4b81cc187f12f508b4336e17d2525d734c491d7494bb7f509fdaeb8c279dabaa

Resubmissions

24-03-2023 20:11

230324-yyg7ssbc5y 7

24-03-2023 20:03

230324-ysvwpsha76 3

Analysis

max time kernel
242s
max time network
325s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2023 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Inzector.zip
Size

4.9MB
MD5

262b3ec8b8494f278516990e8beb3515
SHA1

584168a1f7245736d3488af3f6cc8ed76fe3ebaf
SHA256

4b81cc187f12f508b4336e17d2525d734c491d7494bb7f509fdaeb8c279dabaa
SHA512

1acfa9c87f548b4e4aee91ad54647f7a81e9f9be8d27c1509fd4ce23b8e514c922ea1c7e259bca86545d53a0a8dd7235dabce677a375bb86dfebc1e9f9525b5e
SSDEEP

98304:pfxEe6lexZooszr7r/U7KF//JtXxOGS/D5HxW/gAsF2:lxExlMZI7jUatXhS75HxW/HQ2

Score

7^/10

discovery themida

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GrowtopiaInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	GrowtopiaInstaller.exe

Executes dropped EXE 4 IoCs

Processes:

GrowtopiaInstaller.exevc_redist.x64.exevc_redist.x64.exeGrowtopia.exe

pid process

6124 GrowtopiaInstaller.exe
4548 vc_redist.x64.exe
5780 vc_redist.x64.exe
5824 Growtopia.exe
Loads dropped DLL 6 IoCs

Processes:

GrowtopiaInstaller.exevc_redist.x64.exeGrowtopia.exe

pid process

6124 GrowtopiaInstaller.exe
6124 GrowtopiaInstaller.exe
6124 GrowtopiaInstaller.exe
5780 vc_redist.x64.exe
5824 Growtopia.exe
5824 Growtopia.exe

pid	process
6124	GrowtopiaInstaller.exe
4548	vc_redist.x64.exe
5780	vc_redist.x64.exe
5824	Growtopia.exe

pid	process
6124	GrowtopiaInstaller.exe
6124	GrowtopiaInstaller.exe
6124	GrowtopiaInstaller.exe
5780	vc_redist.x64.exe
5824	Growtopia.exe
5824	Growtopia.exe

Themida packer 13 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Growpai.dll	themida
C:\Users\Admin\AppData\Local\Temp\Growpai.dll	themida
behavioral2/memory/5804-4033-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4034-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4035-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4041-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4052-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4053-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4059-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4130-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4323-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4546-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida
behavioral2/memory/5804-4709-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

Growtopia.exe

pid process

5824 Growtopia.exe
5824 Growtopia.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1952 5824 WerFault.exe Growtopia.exe
4856 5804 WerFault.exe Growtopia.exe

pid	process
5824	Growtopia.exe
5824	Growtopia.exe

pid	pid_target	process	target process
1952	5824	WerFault.exe	Growtopia.exe
4856	5804	WerFault.exe	Growtopia.exe

NSIS installer 6 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\GrowtopiaInstaller.ytAHbRgV.exe.part	nsis_installer_1
C:\Users\Admin\Downloads\GrowtopiaInstaller.ytAHbRgV.exe.part	nsis_installer_2
C:\Users\Admin\Downloads\GrowtopiaInstaller.exe	nsis_installer_1
C:\Users\Admin\Downloads\GrowtopiaInstaller.exe	nsis_installer_2
C:\Users\Admin\Downloads\GrowtopiaInstaller.exe	nsis_installer_1
C:\Users\Admin\Downloads\GrowtopiaInstaller.exe	nsis_installer_2

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 2 IoCs

Processes:

cmd.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\GrowtopiaInstaller.exe:Zone.Identifier firefox.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

4560 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Growtopia.exetaskmgr.exe

pid process

5824 Growtopia.exe
5824 Growtopia.exe
5836 taskmgr.exe
5836 taskmgr.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

GrowtopiaInstaller.exe

pid process

6124 GrowtopiaInstaller.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\GrowtopiaInstaller.exe:Zone.Identifier	firefox.exe

pid	process
4560	NOTEPAD.EXE

pid	process
5824	Growtopia.exe
5824	Growtopia.exe
5836	taskmgr.exe
5836	taskmgr.exe

pid	process
6124	GrowtopiaInstaller.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

Processes:

Inzector.exeInzector.exefirefox.exeGrowtopiaInstaller.exeGrowtopia.exeAUDIODG.EXEtaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	4504	Inzector.exe
Token: SeDebugPrivilege	4836	Inzector.exe
Token: SeDebugPrivilege	2528	firefox.exe
Token: SeDebugPrivilege	2528	firefox.exe
Token: SeDebugPrivilege	6124	GrowtopiaInstaller.exe
Token: SeDebugPrivilege	6124	GrowtopiaInstaller.exe
Token: SeDebugPrivilege	6124	GrowtopiaInstaller.exe
Token: SeDebugPrivilege	6124	GrowtopiaInstaller.exe
Token: SeDebugPrivilege	6124	GrowtopiaInstaller.exe
Token: SeDebugPrivilege	6124	GrowtopiaInstaller.exe
Token: SeDebugPrivilege	6124	GrowtopiaInstaller.exe
Token: SeDebugPrivilege	5824	Growtopia.exe
Token: SeDebugPrivilege	5824	Growtopia.exe
Token: SeDebugPrivilege	5824	Growtopia.exe
Token: SeDebugPrivilege	5824	Growtopia.exe
Token: SeDebugPrivilege	5824	Growtopia.exe
Token: 33	5548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5548	AUDIODG.EXE
Token: SeDebugPrivilege	2528	firefox.exe
Token: SeDebugPrivilege	2528	firefox.exe
Token: SeDebugPrivilege	2528	firefox.exe
Token: SeDebugPrivilege	5836	taskmgr.exe
Token: SeSystemProfilePrivilege	5836	taskmgr.exe
Token: SeCreateGlobalPrivilege	5836	taskmgr.exe

