95004cedd46d05041d9bf426097d7eed0891d376bcf385ebce16b6af77678ce1

Resubmissions

27/12/2022, 16:30

221227-tz34fafb94 8

27/12/2022, 16:29

221227-tza3naad5x 8

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/12/2022, 16:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PolyMC-Windows-Setup-1.4.3.exe
Size

36.8MB
MD5

4de957f7f7a225d279e04d543465c0d4
SHA1

f7097b1435221613e95470f072f4fc476dc480d7
SHA256

95004cedd46d05041d9bf426097d7eed0891d376bcf385ebce16b6af77678ce1
SHA512

f743405729dd0ea052e9991daeeb5b397ab484ac2114d8467b5e86b78d4ac8978b4992c5a0819d56f96af967e7a9d0163e4bebf0fbc59750af63e2bf1392da0c
SSDEEP

786432:bipaXXHkdnMkZumuNLkP4HcZ1rH/I9ihqIse6COj4GkFGXG3P+1U8L:bisHtkZxuN4YcZ1D/KLzDj4HQXcP+qE

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4256	polymc.exe

Loads dropped DLL 55 IoCs

pid	Process
1480	PolyMC-Windows-Setup-1.4.3.exe
1480	PolyMC-Windows-Setup-1.4.3.exe
1480	PolyMC-Windows-Setup-1.4.3.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe
4256	polymc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
3008	TaskKill.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4256	polymc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4256	polymc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3008	TaskKill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4256	polymc.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 3008	1480	PolyMC-Windows-Setup-1.4.3.exe	87
PID 1480 wrote to memory of 3008	1480	PolyMC-Windows-Setup-1.4.3.exe	87
PID 1480 wrote to memory of 3008	1480	PolyMC-Windows-Setup-1.4.3.exe	87
PID 1480 wrote to memory of 4256	1480	PolyMC-Windows-Setup-1.4.3.exe	90
PID 1480 wrote to memory of 4256	1480	PolyMC-Windows-Setup-1.4.3.exe	90
PID 1480 wrote to memory of 4256	1480	PolyMC-Windows-Setup-1.4.3.exe	90
PID 4256 wrote to memory of 5000	4256	polymc.exe	94
PID 4256 wrote to memory of 5000	4256	polymc.exe	94
PID 4256 wrote to memory of 3920	4256	polymc.exe	95
PID 4256 wrote to memory of 3920	4256	polymc.exe	95
PID 4256 wrote to memory of 2088	4256	polymc.exe	96
PID 4256 wrote to memory of 2088	4256	polymc.exe	96
PID 4256 wrote to memory of 716	4256	polymc.exe	97
PID 4256 wrote to memory of 716	4256	polymc.exe	97

C:\Users\Admin\AppData\Local\Temp\PolyMC-Windows-Setup-1.4.3.exe
"C:\Users\Admin\AppData\Local\Temp\PolyMC-Windows-Setup-1.4.3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\SysWOW64\TaskKill.exe
  TaskKill /IM polymc.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3008
- C:\Users\Admin\AppData\Local\Programs\PolyMC\polymc.exe
  "C:\Users\Admin\AppData\Local\Programs\PolyMC\polymc.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4256
- - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PolyMC/jars/JavaCheck.jar
    3⤵
    PID:5000
- - C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PolyMC/jars/JavaCheck.jar
    3⤵
    PID:3920
- - C:\ProgramData\Oracle\Java\javapath\javaw.exe
    javaw -jar C:/Users/Admin/AppData/Local/Programs/PolyMC/jars/JavaCheck.jar
    3⤵
    PID:2088
- - C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -Xms512m -Xmx4095m -jar C:/Users/Admin/AppData/Local/Programs/PolyMC/jars/JavaCheck.jar
    3⤵
    PID:716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Core.dll

Filesize
8.6MB

MD5
caf147ff911dfe0fcbbdf2deb9ae28eb

SHA1
a147f4129772204c7d3be0c3c8de3b09683b5a49

SHA256
d089e9bc7109c2815590f254556820e307d1eeee4ac1274973a7f36836d7b121

SHA512
153c6a1b791e79257ca24e3d593eec476705d1d70fb0fb6c254ad70f5a18de35384598f3929e9ca6c685c9fe9ce129b3f74a90e7232a3a84c042096c77630329

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Core.dll

Filesize
8.6MB

MD5
caf147ff911dfe0fcbbdf2deb9ae28eb

SHA1
a147f4129772204c7d3be0c3c8de3b09683b5a49

SHA256
d089e9bc7109c2815590f254556820e307d1eeee4ac1274973a7f36836d7b121

SHA512
153c6a1b791e79257ca24e3d593eec476705d1d70fb0fb6c254ad70f5a18de35384598f3929e9ca6c685c9fe9ce129b3f74a90e7232a3a84c042096c77630329

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Core5Compat.dll

Filesize
523KB

MD5
89e98f2f0e6de940b0d5d8f7487690b8

SHA1
291c1e8ba139eb56516ba5113fb511442cea78a3

SHA256
02636f58baa4d719893e8720b0adf975d0e783c7b4ffba80e09a356862d9364b

SHA512
104de3e5598a65c6f1e384782583fd88f271b7e8c88f681ccf5c787473efb51fc85bcf168e40e07f391e9f9b465e96db74e09f9a56dce81b3e2eb420728a6039

