHA256 | 22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07 |
| SHA512 | 6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Linq.Expressions.dll
| MD5 | d139434315b5e59cac22a909175f22cc |
| SHA1 | 59c4f975eb697231a421ebb4e3f2b4478872c64d |
| SHA256 | e027715162aaf4bb41722f24017ae6eabb57b6ba9dea35a2acb53f0a84405537 |
| SHA512 | d6fd00ef4b55af905718d2d16f842f89daebc1f2b0713a7c31b5675c935cd8aa9e8060de053169d4c4d495053f273fbc85a51536822046cf6e0666951f595a80 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Thread.dll
| MD5 | 90ecf3fad632b326a25725e3811ff3b7 |
| SHA1 | 25b39ec0054fc320fec2cd797575eb5d64cc8c95 |
| SHA256 | 3e6349495ef016ee4110c71d7bc49ba36e2459584b8eba8f9d878d25ea4193f5 |
| SHA512 | 9bf3b67c3d8c150ef54a3b9697d801b174f23fef922723a78ed8729c482c83320ded5d6e2f012fda79d5910ba6f8f137d649e2ee5359eaf9fc84f680229ad557 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.TypeConverter.dll
| MD5 | b2b20f486bce77aea4acdc0195d56c46 |
| SHA1 | 78d478807584b76f5a83d7ba6dd65aed608a0b95 |
| SHA256 | d6a0dd732563d4d2e9af1399fbb30a6799b48289106bc5535a399d750d02b7ec |
| SHA512 | 5e3983604d498ef09b8f4db58c4bfdfd16ca44270c5611c3ceb0e059803869e30f008aec2f4d6a76e91683f56dab600205f746064c1c64c20fe142c93d777adc |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\netstandard.dll
| MD5 | 449d3ec3245f31f93c881f333d3e4370 |
| SHA1 | d362a8078972c5d2904e8c90cc43c892a420c545 |
| SHA256 | ebcf557a761091f253cf0bf8b33c928c94ee5c8b6dcf086adddd685d19a63653 |
| SHA512 | a364c91828fc252a734257c77f346ed50897f218c3b579201d634809575fdff81c6b7028d67dfa21a040c5c4c2fc73cd6f20820ea25cb0fa3987da26a08901b8 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ObjectModel.dll
| MD5 | 54a81c6b9ec868ace3d6e917e6e88a49 |
| SHA1 | 163ac505570984e0be27df20c2d6711e38cd554b |
| SHA256 | f1df3f4cb089cbc10a619ff15ac0a936c6f328d382e4151dff1a6e9a52bfe0e1 |
| SHA512 | cc20738a210f12b143526c8d5ed49a28794c366b8cdd0973bce5a38952bd4469c77bb94a1e50a813a61a4d59b84035ea3e1e240735f1b3b78af5e1acf748d07e |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\websocket-sharp.dll
| MD5 | 169d5bae15e2c6dc13386a8aa34ce367 |
| SHA1 | fa2f5085473304191a4684da5b38935105906178 |
| SHA256 | 339c740207f308d9e86b03a4d45d29f17c52476d1ecda88afa9f607966d226fc |
| SHA512 | f28381088fe3be65570e3e2e2a0c07632bc05416f53058c7125d3f02d44063bd56a5544e0076a38e278a955a4f3bc26ba49cd46333f7a58c96005eafe6234970 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Http.dll
| MD5 | 118e26447bd46fd8c0deed6f352846e1 |
| SHA1 | 26a6d8c6dbc04e9923ec34391ec8fb40bab995c4 |
| SHA256 | 466f5166b294238fbac78fc099ebfd45e0eae2726fcef3b9c76b14d01f26b205 |
| SHA512 | 7d5b3ec462bce36bdf91be44d8686f4a3f3f955c9204c6c567c257389544517bf199daed1b18259fbf8d104dd45410fb853a9d2a26d8cb3d158e4bfc86bfa5ee |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Tracing.dll
| MD5 | 30927e5dd5bad334a63b9613ae0c1164 |
| SHA1 | 9cb76776de17e4f68ddbd42bebab8e915ec562fe |
| SHA256 | 63cd02270f4cb6fcde5f87ec50a1f7a432fa608fbaca65bc287e2ecf68166c99 |
| SHA512 | 159c7b4081ad57a88afdfb5280c484256bc34331580b34c06f99a76b441a6c0b1c3b8d9ce6daa8140916759340428cf4f8a606b03df7bcf5ea54bc0a973a2f64 |
\??\pipe\crashpad_1924_XNZWJCTGHUWECNYT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.DiagnosticSource.dll
| MD5 | 8510e90aef9d465fae443afad605896e |
| SHA1 | fcf4e304c3fd817f4566af1d5e33b1a4c7153502 |
| SHA256 | 58a28a647352934ebf6b8b883d23a2ed594de7df1793962738e9adadd935618d |
| SHA512 | 980b774149ab6dd133c8d5ca59c490fca0dbdd85329ffb600ed71d6f55b3aea05ad2dbb9eeac7de1661798de5e81c2c9119b0c6400eab2285e488923a99c7721 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Security.dll
| MD5 | 6ff76de802471652ae8b9fd1c1396327 |
| SHA1 | 002d41dc799570e935f1d02d61574e3c108f5366 |
| SHA256 | f2461f270c97a57520b373c61d8f32f3bad10671d28a0e8ef8786effc193e3fb |
| SHA512 | b12c53e8efa8e5c13751bf5ddaaa2e36054a24a9ff27b19bad774fac1bcc5a25d8f6b7bb545cb6756e85306edd5923408be995ad3d683717649bb4d1ab646931 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.Uri.dll
| MD5 | f11d5db8f2ef84e3c430a635d7687e07 |
| SHA1 | 156858f64e2c0a37d126530ae5649fdac0cda073 |
