Malware Analysis Report

2025-01-23 12:50

Sample ID 241218-dm2rva1rem
Target 962c8870b6d6b8a962edab0265ae1aa483b8653da30741aa8ccd6f7c5ecb5411.zip
SHA256 962c8870b6d6b8a962edab0265ae1aa483b8653da30741aa8ccd6f7c5ecb5411
Tags
cryptone packer credential_access discovery spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

962c8870b6d6b8a962edab0265ae1aa483b8653da30741aa8ccd6f7c5ecb5411

Threat Level: Likely malicious

The file 962c8870b6d6b8a962edab0265ae1aa483b8653da30741aa8ccd6f7c5ecb5411.zip was found to be: Likely malicious.

Malicious Activity Summary

cryptone packer credential_access discovery spyware stealer

CryptOne packer

Uses browser remote debugging

Reads user/profile data of web browsers

Drops startup file

Loads dropped DLL

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-18 03:08

Signatures

CryptOne packer

cryptone packer
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-18 03:08

Reported

2024-12-18 03:11

Platform

win7-20240729-en

Max time kernel

44s

Max time network

45s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe"

Signatures

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1824 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1824 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1824 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1824 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2352 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1496 wrote to memory of 1548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe

"C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless --user-data-dir="C:\Users\Admin\AppData\Local\google\chrome\User Data"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\google\chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x9c,0xd8,0x7fef7e19758,0x7fef7e19768,0x7fef7e19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=856 --field-trial-handle=896,i,9182292723089932223,6804328361120741863,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1244 --field-trial-handle=896,i,9182292723089932223,6804328361120741863,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=9222 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1576 --field-trial-handle=896,i,9182292723089932223,6804328361120741863,131072 --disable-features=PaintHolding /prefetch:1

Network

Country Destination Domain Proto
NL 178.23.190.70:3000 tcp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
NL 178.23.190.70:3000 tcp

Files

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.CoreLib.dll

MD5 706bac48bac967f23e8c1c637b3216ab
SHA1 ae6765d15d16d2aa3df2ec6bf91c40d455aa8f39
SHA256 0a942e461ff84906b333e93407f18052d44fe0757efeb1e6af5600b00d5e71f9
SHA512 a739e651c5681107fab57b4b1b73f6562e2faa250ece8059a8660f4ef71079c0c01491511304468cb15ab192a60c1d3e7c2d089813e142b12bab6d2a38c7b6a3

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Console.dll

MD5 e59541db8e65b83897783d355ac017e8
SHA1 a0d4fbee9075d14c58ddb41583ebe284939c18ae
SHA256 6db09f73052ca6629b5b8fd68ec0b32bd92a6f6bd1a98ae9172273b8777d1520
SHA512 fb92c935fb57128b546ddbe06db87040762e8d90fc2590d47456a10fdd3610d417e974b69fe026c973ed8508360aed14d63d7526646b32498e83b464dec305a3

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.dll

MD5 aa3c3668e72cf81c8364a923e6ef5dd9
SHA1 67990e237f45e33ff976c6d3df3cf0565a36aa18
SHA256 b8493a46e602cf769bf864553d55bb425e4d4c54b9fa1f8588c7dc607d56de53
SHA512 e1ed39f8bdcdff20cc39af33caf53197b143e1d8c2d7d2b06dad2ea48f53cce6633886dba56c3343ccdfafdbe9e57d3fa620abb73bdf6938eaa118500ff1ed80

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.dll

MD5 3fefa87278425bc7008e9445434eda54
SHA1 72e27c8fd0a65ce445bf38c0155f98eb3572dec3
SHA256 06f12a34703f9844bca0481eb4b056606908e7dc0efe19c4f24da2ba96094da2
SHA512 83cc1252733061c3226769ecfa0ce1a9abca0160d1604b0cfa5f57be2e87e856ff801b566771dbb6bcf1367dba6b640c056adb1db7377bc6960a6cedd0574f06

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Console.dll

MD5 9b18a6627b27d2aadad0d7b2dc42414d
SHA1 eb96a2e1ffa11dd3167fcabe69c4768e514dde95
SHA256 79815e1044ac3f10597a9014d07b2c5aa5a2b7e7da0299843e3ef1bae5a5b7f4
SHA512 9cb0bcbd3b63c470101a2e91b85c918ca25fa06ea07242f33141a42d9463882c86277820ec6658bfedb55098304f5f9c0a967498619c4df20923973656c7c5b6

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Process.dll

MD5 4eb2207595fef7efdd73e61bf9efe5e9
SHA1 e38510d48dfdb0a1be55dc18a6ddd4a093cb5de8
SHA256 75ba3a9dc221d9ea99435710bf879efdf80572d026f36042276ebb84b339191d
SHA512 cb7e05274ec3b7d8ef77a7b2ae8abc8249beec2767df6e0d2b8409e8ca46874f0f3e0dd09a2f65bfaeaf7529371010dc4fbc5dc6e9cf2a0fb3003ecc4c488068

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.Primitives.dll

MD5 66038cd6411961e8de7f43ac5bfdb28d
SHA1 71d00e6e5bbd4962305a2eddfc824cd6e58883ee
SHA256 47db3189335fa63213c955cbe5b23016a2193ecab410ac3553b2f0363a13eef8
SHA512 d5dfe197fb9072bf8d86ebd2128551cc4f268ca6fffc3241b9e2882d5ec43bdd9fd9efcd94c22f2d7d1df9a22782fd54aa21ad6905eb76550194cda4faef55ad

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.InteropServices.dll

MD5 63b6e3059dfabd63b7894d0aba8620fc
SHA1 53629008df91c87c8ee1dba270f10ce139a27611
SHA256 c95d927324bae05fa174bdbf6d969fc61054f6237b2cf1ed90db54a4d88f3d35
SHA512 4bbf627ad141a3040fc38b9b43df4f0bcf3e4c431b92f780799804a53e7de1af123da745884d07dabec8b78e9d512051733d7de978213de3a6e2a15873fef6e1

