hxxps://www[.]mediafire[.]com/file/8r465ncu8m6x6m4/GrowtopiaInstaller+(7)[.]exe/file

Analysis

max time kernel
871s
max time network
870s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/8r465ncu8m6x6m4/GrowtopiaInstaller+(7).exe/file

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	NOTEPAD.EXE

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	GrowtopiaInstaller (7).exe

Executes dropped EXE 5 IoCs

pid	Process
5740	GrowtopiaInstaller (7).exe
5056	vc_redist.x64.exe
1812	vc_redist.x64.exe
4408	Growtopia.exe
5308	Growtopia.exe

Loads dropped DLL 10 IoCs

pid	Process
5740	GrowtopiaInstaller (7).exe
5740	GrowtopiaInstaller (7).exe
5740	GrowtopiaInstaller (7).exe
1812	vc_redist.x64.exe
4408	Growtopia.exe
4408	Growtopia.exe
4408	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
4408	Growtopia.exe
4408	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x00070000000234bf-1086.dat	nsis_installer_1
behavioral1/files/0x00070000000234bf-1086.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2"	svchost.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{0F75DCFE-409E-4FBF-A804-BC0A0F6B7D6B}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{8C5C2747-2A53-4DDE-972C-4B22FD139276}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{2E79275F-7975-44F7-825C-0CCA345B7723}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{7EC47039-1F98-4DA9-A926-95E489E1454F}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{2A0A6FBB-E844-496F-BFEC-6D462D9F5572}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 308088.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
4948	msedge.exe
4948	msedge.exe
3532	identity_helper.exe
3532	identity_helper.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
4876	msedge.exe
4876	msedge.exe
5024	msedge.exe
5024	msedge.exe
4408	Growtopia.exe
4408	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3192	OpenWith.exe
5748	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2984	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2984	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4408	Growtopia.exe
4408	Growtopia.exe
4408	Growtopia.exe
4408	Growtopia.exe
4408	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe
5308	Growtopia.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
4408	Growtopia.exe
3244	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
3192	OpenWith.exe
5308	Growtopia.exe
5748	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 912	4948	msedge.exe	82
PID 4948 wrote to memory of 912	4948	msedge.exe	82
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 4012	4948	msedge.exe	83
PID 4948 wrote to memory of 1924	4948	msedge.exe	84
PID 4948 wrote to memory of 1924	4948	msedge.exe	84
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85
PID 4948 wrote to memory of 4032	4948	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/8r465ncu8m6x6m4/GrowtopiaInstaller+(7).exe/file
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee95e46f8,0x7ffee95e4708,0x7ffee95e4718
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7560 /prefetch:8
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2080 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1352 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,15559077634365878183,11291862714103676510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Users\Admin\Downloads\GrowtopiaInstaller (7).exe
  "C:\Users\Admin\Downloads\GrowtopiaInstaller (7).exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5740
- - C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
    C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
    3⤵
    - Executes dropped EXE
    PID:5056
  - - C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
      "C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe" -burn.unelevated BurnPipe.{65DD32DE-FC9F-4742-B11B-8E8F5B0225A3} {DF6D345F-A02B-4036-AA4B-0B060C466323} 5056
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1812
- - C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
    "C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x348 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3192
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Windows\System32\drivers\etc\hosts
  2⤵
  - Drops file in Drivers directory
  PID:4184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:992

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
"C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5308

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5748

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
48.2MB

MD5
d13d7e7ccaaf256a58957dad510e6b61

SHA1
ec435666a784ab60d64a210dac6234d42a23edcd

SHA256
351a36629196ef50105cdb9d194c682581f58f17d112ba9b07f9b9fae51d8b60

SHA512
316cc59db2de692d6fc2389b30fd6ffbdf3a8393e07b371ad726ce70595797d56d01ba1e5d09f8afbd4b9c07210220a167a904006a25501d664284dced07421e

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll

Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\anzu.dll

Filesize
3.6MB

MD5
259a32af5b652b64addf145b389f6b60

SHA1
fe51dbf8bc1e4d8dbc3dc6dfcc48b54775b8e924

SHA256
d869244c77decc4b15dc20ba3207d9286cd67fd4599e8219a3df80edf66f7279

SHA512
f90dc7f0ef44fcbe14f08ee9addbc5c405f0b8dc8527aed7822d33f82a969a0d89fde8f6aa73bf9e5666658e682081aafd563758817c3358921a400c69829e09

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\fmod64.dll

Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\iapFallbacks.json

Filesize
8KB

MD5
e081b07bd5959bde1b5ab740ffda0996

SHA1
bb2adb8d12f3ebe2d1953ffb5928d455102a36b9

SHA256
d2b6fe10ccba4209fd2c30884d2b1dc97ae16f7ee82d7474138f5e9160cb70e5

SHA512
ae0ac6e6f8d5d5721e98629fd39630cc2bdd6c56f42c4fa8584dd1e573a5cc1ea7822cc3e0aea1015f19402e1209ce7ee3afa5d0da670adec5f90c75a4c49be3