| SHA256 | 7b58ace669a2f64af0409ffc17680e7b2654b43654df3c84b193b651e514ba64 |
| SHA512 | 90c00157a36b82f0d14f800ece3ca74a9240ee3d66b772bbc009555e47cc83a2cfd01ee86353220ba46fde3912b70008b41d49c27cff6a43785d3018c31f7f31 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Security.Cryptography.dll
| MD5 | 7d245bb1d1db5cda851185bfb404cb7c |
| SHA1 | 1db9c32a2a85b53dd61e5d6eb7c9f2de5d4517d1 |
| SHA256 | e9da2f779e3ec441063d080304693f32561df0a947930e0e27a32e2af0e2af61 |
| SHA512 | 6de46fc0b7d0ae4ddf4216592d8fba2ab8370c4e9cebee43ffabc1be3fcabd3b9de033e39d08f4598dbac79dfbcb458f4c0a6dd68b656cf675e86a4bf383e4bb |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Primitives.dll
| MD5 | 88137ded6b392306052d9271138ae2f9 |
| SHA1 | 1547b682b65daf6029012df6ce220bc9e17578d6 |
| SHA256 | d926c8c930da9618dbac2fb56efa4516913a7630cc46f8bfb7fd0b3418895ee7 |
| SHA512 | 922d7ba874be40f80f7d82e917309a56d904cfe2df7e922c6493fb6a725096a31014c4a78a5a50b1d7c445028006a02ad994c4e167b5af7261da33b27caaeb62 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Encoding.Extensions.dll
| MD5 | 1c332d9a63a04b59ea2a5ab3b5a42e79 |
| SHA1 | 20939caea2e1b007a4e414961eaa4a91bb02590e |
| SHA256 | 2b7af3febac37f88ede6a62246fbc35e34c5bb8aa443b737b84c5023e6beccef |
| SHA512 | 21d70e1af988c761ea8c206027fbcbf8b75f1a9235d9618a9bfc16d66adb847fb00db66caee5076e14b2dfdc94251a05deb58ffb5f5c47c1ef3977ef6724e28d |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Microsoft.Win32.Primitives.dll
| MD5 | 95e00f4e8fc22c3447f7d26491a6a454 |
| SHA1 | ed6203db937764a8557993d118b079db275de3d1 |
| SHA256 | af8033ec095475df5ebb0f96f67032b5d07d8a2ac63422ee60472737d54ff7e0 |
| SHA512 | fe00b6a06f18ab4aa68b4b6e87f22b1d070a4ee5f5457b39ce86083e9ec0ff45d01b95a247ec9eadcc2000c1c6d010e3f06ac88afa079046d71a2d2309267cff |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Concurrent.dll
| MD5 | aa8c242196bb3da74c488906f80b2622 |
| SHA1 | ef70921ff2b5b950c0da80dadd82dc054a43071b |
| SHA256 | 509a76033ec39c4bcae0cb64449d03cf00ae54b5f563ef4b2ea556a328fb1e53 |
| SHA512 | fee9da2e47429d7083e0097adefa15896ca8c33efe5d54e54ae6fdf819c3235efcf837845db55234dfacba6d4b8fb6a009a7e1accf288269ff0396aa06acd0c9 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Memory.dll
| MD5 | 4d8e52b1c5a76c8eb8ec4810a1872c26 |
| SHA1 | 41557ec65946c06f2775aae52ebc4431d8793e22 |
| SHA256 | 5cc24fdbf7dd10c17cc562a2026e44b5478baa8be4b78b65d472aec9ce9cb754 |
| SHA512 | 39341075f2c1e2016eb88257cac52bdca42f88cf47041d0a2aefcc2036cf7102f083b7214a10cf36ad9fc0d9c99fd0f5afe4a64a76f7a2a9e3a37446edc0359b |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.InteropServices.dll
| MD5 | 63b6e3059dfabd63b7894d0aba8620fc |
| SHA1 | 53629008df91c87c8ee1dba270f10ce139a27611 |
| SHA256 | c95d927324bae05fa174bdbf6d969fc61054f6237b2cf1ed90db54a4d88f3d35 |
| SHA512 | 4bbf627ad141a3040fc38b9b43df4f0bcf3e4c431b92f780799804a53e7de1af123da745884d07dabec8b78e9d512051733d7de978213de3a6e2a15873fef6e1 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.Primitives.dll
| MD5 | 66038cd6411961e8de7f43ac5bfdb28d |
| SHA1 | 71d00e6e5bbd4962305a2eddfc824cd6e58883ee |
| SHA256 | 47db3189335fa63213c955cbe5b23016a2193ecab410ac3553b2f0363a13eef8 |
| SHA512 | d5dfe197fb9072bf8d86ebd2128551cc4f268ca6fffc3241b9e2882d5ec43bdd9fd9efcd94c22f2d7d1df9a22782fd54aa21ad6905eb76550194cda4faef55ad |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Console.dll
| MD5 | 9b18a6627b27d2aadad0d7b2dc42414d |
| SHA1 | eb96a2e1ffa11dd3167fcabe69c4768e514dde95 |
| SHA256 | 79815e1044ac3f10597a9014d07b2c5aa5a2b7e7da0299843e3ef1bae5a5b7f4 |
| SHA512 | 9cb0bcbd3b63c470101a2e91b85c918ca25fa06ea07242f33141a42d9463882c86277820ec6658bfedb55098304f5f9c0a967498619c4df20923973656c7c5b6 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.dll
| MD5 | 3fefa87278425bc7008e9445434eda54 |
| SHA1 | 72e27c8fd0a65ce445bf38c0155f98eb3572dec3 |
| SHA256 | 06f12a34703f9844bca0481eb4b056606908e7dc0efe19c4f24da2ba96094da2 |
| SHA512 | 83cc1252733061c3226769ecfa0ce1a9abca0160d1604b0cfa5f57be2e87e856ff801b566771dbb6bcf1367dba6b640c056adb1db7377bc6960a6cedd0574f06 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Console.dll
| MD5 | e59541db8e65b83897783d355ac017e8 |