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Memory.dll

MD5 4d8e52b1c5a76c8eb8ec4810a1872c26
SHA1 41557ec65946c06f2775aae52ebc4431d8793e22
SHA256 5cc24fdbf7dd10c17cc562a2026e44b5478baa8be4b78b65d472aec9ce9cb754
SHA512 39341075f2c1e2016eb88257cac52bdca42f88cf47041d0a2aefcc2036cf7102f083b7214a10cf36ad9fc0d9c99fd0f5afe4a64a76f7a2a9e3a37446edc0359b

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Microsoft.Win32.Primitives.dll

MD5 95e00f4e8fc22c3447f7d26491a6a454
SHA1 ed6203db937764a8557993d118b079db275de3d1
SHA256 af8033ec095475df5ebb0f96f67032b5d07d8a2ac63422ee60472737d54ff7e0
SHA512 fe00b6a06f18ab4aa68b4b6e87f22b1d070a4ee5f5457b39ce86083e9ec0ff45d01b95a247ec9eadcc2000c1c6d010e3f06ac88afa079046d71a2d2309267cff

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.dll

MD5 ef1d3ca8063f98cbf243dab09ffff101
SHA1 a7fefb953810ae58d1f7e43e35b4eb1e55dd5ff0
SHA256 547a49b3df65b2abe615848157f38e55d9bb3cf455c95858a3a90694816fe90d
SHA512 991b5f653473334ab43f4f2def6b3979196edcc4464e536326d7dec9a34071bcf46a45dd09b7c2098b0a9b837733d1957ae641c31e22cf46999fce753d37af1e

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Encoding.Extensions.dll

MD5 1c332d9a63a04b59ea2a5ab3b5a42e79
SHA1 20939caea2e1b007a4e414961eaa4a91bb02590e
SHA256 2b7af3febac37f88ede6a62246fbc35e34c5bb8aa443b737b84c5023e6beccef
SHA512 21d70e1af988c761ea8c206027fbcbf8b75f1a9235d9618a9bfc16d66adb847fb00db66caee5076e14b2dfdc94251a05deb58ffb5f5c47c1ef3977ef6724e28d

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\websocket-sharp.dll

MD5 169d5bae15e2c6dc13386a8aa34ce367
SHA1 fa2f5085473304191a4684da5b38935105906178
SHA256 339c740207f308d9e86b03a4d45d29f17c52476d1ecda88afa9f607966d226fc
SHA512 f28381088fe3be65570e3e2e2a0c07632bc05416f53058c7125d3f02d44063bd56a5544e0076a38e278a955a4f3bc26ba49cd46333f7a58c96005eafe6234970

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\netstandard.dll

MD5 449d3ec3245f31f93c881f333d3e4370
SHA1 d362a8078972c5d2904e8c90cc43c892a420c545
SHA256 ebcf557a761091f253cf0bf8b33c928c94ee5c8b6dcf086adddd685d19a63653
SHA512 a364c91828fc252a734257c77f346ed50897f218c3b579201d634809575fdff81c6b7028d67dfa21a040c5c4c2fc73cd6f20820ea25cb0fa3987da26a08901b8

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Newtonsoft.Json.dll

MD5 adf3e3eecde20b7c9661e9c47106a14a
SHA1 f3130f7fd4b414b5aec04eb87ed800eb84dd2154
SHA256 22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
SHA512 6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Thread.dll

MD5 90ecf3fad632b326a25725e3811ff3b7
SHA1 25b39ec0054fc320fec2cd797575eb5d64cc8c95
SHA256 3e6349495ef016ee4110c71d7bc49ba36e2459584b8eba8f9d878d25ea4193f5
SHA512 9bf3b67c3d8c150ef54a3b9697d801b174f23fef922723a78ed8729c482c83320ded5d6e2f012fda79d5910ba6f8f137d649e2ee5359eaf9fc84f680229ad557

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Linq.Expressions.dll

MD5 d139434315b5e59cac22a909175f22cc
SHA1 59c4f975eb697231a421ebb4e3f2b4478872c64d
SHA256 e027715162aaf4bb41722f24017ae6eabb57b6ba9dea35a2acb53f0a84405537
SHA512 d6fd00ef4b55af905718d2d16f842f89daebc1f2b0713a7c31b5675c935cd8aa9e8060de053169d4c4d495053f273fbc85a51536822046cf6e0666951f595a80

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.TypeConverter.dll

MD5 b2b20f486bce77aea4acdc0195d56c46
SHA1 78d478807584b76f5a83d7ba6dd65aed608a0b95
SHA256 d6a0dd732563d4d2e9af1399fbb30a6799b48289106bc5535a399d750d02b7ec
SHA512 5e3983604d498ef09b8f4db58c4bfdfd16ca44270c5611c3ceb0e059803869e30f008aec2f4d6a76e91683f56dab600205f746064c1c64c20fe142c93d777adc

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ObjectModel.dll

MD5 54a81c6b9ec868ace3d6e917e6e88a49
SHA1 163ac505570984e0be27df20c2d6711e38cd554b
SHA256 f1df3f4cb089cbc10a619ff15ac0a936c6f328d382e4151dff1a6e9a52bfe0e1
SHA512 cc20738a210f12b143526c8d5ed49a28794c366b8cdd0973bce5a38952bd4469c77bb94a1e50a813a61a4d59b84035ea3e1e240735f1b3b78af5e1acf748d07e

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Http.dll

MD5 118e26447bd46fd8c0deed6f352846e1
SHA1 26a6d8c6dbc04e9923ec34391ec8fb40bab995c4
SHA256 466f5166b294238fbac78fc099ebfd45e0eae2726fcef3b9c76b14d01f26b205
SHA512 7d5b3ec462bce36bdf91be44d8686f4a3f3f955c9204c6c567c257389544517bf199daed1b18259fbf8d104dd45410fb853a9d2a26d8cb3d158e4bfc86bfa5ee