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\az_4x3_adv1.rttex

Filesize
67B

MD5
1896385b19daa70f512320ba52a1fdf6

SHA1
63f2954b2cd949e45d02c4f1d4c3f35063aec757

SHA256
71fa2aa665788dff80d37cc26db1f6845685d7542bcdac61779a95a51bf95309

SHA512
f23b50c201e0cf1ff42e4e543e6ae856573cec3e11fa6cec66a8ca661fe69f3cbb4728b3d0e4e2762cd9f2b98e44297d9969ba1a93224dedf8e8e044d37febc1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
95B

MD5
d500705710cd66afd408794071d29f3a

SHA1
1245995b2f8f47384b1db3583b53d823683fc565

SHA256
faad05faa5786d40e80d3465d87ced9edc9090eb6ba9d3a11de6e40bc88cfb8c

SHA512
03c014d53c57b3a2673671a99b6f94d13337acec65fe285a5da7cc756918ab9fc1f29f4f893621fcaf25c2415452de97d787834cd25b02e3c417344ce28be4d4

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
301B

MD5
cd30ba244fd532f8d49f91624e982a6e

SHA1
56389553a74401decbf5a26cefacf05c921cfe99

SHA256
68715b3dad4b3fb9ea3ac0a7b45b249e71591beb02fb080065373e4fa6c8b49b

SHA512
f5b8eed43a860679df17c60c0db1765d46278ed5492995f4201ea2f4ddabe4dad3102e16c1b823aff70e340cc90190a12061cfc2bed94208a9bcaf8c1201a9c8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
358B

MD5
91743ff31296b72c0f9ef4778bf068b9

SHA1
1b1e370f574035f044caf7f6079eee003680616e

SHA256
2a071e025f5204de2b26c6f65824e672993081e30c645e6833e9e73a34bcff55

SHA512
3788addcd5e493dff7c13b13ee7da39a8df634203da10bd8c62e8cb5cab1740ba162245bbe938375ac391d16c37d6a1c66d497b12601ff5f53161ca86a820656

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
888B

MD5
4ac798a56c0f6900b36e7c400d2dd92d

SHA1
3421415cb045854991fa184f44863d96d8cc867b

SHA256
509dd91368f5824f0c61b6bbd4ce659d4440081a43675d14a726b391965708dd

SHA512
417cb6a5d0470025ce63bfe390c71de56af70db3c396a618e9fb74b025c18d516bc60a265052f80f990db1e7f18eafc13622455b0841502fd2379c4851dbd125

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
e000b583ecdd64d5537da7cb55c930ed

SHA1
7c03f8f2f50d3c71205f46041c445380450c8485

SHA256
0dc67b5e4ff17fd87d7e60be4328716e194190f30a690c48b763cc88d2742016

SHA512
b9a0d2b9f391bca346068c3b0396ef253144ba59e637ac6a6866372cffc1ee899f4c27229f477bdf73472672cdd5b9e64b0f0fadd7da96eb330333eb40bf719a

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
469409bc97a7f3dcc0bb91ab4d6540c7

SHA1
a029c0855abe1295b001dc493fadd363b63593a0

SHA256
c5d165f943af28cfe645c431fbb8963013780b3b52e330944ee8b8033bb28af9

SHA512
bfe7ecfef8b54cfec309b62327fafe06205de051e0de56eab241a5acd2f655c9c1144cc089ae25ec264041af101ea67a23371b8f5ef3252cbdbc0acde51fecac

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
222c6cf191c0288a62833bc6bdfc9df0

SHA1
8a260144207b32dc839f45777de8a8cd0389f822

SHA256
1a9c6dbd383e5e7add18d9f4a842f7c3082a4d3e7575ff9bc0c68ba29c0fe0c8

SHA512
2687d8abfba3d303b8659fb9d9e7a92c2217b8b34241224da299339c94856ac2bf71b43ce32568190bd93b24dcc727b7169d324366990c2dcc713564e87fff38

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
458B

MD5
421d2090cd9d4cc7bdb293b6db01ce91

SHA1
605ad1fb2b3c0ed1dfd1c2abb9dba544906a96fb

SHA256
e025c1d9b6ebf78d8fe26ccf7858988874a95409d759436604e2190819d7fd34

SHA512
fce2b95399a5a024f94edf593c803e20cda49a77a716cfcc5af16b7cb002d9e85005e69ccb7b1773f246c63b2d144eed5c86a7646d4ae229be0a3f5ff51cb789

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
522B

MD5
4f9a838f654c4fb4826e68af5e5a60cc

SHA1
417a8a61dc75f50b5fb53a969799994e68b1eadb

SHA256
ca878b255487b2f528a28bb500c8e126d34a60aad6606474a74df1f46703e6ba

SHA512
6387c5e6a8b8f8ec8722bf9991c33f4cc2f4fad9bc1ecad73d27ab5fac52ee2538ca212c2021a439b8e4216fc4ae58bd0d6830ff35f24990431e8cf6a4e9e447

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
af61e16db4944ae451011f71e39f20b6

SHA1
bb89c2e74d07f1faf7e8d9bc7f9199c6df37d0fc

SHA256
510a44c2e87389355dd8e0e1aa545136ec3001cd2338ab13b4cddb5150a1f89c

SHA512
f42fcb21cd11c1860f7fad3f5bbb8f689fac372c123488d03182d45b7795e9f5e2e370ace72a34df519f42ade11450c5ffff5dbf379b474c7d5c1d29adf8a6d6