| SHA1 | a0d4fbee9075d14c58ddb41583ebe284939c18ae |
| SHA256 | 6db09f73052ca6629b5b8fd68ec0b32bd92a6f6bd1a98ae9172273b8777d1520 |
| SHA512 | fb92c935fb57128b546ddbe06db87040762e8d90fc2590d47456a10fdd3610d417e974b69fe026c973ed8508360aed14d63d7526646b32498e83b464dec305a3 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.CoreLib.dll
| MD5 | 706bac48bac967f23e8c1c637b3216ab |
| SHA1 | ae6765d15d16d2aa3df2ec6bf91c40d455aa8f39 |
| SHA256 | 0a942e461ff84906b333e93407f18052d44fe0757efeb1e6af5600b00d5e71f9 |
| SHA512 | a739e651c5681107fab57b4b1b73f6562e2faa250ece8059a8660f4ef71079c0c01491511304468cb15ab192a60c1d3e7c2d089813e142b12bab6d2a38c7b6a3 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Sockets.dll
| MD5 | 52bdebb9a48d2697f31097adebb04b14 |
| SHA1 | 00cacba5b98ec09cacf2f1a6e6894d00073a362b |
| SHA256 | f166cfd4c6daf84b988b59fbe2aa4c8a6e4a6fd222bba38d5612fe16a125d23d |
| SHA512 | f7c2fbd1f954cb89d6a054bfdc2ad7a8f7154008a8a784b1ad2825689819a08e44cbd623ef45b39063bf93da6fa19446561d86f1db51a07073f33c39777ea8f4 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Overlapped.dll
| MD5 | dd2b749b62feaf27e7fc8a53d48434be |
| SHA1 | dbdeb033dc922552a96fc01ef516d1b0bf512aa0 |
| SHA256 | 891f99e9fb6e9eeadbbde9e2427fb0c8015845692142dffd734a54a137f3b67c |
| SHA512 | b250d81db223906886de4c6596d7cc3e7fb5b3d8c46482d1f2a4e3b3e733b89a46b7ef3ab91668a89ded791d0cdc8a742c3623d68966895f379aa8201ba4842d |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Intrinsics.dll
| MD5 | 7441a71c36952ee88fba2cca3e61d947 |
| SHA1 | 4d7edbbf8ff71489547108a024b6bbc008a416e7 |
| SHA256 | 79f4e2407fbc0fdc0ba98d5354cbb7fc861ef5da0b187fda56978a8ded6f8061 |
| SHA512 | e6debdf07c83f0cdb119383331f3e6a09626f96d1a1dd21b8f4a092f9675d33d824073d5a383bf6bb2bd536d2e52dd8f7b1d81c9d6546e076b82db90560e0d5a |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.NameResolution.dll
| MD5 | 78fee1e71754f45186cbcd1f3d2f550d |
| SHA1 | 8aff44b434180d78bcc185e958c169293b00777a |
| SHA256 | b30be057b179211a1a030851631c98eabdac6884314c825d82671e5c1cc8a38a |
| SHA512 | 8fdd97f68c8ff3897ff6d242c1daf8db85fc685fe152442ebfadcbba623bd2d983d0a34cbce4410268d52fd5c08d3d9aeabd05a18eadb4ce777c4ead21e3e98c |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Numerics.dll
| MD5 | c48dbf0d65cbd011e9bffa655c19c520 |
| SHA1 | dd51b2e394fbf71837cfcfeaab96dedda346f98e |
| SHA256 | 152c8a0206471b5af4e1f9f4b74d230ffc87cf6a9b1f775bc904453af4f6cbd5 |
| SHA512 | 315124026a6392fc986d0e758e2874106ea579317dd1b0880920dfc262baa1c6209112ce705d4ddca834cef75bdb57ce01de097381df6c9c8fe87eba2ff7cb80 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Specialized.dll
| MD5 | f222b9a24a280c7620a2b4af4abb4751 |
| SHA1 | f1e2278e14ae22a07353b05657f0d10b2349ec36 |
| SHA256 | b0bd7ec37a45bbbd7c3604ea5577dbdf034a9eb4db183db7ef08ed662cde9f9e |
| SHA512 | 32bdc27d4177e829e49c471697f6f0b93d4b97206857a0de967c8ec57f608d54d96345bcc6433e6bc399de95e12ba99a41500ccb5774f2b05f31523ecdbf18e9 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.NonGeneric.dll
| MD5 | a87f219ce4f88e51e10b344cb288e315 |
| SHA1 | af4d7cbbca686fe7ff8a61fe32149e29793ebdcc |
| SHA256 | 1f22a74d24b9494e06c3f05c8caf0deb588e67d784e6956d65e8ae2e2bac8c11 |
| SHA512 | e9f4f38d589a2b3cd422d126cdadaf6f5dd0790cf5b801a6e75006a55a1849963b86e426910719bc084675280e0e01e5228e7eafa864af910afcc35187f196c7 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Serialization.Formatters.dll
| MD5 | 111e6250a3478a605f72e94f773458a9 |
| SHA1 | 0ddc531fd23d0b40c1d24b2752ed0f8ec1682477 |
| SHA256 | 89fa32d773ef10f47deed9708488b010e0692cd4eaddbd194078d5a5e596c75c |
| SHA512 | 189bbfb7a8ec0b242e8cce675396f6089882a6cfd9345b048c3501835a6dc28813404c235a6ca3b9962262c800a0b0f138c3d026255dc2d289418a7455383146 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Linq.dll
| MD5 | f3ee4f3c3f8ad6a014f9f5533d132fdd |
| SHA1 | ab09474254047b19943174d228147ee8de5b9754 |
| SHA256 | ecaef6e286862a9339c721b3062a76f0addc09534fa83e6c7cf13400774ca46d |
| SHA512 | 18e2331580ab59fe803f318f8ccdd4a443d43c61cc4d5f461ca15ae0ec4ece4bbc2a951d30b30d95fa9d068e1988b3ef2cde502331678fb971f86eb43fa684b7 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Serialization.Primitives.dll