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Core5Compat.dll

Filesize
523KB

MD5
89e98f2f0e6de940b0d5d8f7487690b8

SHA1
291c1e8ba139eb56516ba5113fb511442cea78a3

SHA256
02636f58baa4d719893e8720b0adf975d0e783c7b4ffba80e09a356862d9364b

SHA512
104de3e5598a65c6f1e384782583fd88f271b7e8c88f681ccf5c787473efb51fc85bcf168e40e07f391e9f9b465e96db74e09f9a56dce81b3e2eb420728a6039

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Gui.dll

Filesize
11.6MB

MD5
29546d6c44249c3be171b7b937e2cfd9

SHA1
989e58b79ffd23f34807b3d3e8f4191f079cc71d

SHA256
0d354756e52922b02acaff81251e574cc43d4f73cceea18ce9ab31869db554af

SHA512
7db688c4dd93241df49bc7cc2f018911138f6909a8fbbc242b93766264503347f8c10caa8c8d6a5b7e71596d3030902ac5cd0d61bebd76e10706560741768646

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Gui.dll

Filesize
11.6MB

MD5
29546d6c44249c3be171b7b937e2cfd9

SHA1
989e58b79ffd23f34807b3d3e8f4191f079cc71d

SHA256
0d354756e52922b02acaff81251e574cc43d4f73cceea18ce9ab31869db554af

SHA512
7db688c4dd93241df49bc7cc2f018911138f6909a8fbbc242b93766264503347f8c10caa8c8d6a5b7e71596d3030902ac5cd0d61bebd76e10706560741768646

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Network.dll

Filesize
2.9MB

MD5
704be2c2044eff3ea3bbf3df894fe224

SHA1
2e3f80f43525463ca528825287314d4bad544087

SHA256
8a45172cbbda1bb6a971d6a158610158f770aa65e735db2a8b621d06afde2eb6

SHA512
2b0c2d5eb80034fcb954e0c4bc75a56d2e7bc834301ab79948ad0429d5cba60845e3a6727d1a8e8d21da9c58fa75a6ce3f6bae899792e3640f127043dc8b4461

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Network.dll

Filesize
2.9MB

MD5
704be2c2044eff3ea3bbf3df894fe224

SHA1
2e3f80f43525463ca528825287314d4bad544087

SHA256
8a45172cbbda1bb6a971d6a158610158f770aa65e735db2a8b621d06afde2eb6

SHA512
2b0c2d5eb80034fcb954e0c4bc75a56d2e7bc834301ab79948ad0429d5cba60845e3a6727d1a8e8d21da9c58fa75a6ce3f6bae899792e3640f127043dc8b4461

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Widgets.dll

Filesize
10.4MB

MD5
9d2f1f8756d70ac5f4bcac0fd505af25

SHA1
b156f8a97d6171ece17bcd0080b9c2648bb3ae45

SHA256
ba6b073f46d7244259b2f00d0e1c0b75b088c553d3ae9923f757d95d633e759f

SHA512
64ec3f867ff207cc61c3a0629bdc5ac88d44afbdb5a26ce37a0aeabd149a865ef8934120d597953b44bf210670e47f6e71ba82a0de6be1c3b79bb8700b8ab35d

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Widgets.dll

Filesize
10.4MB

MD5
9d2f1f8756d70ac5f4bcac0fd505af25

SHA1
b156f8a97d6171ece17bcd0080b9c2648bb3ae45

SHA256
ba6b073f46d7244259b2f00d0e1c0b75b088c553d3ae9923f757d95d633e759f

SHA512
64ec3f867ff207cc61c3a0629bdc5ac88d44afbdb5a26ce37a0aeabd149a865ef8934120d597953b44bf210670e47f6e71ba82a0de6be1c3b79bb8700b8ab35d

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Xml.dll

Filesize
235KB

MD5
131c05e5b765af383e44b0c96d8f6677

SHA1
575718ac35a4e086678f9dbde6675431058678ae

SHA256
794f7700236662ad28d9ea4aba6681f75d456fe6472ffb995632d0f7c978d3f8

SHA512
86fc59d305b8da3e7461194a6253fb9d163a7e0810d7e617242df2a91315775baf680cd9b89950c969c398b7970a2e7b8df714959f981584828116a7a7b5ef98

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\Qt6Xml.dll

Filesize
235KB

MD5
131c05e5b765af383e44b0c96d8f6677

SHA1
575718ac35a4e086678f9dbde6675431058678ae

SHA256
794f7700236662ad28d9ea4aba6681f75d456fe6472ffb995632d0f7c978d3f8

SHA512
86fc59d305b8da3e7461194a6253fb9d163a7e0810d7e617242df2a91315775baf680cd9b89950c969c398b7970a2e7b8df714959f981584828116a7a7b5ef98

