180b585699602924e45e46c6ba98ce91964d37f8e10e9859ec14542ecb45762a

Analysis

max time kernel
444s
max time network
462s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GrowtopiaInstaller (2).exe
Size

191.8MB
MD5

51527643a5802cbdee715313ed743b72
SHA1

6460a279da72e0705a773f23d403beb5c7260b71
SHA256

180b585699602924e45e46c6ba98ce91964d37f8e10e9859ec14542ecb45762a
SHA512

6cce49277f55c984b206690e5f9879b4e79021fa0c992279f437801993b372598cf4ec09277cc47c6417d97962b4eae671cd7d61422da4fac74a83a7744400bc
SSDEEP

3145728:GWDBZkc8dHx5+lFkPaR79v8ZpYGHSR01H7V17r/8LrwW5jl+qPR7KiWPw5QUmPOy:tTkXdHx5+l5qZDHSeD7r8wWLT5t3AZ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
28	discord.com
29	discord.com
30	discord.com
93	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2272	Growtopia.exe
2272	Growtopia.exe
2272	Growtopia.exe
2272	Growtopia.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 3 IoCs

pid	Process
1692	vc_redist.x64.exe
1624	vc_redist.x64.exe
2272	Growtopia.exe

Loads dropped DLL 14 IoCs

pid	Process
2708	GrowtopiaInstaller (2).exe
2708	GrowtopiaInstaller (2).exe
2708	GrowtopiaInstaller (2).exe
1692	vc_redist.x64.exe
1624	vc_redist.x64.exe
2708	GrowtopiaInstaller (2).exe
2708	GrowtopiaInstaller (2).exe
2708	GrowtopiaInstaller (2).exe
1256	Process not Found
1256	Process not Found
1256	Process not Found
1256	Process not Found
2272	Growtopia.exe
2272	Growtopia.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0003000000021472-2203.dat	nsis_installer_1
behavioral1/files/0x0003000000021472-2203.dat	nsis_installer_2

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2708	GrowtopiaInstaller (2).exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	532	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	532	AUDIODG.EXE
Token: 33	532	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	532	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2272	Growtopia.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 1692	2708	GrowtopiaInstaller (2).exe	43
PID 2708 wrote to memory of 1692	2708	GrowtopiaInstaller (2).exe	43
PID 2708 wrote to memory of 1692	2708	GrowtopiaInstaller (2).exe	43
PID 2708 wrote to memory of 1692	2708	GrowtopiaInstaller (2).exe	43
PID 2708 wrote to memory of 1692	2708	GrowtopiaInstaller (2).exe	43
PID 2708 wrote to memory of 1692	2708	GrowtopiaInstaller (2).exe	43
PID 2708 wrote to memory of 1692	2708	GrowtopiaInstaller (2).exe	43
PID 1692 wrote to memory of 1624	1692	vc_redist.x64.exe	44
PID 1692 wrote to memory of 1624	1692	vc_redist.x64.exe	44
PID 1692 wrote to memory of 1624	1692	vc_redist.x64.exe	44
PID 1692 wrote to memory of 1624	1692	vc_redist.x64.exe	44
PID 1692 wrote to memory of 1624	1692	vc_redist.x64.exe	44
PID 1692 wrote to memory of 1624	1692	vc_redist.x64.exe	44
PID 1692 wrote to memory of 1624	1692	vc_redist.x64.exe	44
PID 2708 wrote to memory of 2272	2708	GrowtopiaInstaller (2).exe	56
PID 2708 wrote to memory of 2272	2708	GrowtopiaInstaller (2).exe	56
PID 2708 wrote to memory of 2272	2708	GrowtopiaInstaller (2).exe	56
PID 2708 wrote to memory of 2272	2708	GrowtopiaInstaller (2).exe	56

C:\Users\Admin\AppData\Local\Temp\GrowtopiaInstaller (2).exe
"C:\Users\Admin\AppData\Local\Temp\GrowtopiaInstaller (2).exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
  C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
    "C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe" -burn.unelevated BurnPipe.{6F66D0B1-31BA-4152-8BEC-F6D4796757AB} {6F127C3A-CA6D-49E1-9D71-6472F0C5ACBE} 1692
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1624
- C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
  "C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:8
1⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3764 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=2544 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3944 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3892 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2524 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:8
1⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3804 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3460 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3836 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3784 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=692 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3672 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:8
1⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:8
1⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=1688 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=4208 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=2084 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=3400 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=3736 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1216

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x560
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=3456 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=3524 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=3828 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=3604 --field-trial-handle=1352,i,361565235536194657,2187976712518626941,131072 /prefetch:1
1⤵
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
3.2MB

MD5
1ddf15e04a107d53a1eb187d335b3dfe

SHA1
25bca386c629f4858fee1af6117ed898f0e2e897

SHA256
5385f3af883613b0bea8b30a1983857856908375bc81d6dd98e8c9f9de4b57f2

SHA512
cc7ad96470ad8efcc5d2294035dda0208b363e6da07de33b5ce3a32231eb2e93688ae1897047f90b24b11e0b596e344678070c443c3733e5c2caf53ef4995ef1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
3.0MB