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Primitives.dll

MD5 88137ded6b392306052d9271138ae2f9
SHA1 1547b682b65daf6029012df6ce220bc9e17578d6
SHA256 d926c8c930da9618dbac2fb56efa4516913a7630cc46f8bfb7fd0b3418895ee7
SHA512 922d7ba874be40f80f7d82e917309a56d904cfe2df7e922c6493fb6a725096a31014c4a78a5a50b1d7c445028006a02ad994c4e167b5af7261da33b27caaeb62

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Tracing.dll

MD5 30927e5dd5bad334a63b9613ae0c1164
SHA1 9cb76776de17e4f68ddbd42bebab8e915ec562fe
SHA256 63cd02270f4cb6fcde5f87ec50a1f7a432fa608fbaca65bc287e2ecf68166c99
SHA512 159c7b4081ad57a88afdfb5280c484256bc34331580b34c06f99a76b441a6c0b1c3b8d9ce6daa8140916759340428cf4f8a606b03df7bcf5ea54bc0a973a2f64

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.DiagnosticSource.dll

MD5 8510e90aef9d465fae443afad605896e
SHA1 fcf4e304c3fd817f4566af1d5e33b1a4c7153502
SHA256 58a28a647352934ebf6b8b883d23a2ed594de7df1793962738e9adadd935618d
SHA512 980b774149ab6dd133c8d5ca59c490fca0dbdd85329ffb600ed71d6f55b3aea05ad2dbb9eeac7de1661798de5e81c2c9119b0c6400eab2285e488923a99c7721

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Security.dll

MD5 6ff76de802471652ae8b9fd1c1396327
SHA1 002d41dc799570e935f1d02d61574e3c108f5366
SHA256 f2461f270c97a57520b373c61d8f32f3bad10671d28a0e8ef8786effc193e3fb
SHA512 b12c53e8efa8e5c13751bf5ddaaa2e36054a24a9ff27b19bad774fac1bcc5a25d8f6b7bb545cb6756e85306edd5923408be995ad3d683717649bb4d1ab646931

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Security.Cryptography.dll

MD5 7d245bb1d1db5cda851185bfb404cb7c
SHA1 1db9c32a2a85b53dd61e5d6eb7c9f2de5d4517d1
SHA256 e9da2f779e3ec441063d080304693f32561df0a947930e0e27a32e2af0e2af61
SHA512 6de46fc0b7d0ae4ddf4216592d8fba2ab8370c4e9cebee43ffabc1be3fcabd3b9de033e39d08f4598dbac79dfbcb458f4c0a6dd68b656cf675e86a4bf383e4bb

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.Uri.dll

MD5 f11d5db8f2ef84e3c430a635d7687e07
SHA1 156858f64e2c0a37d126530ae5649fdac0cda073
SHA256 7b58ace669a2f64af0409ffc17680e7b2654b43654df3c84b193b651e514ba64
SHA512 90c00157a36b82f0d14f800ece3ca74a9240ee3d66b772bbc009555e47cc83a2cfd01ee86353220ba46fde3912b70008b41d49c27cff6a43785d3018c31f7f31

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Concurrent.dll

MD5 aa8c242196bb3da74c488906f80b2622
SHA1 ef70921ff2b5b950c0da80dadd82dc054a43071b
SHA256 509a76033ec39c4bcae0cb64449d03cf00ae54b5f563ef4b2ea556a328fb1e53
SHA512 fee9da2e47429d7083e0097adefa15896ca8c33efe5d54e54ae6fdf819c3235efcf837845db55234dfacba6d4b8fb6a009a7e1accf288269ff0396aa06acd0c9

\??\pipe\crashpad_1496_BVZOYNAQTRBIGNKG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Sockets.dll

MD5 52bdebb9a48d2697f31097adebb04b14
SHA1 00cacba5b98ec09cacf2f1a6e6894d00073a362b
SHA256 f166cfd4c6daf84b988b59fbe2aa4c8a6e4a6fd222bba38d5612fe16a125d23d
SHA512 f7c2fbd1f954cb89d6a054bfdc2ad7a8f7154008a8a784b1ad2825689819a08e44cbd623ef45b39063bf93da6fa19446561d86f1db51a07073f33c39777ea8f4

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Overlapped.dll

MD5 dd2b749b62feaf27e7fc8a53d48434be
SHA1 dbdeb033dc922552a96fc01ef516d1b0bf512aa0
SHA256 891f99e9fb6e9eeadbbde9e2427fb0c8015845692142dffd734a54a137f3b67c
SHA512 b250d81db223906886de4c6596d7cc3e7fb5b3d8c46482d1f2a4e3b3e733b89a46b7ef3ab91668a89ded791d0cdc8a742c3623d68966895f379aa8201ba4842d

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.NameResolution.dll

MD5 78fee1e71754f45186cbcd1f3d2f550d
SHA1 8aff44b434180d78bcc185e958c169293b00777a
SHA256 b30be057b179211a1a030851631c98eabdac6884314c825d82671e5c1cc8a38a
SHA512 8fdd97f68c8ff3897ff6d242c1daf8db85fc685fe152442ebfadcbba623bd2d983d0a34cbce4410268d52fd5c08d3d9aeabd05a18eadb4ce777c4ead21e3e98c

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Intrinsics.dll

MD5 7441a71c36952ee88fba2cca3e61d947
SHA1 4d7edbbf8ff71489547108a024b6bbc008a416e7
SHA256 79f4e2407fbc0fdc0ba98d5354cbb7fc861ef5da0b187fda56978a8ded6f8061
SHA512 e6debdf07c83f0cdb119383331f3e6a09626f96d1a1dd21b8f4a092f9675d33d824073d5a383bf6bb2bd536d2e52dd8f7b1d81c9d6546e076b82db90560e0d5a

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Numerics.dll

MD5 c48dbf0d65cbd011e9bffa655c19c520
SHA1 dd51b2e394fbf71837cfcfeaab96dedda346f98e
SHA256 152c8a0206471b5af4e1f9f4b74d230ffc87cf6a9b1f775bc904453af4f6cbd5
SHA512 315124026a6392fc986d0e758e2874106ea579317dd1b0880920dfc262baa1c6209112ce705d4ddca834cef75bdb57ce01de097381df6c9c8fe87eba2ff7cb80