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
72fe6a662684e5ae3b6ae1ee9ae15870

SHA1
2facb5daf4397aee92f29704023b56a80dfe2ef2

SHA256
77c864a385ce310ab4e1d5bf7747e8cadfc3e3939e80e9866e0f3b07802be1a5

SHA512
81b88c57c6958e68355d6c9c96058ffaa9df88ea9e9fc4be7bb35d48948fd84803449c61820225a0ff1b0abb5e5d623706bfddc2ed9fb2066f6a38c145b8ba6d

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
3KB

MD5
42642b19f3a82f183b1eedf1d649e73d

SHA1
2beb4fc81c569b5dbf0294efee88f425fbfc0fdb

SHA256
36d19b86cfa485ebc2fdd7687b70ebd899f1da3678cae8b7382f78d8b0a2b2be

SHA512
9a2addfb9ea0cdec0cb66c3fe02470309e53011e1b2ca11f146184c7f4eadf07262c413f493ba154a21518fa6084e1465b0dfbfe1e5919aa2cc6afcaefbb982f

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
4KB

MD5
b0a2100be3e941137e4764b3ed808b05

SHA1
256672c7188b2ed15335505e00a9c8d382214e8c

SHA256
3d2764a9049ffaaf75dd0c93d601728972d20c319d3f5579d6fae64be5891a9d

SHA512
2f5c296f9b57471c604945179961a5ce47223fac8d8a094aca60aa6bf7b1c6222616cfd893862cb890697bb97d7971877250cbad7a3fdbc16bc40edb6d8f8063

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFill.fs.bin

Filesize
185B

MD5
2490b24610d47d01abd21d533fea6cf2

SHA1
0601b600014e594f28ad3c11b155224375cf5509

SHA256
990ff2a6ae6a46b69ae41783abc8b4282f43e008d1fff7761257f6eb5cacc394

SHA512
ae88495bcf99fe3cf27d7beba65b25c3d63f10440f12f7aea7530e45adc6a711a6088a3fca2096ed0592f02d08420efe2f4d7ccd09f6a8316ca7d7ec3c0530d5

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFill.vs.bin

Filesize
285B

MD5
194766f9fae6fa806a7381b75c77fcd0

SHA1
f7eccd5b802964fffc69291cac8224cfd7eba2d7

SHA256
8ad817a915116c4e14458ad946c325feee7806a5d2d9df138131846435c59be5

SHA512
eecc509f60d7773cf8c38b5fa79b9b4dc5d9f8df21b4586fdd03624f2fbb6b8cbfaa93c7e0cf817f010145e3341d26dcab49adb6329786c4635939622d48ca07

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTexture.fs.bin

Filesize
576B

MD5
9aaefce5e0e153b233a35bac46877af1

SHA1
b84aa4dc962e0abc7b4663259262be8851ed01f1

SHA256
ac39c7b02778e3c77bbff0f02c6e3f94b5d427486936a68ea75daabccae21779

SHA512
d3b19e186362d2397f26c8b68f92404815b251e749245aae91b21766f08b980344ed84365f7ca539146a0c503ec1d8cf3369df6f7413e7933fd719bb63e43da8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTexture.vs.bin

Filesize
321B

MD5
961353ad14b394a14b22175f2f455fce

SHA1
9e66f9225a7811e339c10c403e7aa6e3ac39ab58

SHA256
57a02d45cd858acc8b0fd9fe7f16229224afc4c9db7c63633ebcb5384a3b65cd

SHA512
ff4f6f872b6474aeccf254fd05043e9cb7c5ca1dd11d9e52077377af26146138a2cf6e86b1c22b83f3200c2371f76b66843492d73a0b89b03a0f34b0f0921ba4

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\NormalTexture.vs.bin

Filesize
543B

MD5
eaaf03bd658d094184315c849c9c97c3

SHA1
73e1af5b673a91498013b33669575cc183643c36

SHA256
9a8a94921ff59a86df7a498aa823f9f4f2872a6680700da139de78ebcd70e21e

SHA512
bff34a336815d8b3cc687e169949c4485c34cc59e14a3fd9332904830dc1d73a01936e51f05b91c52701b112c69715310c30f1cc43526f66960128cff72885e6

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\VertexColoredTexture.fs.bin

Filesize
530B

MD5
3bb5cdf656f942b87d7bde085745aa06

SHA1
d4ad9f694cf03dff976191cf78b48abfdc4fe32f

SHA256
ccb251b1d2b8560891e5e0d8a2f71ecde2839b144c5fcda4b423988453b5a153

SHA512
3de185eda05fd2a6d0e5bceb35c9740fe8225eddae9226717b3dd0b5575587c515af7638f5ce1f8b9fc40cd4e7803674111580a9b5feb1826a56d97ec7c3b5e8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\VertexColoredTexture.vs.bin

Filesize
357B

MD5
0add8827ff49dc83639bd943813abbfd

SHA1
ed7c72df1adddb6e7f62c128661831cf7e5479e7

SHA256
2590528de3747576416f751bc3ec5e399987b2e07431e828872962f7e7aa6e33

SHA512
ba0ac2424015c849f8977e0d82db60b5cf091665fe3d7cdaab22e7de92a8f7d06a1caa6c70b637f581a016c368c3e66556172161b99ad3a7965a8ef0f0d02004