MD5
6fdbbe7335a673377943c43df3c37bcb

SHA1
1f980c796d2bb2ba983e08dfdcc74189811c328e

SHA256
a6be7c97e83b61c83e0a38b25e1fb4fd0b575c35e720d1e4b2ae5e122f08c5ce

SHA512
37cc4f79d8779ad63bb056f48e0602d7748d57ac005b40abf6a30989a8fb98061cb084bbe514d8f9a18d20024c7be58f5c5dfdfc74cab31853f5770bfd15dc66

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
8.2MB

MD5
37da7396846b8c42c5dfabbeb7a22b1d

SHA1
28f7eef660139fe7b9918e025753edccf30c136f

SHA256
3343681b8af045e2adf08c06c8c1cc20b4e70fa2190b58a104a20a0421ec4e90

SHA512
968bd87c3906cf01a92b7e7354e1817709de44ccdf4d851094ce3b83340b2fa46f63fdda057732545d3b683d20f13257f3fc2a83f0951cc9a2ab3ac6b64a72fe

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\fmod64.dll

Filesize
1.5MB

MD5
7c53803583b01431947ca1430003e245

SHA1
829e2f1f52092ad9e6896982cc3ab5aa18480425

SHA256
e9f7da72a00fb075c8437a141bff3565fc46db6bc49bf20d87166fce7a25fb4a

SHA512
9ca475b1b6ab7255a02636fb796bb8dd2f02b483197d46b47e3bcb23dcc797bbe59ec8387f047d9959031fe0ccf90e31ffbb89ade73b1090288c82ae9bb334a9

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\store_buttons14.rttex

Filesize
67B

MD5
1896385b19daa70f512320ba52a1fdf6

SHA1
63f2954b2cd949e45d02c4f1d4c3f35063aec757

SHA256
71fa2aa665788dff80d37cc26db1f6845685d7542bcdac61779a95a51bf95309

SHA512
f23b50c201e0cf1ff42e4e543e6ae856573cec3e11fa6cec66a8ca661fe69f3cbb4728b3d0e4e2762cd9f2b98e44297d9969ba1a93224dedf8e8e044d37febc1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
810KB

MD5
29154dcd863bc665d83ef81d8271ede5

SHA1
fafe657fd2ea7e95742c24d6b32baf230563f80a

SHA256
a24c1dad9a1638ff3a9e76da323c5c19cb9b6f24eeb09fa276c12605fa10e9db

SHA512
05c44c50f8210152c31f0e6b25a0c8b38238e442eef4a81c420029369b8f8f9ca5292f6aa9fdd490bde121c0a8aff6d9111a97b6f0bb11bb7e67a473ae59753b

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
4.4MB

MD5
4f91fc971b321e4a2b3b11aef8ee504a

SHA1
6d9ccf4c2c64a99780f1362a97cd5c81b49e5224

SHA256
0110663951e231311db55bab9452276a5f30dd1dfddbd00f399295136d9b9c10

SHA512
35fc75e4b3f28a1cc8995d9d55c3e75876391497fb467f5e9bfeabff6e053021f0c263d8afd74582a331b0a224dfe010143450953f73a59c5b2156631cd24b6c

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
1.9MB

MD5
ec4c26e5c721b16f91ae28c03187f29b

SHA1
5fda5ef756995c597a0fe61fde42a8cacc5c830d

SHA256
0d1881c270f489dddd950c32b0109d717df29405ce6abfea90207163e117cc90

SHA512
adbe0c190b5622cbe5151470772fb4bcbefaa4bef33bfb12dc86fe95bd4460393cc6ae8001ab32a00a86f2a920ebae09d10ff13af9492e73264212e6501207e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7C90.tmp\ioSpecial.ini

Filesize
565B

MD5
5a769385541ec6e4a5860f0bdcfbeebc

SHA1
35a8da3b741da48c4fd25f1533fe83d1dca80136

SHA256
e3b60905f031056f7a240f5f322509d33a0d0f9328880873890bb5199f3304ed

SHA512
0fa1a6cf61602521d35ed4529df1ff3ec2626d505a408076b1cc05a852fffbc404bf8290bc94c6f010e18a9d462ed834af14a0c65ca7c1b0ea5a60eb92b4f47a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7C90.tmp\ioSpecial.ini

Filesize
802B

MD5
84e7325f9ccc843e19f4d016c047f7fe

SHA1
09fc4aec98b3c2b1557f74618d2a70c6a61b5362

SHA256
f8b70514dbba0ab46f7aa6e4abe04d500a2d0c0c6371637ae5a26c35d0eb5960

SHA512
c8fd726e8e8931fe414324df9f8bc8ea110573e7879fefec75d44be754af878df68326f0df87309af08605b4d1a2df08b280e891fc12d6a00ba216254e637641