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Specialized.dll

MD5 f222b9a24a280c7620a2b4af4abb4751
SHA1 f1e2278e14ae22a07353b05657f0d10b2349ec36
SHA256 b0bd7ec37a45bbbd7c3604ea5577dbdf034a9eb4db183db7ef08ed662cde9f9e
SHA512 32bdc27d4177e829e49c471697f6f0b93d4b97206857a0de967c8ec57f608d54d96345bcc6433e6bc399de95e12ba99a41500ccb5774f2b05f31523ecdbf18e9

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.NonGeneric.dll

MD5 a87f219ce4f88e51e10b344cb288e315
SHA1 af4d7cbbca686fe7ff8a61fe32149e29793ebdcc
SHA256 1f22a74d24b9494e06c3f05c8caf0deb588e67d784e6956d65e8ae2e2bac8c11
SHA512 e9f4f38d589a2b3cd422d126cdadaf6f5dd0790cf5b801a6e75006a55a1849963b86e426910719bc084675280e0e01e5228e7eafa864af910afcc35187f196c7

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Serialization.Formatters.dll

MD5 111e6250a3478a605f72e94f773458a9
SHA1 0ddc531fd23d0b40c1d24b2752ed0f8ec1682477
SHA256 89fa32d773ef10f47deed9708488b010e0692cd4eaddbd194078d5a5e596c75c
SHA512 189bbfb7a8ec0b242e8cce675396f6089882a6cfd9345b048c3501835a6dc28813404c235a6ca3b9962262c800a0b0f138c3d026255dc2d289418a7455383146

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Linq.dll

MD5 f3ee4f3c3f8ad6a014f9f5533d132fdd
SHA1 ab09474254047b19943174d228147ee8de5b9754
SHA256 ecaef6e286862a9339c721b3062a76f0addc09534fa83e6c7cf13400774ca46d
SHA512 18e2331580ab59fe803f318f8ccdd4a443d43c61cc4d5f461ca15ae0ec4ece4bbc2a951d30b30d95fa9d068e1988b3ef2cde502331678fb971f86eb43fa684b7

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Serialization.Primitives.dll

MD5 a214b07a5e267e6fa853b995a00f8b9f
SHA1 82da9439d5bad83153cabcf8b58eb7f674eb94d2
SHA256 fd61a97b1fc099ff738b5bd342a8b0264c295f3f493efbee32de025db977ebe0
SHA512 63b6e565d1a9447db961d1f74d54073e446fc157ca79c130bd945022be82f7b750eb50e1e8272f565832bde6b685657cd26d346582ceb75430738068d9b650f5

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.TraceSource.dll

MD5 53bccc6d11bfd8f180e6ce1bd7200065
SHA1 82c797bb841b04ceab8f3d1c9854c7e092414617
SHA256 f0f23c3c2f30ecd28e88f505dc2924ee3ba0b0fca586ec944afba5eacd236a10
SHA512 dcc7f790c4fa795dbba66ba799431aa5b32da6ea162b14ce6f10960aea3103bfac295cd7f2b8ed99ce147bfe86de4aed33d07c1124dd4da59317281894d0fdaa

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Data.Common.dll

MD5 d5f0d1298b05b963f7940f7e7134ad2b
SHA1 f8c85d1f24c4603cba29a32d5350640bf4461144
SHA256 aca22c0b307c85a55291d8b11b5227c5c238171c4ca68f66441f9ca1d0e7942f
SHA512 34320a7ba07a30192557e1e5e7965a7a3f463518b735edc3fe79bb29128f21c70c7c93d94acd0e1cb6ea1c7c65761f747b9c2412d2dbf3502aa50a5c8ca5fac3

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Xml.ReaderWriter.dll

MD5 0845e81793b8fe161b5e1bb06bee3822
SHA1 2584632d78896ad4c22b1323dc421b5cea8db13f
SHA256 46e0cea3590b11ae2de9c60d4de0df409cb92f95e30ec06a5938f78071d3aa20
SHA512 06948058e11a770cede36bd850e5ad441f398a1eca0cd875a3cf8a5488a7a57b3745c09345665a59fe7c464c5c3d8f0affad2836eb4c295a98dae673d23fa645

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.Xml.dll

MD5 d6747532f3be25a6af969a3df229f917
SHA1 d597b022a683a2762f4e5f14f0062ba2e42d9af6
SHA256 20141488f9fccc277167bd8cf51ac2b9ccc808e31332d0d10f83c7bab3f9cf8f
SHA512 66084aa981289144a1c341a1f8d8889cb16b240a580539df059e325e4b28b46b38cec5ffe44457c93467f352f5f66cc9f241ddb6b6e8c5cf0d5a5f7f63660d9e

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.dll

MD5 c50993dbe2b5d99e599e673921d9001c
SHA1 edbbb19d5f322263cab868fd3bcb5486bedafd8d
SHA256 ed59bfc1b42d9f3072dbfc0c6c87f9ee5013015cadfe8858ea466876ff5c0c9a
SHA512 20f810ac86d2e51cde85dbf571bd2558b711efe3ca873ab34f34e27882bee3019ee2cf81094fbd3087cb492eaad080ab2ee8561b8405ae9c44e7f8a56ebed815

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Emit.ILGeneration.dll

MD5 19d7d3f573360d8497626bde6368f433
SHA1 fc76b7bbcf62a375d66697d382bfb40d801d11c6
SHA256 e76cd4d8fcfe1c2b9f295bbc8cd3a8f1f0e0346a1a37314bb7ddc0dd599acd7a
SHA512 dae4cc94f123b2fca4551ca378641dd9f5bf8d9758393cb0747786ccfcbdf7f9237ec6d2d68b9f6cf6d027adc0a2ad1d6c4d65b3e3956544c566a77451a5d55a