Suspicious use of FindShellTrayWindow 23 IoCs

Processes:

firefox.exeGrowtopia.exetaskmgr.exe

pid	process
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe
5824	Growtopia.exe
5824	Growtopia.exe
5824	Growtopia.exe
5824	Growtopia.exe
5824	Growtopia.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe

Suspicious use of SendNotifyMessage 22 IoCs

Processes:

firefox.exeGrowtopia.exetaskmgr.exe

pid	process
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe
5824	Growtopia.exe
5824	Growtopia.exe
5824	Growtopia.exe
5824	Growtopia.exe
5824	Growtopia.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe
5836	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

Inzector.exefirefox.exeGrowtopia.exeOpenWith.exe

pid process

4504 Inzector.exe
2528 firefox.exe
2528 firefox.exe
2528 firefox.exe
2528 firefox.exe
5824 Growtopia.exe
5928 OpenWith.exe

pid	process
4504	Inzector.exe
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe
2528	firefox.exe
5824	Growtopia.exe
5928	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3436 wrote to memory of 4972	3436	cmd.exe	cmd.exe
PID 3436 wrote to memory of 4972	3436	cmd.exe	cmd.exe
PID 4972 wrote to memory of 4836	4972	cmd.exe	Inzector.exe
PID 4972 wrote to memory of 4836	4972	cmd.exe	Inzector.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 3884 wrote to memory of 2528	3884	firefox.exe	firefox.exe
PID 2528 wrote to memory of 4028	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 4028	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe
PID 2528 wrote to memory of 1220	2528	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Inzector.zip
1⤵
PID:396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Temp1_Inzector.zip\Inzector.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Inzector.zip\Inzector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4504

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3436

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe
2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4972

C:\Users\Admin\AppData\Local\Temp\Inzector.exe
Inzector.exe
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4836

C:\Users\Admin\AppData\Local\Temp\Inzector.exe
Inzector.exe
3⤵
PID:3300

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
"C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe"
4⤵
PID:5804

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5804 -s 452
5⤵
- Program crash
PID:4856

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log
1⤵
- Opens file in notepad (likely ransom note)
PID:4560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.0.1201381723\1594314958" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a68017bd-8f0e-4e2d-9c1a-3a3f749ca3f3} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 1932 14e73516258 gpu
3⤵
PID:4028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.1.214580189\274269787" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ac590b4-369a-4da0-b701-b55fd100a01b} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2332 14e65670d58 socket
3⤵
PID:1220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.2.2126000562\1803751920" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 2968 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8a6ae6e-2766-4113-88dc-e37a1f041a0e} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3084 14e75b2ff58 tab
3⤵
PID:1244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.3.1812543923\242023623" -childID 2 -isForBrowser -prefsHandle 1280 -prefMapHandle 3516 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65bc2dd0-4d47-463d-8d64-b125156df939} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3568 14e76bbce58 tab
3⤵
PID:3588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.4.1093735244\1445625596" -childID 3 -isForBrowser -prefsHandle 3920 -prefMapHandle 3888 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54250b97-4879-43f3-8e68-3beb958a5c9d} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3936 14e65662858 tab
3⤵
PID:4300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.6.427353710\1046084381" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44c5bc0d-1683-4d2c-85c8-c7dec3d788b1} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 5176 14e787fa258 tab
3⤵
PID:2572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.5.1342692698\1789641675" -childID 4 -isForBrowser -prefsHandle 4980 -prefMapHandle 4996 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12668a74-a13a-453f-ab8f-79596cb978e9} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4748 14e76b1f158 tab
3⤵
PID:4848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.7.121481739\1014594982" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0367149a-fe44-4b2f-90af-d6668746f153} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 5368 14e78989458 tab
3⤵
PID:4228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.8.728887849\849115311" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5848 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e97317-1eba-48fb-b470-e44f422a4fed} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 5872 14e7aa83858 tab
3⤵
PID:980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.9.1198698919\2068849142" -parentBuildID 20221007134813 -prefsHandle 6028 -prefMapHandle 6036 -prefsLen 26659 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b5c25d3-7896-4da1-b10b-fa24472fe614} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 5980 14e7b005958 rdd
3⤵
PID:5440

C:\Users\Admin\Downloads\GrowtopiaInstaller.exe
"C:\Users\Admin\Downloads\GrowtopiaInstaller.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:6124

C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
4⤵
- Executes dropped EXE
PID:4548

C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
"C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe" -burn.unelevated BurnPipe.{9CCCC7EC-407D-4BAA-A991-69449EEF2428} {28D46ED4-D4BA-4F20-BA54-D487FECBF9B8} 4548
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5780

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
"C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5824

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5824 -s 484
5⤵
- Program crash
PID:1952

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 5824 -ip 5824
1⤵
PID:2696

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2e8 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5548

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:5464

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5836

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:1740

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 5804 -ip 5804
1⤵
PID:1468

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:1952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5572

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
PID:4856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:3020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:900

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
Filesize
19.6MB

MD5
bc0a694d0bd1b02ea41cbe6a2ea8e255

SHA1
4056b7a5cdab04cc09f022d3d5d8e5447ccebdad

SHA256
a5b11c9c85abc21c691454756ba99880b5efc29c8e9278fee417236fe2a392d0

SHA512
452ab7c0806f5aec8f30fe2d64c330184008421f763a04dae75799e6e1907ca5785bcb83d60db22fd05ce79200b4450d87f92346617e966bb03983c01153f4f8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
Filesize
19.6MB