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libb2-1.dll

Filesize
37KB

MD5
33795461d5a7cd537d2f3043275db0f9

SHA1
cbc8a209117a43444277c172b87f6457a206255d

SHA256
63dbe25d039c905b75b1775fcd008ae55c6dfc58a225885984b83702dc0e8efb

SHA512
615fdaa8c45d2e35570238d1949f6187abad811b108d285b30a7e746498ce1d72202b65d66fabc25d530debc7d6f1efa214cb7597ab8e1e6f632ddca9784c8ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libb2-1.dll

Filesize
37KB

MD5
33795461d5a7cd537d2f3043275db0f9

SHA1
cbc8a209117a43444277c172b87f6457a206255d

SHA256
63dbe25d039c905b75b1775fcd008ae55c6dfc58a225885984b83702dc0e8efb

SHA512
615fdaa8c45d2e35570238d1949f6187abad811b108d285b30a7e746498ce1d72202b65d66fabc25d530debc7d6f1efa214cb7597ab8e1e6f632ddca9784c8ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libbrotlicommon.dll

Filesize
140KB

MD5
9abd12ed0256b197ff16f21bbf78614a

SHA1
ad09c01969009186bcc5948fc476e3adc77a7bed

SHA256
de1cf65999706b6c757a3ad97bcb2f283445579c6085652cb7cbbbf611811eac

SHA512
1a314041872b4b49e145d9aab794ca8856fc89e1088a8dac8d37fbfe77d75d421620dc5cb729c272d3b4ff6fef5547076eab268f0857345c7bbd653ba88d0ba1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libbrotlicommon.dll

Filesize
140KB

MD5
9abd12ed0256b197ff16f21bbf78614a

SHA1
ad09c01969009186bcc5948fc476e3adc77a7bed

SHA256
de1cf65999706b6c757a3ad97bcb2f283445579c6085652cb7cbbbf611811eac

SHA512
1a314041872b4b49e145d9aab794ca8856fc89e1088a8dac8d37fbfe77d75d421620dc5cb729c272d3b4ff6fef5547076eab268f0857345c7bbd653ba88d0ba1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libbrotlidec.dll

Filesize
53KB

MD5
b0a2c37448a2cf5a7367816c1c120b24

SHA1
6b8b7d659618b25544400aa3e3c9bb4fea2c7d9d

SHA256
071a283a0a916a3f1cc6bff11cbc92ed1154409b5299d99f49728a0faff35965

SHA512
42bf87c986afcb555d410b9bfd31cab9cf7266eb6ed81b0acc41e44a440993ec39c301093cbf3d9a4b30f1a7457a9ba84913d1babba11531bc4dd80e0f780fd3

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libbrotlidec.dll

Filesize
53KB

MD5
b0a2c37448a2cf5a7367816c1c120b24

SHA1
6b8b7d659618b25544400aa3e3c9bb4fea2c7d9d

SHA256
071a283a0a916a3f1cc6bff11cbc92ed1154409b5299d99f49728a0faff35965

SHA512
42bf87c986afcb555d410b9bfd31cab9cf7266eb6ed81b0acc41e44a440993ec39c301093cbf3d9a4b30f1a7457a9ba84913d1babba11531bc4dd80e0f780fd3

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libbz2-1.dll

Filesize
103KB

MD5
0c6452935851b7cdb3a365aecd2dd260

SHA1
83ef3cd7f985acc113a6de364bdb376dbf8d2f48

SHA256
f8385d08bd44b213ff2a2c360fe01ae8a1eda5311c7e1fc1a043c524e899a8ed

SHA512
5ff21a85ee28665c4e707c7044f122d1bac8e408a06f8ea16e33a8c9201798d196fa65b24327f208c4ff415e24a5ad2414fe7a91d9c0b0d8cff88299111f2e1d

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libbz2-1.dll

Filesize
103KB

MD5
0c6452935851b7cdb3a365aecd2dd260

SHA1
83ef3cd7f985acc113a6de364bdb376dbf8d2f48

SHA256
f8385d08bd44b213ff2a2c360fe01ae8a1eda5311c7e1fc1a043c524e899a8ed

SHA512
5ff21a85ee28665c4e707c7044f122d1bac8e408a06f8ea16e33a8c9201798d196fa65b24327f208c4ff415e24a5ad2414fe7a91d9c0b0d8cff88299111f2e1d

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libdouble-conversion.dll

Filesize
81KB

MD5
7f90fd4d2ad8afac173e78f0168018f8

SHA1
4c06ccf4237579e1a0d56902a3de1633090b56e4

SHA256
4c9b99fc20a6f21da4df8ac4973c530dbab2bde856da7e9c1409c326cec5cd91

SHA512
1f2a67eceb9491b683afab410d25045341a1315125aa2d2de0decacb48269e9e278c5abff0d60dc6efec3f8f51222d91fa5eadaffc64a6715e30ee1db8ef3c92

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libdouble-conversion.dll

Filesize
81KB

MD5
7f90fd4d2ad8afac173e78f0168018f8

SHA1
4c06ccf4237579e1a0d56902a3de1633090b56e4

SHA256
4c9b99fc20a6f21da4df8ac4973c530dbab2bde856da7e9c1409c326cec5cd91

SHA512
1f2a67eceb9491b683afab410d25045341a1315125aa2d2de0decacb48269e9e278c5abff0d60dc6efec3f8f51222d91fa5eadaffc64a6715e30ee1db8ef3c92