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Emit.Lightweight.dll

MD5 1cf97bd1850bb312ce7fb7c0cc2c7507
SHA1 81358c83074c1dce8fcfcfd27c5501a282d88ce8
SHA256 152cd484c1bf881c075d6be94ba178264a04214d2f328f5d2c0956bf4d31a1e0
SHA512 169db9a4faf00d13597cd662c9c0f142f09eff7035ceb6813a05f0f412ad8be99dfe8e82ea3951dfe94b2533471f2d81ede71a1add83ae5ec395fd3fca5ab9fc

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Primitives.dll

MD5 143146e96f6c64d92681542a3b38a8de
SHA1 891524dfdbc2284659f10a355ac32bf632607abb
SHA256 f5caacc538e169a06e3d6f8d47d0722d07a6dd3e5df0f748e14d747424875f9b
SHA512 d0689e6b3f32d62db1fd5e57752d8fd6a67b40ad3235aafe6329a1cc27013377d596b036ade6981d7befd9f66386e9ec4003008d1b5f832910fc59044e57765f

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.StackTrace.dll

MD5 ce95cce486c7c1fad9abf4c64b49b232
SHA1 614af9e658219a2f0d532667483a12e9784c61f8
SHA256 fb31a2ab680d19b93883e7b8b1fa29bc7d2831b0b8c2ba0929776a76f428e6ff
SHA512 eed3bf1f1de3718568f4ac00bdacdc741844aa6e891fb67f16f0b547ce4297e153b13e52531f32b99ddb23e76e6d1b9d842c27ee88681a7c4f15ae8dc5677607

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Reflection.Metadata.dll

MD5 4bb24586a651565c486a1bc670590991
SHA1 3aa58299ede3a84e20a7a90fe99cc8164c64376b
SHA256 c24e014fb60fdf7677f7d28dbebf240e827fc559f8e875eaf5986ef607f15174
SHA512 9d9ce093a90d5dba04f5587ac3a9f46c595fa929ba184070e559d5e5296b2e04733e062a01627c3dff07a907c6fd39a00803d4bef2cbf5d72a29fefe7280e678

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Immutable.dll

MD5 b02ce23285d5094545e3f0afb554b932
SHA1 cdc200407ca127548d24b3f8be6b02e107045af9
SHA256 b85ede92ec4f322a4ac56f21c504f4cec5dcf1f89c4357685fb35057c01371cb
SHA512 ab549273136a560a2f80bc6b23dee83c873cd10e795fd45a160b72ef0916d11d9cdbaa4fb839682b6ccaa7c25955b9cce79e9c38504e3d03025bcbcc16c854bd

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.ZipFile.dll

MD5 b2cd40333649322d722742af66fb27ef
SHA1 ea2d6c2e2b282a9ff9259be2e648b28e77764641
SHA256 48ce05cbce86bda7dc95d535c8a643b25fc68d69157bd8181131581a5494f455
SHA512 1fe5aab802c903536c83ba6e569438c570d014d10f1fdd226f2ecb19635f9760dee796c81572d37c3060deda66e51312ca319c0ff1c67db49030d8abb1749a79

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.dll

MD5 d993aa3815d528b36831e2ddeddd5ebc
SHA1 a90d570120ca807a4e6c3208d696f478660b73b2
SHA256 195151b0fcbb93013562216f48bcca3627ed9a8309ce3c6d1f18dc3436d3034c
SHA512 34a69455075ae70137e9f33d83818e2dc690217db47199a024c70b0120c61182681f5d4f411c7f05d332876b3c1268b343f3670ac0dfa6cc99c7e8f8f5ea8b32

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Numerics.Vectors.dll

MD5 d41af5e2db31134dec48aa17b2136bf5
SHA1 712ae23bb2cf6490ab88f1fccbfad8592059d3c5
SHA256 327f2744a5d102cfbfc3939f5a1137d3d7c1f989b3e3fb6950395f6aee97d8bc
SHA512 500a7001358b564959f428add1494076eee19caddddbc8defaa2f9fa200a0fd66557b6f39459a1bc656e47deff259953a0961ea02ab8974dd4d5f8e34d0d9aa1

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Encodings.Web.dll

MD5 ee2f308e36a744ae3248c50b63820a85
SHA1 3230ccfa1a779bf354d8833c78551d043b3b572f
SHA256 15a3081fdb9e35ad2df9fd7e4578fbef6457e8005a509ae80ce6b95cc7fb19dc
SHA512 8ac6e91cbeaa3aa0ae7a6a70b24d0617ce0a9fec8d70c1ca0129547ee60ec790a25dc42dbcba0b25a6d2c8cce26a783cae104ac22b85aa643168a0884ea6a0a2

\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Json.dll

MD5 0111781b1e8446170c5174e8c6a4b5f5
SHA1 17f234e3bf28b21db64dcdaee26b697ae8971f0a
SHA256 cca1dc63f7f131afdfb05c4f5f73ea8351dd00cfac4598a97507e11ef7a28349
SHA512 39f5d1b5d9a665694ce07ed0e18fcef4e7d77d70c3f7e649a4c7e0015fce871b409e6f8672814a2a7eec6a0e02f1345fb9e849bb79279109fed3c2050881866b

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-18 03:08

Reported

2024-12-18 03:11

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe"

Signatures

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pets GO Modded.rbxl.exe C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pets GO Modded.rbxl.exe C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2136 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 4204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 2616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 444 wrote to memory of 2616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe

"C:\Users\Admin\AppData\Local\Temp\Pets GO Modded.rbxl.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless --user-data-dir="C:\Users\Admin\AppData\Local\google\chrome\User Data"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\google\chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\google\chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8232cc40,0x7ffa8232cc4c,0x7ffa8232cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1428,i,5680652632260598498,4255881470657186282,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1424 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1732,i,5680652632260598498,4255881470657186282,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1728 /prefetch:3

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 178.23.190.70:3000 tcp
N/A 127.0.0.1:9222 tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.CoreLib.dll

