it just says false, lolloader downloads an unknown text file, for what?
View attachment 5011
you can find the unobfuscated exe, dll, and webhooks here:the text file says "false" in it, thats all, it could of been a base64 malware that autodownloads, but its just false for some reason, so what some cheats do is take ur ip address for anti debugging purposes, but this is merely way too far to pull a ip for security reasons, theres not alot of proof of ratting exactly, you cannot do alot with a ip address, but i still wouldnt trust them with it, and also, in alot of cheats it will shut down ur pc for debugging, neverlose BSODS ur pc when u fail a debugging check in the 2nd stage, u can find the file "NeverloseBSOD" dropped in ur pc.
its a authentication handshake, when ur verified on their server (to login), it sends status and keep alive and auths youyou can find the unobfuscated exe, dll, and webhooks here:You must be registered for see links
funny meme:
View attachment 5014
can you auth my cockits a authentication handshake, when ur verified on their server (to login), it sends status and keep alive and auths you
and i know what it is, its just funny how they did itits a authentication handshake, when ur verified on their server (to login), it sends status and keep alive and auths you
relax dudeAlmost every cheat logs an ip so I dont see why its an issue when they do it.
Every loader has some protection from a debugger, i cant wait for you to find out about packed loaders.
HOLY SHIT IT CHANGES YOUR WALLPAPER lock this man up.
again why is it an issue that they're taking an ip? its a loader
The text file just says false lol you should of looked into that before posting.
To sum it up, you're retarded stop posting thanks, delete your account + delete that fade paste you call "detroit" or some bullshit like that
bro is heatedAlmost every cheat logs an ip so I dont see why its an issue when they do it.
Every loader has some protection from a debugger, i cant wait for you to find out about packed loaders.
HOLY SHIT IT CHANGES YOUR WALLPAPER lock this man up.
again why is it an issue that they're taking an ip? its a loader
The text file just says false lol you should of looked into that before posting.
To sum it up, you're retarded stop posting thanks, delete your account + delete that fade paste you call "detroit" or some bullshit like that
real (i know iv3tka and hes such of a fucking paster)INTRODUCTION
first off, thank you JannesBonk for providing the unobfuscated exe, you can find his discord here:You must be registered for see links// now, onto the exposement
HISTORY
gamesense.dog or better known as a "skeet paste" is a replica (not) of skeet.cc/gamesense.pub. gamesense.dog has been freeed numerous times and has been exposed previously for ratting. but since then, new information has come public of who they might not be.
SCREENSHOTS
here at the screenshot below you can see that they log your IP address. this may not be uncommon for cheats such as neverlose, skeet, etc. but for a legendware v3 paste this doesn't seem right.
(credits jannes for the image)
View attachment 5001
another very strange thing is their anti debugging feature. if you try and debug their loader (you can bypass this very easily) and are caught the loader will shutdown your PC.
View attachment 5002
then, the loader will proceed and hop into your registry and change your wallpaper (also does the same thing when you try and debug, but it doesnt go in registry)
View attachment 5003
then, the loader will open a Command Prompt and ping an ip, possibly grabbing an internet connection and self deleting itself.
View attachment 5004
now, im not sure what this is for as i couldn't find anything related to it as of writing this
View attachment 5005
more proof of them stealing your ip address
View attachment 5006
View attachment 5007
sends your IP Address to a webhook
View attachment 5008
loader once again, opens a Command Prompt also stealing your IP Address
View attachment 5009
loader downloads an unknown text file, for what?
View attachment 5011
more proof of them logging your ip
View attachment 5012
ENDING
as the thread comes to a close i would love to remind you all to not run any malicious pastes or run anything at all until proven it is safe to use. thank you all for viewing this thread and have a nice day
credits
JannesBonk - providing images
defending a paid paste is WILDYo guys so i'm here to tell u gs.dog isn't rat
1. At all this ,,RATTING" what the hell u mean by RATTING show me how they ratting?
Also this picture is only about software what is doing when start. (label hide) that's all..