MD5
bc0a694d0bd1b02ea41cbe6a2ea8e255

SHA1
4056b7a5cdab04cc09f022d3d5d8e5447ccebdad

SHA256
a5b11c9c85abc21c691454756ba99880b5efc29c8e9278fee417236fe2a392d0

SHA512
452ab7c0806f5aec8f30fe2d64c330184008421f763a04dae75799e6e1907ca5785bcb83d60db22fd05ce79200b4450d87f92346617e966bb03983c01153f4f8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
Filesize
19.6MB

MD5
bc0a694d0bd1b02ea41cbe6a2ea8e255

SHA1
4056b7a5cdab04cc09f022d3d5d8e5447ccebdad

SHA256
a5b11c9c85abc21c691454756ba99880b5efc29c8e9278fee417236fe2a392d0

SHA512
452ab7c0806f5aec8f30fe2d64c330184008421f763a04dae75799e6e1907ca5785bcb83d60db22fd05ce79200b4450d87f92346617e966bb03983c01153f4f8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
Filesize
19.6MB

MD5
bc0a694d0bd1b02ea41cbe6a2ea8e255

SHA1
4056b7a5cdab04cc09f022d3d5d8e5447ccebdad

SHA256
a5b11c9c85abc21c691454756ba99880b5efc29c8e9278fee417236fe2a392d0

SHA512
452ab7c0806f5aec8f30fe2d64c330184008421f763a04dae75799e6e1907ca5785bcb83d60db22fd05ce79200b4450d87f92346617e966bb03983c01153f4f8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll
Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll
Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll
Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\audio\click.wav
Filesize
18KB

MD5
477c1e4d4ba5c340c13a77fd52a03cd9

SHA1
fc05d5b94d33a9f472133c7c47f52aabd3bc1edb

SHA256
e46278f894d538b366acc40925db83b8ac4daea030e98276cba5ab179ffe563f

SHA512
3322db0bd62a56f7c70799553390f6d38e263a8222ff709316da11c4cc3523dd940f8d6789d7d870d37c9e2954c0b7e67ba9dcbaea689c108183aebd8a49f825

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\audio\ogg\theme.ogg
Filesize
1.1MB

MD5
4c89d42656669904b3ced470ddf7400a

SHA1
3498e8337cd4a1523f335afbf20823711d96833a

SHA256
2f0492ef34b4e5f8de1022ae9cc429eee1e260e0aac5ab260e55402a15ff7db5

SHA512
9cc2c31ea944198db44afb5996da9946df892c19fc5687e438c3621773969c8de5db8cb3d3c86c53f4cebb0ced7e3071b2c57759eb89b962c93993c52564acb5

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\audio\tile_created.wav
Filesize
8KB

MD5
0b90c8a37d49c71ab7138f9bd3717feb

SHA1
dfa178fff3fe10651802fcbc6956203ad46037ce

SHA256
0b6d5b3b0a71d75afe4e7cd08798c0aa00de97a577fae7686b9e09e5ac17fd7c

SHA512
5318272b0d0910fa1ced5bc842c4f6065ae157e8aa93ca6789dfeed199cbb93c6fb682fabda7bb02d979dff9ba3836305105227b47c056cc98913820eaa5b9b2

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\fmod64.dll
Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\fmod64.dll
Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\fmod64.dll
Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\cloud.rttex
Filesize
5KB

MD5
7022f170a353e67d64893b617302307e

SHA1
0af46a0b3331fe7080966323c27908e462ecf1ed

SHA256
f369d04d3b5d43c8bdacaa49cddca19132f64ad2a806d520c8191927831c9123

SHA512
ec279cdbea794023f28f03218c276e7a9d6a3628608b1a11c6fffd6de351a37338af63b4e5ebe3213d6f5549d8719513602fdbc93ced7101e551f610bd55f4bd

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\gui_box.rttex
Filesize
529B

MD5
d70d128e0d20aedbe2a0cb488e77b0ca

SHA1
a3fa6f1214cb74ab711813cd92052f47ae3d87c1

SHA256
306710de94944683c093bcfeb3ccc588230e9c950fc6d26cb2ebcd54930a2dd2

SHA512
bb405c6b1ae95d8bb7ebc04cfa1843bbe1e4dcc417dcf9befe43c569676684a26cefd7e463eced7791d5ed616d63419ecbb7e9fb1b04461253fadcb030839a8d

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\gui_box_upwhite.rttex
Filesize
363B

MD5
4af9c77ce2ddb7ea19a3864e29277624

SHA1
5b14b1d36163d6ff07596e1d6ef84bf04a6846cc

SHA256
476cc50d752f1c171a3e460dd874e16681a43faf003b58f7f3d19c4e7059e948

SHA512
316c9a315b21c4e65005807094902bf73e6510fa3143abc59c2879c3c269664eca628a83bd8ab95a7108808ad2e7849a4b439ff6a0584d6aa5842ad1384de1fc

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\gui_box_white.rttex
Filesize
500B

MD5
f4715cfff579b5d89d412e788e29b126

SHA1
d4937ad1d75b80bd56b1aca5c6440f95abe2a59c

SHA256
b241e30e6cac259326c4e5a450c7f7364380a0a813cb7f0729fdaddb35210a5a

SHA512
9f85ca23d316dd0155ad876f2f74a013a61a239588fe43542f8770b758efe47b0910660f365f386f957fe3b68604c92d5cd6111b493227afff3baeafe83e4173

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\hills1.rttex
Filesize
11KB

MD5
b679e2d7f84f309806256e68e83964d1

SHA1
9be8657b2634457e9e4fe20e1ef4c96293f803ee

SHA256
410c970ae0fd75227521e96c61f6e6e1a1d8e20e4ee0e0690658c1e563ddde0e

SHA512
2e72f18682d491531fc31d295bd7c4ecba12710a30bdaeb0c532c6b125328a450f09f2b10a0bfb8090bae6bfcaf3080a2b5c258c37c8227b564b1a70d5b5a0dc