MD5 706bac48bac967f23e8c1c637b3216ab
SHA1 ae6765d15d16d2aa3df2ec6bf91c40d455aa8f39
SHA256 0a942e461ff84906b333e93407f18052d44fe0757efeb1e6af5600b00d5e71f9
SHA512 a739e651c5681107fab57b4b1b73f6562e2faa250ece8059a8660f4ef71079c0c01491511304468cb15ab192a60c1d3e7c2d089813e142b12bab6d2a38c7b6a3

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Console.dll

MD5 e59541db8e65b83897783d355ac017e8
SHA1 a0d4fbee9075d14c58ddb41583ebe284939c18ae
SHA256 6db09f73052ca6629b5b8fd68ec0b32bd92a6f6bd1a98ae9172273b8777d1520
SHA512 fb92c935fb57128b546ddbe06db87040762e8d90fc2590d47456a10fdd3610d417e974b69fe026c973ed8508360aed14d63d7526646b32498e83b464dec305a3

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.dll

MD5 aa3c3668e72cf81c8364a923e6ef5dd9
SHA1 67990e237f45e33ff976c6d3df3cf0565a36aa18
SHA256 b8493a46e602cf769bf864553d55bb425e4d4c54b9fa1f8588c7dc607d56de53
SHA512 e1ed39f8bdcdff20cc39af33caf53197b143e1d8c2d7d2b06dad2ea48f53cce6633886dba56c3343ccdfafdbe9e57d3fa620abb73bdf6938eaa118500ff1ed80

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.dll

MD5 3fefa87278425bc7008e9445434eda54
SHA1 72e27c8fd0a65ce445bf38c0155f98eb3572dec3
SHA256 06f12a34703f9844bca0481eb4b056606908e7dc0efe19c4f24da2ba96094da2
SHA512 83cc1252733061c3226769ecfa0ce1a9abca0160d1604b0cfa5f57be2e87e856ff801b566771dbb6bcf1367dba6b640c056adb1db7377bc6960a6cedd0574f06

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Console.dll

MD5 9b18a6627b27d2aadad0d7b2dc42414d
SHA1 eb96a2e1ffa11dd3167fcabe69c4768e514dde95
SHA256 79815e1044ac3f10597a9014d07b2c5aa5a2b7e7da0299843e3ef1bae5a5b7f4
SHA512 9cb0bcbd3b63c470101a2e91b85c918ca25fa06ea07242f33141a42d9463882c86277820ec6658bfedb55098304f5f9c0a967498619c4df20923973656c7c5b6

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Process.dll

MD5 4eb2207595fef7efdd73e61bf9efe5e9
SHA1 e38510d48dfdb0a1be55dc18a6ddd4a093cb5de8
SHA256 75ba3a9dc221d9ea99435710bf879efdf80572d026f36042276ebb84b339191d
SHA512 cb7e05274ec3b7d8ef77a7b2ae8abc8249beec2767df6e0d2b8409e8ca46874f0f3e0dd09a2f65bfaeaf7529371010dc4fbc5dc6e9cf2a0fb3003ecc4c488068

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.Primitives.dll

MD5 66038cd6411961e8de7f43ac5bfdb28d
SHA1 71d00e6e5bbd4962305a2eddfc824cd6e58883ee
SHA256 47db3189335fa63213c955cbe5b23016a2193ecab410ac3553b2f0363a13eef8
SHA512 d5dfe197fb9072bf8d86ebd2128551cc4f268ca6fffc3241b9e2882d5ec43bdd9fd9efcd94c22f2d7d1df9a22782fd54aa21ad6905eb76550194cda4faef55ad

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.InteropServices.dll

MD5 63b6e3059dfabd63b7894d0aba8620fc
SHA1 53629008df91c87c8ee1dba270f10ce139a27611
SHA256 c95d927324bae05fa174bdbf6d969fc61054f6237b2cf1ed90db54a4d88f3d35
SHA512 4bbf627ad141a3040fc38b9b43df4f0bcf3e4c431b92f780799804a53e7de1af123da745884d07dabec8b78e9d512051733d7de978213de3a6e2a15873fef6e1

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Microsoft.Win32.Primitives.dll

MD5 95e00f4e8fc22c3447f7d26491a6a454
SHA1 ed6203db937764a8557993d118b079db275de3d1
SHA256 af8033ec095475df5ebb0f96f67032b5d07d8a2ac63422ee60472737d54ff7e0
SHA512 fe00b6a06f18ab4aa68b4b6e87f22b1d070a4ee5f5457b39ce86083e9ec0ff45d01b95a247ec9eadcc2000c1c6d010e3f06ac88afa079046d71a2d2309267cff

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Memory.dll

MD5 4d8e52b1c5a76c8eb8ec4810a1872c26
SHA1 41557ec65946c06f2775aae52ebc4431d8793e22
SHA256 5cc24fdbf7dd10c17cc562a2026e44b5478baa8be4b78b65d472aec9ce9cb754
SHA512 39341075f2c1e2016eb88257cac52bdca42f88cf47041d0a2aefcc2036cf7102f083b7214a10cf36ad9fc0d9c99fd0f5afe4a64a76f7a2a9e3a37446edc0359b

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.dll

MD5 ef1d3ca8063f98cbf243dab09ffff101
SHA1 a7fefb953810ae58d1f7e43e35b4eb1e55dd5ff0
SHA256 547a49b3df65b2abe615848157f38e55d9bb3cf455c95858a3a90694816fe90d
SHA512 991b5f653473334ab43f4f2def6b3979196edcc4464e536326d7dec9a34071bcf46a45dd09b7c2098b0a9b837733d1957ae641c31e22cf46999fce753d37af1e

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Text.Encoding.Extensions.dll

MD5 1c332d9a63a04b59ea2a5ab3b5a42e79
SHA1 20939caea2e1b007a4e414961eaa4a91bb02590e
SHA256 2b7af3febac37f88ede6a62246fbc35e34c5bb8aa443b737b84c5023e6beccef
SHA512 21d70e1af988c761ea8c206027fbcbf8b75f1a9235d9618a9bfc16d66adb847fb00db66caee5076e14b2dfdc94251a05deb58ffb5f5c47c1ef3977ef6724e28d