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
36KB

MD5
338aca3c8c7df83973288cb797423c3b

SHA1
1f217f876fe3c45fc686f8eca4951e030d96b05c

SHA256
e81d76077f95c6410fc20ad8fb0f3a474ab724aa795e1b2a99453ddb31de61b6

SHA512
f815fc8a5e3f278230b9ab8290b932d121c147d33d0d781a240dd497673f505cd74919c4fd563c6c4e4d266bdefa741d53dad1b14b56506a37e19312f6a270fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
1.1MB

MD5
34a02dd7f8b393eff0b3f133576adb8e

SHA1
b512edfa50e3ad8f44064e7805443032f8cc9b28

SHA256
f38d66808f86e685fd596c778cf5e8dca79d1d0b223c008d9b31b636bce2299f

SHA512
53d2669725bece4eb3f9c9d2e9714ff9e73dade82a63c0056cfe9e6bf2cd905866e38fafd0d89ca4a2eb9406ecaa7aa89221cda4641a355494b21922d42ec48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
46KB

MD5
fc61620b49e35cb359b1f0cf208f6a87

SHA1
54d6ad78961f356ae02cf52144e2baed96f97485

SHA256
65cf192b867dddedcb10ee782d29d0989c00395fc6ff6a0923e23756ab8e0eba

SHA512
17ae00dcb2a9293e33007c623ebb462ba4961e345255733b03b1dcd4bbecf34db280e77b57813e5b5c42467ec0a7c7af1b40fb038650fe526be380f4624dea17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
790KB

MD5
d3caefdb725367df55e024a7b2b07fdb

SHA1
43e17631f1f5afc1d4eb44520429d615a4c1c4ae

SHA256
7052bba6a95a3eefc446fe5056a331cf0a8a09b145ed17e7f55e6a2da9b70f98

SHA512
b021efb73fc8e0f1f19037bf5a4b78991c16f20a560babecb490bd7e74117565c0c760b5517b6f31a503931ed055d90b8015adbad097a936f5424a13ff351cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
32KB

MD5
fe8d1927850115e93c0fff338d26e33b

SHA1
fb05c4baabff24a080803100504fc6be93c17097

SHA256
a4626c2caff7fb896eda12142bbf07fd0d6ee79db365e994a9bec1935ea29d89

SHA512
a187213f00c7a15231d0b9899611c0cdd6688a6d49812005e2a166017bbb105ef4494bd4783d98c8de2f0495ba3eaaa3c39daad2231027b74a6460d296c16c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
43299c5aff43b7241c3fde209261960f

SHA1
9579940d4d4b1d0b3720dabcea7f8a26991a58a9

SHA256
80a910589da935ba8582de72ca1a01aac96231be95332778de8ff234e69b82b7

SHA512
b505ac7443c93913e98b7ecd91a0dd38a4911b6ff946aa7c62b76493631a59f8c257b7816034d33099962478f832cc8ba44bca32cdcd30db198fca8a102239ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8cb0b198630771a594df9cb51d4f0252

SHA1
409f2e8148a1d98c64eec0d550e7b3c62266da67

SHA256
75a88b382fc574347b442e01d3b2592f9fb3d2be1a2b562061f0f9e5ea50a1ce

SHA512
3a3772e1e18ee74cd02679bca68907abd6e65364bc8175577f7dad59c5f27af1385b94ca54fcfefc54da8ea3de850c92ccbc44561d60151a6d99d8697c335c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
ebf3167b072bf8f9c5d4287eea574e00

SHA1
9e0eb7df74591bc33ddba0c94f90d16757b997b5

SHA256
e1e6ed04f184b4fcce4405fa25c26cbbc6445ca1fd99ae605f68a9357a28b04c

SHA512
d23bbbe08947bda52d382ee607e39a94b850e610ebade7bc8720f0db7f081796aaa528065477cf4058cac4f996b01e10414a124c8011d03339b77d163c77b95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f284d1ec1d9236068abfb704aec7a63e

SHA1
e1cd0923404f0e86946061aba5fc5ee97dc704dd

SHA256
2a379f08f877eda23fefd31cfcbeeeaee78417f9e287170471beac634ecf84bc

SHA512
0c7f39b04e95bbe352d8c28effd4861c92d29a8a4141f2b16aa0bf05cb7980eb2cf5b42223ae48659e9896f77a2d0315edb2456daffb069303a8316a22a0721e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
675bd32740b9b797845df9ae52807d91

SHA1
48aa22913b8e85d3d194134c879d216f1406b1b6

SHA256
1a6251d2aa0f81b3d065c93b8a84661b184fc057b0b036fe511631fd694eac69

SHA512
6bbdd7a8463ad5e10516ec678d9b71ea7a4888d3a97966fc933c1b5f7c9354110fb54b17d2cd9f99e9aba76047bd66838cf0bb403f29abbeb9b1d188612e8365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
dcfd247616c02f065d89a8e281c99ae2

