86004dc38c1e66fa8679bb5e6d5fb45f1bb227a0ea399dbe8e4d83d020d3981b

Analysis

max time kernel
125s
max time network
40s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15-06-2023 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GrowtopiaInstaller.exe
Size

209.8MB
MD5

2dc780e4f1785041457a18ca7b3a3e76
SHA1

45b942b5b26548965d1a9cd93feeca9051bac62b
SHA256

86004dc38c1e66fa8679bb5e6d5fb45f1bb227a0ea399dbe8e4d83d020d3981b
SHA512

107fbf5529033ffe5e79299f18c2eda354b09b0414a58ffbce71733bd9719888cbfea6f8a6326492c70e042dfbc8ab58d55af2d0a781d44eb025b96506f98920
SSDEEP

3145728:JwDBZkc8dHSnvU38hAIWFRGlR79v8ZpYGHSR01H7V17r/8zpujIHPuK//jUmPPEA:OTkXdHSnvU3p9FReqZDHSeD7rnkzg3A

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1296	Growtopia.exe
1296	Growtopia.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 3 IoCs

pid	Process
2604	vc_redist.x64.exe
2636	vc_redist.x64.exe
1296	Growtopia.exe

Loads dropped DLL 17 IoCs

pid	Process
268	GrowtopiaInstaller.exe
268	GrowtopiaInstaller.exe
268	GrowtopiaInstaller.exe
2604	vc_redist.x64.exe
2636	vc_redist.x64.exe
268	GrowtopiaInstaller.exe
268	GrowtopiaInstaller.exe
268	GrowtopiaInstaller.exe
1400	Process not Found
1400	Process not Found
1400	Process not Found
1400	Process not Found
1296	Growtopia.exe
1296	Growtopia.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2088	1296	WerFault.exe	43

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0003000000021205-2289.dat	nsis_installer_1
behavioral1/files/0x0003000000021205-2289.dat	nsis_installer_2

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1296	Growtopia.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1296	Growtopia.exe
1296	Growtopia.exe
1296	Growtopia.exe
1296	Growtopia.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1296	Growtopia.exe
1296	Growtopia.exe
1296	Growtopia.exe
1296	Growtopia.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1296	Growtopia.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 2604	268	GrowtopiaInstaller.exe	40
PID 268 wrote to memory of 2604	268	GrowtopiaInstaller.exe	40
PID 268 wrote to memory of 2604	268	GrowtopiaInstaller.exe	40
PID 268 wrote to memory of 2604	268	GrowtopiaInstaller.exe	40
PID 268 wrote to memory of 2604	268	GrowtopiaInstaller.exe	40
PID 268 wrote to memory of 2604	268	GrowtopiaInstaller.exe	40
PID 268 wrote to memory of 2604	268	GrowtopiaInstaller.exe	40
PID 2604 wrote to memory of 2636	2604	vc_redist.x64.exe	41
PID 2604 wrote to memory of 2636	2604	vc_redist.x64.exe	41
PID 2604 wrote to memory of 2636	2604	vc_redist.x64.exe	41
PID 2604 wrote to memory of 2636	2604	vc_redist.x64.exe	41
PID 2604 wrote to memory of 2636	2604	vc_redist.x64.exe	41
PID 2604 wrote to memory of 2636	2604	vc_redist.x64.exe	41
PID 2604 wrote to memory of 2636	2604	vc_redist.x64.exe	41
PID 268 wrote to memory of 1296	268	GrowtopiaInstaller.exe	43
PID 268 wrote to memory of 1296	268	GrowtopiaInstaller.exe	43
PID 268 wrote to memory of 1296	268	GrowtopiaInstaller.exe	43
PID 268 wrote to memory of 1296	268	GrowtopiaInstaller.exe	43
PID 1296 wrote to memory of 2088	1296	Growtopia.exe	44
PID 1296 wrote to memory of 2088	1296	Growtopia.exe	44
PID 1296 wrote to memory of 2088	1296	Growtopia.exe	44

C:\Users\Admin\AppData\Local\Temp\GrowtopiaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\GrowtopiaInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:268
- C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
  C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
    "C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe" -burn.unelevated BurnPipe.{EE573D3A-65A8-4138-9396-EA1808A3F8FA} {69747402-F174-456D-8974-0186FA5C788B} 2604
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2636
- C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
  "C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1296 -s 280
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:2
1⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:8
1⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:8
1⤵
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:1
1⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2388 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:1
1⤵
PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1252 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:2
1⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:1
1⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3860 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:8
1⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3952 --field-trial-handle=1196,i,11349213359862649638,10424363702188388657,131072 /prefetch:8
1⤵
PID:2544

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll

Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\fmod64.dll

Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\store_buttons14.rttex

Filesize
67B

MD5
1896385b19daa70f512320ba52a1fdf6

SHA1
63f2954b2cd949e45d02c4f1d4c3f35063aec757

SHA256
71fa2aa665788dff80d37cc26db1f6845685d7542bcdac61779a95a51bf95309

SHA512
f23b50c201e0cf1ff42e4e543e6ae856573cec3e11fa6cec66a8ca661fe69f3cbb4728b3d0e4e2762cd9f2b98e44297d9969ba1a93224dedf8e8e044d37febc1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6357.tmp\InstallOptions.dll

Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6357.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6357.tmp\ioSpecial.ini

Filesize
773B

MD5
4f7bbb71612e8b5b0571413013a3d1af

SHA1
d4ef15ba21bc3ce04f00003268d58194c3fd1df6

SHA256
38bab839fd0c3edf3f6665a636e76235c10125f37c8acd6f2182df96602d7fbd

SHA512
7fc943f3e3b4711f21bac8fa30accf332fdee9aa627bf9a98a69f99617538f9afbc375ce72b146c9e3a592dbccd15d573fc5b3c3c4f7425fdd78e94d14a40ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6357.tmp\ioSpecial.ini

Filesize
802B

MD5
e48812d5ed120cbfd247b8e5a48a6d8b

SHA1
9d0dfb3e51fd5b19b90e286cbdd983c74b4fe127

SHA256
cac1b559cfb0ab2d7152fd838cbc17f6fb5ba170586ae64980b94107b946e309

SHA512
05494d6dcac9dcef6c72d430e53ef0e07e66850a798bfc478528f7ff58331b3b743e9427fec87cd38255c8a3a73f87e1b16f4cdba66710695d797b79ac7631b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6357.tmp\ioSpecial.ini

Filesize
564B

MD5
a4572de3e496efb85279c9a0880eb7b2

SHA1
52b2e48c0bffea052973805993f2429c7a4be89e

SHA256
742fa01bfa874d50aaebbc1f2c70d9945993aff71f6bfd2f322d2dd9e9126d59

SHA512
bd57d688417aca07e1cf514567d7dd4186aa52be94a15a56b0d593dd718219d63b8574874a4f4ddd97f4b571f00a2f5a066647b0c3c22e6e19cf70007ddb3c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6357.tmp\ioSpecial.ini

Filesize
600B

MD5
7255439525f88643ffde2c11121837c0

SHA1
ec0f12370afc9d4dfd07e0a190438b98ad0b0ea5

SHA256
805636721df4eb25bef161768a76b618a1e161f57df949dc205224cca24dbfeb

SHA512
499f8735fc5dad3236b40e6b8263cc4590a419fd519ffc953659606afa46ca5fcc3b1fa0c44c6b0618c98572dc853503f75e893635a4c79c2d4df4a33dd0a57e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
43.2MB

MD5
818f4d537e9de4d86964a9f65243de94

SHA1
97f19b87b17791f7b0d257deeb7e0b3f63cbb081

SHA256
029721fe39756f04587809a8bb8c6754f33df6c2b6b574a470c4de2180c9a600

SHA512
2aeff5316518b172482e39908e2b1fdc6db12d5d62fdcd08a1431c0ac891d38c46b02a2bf1345974913a5447185ab2a7507ce8d3e8bbc19c8b5d7be505621491

Download Submit
\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll

Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
\Users\Admin\AppData\Local\Growtopia\Uninstall.exe

Filesize
79KB

MD5
ce7a5976fa0be22bbd15fd45e2ef2c19

SHA1
0dbb75712e0f5fc4b991b248962954f4e7f6290f

SHA256
e7b652ff86aeaffaf1666ea506ddba6f450221b15abb7d648c2b6576bc1526b4

SHA512
47be85b6a7e796ddeb0f90deb8697faac7996c737a4492c58185e4fc28846108df5203432c6711c849190099e361f80b03f271cb242c8ffee8b358452d10f552

Download Submit
\Users\Admin\AppData\Local\Growtopia\fmod64.dll

Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
\Users\Admin\AppData\Local\Temp\nso6357.tmp\InstallOptions.dll

Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
\Users\Admin\AppData\Local\Temp\nso6357.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
memory/1296-2439-0x0000000077470000-0x0000000077472000-memory.dmp

Filesize
8KB

Download
memory/1296-2470-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2440-0x0000000077470000-0x0000000077472000-memory.dmp

Filesize
8KB

Download
memory/1296-2441-0x0000000077470000-0x0000000077472000-memory.dmp

Filesize
8KB

Download
memory/1296-2442-0x0000000140000000-0x0000000145A90000-memory.dmp

Filesize
90.6MB

Download
memory/1296-2450-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2451-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2452-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2453-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2459-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2456-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2458-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2460-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2467-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2437-0x0000000077450000-0x0000000077452000-memory.dmp

Filesize
8KB

Download
memory/1296-2436-0x0000000077450000-0x0000000077452000-memory.dmp

Filesize
8KB

Download
memory/1296-2466-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2438-0x0000000077450000-0x0000000077452000-memory.dmp

Filesize
8KB

Download
memory/1296-2472-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2474-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2473-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2475-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2471-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2476-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2465-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2477-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2480-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2479-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2481-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2478-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2464-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2463-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2462-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2461-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2457-0x0000000000620000-0x000000000062A000-memory.dmp

Filesize
40KB

Download
memory/1296-2434-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download