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\hills2.rttex
Filesize
16KB

MD5
f98e85342f4ba4e029825343d2edc82a

SHA1
addc9a7c89d5e2e8941e1ff285977c11e427bf95

SHA256
ff6cf5f5c793164477194bce42a553cd1eb9692b2159787bd52f92355bc5c400

SHA512
e4ac471c62cc1af92ea9bd18a3f900a6528bbc1338c8ba32bb2b1adf48329c4fa3caf926dd702fceb31b3d30ef6f498e4418272fc1b4ddb379e0dc87f73b9eea

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\hills3.rttex
Filesize
19KB

MD5
1f698b5c5fdcc605929421328202e196

SHA1
7271f8ea43582522f42cdc67688e099c1b438ff2

SHA256
694863f01093c74f89ebc77812dcc5a9ebcc07574b658ac783fbbf59ad124caa

SHA512
bee8e7df9a31c0099d6ca0bd104dae60ffe422f6b62c1f9467787aea435821091bd740e91f4d3ddb581c5bc40b51f2fc3489fd27c574e0ec253a2544cbdd440d

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\sun.rttex
Filesize
6KB

MD5
09dae892f07dc20c3192a03ca8cada1e

SHA1
28f1e09a28eae0586cb82915753814b85eba09b8

SHA256
43bff2cf3ec876b887b0c42a35d64f4b1434fc95d308241cfafa16dc825d41b1

SHA512
72d7ac5c37ffc192b2644ba857abf87d314738fd4e29849a8b26af5d33252e09e90f1e52bdce68d5d9c32a9aa14db9e00b66e528eed114596e950ef57ade5639

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\checkbox.rttex
Filesize
1KB

MD5
a59f7b73db9dad0f0a279299705f4157

SHA1
8abed5eb872d131bea257dd145710a3994aca9d6

SHA256
f1e181ebc2470974f961f0479d322bbb83f0a0fde735d31219164beb76c6859e

SHA512
7c9587756513d7378af3c196f5b781929c6452fb9544e46e77f438da43f82f852efa3dea48d9ac74c2d70417d0e17d464a9d1ce6bc7e174070336da7b7aa4a0f

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\currencies.json
Filesize
1KB

MD5
f0bd1fc33690fdab5368c6cf128ce7ec

SHA1
c7d72977a9189687625c1f8b3bce4d6f6329426b

SHA256
6bb20302f6215d609e8c9ef970d02218861dea9662f942be5cabec1cba3d6052

SHA512
faa209662895eca79e2c0be92ce6c6fdae8bd2dff69254355e95a10de2d62c998b5ceccc9a87b5f29e613a56dd8e6726ce1a60543ece412a9dab316d132ca651

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\font_century_gothic_bigx2.rtfont
Filesize
108KB

MD5
c8a90412bbdaa39a814d27a10b7670ff

SHA1
fb5784b59adb4831bb5c693a6c2834d5ca94c01c

SHA256
bb51befa9db4d2a891804f4e750c89025db89a2ae033c9ec56aa591ae94978e5

SHA512
a1bafaf82bc3a05738a6f51f87b836cfe556f191cf5363e31739ff06c32bbe4db310a9856884a3de3af28114ef620ed6dd542f0a328688bcb5fa6ed48662ec6e

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\font_century_gothicx2.rtfont
Filesize
35KB

MD5
b89c4ccbd3180f627cd3e2ae2336733f

SHA1
d9481a501fca4ff2e9b732d1d24e9bffc9e9bc06

SHA256
be0bad0e4b3688573c2fd97a47869d624ef4651f7042ce2362752bc95295561e

SHA512
24e0f62cdb9ddbd800d72063745314946562a439257554d4e7c96b88dce51698deb145e05cfc5959090700bd8a96bc81a8abc457c3ce26cfaf5aabd5b15ffe50

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\game_title.rttex
Filesize
139KB

MD5
ace9c653e2ae8ef4d5cb6da6fa207049

SHA1
7296d34d8985a60fa03c7b9a8db7e484a5f73af2

SHA256
85996c8e9d490ef6656e2a31643d691ef53de42ccc89e00068413fb700403ec8

SHA512
c98db7cbe7bec53370326ac172b5dcf65a1f3597f4b3285b7a466da039493add8c0f41630489c1818e77b99e3c65341b1191b901ade32af8a7c86f4702a8b58a

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\generic_menu.rttex
Filesize
36KB

MD5
fdb01cc88836cd7e39cea68f55dd74c3

SHA1
99923a57d3c16dfebbd7672c5e106f9630e66720

SHA256
3ec5f42da3db318dd04d6746119a56fb43f1f9959333254035c0e25e904f1271

SHA512
63b2f1847034fe384ac07a30d14b13b6d522905837f8b43dcbc1d10525308c44326a8056425aeb289e2e51505a51d80414a93d9cec0e22cf88f8649de5e8d589

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\main_menu_bg.rttex
Filesize
8KB

MD5
8a699381434d8fa8dd71f25bfe331887

SHA1
14ade3cd6dcf8961b539fb4301b410d275aac483

SHA256
1e888b2a8519ab39b06f6dbcc60d0b0c13057e079cc32b5caf666130dc0c8871

SHA512
e9ab499a26c30f6e6f69e9fd8de23e1abc32434e8bc6b22d836f4aa1efaa900a4126e0412bc4cf7c9a082c2d2ab60dc7b6b5be8101e39b7773ee075f0bfefe81

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\skin_selected_marker.rttex
Filesize
690B

MD5
d0fa507eb18e7a9f3308a045a4de4455

SHA1
3b22c64f09657e880449e31cb94873bcdde88e61

SHA256
eeda263c2997f437831afa4556a45fa04897dcadca7bacbe3d5488e198947724

SHA512
f325708155ad0c5a132b075175396684a9d4487835c365be7b5ee0abb7eadc38927283e0bb6c902b483fc99ff53b02fc8019d75eff9542a7f379460a15d9fcd8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\store_buttons14.rttex
Filesize
67B