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libfreetype-6.dll

Filesize
781KB

MD5
6b737e4793b69a38c4ae229822d65ad6

SHA1
8c8e67992b9e1b1d9034621ddd62def6541403d6

SHA256
826dbefc063d3f61c8fcbf71a44f348a84695bc2f2d30f2838c0a52f10b9d873

SHA512
5cf8836d702818a390eeb3ff27c68faa842559d32b543fe175b38dbd1982698e77230f6e3008900133990a801eb21e474419aee90d9af114fcacccceb19d62a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libfreetype-6.dll

Filesize
781KB

MD5
6b737e4793b69a38c4ae229822d65ad6

SHA1
8c8e67992b9e1b1d9034621ddd62def6541403d6

SHA256
826dbefc063d3f61c8fcbf71a44f348a84695bc2f2d30f2838c0a52f10b9d873

SHA512
5cf8836d702818a390eeb3ff27c68faa842559d32b543fe175b38dbd1982698e77230f6e3008900133990a801eb21e474419aee90d9af114fcacccceb19d62a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libgcc_s_dw2-1.dll

Filesize
142KB

MD5
fa4c3c566aaaa158f0665956e18c807e

SHA1
4b96edd6e7514937cbc5bd51228784fea1cef49f

SHA256
f74a34d781c4db1403418ce29f5359206745f46f13e6e23d394f44eb49961593

SHA512
4cdc60f8a0a06734394946557a5edeafe6516e78b9976628bea39df212a4518b9baea1b6bfaf1cbc2a783224c017d332a5e9a7a97d946f903b56ed6edff57782

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libgcc_s_dw2-1.dll

Filesize
142KB

MD5
fa4c3c566aaaa158f0665956e18c807e

SHA1
4b96edd6e7514937cbc5bd51228784fea1cef49f

SHA256
f74a34d781c4db1403418ce29f5359206745f46f13e6e23d394f44eb49961593

SHA512
4cdc60f8a0a06734394946557a5edeafe6516e78b9976628bea39df212a4518b9baea1b6bfaf1cbc2a783224c017d332a5e9a7a97d946f903b56ed6edff57782

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libglib-2.0-0.dll

Filesize
1.4MB

MD5
9624fd02eee7bd5b46b42fc633d19272

SHA1
452d5b6ef68e9c1b72edd4abd7c1d06d9b3eee48

SHA256
b8e0775240a4e5584fe8be9b1e124c534c51da57786de2404dda50f88c5f6cac

SHA512
904855f48e6d6869dc863389ed5ab8e38047b1eecc80ab4c7292e47ecc839bf07924abfd45c525362f92e4f0b147b8f548fd21e47bf3ea5ec657fb5efb5a39a0

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libglib-2.0-0.dll

Filesize
1.4MB

MD5
9624fd02eee7bd5b46b42fc633d19272

SHA1
452d5b6ef68e9c1b72edd4abd7c1d06d9b3eee48

SHA256
b8e0775240a4e5584fe8be9b1e124c534c51da57786de2404dda50f88c5f6cac

SHA512
904855f48e6d6869dc863389ed5ab8e38047b1eecc80ab4c7292e47ecc839bf07924abfd45c525362f92e4f0b147b8f548fd21e47bf3ea5ec657fb5efb5a39a0

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libgraphite2.dll

Filesize
157KB

MD5
56d0b1c9497c114b9c1d3f478c757aa0

SHA1
f3709ffb3fdd2e0793b16d01e7ffc9c625dc7070

SHA256
68e5be28068f02168bd031e895180d313eaaede1705373b4599d8c7fd424f5c2

SHA512
a6ecb1e5c7f87d0442eb90f7209654fcd73c6a6079e54162041e12d583a56ad46f14bafd9bb49fdf14e0c5cfe2b36a1158ac43e621f91cbb6ec2aebd1d661044

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libgraphite2.dll

Filesize
157KB

MD5
56d0b1c9497c114b9c1d3f478c757aa0

SHA1
f3709ffb3fdd2e0793b16d01e7ffc9c625dc7070

SHA256
68e5be28068f02168bd031e895180d313eaaede1705373b4599d8c7fd424f5c2

SHA512
a6ecb1e5c7f87d0442eb90f7209654fcd73c6a6079e54162041e12d583a56ad46f14bafd9bb49fdf14e0c5cfe2b36a1158ac43e621f91cbb6ec2aebd1d661044

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libharfbuzz-0.dll

Filesize
1.2MB

MD5
b00a90e6c98a18cc4029ef970535a7b6

SHA1
f23d6b834e357eedbe0fa33d90e3a9e699c7ed2e

SHA256
7deec7bb4f8d5da723361efd6202fda800ea4ba4004f46b3aeb3a9d4bb0d03db

SHA512
41c43fce84d1ba6596b3a0d065ba749eff707388e60a5ed07f8102b25a6a0b82ba3b3f416fa904c7c07916baa68ff6f8b72b9783bae9a06854c7513ac4139b19