SHA1
b68c48f05c3d960dd5013bfff982e7fbd1779252

SHA256
6240168c3682d3537dbe5be78766d900a8ce34a6fc8efc0320c4d88f3354fc8c

SHA512
7cb9a6de1785b0a2b296cd0f1ffe466accf31401b5d81c6925e0b26bd4f649df90e0829ca2d7745c3fb2f0a29cd9e5028e1963de0fe992e558ef59202916ee18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
521744c947569344d7ad284f070745ee

SHA1
2eb439921e3151a03eed894d87620a48ba6edd8c

SHA256
7d47e2f9fd37d65c1c653783f1295bf34ef2cafdfe59e05b436bb57420ea25ed

SHA512
169735022d1b6b23dc20f1a8b58c5f0a96b88476f80cfdb839a53bf421089b4cd9d73ecbf540a2a17401534e00c32a35c29b1729e2ab6e1a25054c792b6a6575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
e27a3cb510c38f393068380fb31b3864

SHA1
5be9375619c2d47c2d890e7b110ea217b3d6339b

SHA256
6eb533b657a35b443ba55ec46d05a154c9653e0f7f9a739f6c5d8536f9a4b287

SHA512
a1955edf4b446a099217ba1dc6aa611e269ec84bf7e1d70a5f76c9af8385b5cc8a1ab4b64403858749bef38f26e4bcd6db2359006eb4cd287e221b0f9ab738ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15b01bf2ab7bbdd528cb98165a29560f

SHA1
31b4a0f9f7e99f109f9c91f2c0ecad1a4d7480c8

SHA256
6f90b98cec0b3b8400b4cf88d241717d6f05fa9439092090b5d48905efc12337

SHA512
7659ad0029e6da95b5915cd8e2c4cf94da9f81914c5dac73f2821ff2fe291254a4fbb722303141743c0233033e2ae1bdd2d37a5edddfdc3cea0608942d951101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a835c124f825588ca2490fae78033042

SHA1
ff07bd499c5c381c8931a991fc0c5740ae01c578

SHA256
7cb52eb83033230a626100bb8371a0d755e1c691426d1c50c37aa80509b5316e

SHA512
43504377a25a7cb42678a31a7cd5845df0551e1e3681e760798ba752dac28075c4b9b278f834173c609cddc276c99534e17da6aaf26ee3a7d14a07df65cdb612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f3b1ba5d7b34b7af3de9805629588bfc

SHA1
e096b88f5f1c4b8b0f12b2e17bac21fa22585f82

SHA256
551434ddc6f86fd8448fa675b8819f5ce8d7d924256e8afb5aa9d69b1a7249ed

SHA512
01d18c02901bdfe40c44518294fa5666c094c3077d869518b6569ec1856753ea29fd0d51076237d244ce83a152c7f123bc405bcd13d4916ac002838315f05082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a4b21debe23ab7dc055c661cfe7f0188

SHA1
1a6a5f849db72a4adcc1b785339a1d3ae9650daa

SHA256
f915625ad4985b0da0668751b4b137a51ea4157486df1f69017938102be6ee8a

SHA512
20019e6c04187e812c8eafce2bd1631cb785fb67c8fe4dda803388e9bba5a4d001176b97bca7d6b0d02f3d430e7ff485ed3bde98f73b97f8e8701842d23aacff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0628b3f019bd946543d03dcad7022aa8

SHA1
4da693c4ec86608bb2dc5961b71027f2279ea5fd

SHA256
7c72a9d82e1aaf8fe263f5da487170166130a5a218e6045a81005f189ade7cb0

SHA512
7ca8f40a9f5298e2db77c1f4bfa14a7c4114067eb24494b36d7c371c3c77bb8f50341f746971cb1c1b29d8e10ff901e61245283cf993ba9d0117a695c789bd89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9f059b0c2d90006eaca0fa79c88e1f1f

SHA1
6f0636d542bcd5cd2b8d016106817bfbd51876ce

SHA256
f55a20d148fd3e1772b13ca032f1d3804db827b695831dbe1bd319c65d9368d3

SHA512
19490fd19f774204eb75d9131cc70c0a54a41421ca1dbfe8123932ffde1922884ed6047a11fcfc9b72c7c7776f855e884313772e4d85b400937376d51297b1d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12b248eb-8283-4565-8262-4c0257e816fa\index-dir\the-real-index

Filesize
2KB

MD5
baba361f84fea6d5c608d2f82d9b6391

SHA1
ab473dfb365b9c54613d02861ef81df833dd7a59

SHA256
e790828a5ef760228ad726a564e069f4fc5403fb45704d8bd7d8fb55d6570808

SHA512
df84c768a658837ca4a9e206b25a7edb3928e03ce6b81b9318b75425faf4b876f266f07c60a10b66226b1dfaca7476f1dca657cde4299ba6156eb1ef0216b86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12b248eb-8283-4565-8262-4c0257e816fa\index-dir\the-real-index

Filesize
2KB

MD5
747df85504ea63fabb7a90eca902ad8f

SHA1
2ef2af83800d0aa40a29ff11e42e80ec33c150e6

SHA256
e38ba8cbe536d74bacd5b25aa8ed558622332139edcfff1524354796c1538da7

SHA512
a9101a9d1ddd90c18dd57689fe5cc009e70e8181c335853addef0d45bf29d468bcbaac792a02fe52a21c2fe98c4461f2964fbd776272ddd3376a41f858c5f07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12b248eb-8283-4565-8262-4c0257e816fa\index-dir\the-real-index