MD5
1896385b19daa70f512320ba52a1fdf6

SHA1
63f2954b2cd949e45d02c4f1d4c3f35063aec757

SHA256
71fa2aa665788dff80d37cc26db1f6845685d7542bcdac61779a95a51bf95309

SHA512
f23b50c201e0cf1ff42e4e543e6ae856573cec3e11fa6cec66a8ca661fe69f3cbb4728b3d0e4e2762cd9f2b98e44297d9969ba1a93224dedf8e8e044d37febc1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\scroll_bar_caps.rttex
Filesize
161B

MD5
8760d0574490808e17f8561d97a3e1d0

SHA1
8da3acb30a64f64791fbeb68e58f3e9b20fe9e58

SHA256
bad41f5865fef38c2bdf77d43495013e7c33ba6a23174f8588afd5690df499f9

SHA512
89e967c8c95cb9a897b183de4e100800421ba66241734892ea061731a57491a41dddabebeb81ae0bdac69b1259cc7fca8f9dcad7b15618b810646a58253e123f

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\slider_button.rttex
Filesize
1KB

MD5
d368d3d5593559f9c547508899e3f0b2

SHA1
26e8304bc03ea10d0010017c0e0fe967d6eecf51

SHA256
1b56a9617947004fe17ac977416c08f17833f65f8e98415597b63843c741d474

SHA512
be4613563376c4cdc16d891057867f54e851e02083d5bf7aff6cb566c9b33379c75aabf81fad3bd719c2744ec57d14099ea0b656a850da3cde94c6cb4b3c24be

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\tutorial\tut_arrow.rttex
Filesize
4KB

MD5
eef93a8d0966bf14812a2af44b04ff9e

SHA1
e261ba24262ade23a31779f2cc3844a4b4de58d6

SHA256
844042f9e482a948cf73f51923a60147f7635f34d2c2890b28b5d71262e4c362

SHA512
8184746d9425437ff775a1c0096493d9af0281013755b35c6e5f9725ebf1231bde57b6903ecfd34adbae3e89baabac5627154b90ac5b5009057e5e5e61c246f2

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
406B

MD5
5fcf49630570d01bdc87ef4cce435df8

SHA1
918d703a3721ef520deaf065921719bcb41e9489

SHA256
4b71b4b757045f5c3b17d5828623556722b09c7b408d8809b713982eec25f41c

SHA512
ca86dc7ccec6d95e08ab589e6634c0ec85607248ecf5d307a5ae2dac6f8f6e13398c271a79b4d8fe73481dd3ff5c60c6908686fd8975ed2888b6524f4d91e680

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
1KB

MD5
e0f8d198b81d3228bda6f7bbbd0e041e

SHA1
0bee8c3c169774ba548246dcea19c09985014a86

SHA256
2bc1c0692aff53cb8a1f277e133d75b73cd434cedba4c7473725853d83aff3d5

SHA512
ad90012eb835eedb320ed33280c97e516ee5b3ad683ca9462cb0496160115d1cfb52cc42462300b43fcc8963c760ba932c150fe0d4de7d21bef03ee07c5ad553

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
1KB

MD5
96cda8b8a9143867452d7ae43896dde2

SHA1
aef6d6615b8472914c17b12bd81925522aa4971f

SHA256
2391c2a9f584aeb985ea2ae49de4a843a1dac6de956348d5240091ee2aa1feda

SHA512
2ecad142cfdf9e0b081fd796c044fe798a7fced454775a2846cf95fd98c3f8c58d7caf30e7102e574b21164794d444721ab491b8128e8c1946a493c4f8ddcfea

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
164B

MD5
3963215a628382a8e95e33ec176301e9

SHA1
c6916fd30dced27247b6d095ff7d8d98b462b104

SHA256
a883dc5f36dc0cf40722350902bc0f54c896a0a40ab0a4393b7760de4bca47b9

SHA512
453967fd7170ae383aedafd041c7f5ce44d16f18d22b0d60543517c297d0b6125137f8aa352594559b107b7c82814b00e416e3906277cddab9e898cbde237a90

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
936B

MD5
4474b0b1c336e39a961542bff21fff97

SHA1
9123a94da4aab6cfcf3b8507e87d27c6cff08abd

SHA256
4101a981c74250248a958ad0f1413823e493ec90cb0ee3686eff62b5b7457f36

SHA512
0bfd11684f6433330796d6e267cb949d4c720a5ebbe4ce703396a6e0f5029c15ea2da8b019d00fc532247bd9b95a0fcde344f434d0ad0348fc91ea85db5639e1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
936B

MD5
4474b0b1c336e39a961542bff21fff97

SHA1
9123a94da4aab6cfcf3b8507e87d27c6cff08abd

SHA256
4101a981c74250248a958ad0f1413823e493ec90cb0ee3686eff62b5b7457f36

SHA512
0bfd11684f6433330796d6e267cb949d4c720a5ebbe4ce703396a6e0f5029c15ea2da8b019d00fc532247bd9b95a0fcde344f434d0ad0348fc91ea85db5639e1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
1KB

MD5
64d9dad00ce4c8c1d2b06810d24e0312

SHA1
3451203e0be2032a85983d6eeb1cee9debfcbd70

SHA256
081c22ec380479d8a332f72f356f22e90751a98d8a2423402549dfff1cfad29e

SHA512
fb8bbdf28498a9ac00010c5deaf4f05f1c56572f2ce4200f063a9bace211b0e811c625ea3fb1098ef359f8577edbe512dd83df222ad10610f50b445a9dc9231d

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt
Filesize
1KB

MD5
1bd64f3125044ddd94f18ec54c91d3fc

SHA1
665726667d52eb2bf926fcff3bda3fb59ef5535a

SHA256
163dbfce6abd9038af78c220857ae1d0c29acb0af31c014733896fc85f7ffef3

SHA512
b6289aca37a2b2b91b2e2ce84da8f2f41daae5cec65675f04938fd5cb616c5f62020cece086517d155082e6c6c138abe7844e024b76528c5c2b8bda6b0366193