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\websocket-sharp.dll

MD5 169d5bae15e2c6dc13386a8aa34ce367
SHA1 fa2f5085473304191a4684da5b38935105906178
SHA256 339c740207f308d9e86b03a4d45d29f17c52476d1ecda88afa9f607966d226fc
SHA512 f28381088fe3be65570e3e2e2a0c07632bc05416f53058c7125d3f02d44063bd56a5544e0076a38e278a955a4f3bc26ba49cd46333f7a58c96005eafe6234970

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\Newtonsoft.Json.dll

MD5 adf3e3eecde20b7c9661e9c47106a14a
SHA1 f3130f7fd4b414b5aec04eb87ed800eb84dd2154
SHA256 22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
SHA512 6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Thread.dll

MD5 90ecf3fad632b326a25725e3811ff3b7
SHA1 25b39ec0054fc320fec2cd797575eb5d64cc8c95
SHA256 3e6349495ef016ee4110c71d7bc49ba36e2459584b8eba8f9d878d25ea4193f5
SHA512 9bf3b67c3d8c150ef54a3b9697d801b174f23fef922723a78ed8729c482c83320ded5d6e2f012fda79d5910ba6f8f137d649e2ee5359eaf9fc84f680229ad557

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ComponentModel.TypeConverter.dll

MD5 b2b20f486bce77aea4acdc0195d56c46
SHA1 78d478807584b76f5a83d7ba6dd65aed608a0b95
SHA256 d6a0dd732563d4d2e9af1399fbb30a6799b48289106bc5535a399d750d02b7ec
SHA512 5e3983604d498ef09b8f4db58c4bfdfd16ca44270c5611c3ceb0e059803869e30f008aec2f4d6a76e91683f56dab600205f746064c1c64c20fe142c93d777adc

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.ObjectModel.dll

MD5 54a81c6b9ec868ace3d6e917e6e88a49
SHA1 163ac505570984e0be27df20c2d6711e38cd554b
SHA256 f1df3f4cb089cbc10a619ff15ac0a936c6f328d382e4151dff1a6e9a52bfe0e1
SHA512 cc20738a210f12b143526c8d5ed49a28794c366b8cdd0973bce5a38952bd4469c77bb94a1e50a813a61a4d59b84035ea3e1e240735f1b3b78af5e1acf748d07e

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Http.dll

MD5 118e26447bd46fd8c0deed6f352846e1
SHA1 26a6d8c6dbc04e9923ec34391ec8fb40bab995c4
SHA256 466f5166b294238fbac78fc099ebfd45e0eae2726fcef3b9c76b14d01f26b205
SHA512 7d5b3ec462bce36bdf91be44d8686f4a3f3f955c9204c6c567c257389544517bf199daed1b18259fbf8d104dd45410fb853a9d2a26d8cb3d158e4bfc86bfa5ee

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.Tracing.dll

MD5 30927e5dd5bad334a63b9613ae0c1164
SHA1 9cb76776de17e4f68ddbd42bebab8e915ec562fe
SHA256 63cd02270f4cb6fcde5f87ec50a1f7a432fa608fbaca65bc287e2ecf68166c99
SHA512 159c7b4081ad57a88afdfb5280c484256bc34331580b34c06f99a76b441a6c0b1c3b8d9ce6daa8140916759340428cf4f8a606b03df7bcf5ea54bc0a973a2f64

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Security.dll

MD5 6ff76de802471652ae8b9fd1c1396327
SHA1 002d41dc799570e935f1d02d61574e3c108f5366
SHA256 f2461f270c97a57520b373c61d8f32f3bad10671d28a0e8ef8786effc193e3fb
SHA512 b12c53e8efa8e5c13751bf5ddaaa2e36054a24a9ff27b19bad774fac1bcc5a25d8f6b7bb545cb6756e85306edd5923408be995ad3d683717649bb4d1ab646931

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Private.Uri.dll

MD5 f11d5db8f2ef84e3c430a635d7687e07
SHA1 156858f64e2c0a37d126530ae5649fdac0cda073
SHA256 7b58ace669a2f64af0409ffc17680e7b2654b43654df3c84b193b651e514ba64
SHA512 90c00157a36b82f0d14f800ece3ca74a9240ee3d66b772bbc009555e47cc83a2cfd01ee86353220ba46fde3912b70008b41d49c27cff6a43785d3018c31f7f31

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Security.Cryptography.dll

MD5 7d245bb1d1db5cda851185bfb404cb7c
SHA1 1db9c32a2a85b53dd61e5d6eb7c9f2de5d4517d1
SHA256 e9da2f779e3ec441063d080304693f32561df0a947930e0e27a32e2af0e2af61
SHA512 6de46fc0b7d0ae4ddf4216592d8fba2ab8370c4e9cebee43ffabc1be3fcabd3b9de033e39d08f4598dbac79dfbcb458f4c0a6dd68b656cf675e86a4bf383e4bb

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.Concurrent.dll

MD5 aa8c242196bb3da74c488906f80b2622
SHA1 ef70921ff2b5b950c0da80dadd82dc054a43071b
SHA256 509a76033ec39c4bcae0cb64449d03cf00ae54b5f563ef4b2ea556a328fb1e53
SHA512 fee9da2e47429d7083e0097adefa15896ca8c33efe5d54e54ae6fdf819c3235efcf837845db55234dfacba6d4b8fb6a009a7e1accf288269ff0396aa06acd0c9

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Sockets.dll

MD5 52bdebb9a48d2697f31097adebb04b14
SHA1 00cacba5b98ec09cacf2f1a6e6894d00073a362b
SHA256 f166cfd4c6daf84b988b59fbe2aa4c8a6e4a6fd222bba38d5612fe16a125d23d
SHA512 f7c2fbd1f954cb89d6a054bfdc2ad7a8f7154008a8a784b1ad2825689819a08e44cbd623ef45b39063bf93da6fa19446561d86f1db51a07073f33c39777ea8f4