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7C90.tmp\ioSpecial.ini

Filesize
604B

MD5
052b73bba353cfb5487cfd978c2b381d

SHA1
33e95e44828386b7225fed7144d581c02e2715f5

SHA256
a19e8222fa5224d47fff4a0171dc48fd44e67a4ca24cc61b9f8253ac8df240a1

SHA512
07f9771d2dcfb999921a48fdaf032be5da69d3b4b27cedd156bc7b1c806fed18852634b13f79c9a70bd8338ec7963bd349a0065ee473d4b26e3be6f3709ddab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
8.2MB

MD5
570633e093b9be0cca0eea367795bef7

SHA1
c00fa81f3dcddb0ec341c0c2cbdf4e76cd7f4efc

SHA256
9b1fbfcf998fd12c90453349f905e07cb41a770e76e99376ee7d3d36ea8992d5

SHA512
78569edf2698475989345bbd7961400b30bce051852177db6e8900e13e56649529c4382f7295a0b12df3b286b4d22c98540fe20c9438c4dfefc9da034e00570f

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
3.3MB

MD5
35bde193537ec3f1bf686fba3e6355e8

SHA1
834a6603fff2f0d5874ec2d77675a3fcfdeb1260

SHA256
3d80710b26b7f40d428f10ce7efe2aef41ab5abaf4074f6b724223d5196092e5

SHA512
a0206013d972718237dab1028f663329169fe572249771cf2d230ee05fb5daae9d7d8bf073e3fb7f83bda70cd70ee43ccfecb9accd0778e06f4ba74d823fa2f2

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
384KB

MD5
6ad1a52d480efd9365c857fd8813d9ed

SHA1
3f1d3258d6c00a388e2e0f88ff1f3ba0966b24b7

SHA256
cd7753c697e4031304a816da5e3e4ea15eb1b95674a61b36c12168e88fff2991

SHA512
150d3061dd23f2e4e56ba617e7c69baf190123409507f5ba5535a5b1143e77014e350a3e825e4d97e01a31e54a6c0278972e5397081f9d804370d65e91168665

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
256KB

MD5
af7cc3da34c98f234880e611c0c986f0

SHA1
71d0cdfec8da7ba8a19b9809175b6c53241f716f

SHA256
01af79de929864aef43d48abd9fb9fc5894f368baf8339cc3ddd936d2b766ce3

SHA512
8dd6824b7ea968bfeebef211b3220313ad6e6499ed03e04a530cef861ce9ec596120ab26b3eb903322cd06d278a60171d1a3379238003f9b76614b8791253179

Download Submit
\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
192KB

MD5
eda464449e6c479d325caf5b0d376937

SHA1
54f327ccf8b5c8b68cfdae33262565a2ca250a73

SHA256
208f8bbdaf72286ec76fbd0da74c7e624d4bfc50fd61369df6f2739cdede5401

SHA512
abdc227ba2a30a522c273b265300130e8ba906e820e42584de7d4af5c285e3713d58b268fb50032b65531ce3c48d137b877d6d7fb3724ebc380c19c831335a36

Download Submit
\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll

Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
\Users\Admin\AppData\Local\Growtopia\Uninstall.exe

Filesize
79KB

MD5
692d7a45962149b6c2efc124caa0a60c

SHA1
29351cdd27ab96ce364e2fb1485e9615745b5340

SHA256
f47ec18079c78d596a5f90c85ac13f994bef78a65fec7ed742d50f335c19c1ed

SHA512
95394ce4a2abdad90b6998b542a316794ee438fea1d6835b1ad2d5ea67842bf10926b3a20de8f6d3384ab3ed72dfb9750b40315060bacf75d5daf74b828b32f6

Download Submit
\Users\Admin\AppData\Local\Growtopia\fmod64.dll

Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
3.3MB

MD5
fc971386e7dcc06d8377c84cbb7beea6

SHA1
e4a5fa936b9c2b98662704ff6d9c090203747028

SHA256
77f747c6b7aceee76773520973553d054aa00ec3bc7b4427b69a2673fc3a12be

SHA512
40304a93953f35f763cdcffb8a78a8151ffc3d2790ed1f8b18c2a8ce5817f9edcf4aff0f0dba9642ace8749e959a226507ceef023cda905ff78f3f4fe2f61cda

Download Submit
\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
3.4MB

MD5
5d4a6de3c6c94b8bf572fc482528bad5

SHA1
4bf11d8caac8366f619917ac2afb80ead8c0564a

SHA256
d9501fd105c8139a912cc9d673fc5a758cd501d2422209bbe7581993dc98fde5

SHA512
8f09476b9e51f43dc9f58bf26118ed337a3122c40cb9f2fa9163c543b14bd15a63834d226111d2849253425abcf5f0b038c55e781d2a69a8aebab030145a6c9a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7C90.tmp\InstallOptions.dll

Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7C90.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
memory/2272-2349-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2272-2351-0x0000000140000000-0x00000001435E2000-memory.dmp

Filesize
53.9MB

Download