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\save.dat
Filesize
1KB

MD5
206ad64b2caa68484ab80f701dfe0dbd

SHA1
d0d36d78b8fa313c668a79502000cacb3e15a089

SHA256
f8a409ec2b8f3dcf1692d4c44f84dad67f7788b533487f84c0d6508d108b9b93

SHA512
b732478d1f1ebcd63835401bb83afe6bc5700c44077cd9a790f6ab00938e666b6cc37821aea86908059296db6315db9f99555402ee7f754131cc1f31efb03315

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFill.fs.bin
Filesize
189B

MD5
6b99058f9b288d997c69d73861927134

SHA1
1c0fc93904a734faa7cc5f884d60a38ec24fbe6e

SHA256
f581b62052f717d462ccf51c1dd0c1f2a8bacefd1a12f9a47d62027e1b7723cf

SHA512
95097e5a5833fa64e25a1eff937cb9771ebfd2af1154f6b0cb3f787f40f35e2502538d6cbf2d8defa5f194d32a20d1365e92ba1850f5312c0177ef0168aa8dee

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFill.vs.bin
Filesize
377B

MD5
ade27b34719a1db3e2375f0a0eb3cd9e

SHA1
aa199069a3f46da765920bb209b8b14a3d85e926

SHA256
20d8f4943d855d2c5f22ef8ce81e0a17680379a767cb63f46e446cc882bedbd6

SHA512
e69621d39545aa19e67363f867c1c37f1d0fdf71de22339e8e5d784609b51cfaf7da87a8ae66602c44d5e9a84aa836e45e9af2bb4ce2ef4067d5a4bd3938b70c

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTexture.fs.bin
Filesize
616B

MD5
4d5d1a09fd0ba4539234cda45d0522ed

SHA1
80f8088e975b40804a028a1b0431b2b6e8016fe9

SHA256
c60f25ab025863f7b511542f9ce0cd16193db2ae887db9144fab634d21c4e9f3

SHA512
2981bd2d518e83d47539c4ba5b3e005b9c70674fc2f0d0d98600d6c47db2d8b7259811ed988f9d1adde4b58c9985609fcb78c68f506de285eea434551420b850

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTexture.vs.bin
Filesize
425B

MD5
4cbc79490c90928ccfebb56a8318eefb

SHA1
0754a60095990e61477cc70b4f806988a0725ff0

SHA256
9157cc875f439b19feb664b90f748d7c77d8e71dfd542eb45f873d1b9ad52069

SHA512
6d62676e0daf43f630b207ec7afb8848f63cf5a703691070c20f1c0f39547e7d5a16b921be8c9ccd0905d91299f4fceceea289e66ffc1a99f7762388acac38f3

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTextureAnzu.fs.bin
Filesize
297B

MD5
73403a1ac5d7a29ae66921b96a684fae

SHA1
37eca11dd562da218f9c66818dcfac6189785617

SHA256
cae9cc9c5acd9cba08b59d8877e55b0d7d574547da0259c460e47a59b20bffbd

SHA512
e78a7720d6179048963ca72a01b15c9324d3e7a5439dfdcc825e46ca595e2d1e9ab1d1324cbc4dfd8665a82e069c5d67fd7dbaec9a5aa6a6e2fad783068a7135

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTextureAnzu.vs.bin
Filesize
522B

MD5
65fbd3f05899b3b94473a5b2a3d763e4

SHA1
5cf673cb597e747d929e81ef6ffe72f5d418fd44

SHA256
1da5f99dde24fa0f475e7461fd3cae09cd13b3821e8fc74e979e6f492ef9d621

SHA512
abfb72dcff483f6febc2d7a58716a42b3dbd86dcc74701a0a7745d74029facefef8ab0365ae55efbab1fd0c4ff497c8dbcecf1fb16643bd1bbedd476d1c90b72

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\NormalTexture.fs.bin
Filesize
1KB

MD5
9b77937906a6a213da606823947e069c

SHA1
99e394cc6ecec6f8e5bd329fe785d210728478e3

SHA256
4d591aabddf8ae19d4e88c9804be37e004673d8a06059da9a1bfe077b490fbd7

SHA512
e778d0031da2332dd0fd5cdd3f51fadea2d8374159faec173b3dc35e863a3d640b19b7fc71208fd1bde5dd5b7d8b192676006fd03f44d8fcaafb3029d33af3af

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\NormalTexture.vs.bin
Filesize
683B

MD5
12c341b4bf041100551e832cd9888f23

SHA1
c5c50fb381995185bcd1804d3cf51b0f85f53f55

SHA256
5d977ecd6196184b1a1ffc13f39a37a8a385917b15b1134d8a2b828038d461a5

SHA512
04ef1679ad951d9ac9a2c8b481b032756a01397125e8e8e8e5ed73981669d305f378e50ee0c4d0208335b9a2d7f646abd4c087476a218d5b8412640720167222

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\VertexColoredTexture.fs.bin
Filesize
586B

MD5
1ceeb3d942cfec141dc3e1043bc6faf5

SHA1
7e30ae9bf46e1be49611e558e213104ef7c91195

SHA256
a7144c8c4ebba247dab1e1b3778467bbd514c8058edf05c227e14d8dcd8819b9

SHA512
ae850e79fe823b24a797628c74712df3a484d2b063a402cb16d50af2eb62a9d295cf8c83d17daa869751d723bc076bbcd8fb91ff5838dd6ebb9660f6bcfe0a05

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\VertexColoredTexture.vs.bin
Filesize
473B