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libharfbuzz-0.dll

Filesize
1.2MB

MD5
b00a90e6c98a18cc4029ef970535a7b6

SHA1
f23d6b834e357eedbe0fa33d90e3a9e699c7ed2e

SHA256
7deec7bb4f8d5da723361efd6202fda800ea4ba4004f46b3aeb3a9d4bb0d03db

SHA512
41c43fce84d1ba6596b3a0d065ba749eff707388e60a5ed07f8102b25a6a0b82ba3b3f416fa904c7c07916baa68ff6f8b72b9783bae9a06854c7513ac4139b19

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libiconv-2.dll

Filesize
1.1MB

MD5
34e7a74e29fb825e9661e4e22d4f1895

SHA1
c38aa59e37641943d111a412157b6216d2b63b59

SHA256
b4e67633ef039e35475e1a717269459c532b60f6d0d61ec1756192f8870f72ee

SHA512
5fc4fe85303bbe7cae740972b9c0935b289eb539cf5e81fd945c82fbcc6accc8d32acd9da77ec8f930ee0fcea0d2a891750bb385afc571f652d9f77111933524

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libiconv-2.dll

Filesize
1.1MB

MD5
34e7a74e29fb825e9661e4e22d4f1895

SHA1
c38aa59e37641943d111a412157b6216d2b63b59

SHA256
b4e67633ef039e35475e1a717269459c532b60f6d0d61ec1756192f8870f72ee

SHA512
5fc4fe85303bbe7cae740972b9c0935b289eb539cf5e81fd945c82fbcc6accc8d32acd9da77ec8f930ee0fcea0d2a891750bb385afc571f652d9f77111933524

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libicudt72.dll

Filesize
29.8MB

MD5
7fb734bfcbfb1228f4613524a112b249

SHA1
7cc8f53c6b8ac5992d7f07ae6973cc3269647d6c

SHA256
27c4ab9c99ba2402ca6eae31f0a347497b967fecb2c02a78f192a8543bbc420a

SHA512
68b349bd2a62abc1292b25e0b3336ffe5034eea93954705f1cdc7edd1be034890efaff448c51fe8c176a15b430b7d5d824882cfe0976883ef81ac201824a4ebf

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libicudt72.dll

Filesize
29.8MB

MD5
7fb734bfcbfb1228f4613524a112b249

SHA1
7cc8f53c6b8ac5992d7f07ae6973cc3269647d6c

SHA256
27c4ab9c99ba2402ca6eae31f0a347497b967fecb2c02a78f192a8543bbc420a

SHA512
68b349bd2a62abc1292b25e0b3336ffe5034eea93954705f1cdc7edd1be034890efaff448c51fe8c176a15b430b7d5d824882cfe0976883ef81ac201824a4ebf

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libicuin72.dll

Filesize
3.2MB

MD5
f40add0803feebc4277bfe533d1ca953

SHA1
cf20f708a55bcdb35b0c8c07bc89c14bd8522991

SHA256
9a4e2131ac5ab86b117dac2b7de92e385f45dae187f83df29da8529db8830d5b

SHA512
7a6a235675485ded4906a9ce1daaff946480e05ff22bbaabc0f2373438a2beb3c7c55108cf54cc8cae8e9698cd948dcfec5a696679448e85e26d960aa0f1aeaf

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libicuin72.dll

Filesize
3.2MB

MD5
f40add0803feebc4277bfe533d1ca953

SHA1
cf20f708a55bcdb35b0c8c07bc89c14bd8522991

SHA256
9a4e2131ac5ab86b117dac2b7de92e385f45dae187f83df29da8529db8830d5b

SHA512
7a6a235675485ded4906a9ce1daaff946480e05ff22bbaabc0f2373438a2beb3c7c55108cf54cc8cae8e9698cd948dcfec5a696679448e85e26d960aa0f1aeaf

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libicuuc72.dll

Filesize
1.9MB

MD5
cfb6bd5ba5e74edeea907b906dc9eac5

SHA1
013e11f837aa3a46ba21574f4c6e8eed96b48fcb

SHA256
f436a12e448759659fa5f9a36f6c559e35b010d7b620dad67770396e8451c7f0

SHA512
1d7ffedac0482c81b75a6ee38d2b541b430737cfb8ad74e32cdb21b3004938266b831a35c148107025e31c706bd178f110c06be3d38885bb28a747cc46d1ace1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libicuuc72.dll

Filesize
1.9MB

MD5
cfb6bd5ba5e74edeea907b906dc9eac5

SHA1
013e11f837aa3a46ba21574f4c6e8eed96b48fcb

SHA256
f436a12e448759659fa5f9a36f6c559e35b010d7b620dad67770396e8451c7f0

SHA512
1d7ffedac0482c81b75a6ee38d2b541b430737cfb8ad74e32cdb21b3004938266b831a35c148107025e31c706bd178f110c06be3d38885bb28a747cc46d1ace1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libicuuc72.dll

Filesize
1.9MB

MD5
cfb6bd5ba5e74edeea907b906dc9eac5

SHA1
013e11f837aa3a46ba21574f4c6e8eed96b48fcb

SHA256
f436a12e448759659fa5f9a36f6c559e35b010d7b620dad67770396e8451c7f0

SHA512
1d7ffedac0482c81b75a6ee38d2b541b430737cfb8ad74e32cdb21b3004938266b831a35c148107025e31c706bd178f110c06be3d38885bb28a747cc46d1ace1