String about ip? yeah it's saving ip and sending through webhooks that he have.
i asked him why he using it, he told me to know who is sharing account and who doesn't that's normal. not a rat XD
View attachment 5024
2. How is this picture malware? ... don't be stupid and posting shit about GS.DOG IS RAT or smth else.. it isn't ofc.
explain -> this is debugger which means if u try debug in software called ida64 or smth else like dnspy it says
Shutdown WINDOWS, and CHANGE WALLPAPER that's all what it did if u try debug..
View attachment 5025
3. DiscordMessenger is dll in visualstudio u can install it's for Webhook sending in ur discord channel by WEBHOOKS..
And Costura it means Costura.Fody when u try build project and u have some dlls added in project it will automatically not working if u doesn't connect it and make it in EXE
so if u use Costura.Fody it will make all dlls in 1.exe that's why EXE is sometimes BIGGER then themself
View attachment 5026
4. This Downloadstring("You must be registered for see links") -> it's string which checking ur ip so when u login with keyauth logins it will automatically send WEBHOOKS ip included in.
What it says in webhooks?
probably -> USERNAME
PASSWORD
HWID
IP
also this CMD if u have eyes and know coding it probably means when VERSION isn't 2.4 then THIS CODE WILL START..
-> Process.Start(new ProcessStartinfo("cmd.exe", bla bla bla") it's code to automatically delete old loader which is diff version then 2.4
View attachment 5027
5. Yeah this is KEYAUTHAPI and it shows what they can use in loader or in webhooks stop be dumb and thinking they are freeing any IP or any shit..
EVERY SITE USING UR IP, and can PUBLISH IT.. -> Neverlose.cc, Gamesense.pub, Nixware.cc, Aimware.net Every site have for example DATABASE, and other shit. bcs he is pasting and smth doing by himself probably not.. so he made webhooks for me it's normally code.
View attachment 5028
Yo guys so i'm here to tell u gs.dog isn't rat
1. At all this ,,RATTING" what the hell u mean by RATTING show me how we are ratting?
Also this picture is only about software what is doing when start. (label hide) that's all..
String about ip? yeah it's saving ip and sending through webhooks that i have.
Im using to know who is sharing account and who doesn't that's normal. not a rat XD
View attachment 5024
2. How is this picture malware? ... don't be stupid and posting shit about GS.DOG IS RAT or smth else.. it isn't ofc.
explain -> this is debugger which means if u try debug in software called ida64 or smth else like dnspy it says
Shutdown WINDOWS, and CHANGE WALLPAPER that's all what it did if u try debug..
View attachment 5025
3. DiscordMessenger is dll in visualstudio u can install it's for Webhook sending in ur discord channel by WEBHOOKS..
And Costura it means Costura.Fody when u try build project and u have some dlls added in project it will automatically not working if u doesn't connect it and make it in EXE
so if u use Costura.Fody it will make all dlls in 1.exe that's why EXE is sometimes BIGGER then themself
View attachment 5026
4. This Downloadstring("You must be registered for see links") -> it's string which checking ur ip so when u login with keyauth logins it will automatically send WEBHOOKS ip included in.
What it says in webhooks?
probably -> USERNAME
PASSWORD
HWID
IP
also this CMD if u have eyes and know coding it probably means when VERSION isn't 2.4 then THIS CODE WILL START..
-> Process.Start(new ProcessStartinfo("cmd.exe", bla bla bla") it's code to automatically delete old loader which is diff version then 2.4
View attachment 5027
5. Yeah this is KEYAUTHAPI and it shows what they can use in loader or in webhooks stop be dumb and thinking that we are freeing any IP or any shit..
EVERY SITE USING UR IP, and can PUBLISH IT.. -> Neverlose.cc, Gamesense.pub, Nixware.cc, Aimware.net Every site have for example DATABASE, and other shit. bcs i was know c# i did loader through keyauth and upgrade it to better administration for me..
SO i can see who is sharing, who is freeing, etc.
View attachment 5028
Have a nice day
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?