MD5
b319352e49cfbbd4984d61e5d90e88bf

SHA1
1359c61e91f7b833d0fa0af5615a8fda6c9e0eca

SHA256
de2b5c2e121e2634d455e93eeec4083749c9b036d7be9df327f60070955c780c

SHA512
9122b22ccbafc2761a81e0c34e2d5e5942593d562b7a5f26dea21ca8f1d0ef07436f01402c9e13909a6278720fd47feeda22870e46062724ec437f09396e7276

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
155KB

MD5
1fb97f8058514518cbdf6916f5663116

SHA1
fa7952cf2229fe074c4071d88d71cd7945dd0a1b

SHA256
cb593c500670d6f9d656e7331b32f0d4eb4d212ea3d9b7bbca9de92758be2841

SHA512
3370dd6bf1f5e462b70ff9ed7fe05a7ee0d6d9faae2b7b7d30991f05a7677c6b156d226f4c2e907fd1b8d66fa5c06551d7c904182cd42a29cf114af07d8ab75e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21
Filesize
18KB

MD5
87624aed825056b30bad704d39acc877

SHA1
013d1944f937a42974ad7750fb69891ac7f25077

SHA256
93b835e2e0a9736eb4c485a262463c1fe6a3201e5fe83ebc5309e2f2bb5a8fc9

SHA512
3be1dcf829f5e64dd5dd6181675e3b7f21a5602430e7f78b77efd93990b31eb46bb6d0549075d85b84400ddf025902c6b656059706a2b5980e3c5e7ab86b3586

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\3758
Filesize
11KB

MD5
9eee5197e3ef9676808fd3435f4640d9

SHA1
07df8c1ac640d5eba49bed0345e75dc79751dce6

SHA256
0b41f272d0247763f2fac9730122db26a348e679b5f29f5f3415723c89a2784f

SHA512
f58eb3e8d4462b67d379abec738ba0d95ec9e56381a0d5fc6fb98faf3c3e0073f8a9a36931a9c74a548e1372ff6e67741999da6a78675e05bf411eaddd709b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Growpai.dll
Filesize
4.9MB

MD5
bec51d4ca57696dc588a50287b1c9c9d

SHA1
d7e2d92269859ebf85c7f2f6e990766a06decdc9

SHA256
f178d6b92e710049b27c2465f66c4bd698c685b769e881f0b490b64efcd68c25

SHA512
24dc6d0e4a13cc2ac355b9ac56220a6769e8b78c44af1011357741109a6786d987a1a4a14abc343c05fdb83da72096b481a35be68376413071b422a6614304f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Growpai.dll
Filesize
4.9MB

MD5
bec51d4ca57696dc588a50287b1c9c9d

SHA1
d7e2d92269859ebf85c7f2f6e990766a06decdc9

SHA256
f178d6b92e710049b27c2465f66c4bd698c685b769e881f0b490b64efcd68c25

SHA512
24dc6d0e4a13cc2ac355b9ac56220a6769e8b78c44af1011357741109a6786d987a1a4a14abc343c05fdb83da72096b481a35be68376413071b422a6614304f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\InstallOptions.dll
Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\InstallOptions.dll
Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\System.dll
Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\System.dll
Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\System.dll
Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\ioSpecial.ini
Filesize
803B

MD5
4575c9222d2dd7d75d1aaa321fec939f

SHA1
4226ec4f4fd653b9d9da7576a3265eca5aa44380

SHA256
c01363b95c861189629549e51660699b840a586101fe2637d30fa02e2ab8e798

SHA512
354696de1f1995785428d1041c1dd953abc99a1da70161b0dd97d0fbca3f62d54ce2c5681f9cf3d9e395a99e8d8a68bd70adafd4e7368ad7fa6b984eb0f18837

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\ioSpecial.ini
Filesize
803B

MD5
4575c9222d2dd7d75d1aaa321fec939f

SHA1
4226ec4f4fd653b9d9da7576a3265eca5aa44380

SHA256
c01363b95c861189629549e51660699b840a586101fe2637d30fa02e2ab8e798

SHA512
354696de1f1995785428d1041c1dd953abc99a1da70161b0dd97d0fbca3f62d54ce2c5681f9cf3d9e395a99e8d8a68bd70adafd4e7368ad7fa6b984eb0f18837

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstDAAC.tmp\ioSpecial.ini
Filesize
565B

MD5
37de2d484ff5e92b077b1c8191931cef

SHA1
209fe6b37da196db59f3230678f0f50d55d2128a

SHA256
5e7618ace676671c5fe4ada584023477ed52b65300566a3f85bd270a09836ec4

SHA512
402eacf1ab5e90a426e70936a77a3b97a90a8b32edcd6e8e53be13a231cdba42a32471e0f5c309adb9335be200996ef725e130fe4b9e930abcdb772e069fa410

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png
Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll
Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
8568b6db80d057080b0b9b3d68957243

SHA1
766efa6ec534742728544718316a99509ed3aef9

SHA256
eb032d4adfff4173c44b2868f622a26a2189e49edb8a141018369e412f1400c9

SHA512
86494db948ff62136e9b2b1cb8a093699d871a99fc6f2c07247de025f0d12299c857976971409e98ce8d93ffbbf67723fc81514a604ac5550473b9c6e822b01d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
cf517034cec27d4f09cad0776ad50765

SHA1
8b6777da7245703379f26cdd04ea848dfca100b5

SHA256
9597a2c24a38b2eb0b11d7fbd1349b374db6643eeaf7a6bb9a09b8930e396df2

SHA512
1c53a78eaf9f909edeceb66628a7998adb77cfe01b688838caa527f13ecb3213d7a8258b8d31fed6e7ad1b4ec06c5cfc16aa67c1ece7d62234feabe750b32d82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
2fb9b797329829920e005ae831b9dc54