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libintl-8.dll

Filesize
143KB

MD5
edc29729086da3fc2272c3582335265a

SHA1
63810a098b019e247cd75dc340ce06367244e6c5

SHA256
3ad2660e38366f79f631289b2366b70aff02619d6e53b0f0d5aefd6869263787

SHA512
c09fdcd2f1617854f4f4e589068fef5279e397aa9b61cf7eaa2928b1d0ad2ff9718b1ca0224caf383b21823a1e4fe6b23d7350003d7bb3b97a157db5e90da2f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libintl-8.dll

Filesize
143KB

MD5
edc29729086da3fc2272c3582335265a

SHA1
63810a098b019e247cd75dc340ce06367244e6c5

SHA256
3ad2660e38366f79f631289b2366b70aff02619d6e53b0f0d5aefd6869263787

SHA512
c09fdcd2f1617854f4f4e589068fef5279e397aa9b61cf7eaa2928b1d0ad2ff9718b1ca0224caf383b21823a1e4fe6b23d7350003d7bb3b97a157db5e90da2f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libmd4c.dll

Filesize
85KB

MD5
5d6a5fdd16d7aea3bd5028abb84ede61

SHA1
f776d2be96aad6e65460529d8f9c399a60c77558

SHA256
d87d6293c4bc52a37170bfee0540ad1a85f27f21a28ebb362d4c511205711835

SHA512
84cc5fea4f3c7e90fc9c1389701d13c7355a41335e772628804c7cf270e88645969f4a8a5b49a82182b2acd71e739488873dbb18f75dd03bada0a01587786eb6

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libmd4c.dll

Filesize
85KB

MD5
5d6a5fdd16d7aea3bd5028abb84ede61

SHA1
f776d2be96aad6e65460529d8f9c399a60c77558

SHA256
d87d6293c4bc52a37170bfee0540ad1a85f27f21a28ebb362d4c511205711835

SHA512
84cc5fea4f3c7e90fc9c1389701d13c7355a41335e772628804c7cf270e88645969f4a8a5b49a82182b2acd71e739488873dbb18f75dd03bada0a01587786eb6

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libpcre2-16-0.dll

Filesize
347KB

MD5
0e0bcc2180b7208607d84e83e4036768

SHA1
8f373a4f3352a55b64f7de60c6dc29f40fe69e25

SHA256
99f06389ff2ff40422f5a413b33b8aea280b272f09b11d4366f944a98002fd09

SHA512
0bf086954c4e8e0a5329b51bfd3c2580290f5f21aeb850a0d1ff8fbca9f945448774b99dfa35e40e89379b2cd071b0d8d5b294ef1eca9af9226be708adfabe2c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libpcre2-16-0.dll

Filesize
347KB

MD5
0e0bcc2180b7208607d84e83e4036768

SHA1
8f373a4f3352a55b64f7de60c6dc29f40fe69e25

SHA256
99f06389ff2ff40422f5a413b33b8aea280b272f09b11d4366f944a98002fd09

SHA512
0bf086954c4e8e0a5329b51bfd3c2580290f5f21aeb850a0d1ff8fbca9f945448774b99dfa35e40e89379b2cd071b0d8d5b294ef1eca9af9226be708adfabe2c

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libpcre2-8-0.dll

Filesize
382KB

MD5
cd2b2fc48d034e6303ec8442922afcfc

SHA1
4c9374fcb80e1d5e449cebbe891e15039afe8114

SHA256
2190d2a0b1b60a8da70811bace28f248268385bff2b89dc62724c6388c8ff9aa

SHA512
52cfd5814d709ec9381b0ee0929f0e87fe2e53a019496b5b82144116711989fc15f35b2537a5082e8bdaea84f40490d76e3e1aa02f71a3fefdf54581806a5aa6

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libpcre2-8-0.dll

Filesize
382KB

MD5
cd2b2fc48d034e6303ec8442922afcfc

SHA1
4c9374fcb80e1d5e449cebbe891e15039afe8114

SHA256
2190d2a0b1b60a8da70811bace28f248268385bff2b89dc62724c6388c8ff9aa

SHA512
52cfd5814d709ec9381b0ee0929f0e87fe2e53a019496b5b82144116711989fc15f35b2537a5082e8bdaea84f40490d76e3e1aa02f71a3fefdf54581806a5aa6

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libpng16-16.dll

Filesize
256KB

MD5
7811430e22308c701ee61292afeadc93

SHA1
83f74d632ac195e87b5f5079904b16e12a8d9609

SHA256
4f2d76b4124398d1c949e86aa85db0927f66926342db1ba0aa2d3ce820afe65c

SHA512
97286bc82223246139ee1a4dfb1d1c30f11591912e628fa7e0d3dee55b5c6293d2bd91edfc92936de39b298d03393445503e23eee62b8069cb5c8ee8121d7cac