Filesize
2KB

MD5
fff69411b8a8485b15a65612ed54bc53

SHA1
783b9672a5c3e0e7f60e7e37eb50f9be4649ca27

SHA256
cde960648a0493340532f58db90896a396b7cbfeb10baee732c51a264b61370a

SHA512
8326b931c8e3de17c0c9ed81f950fe480a7ae26d2a4bd2ca86979a4c7626ff865812d2e8c52771dc20b22728b03ea602137f7c534a13d7b96cbdc0e1ad4ca69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12b248eb-8283-4565-8262-4c0257e816fa\index-dir\the-real-index~RFe5c482c.TMP

Filesize
48B

MD5
25322785b5b1d893b0919c45cfa2531e

SHA1
690141914487c12095343dd8b7bc38de8acd31ac

SHA256
996c95d8b9007d41426bc48cfdf689a14eded6976b256277b2b8c59773f5e6b8

SHA512
f72eeb0200d2d4f07d5ab45f8e6e6d54cc7b4d5b3edaaeffa5e3d7211b320af7ac58285f7c3a2080f399423f1499f3dba5e7f94b0d195d5e52910654f641076f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e6092233-e1e0-4ab3-8a7c-429c08fbd6ad\f71a17acfa842825_0

Filesize
2KB

MD5
e6c9e693e53327cc75867a110ed10a07

SHA1
f30a30536b2af8459bb8b46f6a3a48e4ddd9a53b

SHA256
5b71f09de6080a15df1f40db3ca8eba5a582727cb2820f1a9035fc34c3e95e0a

SHA512
6b19404ee9d0b17746ad59a64f759a629f9241e093dd37e6d60031a1c87f7fd0446fa9498ef8b3fdb4329e8617c4f15419e73f6cdabd92bf32d9d69b29dfd437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e6092233-e1e0-4ab3-8a7c-429c08fbd6ad\index-dir\the-real-index

Filesize
624B

MD5
5607c4c2667ef821e0a6abc30be098e1

SHA1
5ef7f8faa2aff79ebb8a4898a4cea983c9a140f9

SHA256
4058b7ae377c6de7cada459976955b70127519aa9315daecb54d125e542a8fec

SHA512
45f179aadded0bd1838cc2bc50c993a30ee76a9d31e9edfadc1e51e0859adf49bd73ea4354d47643b9ac5ff402679c4c45ddcd1edc21247d46f8728dde58fbff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e6092233-e1e0-4ab3-8a7c-429c08fbd6ad\index-dir\the-real-index~RFe5bf6ef.TMP

Filesize
48B

MD5
a4c1bfc33eb6068ea39db04564076eda

SHA1
1336c08686df298a1d83e5836cfe984543f65406

SHA256
7eb7aedc972af10cbab5a955ffcd9b8c6249aa1708e8543dc351935504f2498c

SHA512
d8ee419b4b4ca9f35052a0f31abe569442b81b0cf3a64a590da509341c2e7656e5a11017087a276260ba786d1ef3baa749014b1511691577ad07ba4963e915b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
523c54b83f98002e07e8cf1fb3d7ea2c

SHA1
bd946626957a1d55768926a331053aeb4ee3cce3

SHA256
4e5b37027a348a0c8c78d545155eb8533f0a82ca27944c87d788c107e8dc4ec5

SHA512
61e61e7d9a22e78c14642c2ad72a198be38e10150f43fcf24c59b866eb8cc5f00e8738956af2dedc16990a64fae54af0cc50b04f14854f91a08941171ca487b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f3f9d78c86af8ad333f203cc3ec69454

SHA1
3dec233bc3fae96288c7d62e5c2c71adf90cf7e7

SHA256
b1ea8f33dd9513c97ab486f5879ded19e746651fd0309683a230b493c7c38b32

SHA512
1b5c0ffe884c69662729bdead5a7db0691da4a898917a1b007715b86da4504df53c0f3d312b997baa6bf690bae00d0b55daa5f672f11a905ef56641ac464fc07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
507cf0eb0fe3010f0d56c45ec1251450

SHA1
1b24f607dae25afcc4bc5747f37794bd3c481e02

SHA256
94bcac6537bf2af66849747a2545cce9f708e7327da7fc8c3b399d162327390d

SHA512
a1d046a11f8ab31d4a414818c3515b15ea8722ef3a376c48cb2d92b6b217b35a19617129aa1dd38e1ba81976a25952a65ade3be6175cc5f79214f20d1b929d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
d00a045ff80f617ea1b794b262516117

SHA1
1abe89a3cf76d56925c853aabd123370e51d184a

SHA256
f671b7b0af963cb99b815391f0daa8378b5151051a457d6858e43d3237b96d0d

SHA512
c67af1fead47182da929ad0823cde3717ab1ef16a15e7be8494a2e51663de8ef49a36d66dbe4a070ac91ad7a50be50b4371a63ed72e95b37fa1901056d149e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
7d759b14cdd85f8c03cc5ebff420e6b7