| MD5 | a214b07a5e267e6fa853b995a00f8b9f |
| SHA1 | 82da9439d5bad83153cabcf8b58eb7f674eb94d2 |
| SHA256 | fd61a97b1fc099ff738b5bd342a8b0264c295f3f493efbee32de025db977ebe0 |
| SHA512 | 63b6e565d1a9447db961d1f74d54073e446fc157ca79c130bd945022be82f7b750eb50e1e8272f565832bde6b685657cd26d346582ceb75430738068d9b650f5 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.TraceSource.dll
| MD5 | 53bccc6d11bfd8f180e6ce1bd7200065 |
| SHA1 | 82c797bb841b04ceab8f3d1c9854c7e092414617 |
| SHA256 | f0f23c3c2f30ecd28e88f505dc2924ee3ba0b0fca586ec944afba5eacd236a10 |
| SHA512 | dcc7f790c4fa795dbba66ba799431aa5b32da6ea162b14ce6f10960aea3103bfac295cd7f2b8ed99ce147bfe86de4aed33d07c1124dd4da59317281894d0fdaa |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Data.Common.dll
| MD5 | d5f0d1298b05b963f7940f7e7134ad2b |
| SHA1 | f8c85d1f24c4603cba29a32d5350640bf4461144 |
| SHA256 | aca22c0b307c85a55291d8b11b5227c5c238171c4ca68f66441f9ca1d0e7942f |
| SHA512 | 34320a7ba07a30192557e1e5e7965a7a3f463518b735edc3fe79bb29128f21c70c7c93d94acd0e1cb6ea1c7c65761f747b9c2412d2dbf3502aa50a5c8ca5fac3 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Xml.ReaderWriter.dll
| MD5 | 0845e81793b8fe161b5e1bb06bee3822 |
| SHA1 | 2584632d78896ad4c22b1323dc421b5cea8db13f |
| SHA256 | 46e0cea3590b11ae2de9c60d4de0df409cb92f95e30ec06a5938f78071d3aa20 |
| SHA512 | 06948058e11a770cede36bd850e5ad441f398a1eca0cd875a3cf8a5488a7a57b3745c09345665a59fe7c464c5c3d8f0affad2836eb4c295a98dae673d23fa645 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.Xml.dll
| MD5 | d6747532f3be25a6af969a3df229f917 |
| SHA1 | d597b022a683a2762f4e5f14f0062ba2e42d9af6 |
| SHA256 | 20141488f9fccc277167bd8cf51ac2b9ccc808e31332d0d10f83c7bab3f9cf8f |
| SHA512 | 66084aa981289144a1c341a1f8d8889cb16b240a580539df059e325e4b28b46b38cec5ffe44457c93467f352f5f66cc9f241ddb6b6e8c5cf0d5a5f7f63660d9e |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.dll
| MD5 | c50993dbe2b5d99e599e673921d9001c |
| SHA1 | edbbb19d5f322263cab868fd3bcb5486bedafd8d |
| SHA256 | ed59bfc1b42d9f3072dbfc0c6c87f9ee5013015cadfe8858ea466876ff5c0c9a |
| SHA512 | 20f810ac86d2e51cde85dbf571bd2558b711efe3ca873ab34f34e27882bee3019ee2cf81094fbd3087cb492eaad080ab2ee8561b8405ae9c44e7f8a56ebed815 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Emit.ILGeneration.dll
| MD5 | 19d7d3f573360d8497626bde6368f433 |
| SHA1 | fc76b7bbcf62a375d66697d382bfb40d801d11c6 |
| SHA256 | e76cd4d8fcfe1c2b9f295bbc8cd3a8f1f0e0346a1a37314bb7ddc0dd599acd7a |
| SHA512 | dae4cc94f123b2fca4551ca378641dd9f5bf8d9758393cb0747786ccfcbdf7f9237ec6d2d68b9f6cf6d027adc0a2ad1d6c4d65b3e3956544c566a77451a5d55a |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Emit.Lightweight.dll
| MD5 | 1cf97bd1850bb312ce7fb7c0cc2c7507 |
| SHA1 | 81358c83074c1dce8fcfcfd27c5501a282d88ce8 |
| SHA256 | 152cd484c1bf881c075d6be94ba178264a04214d2f328f5d2c0956bf4d31a1e0 |
| SHA512 | 169db9a4faf00d13597cd662c9c0f142f09eff7035ceb6813a05f0f412ad8be99dfe8e82ea3951dfe94b2533471f2d81ede71a1add83ae5ec395fd3fca5ab9fc |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Primitives.dll
| MD5 | 143146e96f6c64d92681542a3b38a8de |
| SHA1 | 891524dfdbc2284659f10a355ac32bf632607abb |
| SHA256 | f5caacc538e169a06e3d6f8d47d0722d07a6dd3e5df0f748e14d747424875f9b |
| SHA512 | d0689e6b3f32d62db1fd5e57752d8fd6a67b40ad3235aafe6329a1cc27013377d596b036ade6981d7befd9f66386e9ec4003008d1b5f832910fc59044e57765f |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.StackTrace.dll
| MD5 | ce95cce486c7c1fad9abf4c64b49b232 |
| SHA1 | 614af9e658219a2f0d532667483a12e9784c61f8 |
| SHA256 | fb31a2ab680d19b93883e7b8b1fa29bc7d2831b0b8c2ba0929776a76f428e6ff |
| SHA512 | eed3bf1f1de3718568f4ac00bdacdc741844aa6e891fb67f16f0b547ce4297e153b13e52531f32b99ddb23e76e6d1b9d842c27ee88681a7c4f15ae8dc5677607 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Metadata.dll
| MD5 | 4bb24586a651565c486a1bc670590991 |
| SHA1 | 3aa58299ede3a84e20a7a90fe99cc8164c64376b |
| SHA256 | c24e014fb60fdf7677f7d28dbebf240e827fc559f8e875eaf5986ef607f15174 |
| SHA512 | 9d9ce093a90d5dba04f5587ac3a9f46c595fa929ba184070e559d5e5296b2e04733e062a01627c3dff07a907c6fd39a00803d4bef2cbf5d72a29fefe7280e678 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Immutable.dll