SHA1
0e9ad37441d3245efe408a4d7208c5bacbfa4fd5

SHA256
8751d763f77a8d49c10c402e358d4c1b827e06994eac53f5a6deb447e96ffa9c

SHA512
3ae71e62e82538e29789f042f43993942b6a326fc298ae077e4b8bddf5cc7d3e0fde2da84765d0d958008bfb18b16d1e888569403136600e8c30278facc8e51b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
2ac9e3b38e82a832ba3a5aca7ad9a285

SHA1
61c10d4c9b99ac1ab5ed8458d7d326074abeb3b9

SHA256
97acf3fda2309db105d9d415444f52834b1ab688e631fe561460eb9e0be1d998

SHA512
dd35ad86a508f708efc228b26a4f38f6157fd5b67210a4002958f61c1657e8911b815705ed234e31ba845f49b9b7b02c1be6077cd5b2b59c1cc99ebec9523a67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
f3502d485ea6bf4885e849e1bced438d

SHA1
de39370ea6f9a02c5e001373a3aac0d32297063d

SHA256
9c5c471c3eaffdd82dd252660bec33aa305a5f2278390f011348744d93994b2e

SHA512
958710379c9add44db1fbe7a90d8cae9c3f7f9efb28dda056185e487871a988ee4385e2273517adf65a66a33e812059be4649bc8b3b97f4a2405b6dcb271398c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
691675a6f027c690e44fee1b682e8c95

SHA1
2ec50483e3e27bec67dc17614b84ad4f914998a9

SHA256
749712e901d2e8245339654859eb5feb3bb5df0e2311ee11d587b2782bbdaf9a

SHA512
eff12b76595accc8778cfd1a19994cebacb5f7608a09afccf026d2fb09e9c004c25800f5507d33e455fe1508e5c434338380b782e122c299d8a81b05314ebe6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
d2086ca3f415afd760a77cff46ffc2a3

SHA1
3e21d48ecaf8e7105376ccf04df1e937ae2237dd

SHA256
af1235371bb06aaa8a0602fd3e3a2600a751d29658f68486d533a816a95facbc

SHA512
9eb2c0e9a4fa87e4dbddfe610c85a0763836a421b2ea159e3dcda64e3f03b76bb7f8805c462f4972c1d113e6ba221c293253c9dfefa33d9b02fe051e26631133

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
7254332a0f3077d5153d90e4daa7aa3b

SHA1
f34aa8b4977a65bb85a35fb29b5a8a224e991834

SHA256
d9c28e824fc2c71e8f40dc6b1986df7e7916772e4f9b7978178731600100d474

SHA512
3c8205930cf83702c9e2054b34a5f4441528f8960beea1e1a3c17694085539b5f6bb626c38250f25154e2d850ea1e0bf635cdf8edec96d33a53a78fbdd711541

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
f5f994809ad74649c41fb25f09b71feb

SHA1
e2401f0cc7db60f972f9bfc6803df69ec70f7ed4

SHA256
3169a9fb4919166e637c6b26392a8fdab864ec7c18145a31c09b55c630b2196f

SHA512
c208f2696ac87c53ab0df8991b4815bbecafb1322e609a2745389fcbe2d48e6024608479f4dee74b298a583831ea8baeb7816719ad1aa27235a008c00bce0c31

Download Submit
C:\Users\Admin\Downloads\GrowtopiaInstaller.exe
Filesize
191.8MB

MD5
51527643a5802cbdee715313ed743b72

SHA1
6460a279da72e0705a773f23d403beb5c7260b71

SHA256
180b585699602924e45e46c6ba98ce91964d37f8e10e9859ec14542ecb45762a

SHA512
6cce49277f55c984b206690e5f9879b4e79021fa0c992279f437801993b372598cf4ec09277cc47c6417d97962b4eae671cd7d61422da4fac74a83a7744400bc

Download Submit
C:\Users\Admin\Downloads\GrowtopiaInstaller.exe
Filesize
191.8MB

MD5
51527643a5802cbdee715313ed743b72

SHA1
6460a279da72e0705a773f23d403beb5c7260b71

SHA256
180b585699602924e45e46c6ba98ce91964d37f8e10e9859ec14542ecb45762a

SHA512
6cce49277f55c984b206690e5f9879b4e79021fa0c992279f437801993b372598cf4ec09277cc47c6417d97962b4eae671cd7d61422da4fac74a83a7744400bc

Download Submit
C:\Users\Admin\Downloads\GrowtopiaInstaller.ytAHbRgV.exe.part
Filesize
191.8MB

MD5
51527643a5802cbdee715313ed743b72

SHA1
6460a279da72e0705a773f23d403beb5c7260b71

SHA256
180b585699602924e45e46c6ba98ce91964d37f8e10e9859ec14542ecb45762a

SHA512
6cce49277f55c984b206690e5f9879b4e79021fa0c992279f437801993b372598cf4ec09277cc47c6417d97962b4eae671cd7d61422da4fac74a83a7744400bc

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/900-4740-0x00000200D38F0000-0x00000200D4019000-memory.dmp

Filesize
7.2MB

Download
memory/5804-4034-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4323-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4709-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4546-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4033-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-3930-0x0000000140000000-0x00000001435E2000-memory.dmp

Filesize
53.9MB

Download
memory/5804-4035-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4041-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4052-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4053-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4059-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5804-4130-0x00007FFF2BA80000-0x00007FFF2C6FA000-memory.dmp

Filesize
12.5MB

Download
memory/5824-3693-0x00007FFF4F390000-0x00007FFF4F392000-memory.dmp

Filesize
8KB

Download
memory/5824-3694-0x00007FFF4F3A0000-0x00007FFF4F3A2000-memory.dmp

Filesize
8KB

Download
memory/5824-3695-0x0000000140000000-0x00000001435E2000-memory.dmp

Filesize
53.9MB

Download
memory/5824-3667-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/5836-3863-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3862-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3878-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3872-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3861-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3876-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3873-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3875-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3874-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download
memory/5836-3877-0x000002C35E920000-0x000002C35E921000-memory.dmp

Filesize
4KB

Download