SHA1
7326c21fbcc0fc8b7867f550bf919ed6ddebb3c3

SHA256
977fc6d0c5da42407d10918f73a4b212492edf7e74a52b750204b159c39d42d8

SHA512
4de99846d992933ef8f534fbb4d53290d553b7d4b95b1177293ecaa84e7750d83e9b2646b0d29562997023d5eecf2a342e1274adf521fbcb0898e49087287e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
5e62491992a2efe9f50a877b82010cf4

SHA1
5954bf053d4332c9d62950d9cb026a72790e75b4

SHA256
3324e8c69ce92df41bbe1d615455e0a44908643095e1238ba34ab9c0a3c218af

SHA512
4370a14eb28d17a2663f7604d7f04fc031da95b01d1539a68651a9ff50db0a8cf0378cb6cdd24abcc3133e5b5eaaeda25272fb4cee4191547da103696438cbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b9910.TMP

Filesize
89B

MD5
384b79ac42f5a14392bc43ee9120d555

SHA1
f15761c0b52f3fd4728222b1c36f664303a99438

SHA256
e23daf288ad80f8ec1938b7f82de9390e99a99f7dc6787fbcbabbdad7443b0c8

SHA512
4892fd0a6490e186d80d235b2e53870fe90750b0a7c19f5f60e1f68f125ecb37225a9cafb56d4dd35de49e7522176a9eb4df28098f9effd0edc2753a4ae095e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f21af14c29d04e4f6175bda86d5f3f1d

SHA1
f423e4d3ab8945c33f97b65b95dc80c7bb3eaf05

SHA256
42a5ceb386b96ceda43cbd9165acd5422fd24551a6f832d0df690378cb5f690a

SHA512
f12ac68db27f9b2976ae2d2d1e9470d4731ef3bf2017beab89e327287b085c5ebdd4285b7230d7631f3bd8ed2decf362ddac61a55340fe9ce0c2558898581cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bf029.TMP

Filesize
48B

MD5
861aa37f61c8ad605a84a53f98903a1d

SHA1
cb29647cf50ef929c436939bf629fc29b5937ad1

SHA256
ba7d856b5e52b9da4cc4cfd7b2ca2b2df04927fbdbec300b9f6e824431c4b8f7

SHA512
2a69b75cb498e6f8d3604390dd15315e032e0b232e3b4288f1c33d3d7e3dded77a480bcf1c3d457d244a0cd6dd23149831c9c1d1b62576153c6059cf604656c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6c560cb23c12387586c56c5e6ffe6003

SHA1
2798cb14aa14c70004135dfc0ac0608346e10ee8

SHA256
0e862e12b0bc632c75e0557abd779286375981935f6c932f9b8a079c82b7f6ba

SHA512
60018a0ada3871c33b3bcf1bddc2c6b62eaaa6127b2efcc5a5bb5efb20fa75588740bb7dd4a9229a8a1c722de07c54bdd7033c33065dc674dce3c4ab1e150108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a683355540dc14d35aa1bd5b39a046ce

SHA1
0d80fe49f674b2fbe2a27ca0ec38d3fa7a5294ec

SHA256
0df73ba6d619830e5495eb43b4ffdffe25c993278f75d98f095b08b2bdceb57d

SHA512
6f8c44875ac23fceed677b5ef80acab2517ef85b8fa70f812b3104f4c94d9ed9ef646083c56d58999fd87533766925e3a2197dc5cbce0956f77d223861652094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
603be640210d915e311f707b93e4b706

SHA1
7ad232780095209733cf21939977185cb5e75565

SHA256
a77485b27c9068476ea8717c977c7d93c3d8db7e33aac3bd1137691e66e9e0c1

SHA512
ef0c679268539d30eaf20f47dda1416adf0e417e67adfbea208d18ccc383b0a0a5dedd9aec0b537ac26efa8ca19c7ff411f6221a5205ff5e2378072aeb4fd5ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b07fe0aab999c8dc1806198dde5f37c6

SHA1
e4602dd02c3ef1bf4f27842b4e8f606acbff2261

SHA256
5d2df2b1e32f3cba6201e477e6aa0d2d9bf9ed6cf39a52bbe5a5c195dff958d4

SHA512
d228afa41705f4c872d428b4671b7a706f1d0fcc3a34609edecf58812528f2b0e3bdc91ac35cbdf744366fd007aaeddcab3e9a00ab39c6ae1f2a0e204275d1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef80.TMP

Filesize
1KB

MD5
35030223848996c66bd77b7d05497b32

SHA1
7ebc66da87d7c24d183edf6cc21c55e01f7247eb

SHA256
ab9d49f718f503ca5ff425956759035cac8a8f2b9831d4be60f79ab855875324

SHA512
7f986e004e15960c1b32a12f5fd799d70679294a501955b60b7da18e568a5c8d779284da72da6896352cada8015ae9d0b379808d90cd7a9ee27c6b87185832f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89a1b24095a7386af5ca536fa03ce636

SHA1
4417b87f544cae79c3814f17e578bcb5c7502cdb

SHA256
558b9e437567ea686df9886724daf35d8a304d9e61fb992c540a362f0ee8a98f

SHA512
f58d8336e6ac31119440d49cdb9adc9e3fd2dd1da155e4c56d939efb610a18b02c9d6bf7c227e23a71765bb2a7fb8797b087cd908fc232571f17f492388bda69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e1b0d6ec51f9a0cd6ad7d30a3400d580