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libpng16-16.dll

Filesize
256KB

MD5
7811430e22308c701ee61292afeadc93

SHA1
83f74d632ac195e87b5f5079904b16e12a8d9609

SHA256
4f2d76b4124398d1c949e86aa85db0927f66926342db1ba0aa2d3ce820afe65c

SHA512
97286bc82223246139ee1a4dfb1d1c30f11591912e628fa7e0d3dee55b5c6293d2bd91edfc92936de39b298d03393445503e23eee62b8069cb5c8ee8121d7cac

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libquazip1-qt6.dll

Filesize
256KB

MD5
641dc59e1c08c0ca91e53acee7fa6d38

SHA1
d083d6261cff976021f262d26be4dc7b9256c25f

SHA256
7ae3a6fa9018fe1872f7bef2f63cf8083f46d76a40a72d8ec49028af107be30c

SHA512
a7a73c5cf7584cb043910801e2639a5a66fa74dd835b0c64d20d06c061d0405bc96da87af4d56db10b5dde2a02892831932cf45e488cf79fe4101e79b9f34078

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libquazip1-qt6.dll

Filesize
256KB

MD5
641dc59e1c08c0ca91e53acee7fa6d38

SHA1
d083d6261cff976021f262d26be4dc7b9256c25f

SHA256
7ae3a6fa9018fe1872f7bef2f63cf8083f46d76a40a72d8ec49028af107be30c

SHA512
a7a73c5cf7584cb043910801e2639a5a66fa74dd835b0c64d20d06c061d0405bc96da87af4d56db10b5dde2a02892831932cf45e488cf79fe4101e79b9f34078

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libstdc++-6.dll

Filesize
2.1MB

MD5
f53687e44acbafb343871e596002145c

SHA1
ef1a14e45ce03329ae1f1b694523e36250b1dd22

SHA256
b1982f752158b0c61eaa44f54764bbcf97c779bb7a07c66ea02772a4299110d2

SHA512
fd736698ba16d83c273ba82a17af2b44eaf80c9ae436975ad50f4d67be3d1ef2e4ddbb2f8227a38e2f6c8aad2dd75648e025790db8eaf5db38e4fe3332c7ad17

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libstdc++-6.dll

Filesize
2.1MB

MD5
f53687e44acbafb343871e596002145c

SHA1
ef1a14e45ce03329ae1f1b694523e36250b1dd22

SHA256
b1982f752158b0c61eaa44f54764bbcf97c779bb7a07c66ea02772a4299110d2

SHA512
fd736698ba16d83c273ba82a17af2b44eaf80c9ae436975ad50f4d67be3d1ef2e4ddbb2f8227a38e2f6c8aad2dd75648e025790db8eaf5db38e4fe3332c7ad17

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libwinpthread-1.dll

Filesize
67KB

MD5
d9a2a1df8ee3abc34d107224db728745

SHA1
c9cbc8105087b79cf3f21f059ae2652650be2854

SHA256
7f817bb550afd6d526b19133deb8a9b3e372d3e90ad6cd776d821191ac0347b9

SHA512
e1d98c5184c433151ed51d97c9ddf187b7cff415bfeade201f168a0d0597b3f0cc655af5dff3c58a4e57c12d24c6c3e75fa012ac32b3955d1bfe97d67f8dbd9e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\libwinpthread-1.dll

Filesize
67KB

MD5
d9a2a1df8ee3abc34d107224db728745

SHA1
c9cbc8105087b79cf3f21f059ae2652650be2854

SHA256
7f817bb550afd6d526b19133deb8a9b3e372d3e90ad6cd776d821191ac0347b9

SHA512
e1d98c5184c433151ed51d97c9ddf187b7cff415bfeade201f168a0d0597b3f0cc655af5dff3c58a4e57c12d24c6c3e75fa012ac32b3955d1bfe97d67f8dbd9e

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\polymc.exe

Filesize
9.4MB

MD5
885615021e3bd1dad65ba6639519b4e6

SHA1
8ebff4c8fc597b5b986d6d2509be57e7b31a9c67

SHA256
cb6e0ae6445dc60daa15ca4a1cc67641353508134149c818bb13a2c7cd32ca59

SHA512
bad3fd0bdee8e1a793276d1f9211333aedecc34d35837bd6c6f491e2132e4800df03adb148099cdd0523867462c801492f9ac834ef7e8626efcb1e550a5f5a72

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\qt.conf

Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\zlib1.dll

Filesize
122KB

MD5
ca03df08c3460bcf2217b8908457088b

SHA1
9ed19e261b255f9a14664e5822bcd872fc6c28cc

SHA256
b7882e20388ee2c83e7c41b5a4c27b12e96c240965c4016d94997e93504a0a2b

SHA512
c630a6f806efac7e5d9509d3921e7524f1ecc25bb3b63fb93761cac7a1ed8e823311ef1e3d8bed7d726651f57ed03099d345de59187698fb8e854d07369c882b

Download Submit
C:\Users\Admin\AppData\Local\Programs\PolyMC\zlib1.dll

Filesize
122KB

MD5
ca03df08c3460bcf2217b8908457088b

SHA1
9ed19e261b255f9a14664e5822bcd872fc6c28cc

SHA256
b7882e20388ee2c83e7c41b5a4c27b12e96c240965c4016d94997e93504a0a2b

SHA512
c630a6f806efac7e5d9509d3921e7524f1ecc25bb3b63fb93761cac7a1ed8e823311ef1e3d8bed7d726651f57ed03099d345de59187698fb8e854d07369c882b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv712E.tmp\System.dll