| MD5 | b02ce23285d5094545e3f0afb554b932 |
| SHA1 | cdc200407ca127548d24b3f8be6b02e107045af9 |
| SHA256 | b85ede92ec4f322a4ac56f21c504f4cec5dcf1f89c4357685fb35057c01371cb |
| SHA512 | ab549273136a560a2f80bc6b23dee83c873cd10e795fd45a160b72ef0916d11d9cdbaa4fb839682b6ccaa7c25955b9cce79e9c38504e3d03025bcbcc16c854bd |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.dll
| MD5 | d993aa3815d528b36831e2ddeddd5ebc |
| SHA1 | a90d570120ca807a4e6c3208d696f478660b73b2 |
| SHA256 | 195151b0fcbb93013562216f48bcca3627ed9a8309ce3c6d1f18dc3436d3034c |
| SHA512 | 34a69455075ae70137e9f33d83818e2dc690217db47199a024c70b0120c61182681f5d4f411c7f05d332876b3c1268b343f3670ac0dfa6cc99c7e8f8f5ea8b32 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.ZipFile.dll
| MD5 | b2cd40333649322d722742af66fb27ef |
| SHA1 | ea2d6c2e2b282a9ff9259be2e648b28e77764641 |
| SHA256 | 48ce05cbce86bda7dc95d535c8a643b25fc68d69157bd8181131581a5494f455 |
| SHA512 | 1fe5aab802c903536c83ba6e569438c570d014d10f1fdd226f2ecb19635f9760dee796c81572d37c3060deda66e51312ca319c0ff1c67db49030d8abb1749a79 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Json.dll
| MD5 | 0111781b1e8446170c5174e8c6a4b5f5 |
| SHA1 | 17f234e3bf28b21db64dcdaee26b697ae8971f0a |
| SHA256 | cca1dc63f7f131afdfb05c4f5f73ea8351dd00cfac4598a97507e11ef7a28349 |
| SHA512 | 39f5d1b5d9a665694ce07ed0e18fcef4e7d77d70c3f7e649a4c7e0015fce871b409e6f8672814a2a7eec6a0e02f1345fb9e849bb79279109fed3c2050881866b |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Numerics.Vectors.dll
| MD5 | d41af5e2db31134dec48aa17b2136bf5 |
| SHA1 | 712ae23bb2cf6490ab88f1fccbfad8592059d3c5 |
| SHA256 | 327f2744a5d102cfbfc3939f5a1137d3d7c1f989b3e3fb6950395f6aee97d8bc |
| SHA512 | 500a7001358b564959f428add1494076eee19caddddbc8defaa2f9fa200a0fd66557b6f39459a1bc656e47deff259953a0961ea02ab8974dd4d5f8e34d0d9aa1 |
\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Encodings.Web.dll
| MD5 | ee2f308e36a744ae3248c50b63820a85 |
| SHA1 | 3230ccfa1a779bf354d8833c78551d043b3b572f |
| SHA256 | 15a3081fdb9e35ad2df9fd7e4578fbef6457e8005a509ae80ce6b95cc7fb19dc |
| SHA512 | 8ac6e91cbeaa3aa0ae7a6a70b24d0617ce0a9fec8d70c1ca0129547ee60ec790a25dc42dbcba0b25a6d2c8cce26a783cae104ac22b85aa643168a0884ea6a0a2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-17 12:31
Reported
2024-12-17 12:34
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pets GO Modded.rbxl.exe | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pets GO Modded.rbxl.exe | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe
"C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless --user-data-dir="C:\Users\Admin\AppData\Local\google\chrome\User Data"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\google\chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa10d6cc40,0x7ffa10d6cc4c,0x7ffa10d6cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1436,i,13235869869725575793,15556585360401734738,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1428 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1800,i,13235869869725575793,15556585360401734738,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1796 /prefetch:3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 178.23.190.70:3000 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.CoreLib.dll
| MD5 | 706bac48bac967f23e8c1c637b3216ab |
| SHA1 | ae6765d15d16d2aa3df2ec6bf91c40d455aa8f39 |
| SHA256 | 0a942e461ff84906b333e93407f18052d44fe0757efeb1e6af5600b00d5e71f9 |
| SHA512 | a739e651c5681107fab57b4b1b73f6562e2faa250ece8059a8660f4ef71079c0c01491511304468cb15ab192a60c1d3e7c2d089813e142b12bab6d2a38c7b6a3 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Console.dll
| MD5 | e59541db8e65b83897783d355ac017e8 |
| SHA1 | a0d4fbee9075d14c58ddb41583ebe284939c18ae |
| SHA256 | 6db09f73052ca6629b5b8fd68ec0b32bd92a6f6bd1a98ae9172273b8777d1520 |
| SHA512 | fb92c935fb57128b546ddbe06db87040762e8d90fc2590d47456a10fdd3610d417e974b69fe026c973ed8508360aed14d63d7526646b32498e83b464dec305a3 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.dll
| MD5 | aa3c3668e72cf81c8364a923e6ef5dd9 |