SHA1
d5ab1cba44560900dea449615035985b249f450d

SHA256
175771cc7b08bfdb76cb9ce6b243dc6ba6f21035744c32f902190e357b2e079b

SHA512
ba39565afb4689f174e7ebc5a33bcf08f62b944170ed34ec7d30a1de3e629ccbb18c660cea6488324b7c7a45fde4509dce303dcf1749f497441bd1bde62b08cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb31a2d41b0802aed679fbfd6a26cadf

SHA1
ec84b13b785ba95db6dd40fa12bef262f59db8af

SHA256
c0f16cd5acc6cb6a8dd7039bd05fa3d2fe61bf54d5b261a9cd10d078ece9a81d

SHA512
00f21ea9dae20a16895985f98d400ba5b9d9426d0974332daaf81d58342451b0dc1e8f2f9f1abfa0add7b0c0c0aba81b1a5473a1fc7a27d345c8f454f4d89a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
20932fe31870161d8f1c0c80e7f198a3

SHA1
8eecb8ae68169be4ddf6da76e5f599f8d5f75de3

SHA256
d1ad7d81e41c8edc17b88b15b0d2bd4d9352e1ea5508a2c07de763cb519dc440

SHA512
af807027514f30b6198b7c1c5a417a0993f4635d68c5b6bcde4e66a7624d2b0c6d17de6e011bc9d24bdb6b71c8fc64db5e8152a83730db8c7dd2c29b9e897a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB37F.tmp\InstallOptions.dll

Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB37F.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB37F.tmp\ioSpecial.ini

Filesize
604B

MD5
7004353731b6675605e9a617b467ff33

SHA1
5debf3342e96c0eb74df8698a383ab1b1c35217f

SHA256
f500aa40812d3031d66548fa297c90055d8c342d625c74ec849d7e5925c6e30f

SHA512
873118c0d2a3e553ca39c46a51f83fd46ce03a13bdbcddc4813f64f04add17e3906f35f18216747584d84e86299d29c63befbb28d5285d86dea482f7d287e6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB37F.tmp\ioSpecial.ini

Filesize
776B

MD5
bf37250c438315f25899f5035ea9cd31

SHA1
10a1c63e9c13a265f19b4c331dc10d96bfaceba4

SHA256
2043c77c8c078d25968b77b47e536dbdb7d2bac81e1b66027dc7d49a6d152390

SHA512
eaf9b1304c29e0cbe30df92a3868f8f15057e3320e7c63d529bfa621674d681dd9173c2147eff0c8761afdec9b43aaa41c7cd620ab6a74f9a9ff459f4b6c055c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB37F.tmp\ioSpecial.ini

Filesize
802B

MD5
0115c49a8bc500fd2697d49ce279d8d2

SHA1
ee623b88d3f93a24c85aa34b0f19e30cc8f806f2

SHA256
53b8db76cea7d389ebba475c5ebc97c66af99e5d621a75f348ddb56f223d07db

SHA512
cbe13dc766ef992152e3ea47d3f54088c71a58e973e1803e3839b83766badd37f9746f9e81c279d24f2b183a4cbe5ccae94ec9b55f7c9cbef8343b18f657025b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
098566d01cd319487ad450500ce2a2f0

SHA1
bfc241fc7d1b41460343d47ee22bc46307d2aa54

SHA256
24c1e9cd15725da57a6f5d74eb237118d23fa30bb730da3e7820bb5fd982821e

SHA512
ee32afc7b6a8fbd863e4bf42d8c35df954469127cb74ec1c1c6b82599072e61926fc81cf6c40f30f6f99113ef7ff6047c06c99220726c6fe28b28975aa719236

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e7651f8d834ff1e0031eb0c215137744

SHA1
8529d72c3b8465ccf849e399f93446e7aa691cce

SHA256
1189d08094597183482280e4991dbb633954b0296cb9ef0f7ad23bd5d3abea17

SHA512
c9927b58cdda2cb870145345ec103cc602858082c11f0d04c9caf2f2ac69aa7210a935d18b27be2819720f2cf522063172d052e578a291d035a8403f58d6abec

Download Submit
C:\Users\Admin\Downloads\GrowtopiaInstaller (7).exe

Filesize
236.6MB

MD5
cf9c67c901ed19fe9fdea3aa19b4472d

SHA1
6dc0a6ad5d1040dc4a1e9619c5df24ad000d362c

SHA256
70d1ab38b00f9fe6c49ecfde94b8b46ed4808bee2d7317dade967f2f41778e38

SHA512
2fb6e6ff9726e087035b4960fc80c607913a67e60951473fb8dd40b65b94bd8b67dcb7f59fd26182733bb4130c2448690430f250f217fbdd5cf137eda1e3f3c7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/4408-3989-0x0000000140000000-0x0000000141000000-memory.dmp

Filesize
16.0MB

Download
memory/4408-3978-0x00007FFEF8DF0000-0x00007FFEF8DF2000-memory.dmp

Filesize
8KB

Download
memory/4408-3979-0x00007FFEF8E00000-0x00007FFEF8E02000-memory.dmp

Filesize
8KB

Download