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.ThreadPool.dll

MD5 0a5f765a271f5539e1f67d4835b2f20d
SHA1 6ce02c8875459b68da4385ee6b587e025ce75ca8
SHA256 a48aeab2fa53408c27549c003e79d944f7e90afab5c65363debbc21aa6b7ae0e
SHA512 fbed20d0f3fd49f0734da2779f0ad1f19705e76c83ea3dda36b8ac8786c090d957c257fd9bac5d255dd787f14463950d1add9c3135e39d13656881373ccc649c

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Runtime.Intrinsics.dll

MD5 7441a71c36952ee88fba2cca3e61d947
SHA1 4d7edbbf8ff71489547108a024b6bbc008a416e7
SHA256 79f4e2407fbc0fdc0ba98d5354cbb7fc861ef5da0b187fda56978a8ded6f8061
SHA512 e6debdf07c83f0cdb119383331f3e6a09626f96d1a1dd21b8f4a092f9675d33d824073d5a383bf6bb2bd536d2e52dd8f7b1d81c9d6546e076b82db90560e0d5a

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.NameResolution.dll

MD5 78fee1e71754f45186cbcd1f3d2f550d
SHA1 8aff44b434180d78bcc185e958c169293b00777a
SHA256 b30be057b179211a1a030851631c98eabdac6884314c825d82671e5c1cc8a38a
SHA512 8fdd97f68c8ff3897ff6d242c1daf8db85fc685fe152442ebfadcbba623bd2d983d0a34cbce4410268d52fd5c08d3d9aeabd05a18eadb4ce777c4ead21e3e98c

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Threading.Overlapped.dll

MD5 dd2b749b62feaf27e7fc8a53d48434be
SHA1 dbdeb033dc922552a96fc01ef516d1b0bf512aa0
SHA256 891f99e9fb6e9eeadbbde9e2427fb0c8015845692142dffd734a54a137f3b67c
SHA512 b250d81db223906886de4c6596d7cc3e7fb5b3d8c46482d1f2a4e3b3e733b89a46b7ef3ab91668a89ded791d0cdc8a742c3623d68966895f379aa8201ba4842d

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Diagnostics.DiagnosticSource.dll

MD5 8510e90aef9d465fae443afad605896e
SHA1 fcf4e304c3fd817f4566af1d5e33b1a4c7153502
SHA256 58a28a647352934ebf6b8b883d23a2ed594de7df1793962738e9adadd935618d
SHA512 980b774149ab6dd133c8d5ca59c490fca0dbdd85329ffb600ed71d6f55b3aea05ad2dbb9eeac7de1661798de5e81c2c9119b0c6400eab2285e488923a99c7721

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Net.Primitives.dll

MD5 88137ded6b392306052d9271138ae2f9
SHA1 1547b682b65daf6029012df6ce220bc9e17578d6
SHA256 d926c8c930da9618dbac2fb56efa4516913a7630cc46f8bfb7fd0b3418895ee7
SHA512 922d7ba874be40f80f7d82e917309a56d904cfe2df7e922c6493fb6a725096a31014c4a78a5a50b1d7c445028006a02ad994c4e167b5af7261da33b27caaeb62

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Linq.Expressions.dll

MD5 d139434315b5e59cac22a909175f22cc
SHA1 59c4f975eb697231a421ebb4e3f2b4478872c64d
SHA256 e027715162aaf4bb41722f24017ae6eabb57b6ba9dea35a2acb53f0a84405537
SHA512 d6fd00ef4b55af905718d2d16f842f89daebc1f2b0713a7c31b5675c935cd8aa9e8060de053169d4c4d495053f273fbc85a51536822046cf6e0666951f595a80

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\netstandard.dll

MD5 449d3ec3245f31f93c881f333d3e4370
SHA1 d362a8078972c5d2904e8c90cc43c892a420c545
SHA256 ebcf557a761091f253cf0bf8b33c928c94ee5c8b6dcf086adddd685d19a63653
SHA512 a364c91828fc252a734257c77f346ed50897f218c3b579201d634809575fdff81c6b7028d67dfa21a040c5c4c2fc73cd6f20820ea25cb0fa3987da26a08901b8

\??\pipe\crashpad_444_SLWXXMGXEXXPJAJM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.dll

MD5 d993aa3815d528b36831e2ddeddd5ebc
SHA1 a90d570120ca807a4e6c3208d696f478660b73b2
SHA256 195151b0fcbb93013562216f48bcca3627ed9a8309ce3c6d1f18dc3436d3034c
SHA512 34a69455075ae70137e9f33d83818e2dc690217db47199a024c70b0120c61182681f5d4f411c7f05d332876b3c1268b343f3670ac0dfa6cc99c7e8f8f5ea8b32

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.IO.Compression.ZipFile.dll

MD5 b2cd40333649322d722742af66fb27ef
SHA1 ea2d6c2e2b282a9ff9259be2e648b28e77764641
SHA256 48ce05cbce86bda7dc95d535c8a643b25fc68d69157bd8181131581a5494f455
SHA512 1fe5aab802c903536c83ba6e569438c570d014d10f1fdd226f2ecb19635f9760dee796c81572d37c3060deda66e51312ca319c0ff1c67db49030d8abb1749a79

C:\Users\Admin\AppData\Local\Temp\.net\Pets GO Modded.rbxl\9TsWCFdYdH6Bh1Cymr7psmVAbmwuzhY=\System.Collections.NonGeneric.dll

MD5 a87f219ce4f88e51e10b344cb288e315
SHA1 af4d7cbbca686fe7ff8a61fe32149e29793ebdcc
SHA256 1f22a74d24b9494e06c3f05c8caf0deb588e67d784e6956d65e8ae2e2bac8c11
SHA512 e9f4f38d589a2b3cd422d126cdadaf6f5dd0790cf5b801a6e75006a55a1849963b86e426910719bc084675280e0e01e5228e7eafa864af910afcc35187f196c7