| SHA1 | 67990e237f45e33ff976c6d3df3cf0565a36aa18 |
| SHA256 | b8493a46e602cf769bf864553d55bb425e4d4c54b9fa1f8588c7dc607d56de53 |
| SHA512 | e1ed39f8bdcdff20cc39af33caf53197b143e1d8c2d7d2b06dad2ea48f53cce6633886dba56c3343ccdfafdbe9e57d3fa620abb73bdf6938eaa118500ff1ed80 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Console.dll
| MD5 | 9b18a6627b27d2aadad0d7b2dc42414d |
| SHA1 | eb96a2e1ffa11dd3167fcabe69c4768e514dde95 |
| SHA256 | 79815e1044ac3f10597a9014d07b2c5aa5a2b7e7da0299843e3ef1bae5a5b7f4 |
| SHA512 | 9cb0bcbd3b63c470101a2e91b85c918ca25fa06ea07242f33141a42d9463882c86277820ec6658bfedb55098304f5f9c0a967498619c4df20923973656c7c5b6 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.InteropServices.dll
| MD5 | 63b6e3059dfabd63b7894d0aba8620fc |
| SHA1 | 53629008df91c87c8ee1dba270f10ce139a27611 |
| SHA256 | c95d927324bae05fa174bdbf6d969fc61054f6237b2cf1ed90db54a4d88f3d35 |
| SHA512 | 4bbf627ad141a3040fc38b9b43df4f0bcf3e4c431b92f780799804a53e7de1af123da745884d07dabec8b78e9d512051733d7de978213de3a6e2a15873fef6e1 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.Primitives.dll
| MD5 | 66038cd6411961e8de7f43ac5bfdb28d |
| SHA1 | 71d00e6e5bbd4962305a2eddfc824cd6e58883ee |
| SHA256 | 47db3189335fa63213c955cbe5b23016a2193ecab410ac3553b2f0363a13eef8 |
| SHA512 | d5dfe197fb9072bf8d86ebd2128551cc4f268ca6fffc3241b9e2882d5ec43bdd9fd9efcd94c22f2d7d1df9a22782fd54aa21ad6905eb76550194cda4faef55ad |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\netstandard.dll
| MD5 | 449d3ec3245f31f93c881f333d3e4370 |
| SHA1 | d362a8078972c5d2904e8c90cc43c892a420c545 |
| SHA256 | ebcf557a761091f253cf0bf8b33c928c94ee5c8b6dcf086adddd685d19a63653 |
| SHA512 | a364c91828fc252a734257c77f346ed50897f218c3b579201d634809575fdff81c6b7028d67dfa21a040c5c4c2fc73cd6f20820ea25cb0fa3987da26a08901b8 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.TypeConverter.dll
| MD5 | b2b20f486bce77aea4acdc0195d56c46 |
| SHA1 | 78d478807584b76f5a83d7ba6dd65aed608a0b95 |
| SHA256 | d6a0dd732563d4d2e9af1399fbb30a6799b48289106bc5535a399d750d02b7ec |
| SHA512 | 5e3983604d498ef09b8f4db58c4bfdfd16ca44270c5611c3ceb0e059803869e30f008aec2f4d6a76e91683f56dab600205f746064c1c64c20fe142c93d777adc |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Primitives.dll
| MD5 | 88137ded6b392306052d9271138ae2f9 |
| SHA1 | 1547b682b65daf6029012df6ce220bc9e17578d6 |
| SHA256 | d926c8c930da9618dbac2fb56efa4516913a7630cc46f8bfb7fd0b3418895ee7 |
| SHA512 | 922d7ba874be40f80f7d82e917309a56d904cfe2df7e922c6493fb6a725096a31014c4a78a5a50b1d7c445028006a02ad994c4e167b5af7261da33b27caaeb62 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.Uri.dll
| MD5 | f11d5db8f2ef84e3c430a635d7687e07 |
| SHA1 | 156858f64e2c0a37d126530ae5649fdac0cda073 |
| SHA256 | 7b58ace669a2f64af0409ffc17680e7b2654b43654df3c84b193b651e514ba64 |
| SHA512 | 90c00157a36b82f0d14f800ece3ca74a9240ee3d66b772bbc009555e47cc83a2cfd01ee86353220ba46fde3912b70008b41d49c27cff6a43785d3018c31f7f31 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Concurrent.dll
| MD5 | aa8c242196bb3da74c488906f80b2622 |
| SHA1 | ef70921ff2b5b950c0da80dadd82dc054a43071b |
| SHA256 | 509a76033ec39c4bcae0cb64449d03cf00ae54b5f563ef4b2ea556a328fb1e53 |
| SHA512 | fee9da2e47429d7083e0097adefa15896ca8c33efe5d54e54ae6fdf819c3235efcf837845db55234dfacba6d4b8fb6a009a7e1accf288269ff0396aa06acd0c9 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Sockets.dll
| MD5 | 52bdebb9a48d2697f31097adebb04b14 |
| SHA1 | 00cacba5b98ec09cacf2f1a6e6894d00073a362b |
| SHA256 | f166cfd4c6daf84b988b59fbe2aa4c8a6e4a6fd222bba38d5612fe16a125d23d |
| SHA512 | f7c2fbd1f954cb89d6a054bfdc2ad7a8f7154008a8a784b1ad2825689819a08e44cbd623ef45b39063bf93da6fa19446561d86f1db51a07073f33c39777ea8f4 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Security.Cryptography.dll
| MD5 | 7d245bb1d1db5cda851185bfb404cb7c |
| SHA1 | 1db9c32a2a85b53dd61e5d6eb7c9f2de5d4517d1 |
| SHA256 | e9da2f779e3ec441063d080304693f32561df0a947930e0e27a32e2af0e2af61 |
| SHA512 | 6de46fc0b7d0ae4ddf4216592d8fba2ab8370c4e9cebee43ffabc1be3fcabd3b9de033e39d08f4598dbac79dfbcb458f4c0a6dd68b656cf675e86a4bf383e4bb |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Overlapped.dll