Filesize
31KB

MD5
8d5d06ca42b3d9053e9cf72245e45e90

SHA1
bdc3c3c3ab87b0a6a8470ab14349d286efefe91d

SHA256
45f7082cb371ed939b7d4bf0b05ecb2b0b5848339502cd2dd2208fa385d4ada7

SHA512
13c239a2be9618e10c21c6b5c3d4e0e539e4e73ab6f32955d99d1f47ae97cd350ee2e472b8ce59fcce2bb72dec234d7dcf09f8722c2ca26c84ef68b693c01df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv712E.tmp\nsDialogs.dll

Filesize
14KB

MD5
e0e2338684545674776d3fb9cba7804d

SHA1
9da017c98085b314cb167a451819d6fba070686b

SHA256
f06e803222d4f0915027fca5f058b0e730097e0f282fe3f9a20cd113029e301d

SHA512
bd68a7e7ac60b4e1c92261821e9dfd465f038fc49d2237f610782eec80c742601514e2dc599e97fb91d221469b2a7c367243a9c893272c59230df050f72d6aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv712E.tmp\nsExec.dll

Filesize
11KB

MD5
c5db5bad834ca8f40abacffd6d77c55f

SHA1
12322c863fb7e904360074cde64f810be2302c6b

SHA256
77d149713e3430f9944af7a96cc0257240c60b5add9f6231407089c10e791634

SHA512
a5378f6b63ebe140977ba7c505f4b332dd2cc03de67b9080d151ad7f4ece1993d1179cf9692cd4bf2207caf3726da6bf2da51f28dfebbe971cbbd9eb750d0cf9

Download Submit
memory/4256-198-0x0000000072580000-0x00000000728A7000-memory.dmp

Filesize
3.2MB

Download
memory/4256-214-0x0000000074010000-0x000000007463E000-memory.dmp

Filesize
6.2MB

Download
memory/4256-200-0x0000000072580000-0x00000000728A7000-memory.dmp

Filesize
3.2MB

Download
memory/4256-203-0x0000000074010000-0x000000007463E000-memory.dmp

Filesize
6.2MB

Download
memory/4256-204-0x0000000073510000-0x00000000736F0000-memory.dmp

Filesize
1.9MB

Download
memory/4256-205-0x0000000072B30000-0x000000007321A000-memory.dmp

Filesize
6.9MB

Download
memory/4256-206-0x0000000074780000-0x00000000747AD000-memory.dmp

Filesize
180KB

Download
memory/4256-207-0x0000000075540000-0x0000000075563000-memory.dmp

Filesize
140KB

Download
memory/4256-208-0x00000000736F0000-0x0000000073F9A000-memory.dmp

Filesize
8.7MB

Download
memory/4256-209-0x0000000000200000-0x00000000008B7000-memory.dmp

Filesize
6.7MB

Download
memory/4256-210-0x00000000756E0000-0x0000000075717000-memory.dmp

Filesize
220KB

Download
memory/4256-211-0x0000000072390000-0x0000000072571000-memory.dmp

Filesize
1.9MB

Download
memory/4256-212-0x0000000072580000-0x00000000728A7000-memory.dmp

Filesize
3.2MB

Download
memory/4256-264-0x00000000756E0000-0x0000000075717000-memory.dmp

Filesize
220KB

Download
memory/4256-201-0x00000000747B0000-0x00000000747F4000-memory.dmp

Filesize
272KB

Download
memory/4256-263-0x00000000736F0000-0x0000000073F9A000-memory.dmp

Filesize
8.7MB

Download
memory/4256-249-0x000000006ED90000-0x000000006EDA4000-memory.dmp

Filesize
80KB

Download
memory/4256-222-0x0000000072B30000-0x000000007321A000-memory.dmp

Filesize
6.9MB

Download
memory/4256-228-0x0000000073510000-0x00000000736F0000-memory.dmp

Filesize
1.9MB

Download
memory/4256-245-0x00000000748B0000-0x00000000748CB000-memory.dmp

Filesize
108KB

Download
memory/4256-197-0x0000000072390000-0x0000000072571000-memory.dmp

Filesize
1.9MB

Download
memory/4256-199-0x0000000074780000-0x00000000747AD000-memory.dmp

Filesize
180KB

Download
memory/4256-250-0x000000006ED70000-0x000000006ED88000-memory.dmp

Filesize
96KB

Download
memory/4256-252-0x000000006ED50000-0x000000006ED65000-memory.dmp

Filesize
84KB

Download
memory/4256-254-0x000000006ED30000-0x000000006ED44000-memory.dmp

Filesize
80KB

Download
memory/4256-255-0x000000006EBD0000-0x000000006EBE6000-memory.dmp

Filesize
88KB

Download
memory/5000-247-0x00000000024A0000-0x00000000034A0000-memory.dmp

Filesize
16.0MB

Download
memory/5000-265-0x00000000024A0000-0x00000000034A0000-memory.dmp

Filesize
16.0MB

Download