| MD5 | dd2b749b62feaf27e7fc8a53d48434be |
| SHA1 | dbdeb033dc922552a96fc01ef516d1b0bf512aa0 |
| SHA256 | 891f99e9fb6e9eeadbbde9e2427fb0c8015845692142dffd734a54a137f3b67c |
| SHA512 | b250d81db223906886de4c6596d7cc3e7fb5b3d8c46482d1f2a4e3b3e733b89a46b7ef3ab91668a89ded791d0cdc8a742c3623d68966895f379aa8201ba4842d |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.ThreadPool.dll
| MD5 | 0a5f765a271f5539e1f67d4835b2f20d |
| SHA1 | 6ce02c8875459b68da4385ee6b587e025ce75ca8 |
| SHA256 | a48aeab2fa53408c27549c003e79d944f7e90afab5c65363debbc21aa6b7ae0e |
| SHA512 | fbed20d0f3fd49f0734da2779f0ad1f19705e76c83ea3dda36b8ac8786c090d957c257fd9bac5d255dd787f14463950d1add9c3135e39d13656881373ccc649c |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.NameResolution.dll
| MD5 | 78fee1e71754f45186cbcd1f3d2f550d |
| SHA1 | 8aff44b434180d78bcc185e958c169293b00777a |
| SHA256 | b30be057b179211a1a030851631c98eabdac6884314c825d82671e5c1cc8a38a |
| SHA512 | 8fdd97f68c8ff3897ff6d242c1daf8db85fc685fe152442ebfadcbba623bd2d983d0a34cbce4410268d52fd5c08d3d9aeabd05a18eadb4ce777c4ead21e3e98c |
\??\pipe\crashpad_4756_DIGAYXUONFBHLJAY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Security.dll
| MD5 | 6ff76de802471652ae8b9fd1c1396327 |
| SHA1 | 002d41dc799570e935f1d02d61574e3c108f5366 |
| SHA256 | f2461f270c97a57520b373c61d8f32f3bad10671d28a0e8ef8786effc193e3fb |
| SHA512 | b12c53e8efa8e5c13751bf5ddaaa2e36054a24a9ff27b19bad774fac1bcc5a25d8f6b7bb545cb6756e85306edd5923408be995ad3d683717649bb4d1ab646931 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.DiagnosticSource.dll
| MD5 | 8510e90aef9d465fae443afad605896e |
| SHA1 | fcf4e304c3fd817f4566af1d5e33b1a4c7153502 |
| SHA256 | 58a28a647352934ebf6b8b883d23a2ed594de7df1793962738e9adadd935618d |
| SHA512 | 980b774149ab6dd133c8d5ca59c490fca0dbdd85329ffb600ed71d6f55b3aea05ad2dbb9eeac7de1661798de5e81c2c9119b0c6400eab2285e488923a99c7721 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Tracing.dll
| MD5 | 30927e5dd5bad334a63b9613ae0c1164 |
| SHA1 | 9cb76776de17e4f68ddbd42bebab8e915ec562fe |
| SHA256 | 63cd02270f4cb6fcde5f87ec50a1f7a432fa608fbaca65bc287e2ecf68166c99 |
| SHA512 | 159c7b4081ad57a88afdfb5280c484256bc34331580b34c06f99a76b441a6c0b1c3b8d9ce6daa8140916759340428cf4f8a606b03df7bcf5ea54bc0a973a2f64 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Http.dll
| MD5 | 118e26447bd46fd8c0deed6f352846e1 |
| SHA1 | 26a6d8c6dbc04e9923ec34391ec8fb40bab995c4 |
| SHA256 | 466f5166b294238fbac78fc099ebfd45e0eae2726fcef3b9c76b14d01f26b205 |
| SHA512 | 7d5b3ec462bce36bdf91be44d8686f4a3f3f955c9204c6c567c257389544517bf199daed1b18259fbf8d104dd45410fb853a9d2a26d8cb3d158e4bfc86bfa5ee |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ObjectModel.dll
| MD5 | 54a81c6b9ec868ace3d6e917e6e88a49 |
| SHA1 | 163ac505570984e0be27df20c2d6711e38cd554b |
| SHA256 | f1df3f4cb089cbc10a619ff15ac0a936c6f328d382e4151dff1a6e9a52bfe0e1 |
| SHA512 | cc20738a210f12b143526c8d5ed49a28794c366b8cdd0973bce5a38952bd4469c77bb94a1e50a813a61a4d59b84035ea3e1e240735f1b3b78af5e1acf748d07e |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Linq.Expressions.dll
| MD5 | d139434315b5e59cac22a909175f22cc |
| SHA1 | 59c4f975eb697231a421ebb4e3f2b4478872c64d |
| SHA256 | e027715162aaf4bb41722f24017ae6eabb57b6ba9dea35a2acb53f0a84405537 |
| SHA512 | d6fd00ef4b55af905718d2d16f842f89daebc1f2b0713a7c31b5675c935cd8aa9e8060de053169d4c4d495053f273fbc85a51536822046cf6e0666951f595a80 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Thread.dll
| MD5 | 90ecf3fad632b326a25725e3811ff3b7 |
| SHA1 | 25b39ec0054fc320fec2cd797575eb5d64cc8c95 |
| SHA256 | 3e6349495ef016ee4110c71d7bc49ba36e2459584b8eba8f9d878d25ea4193f5 |
| SHA512 | 9bf3b67c3d8c150ef54a3b9697d801b174f23fef922723a78ed8729c482c83320ded5d6e2f012fda79d5910ba6f8f137d649e2ee5359eaf9fc84f680229ad557 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Newtonsoft.Json.dll
| MD5 | adf3e3eecde20b7c9661e9c47106a14a |
| SHA1 | f3130f7fd4b414b5aec04eb87ed800eb84dd2154 |
| SHA256 | 22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07 |
| SHA512 | 6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\websocket-sharp.dll
| MD5 | 169d5bae15e2c6dc13386a8aa34ce367 |
| SHA1 | fa2f5085473304191a4684da5b38935105906178 |
| SHA256 | 339c740207f308d9e86b03a4d45d29f17c52476d1ecda88afa9f607966d226fc |
| SHA512 | f28381088fe3be65570e3e2e2a0c07632bc05416f53058c7125d3f02d44063bd56a5544e0076a38e278a955a4f3bc26ba49cd46333f7a58c96005eafe6234970 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Encoding.Extensions.dll
| MD5 | 1c332d9a63a04b59ea2a5ab3b5a42e79 |
| SHA1 | 20939caea2e1b007a4e414961eaa4a91bb02590e |
| SHA256 | 2b7af3febac37f88ede6a62246fbc35e34c5bb8aa443b737b84c5023e6beccef |
| SHA512 | 21d70e1af988c761ea8c206027fbcbf8b75f1a9235d9618a9bfc16d66adb847fb00db66caee5076e14b2dfdc94251a05deb58ffb5f5c47c1ef3977ef6724e28d |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.dll
| MD5 | ef1d3ca8063f98cbf243dab09ffff101 |
| SHA1 | a7fefb953810ae58d1f7e43e35b4eb1e55dd5ff0 |
| SHA256 | 547a49b3df65b2abe615848157f38e55d9bb3cf455c95858a3a90694816fe90d |
| SHA512 | 991b5f653473334ab43f4f2def6b3979196edcc4464e536326d7dec9a34071bcf46a45dd09b7c2098b0a9b837733d1957ae641c31e22cf46999fce753d37af1e |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Microsoft.Win32.Primitives.dll
| MD5 | 95e00f4e8fc22c3447f7d26491a6a454 |
| SHA1 | ed6203db937764a8557993d118b079db275de3d1 |
| SHA256 | af8033ec095475df5ebb0f96f67032b5d07d8a2ac63422ee60472737d54ff7e0 |
| SHA512 | fe00b6a06f18ab4aa68b4b6e87f22b1d070a4ee5f5457b39ce86083e9ec0ff45d01b95a247ec9eadcc2000c1c6d010e3f06ac88afa079046d71a2d2309267cff |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Memory.dll
| MD5 | 4d8e52b1c5a76c8eb8ec4810a1872c26 |
| SHA1 | 41557ec65946c06f2775aae52ebc4431d8793e22 |
| SHA256 | 5cc24fdbf7dd10c17cc562a2026e44b5478baa8be4b78b65d472aec9ce9cb754 |
| SHA512 | 39341075f2c1e2016eb88257cac52bdca42f88cf47041d0a2aefcc2036cf7102f083b7214a10cf36ad9fc0d9c99fd0f5afe4a64a76f7a2a9e3a37446edc0359b |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Process.dll
| MD5 | 4eb2207595fef7efdd73e61bf9efe5e9 |
| SHA1 | e38510d48dfdb0a1be55dc18a6ddd4a093cb5de8 |
| SHA256 | 75ba3a9dc221d9ea99435710bf879efdf80572d026f36042276ebb84b339191d |
| SHA512 | cb7e05274ec3b7d8ef77a7b2ae8abc8249beec2767df6e0d2b8409e8ca46874f0f3e0dd09a2f65bfaeaf7529371010dc4fbc5dc6e9cf2a0fb3003ecc4c488068 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.dll
| MD5 | 3fefa87278425bc7008e9445434eda54 |
| SHA1 | 72e27c8fd0a65ce445bf38c0155f98eb3572dec3 |
| SHA256 | 06f12a34703f9844bca0481eb4b056606908e7dc0efe19c4f24da2ba96094da2 |
| SHA512 | 83cc1252733061c3226769ecfa0ce1a9abca0160d1604b0cfa5f57be2e87e856ff801b566771dbb6bcf1367dba6b640c056adb1db7377bc6960a6cedd0574f06 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Intrinsics.dll
| MD5 | 7441a71c36952ee88fba2cca3e61d947 |
| SHA1 | 4d7edbbf8ff71489547108a024b6bbc008a416e7 |
| SHA256 | 79f4e2407fbc0fdc0ba98d5354cbb7fc861ef5da0b187fda56978a8ded6f8061 |
| SHA512 | e6debdf07c83f0cdb119383331f3e6a09626f96d1a1dd21b8f4a092f9675d33d824073d5a383bf6bb2bd536d2e52dd8f7b1d81c9d6546e076b82db90560e0d5a |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.dll
| MD5 | d993aa3815d528b36831e2ddeddd5ebc |
| SHA1 | a90d570120ca807a4e6c3208d696f478660b73b2 |
| SHA256 | 195151b0fcbb93013562216f48bcca3627ed9a8309ce3c6d1f18dc3436d3034c |
| SHA512 | 34a69455075ae70137e9f33d83818e2dc690217db47199a024c70b0120c61182681f5d4f411c7f05d332876b3c1268b343f3670ac0dfa6cc99c7e8f8f5ea8b32 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.ZipFile.dll
| MD5 | b2cd40333649322d722742af66fb27ef |
| SHA1 | ea2d6c2e2b282a9ff9259be2e648b28e77764641 |
| SHA256 | 48ce05cbce86bda7dc95d535c8a643b25fc68d69157bd8181131581a5494f455 |
| SHA512 | 1fe5aab802c903536c83ba6e569438c570d014d10f1fdd226f2ecb19635f9760dee796c81572d37c3060deda66e51312ca319c0ff1c67db49030d8abb1749a79 |
C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.NonGeneric.dll
| MD5 | a87f219ce4f88e51e10b344cb288e315 |
| SHA1 | af4d7cbbca686fe7ff8a61fe32149e29793ebdcc |
| SHA256 | 1f22a74d24b9494e06c3f05c8caf0deb588e67d784e6956d65e8ae2e2bac8c11 |
| SHA512 | e9f4f38d589a2b3cd422d126cdadaf6f5dd0790cf5b801a6e75006a55a1849963b86e426910719bc084675280e0e01e5228e7eafa864af910afcc35187f196c7 |