Resubmissions

23/02/2024, 13:06

240223-qcaxlagh64 7

23/02/2024, 12:51

240223-p3xnlsgf64 7

23/02/2024, 12:34

240223-prvd4sgc56 8

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 12:51

General

  • Target

    PollyMC-Windows-MinGW-w64-Setup-8.0.exe

  • Size

    36.6MB

  • MD5

    77f098ad333889de410f665e4f9a8702

  • SHA1

    6b8e8abe6a374f02a88058961f180818cfcf7670

  • SHA256

    1c04ed11ce29fcfc3186144f0f907b70296132eb3db89044463cb14b97eb87d0

  • SHA512

    711326a015e02dd4789023fbefeaedc769d0ef33668497c107cb3c512a2acc2fa312d3cd5011d3a510ccb87ce236bfe0fc1d4b253b332c2e6ecd9ff6e7c6af9c

  • SSDEEP

    786432:2KQbhz5LGoCjmcE/ppyp22HaxvPAXkFeOLV61DDKr0wlqDIgtQ:2FLCjmphS2iSvfJLQxKr0wlw2

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 56 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
    "C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Windows\SysWOW64\TaskKill.exe
      TaskKill /IM pollymc.exe /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4064
    • C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
      "C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
        "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
        3⤵
          PID:1272
        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
          javaw -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
          3⤵
            PID:4848
          • C:\Program Files\Java\jdk-1.8\bin\javaw.exe
            "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:548
            • C:\Windows\system32\icacls.exe
              C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
              4⤵
              • Modifies file permissions
              PID:1556
          • C:\Program Files\Java\jre-1.8\bin\javaw.exe
            "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
            3⤵
              PID:3252

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll

                Filesize

                2.0MB

                MD5

                907edcf90683c654fa95695c1c4199c0

                SHA1

                6608201a76a0a4e59f25c877ab8ff705f2ec6c76

                SHA256

                e44d7cd0126b705aed0302bcd7b27ba9d455bcd34032c1d3ae5204dbfe01c29e

                SHA512

                ee0a7b4eae09ef136849d6dd8de56d80a7dbc83b71002e839999e6f0604ed79bf1c303bca3775b7e4a6f228adabcde9cbf8fd5dc80cdf31a5f4c18c4743c578a

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll

                Filesize

                653KB

                MD5

                8cfcbe834fb1f0cb5ece4e8a643e37ee

                SHA1

                1b89221060d9ec8239aa73d866cee1faedf90f3d

                SHA256

                406e132173cc1c329adc517434ba62c097858636c81794a35cec686acc3bb2fc

                SHA512

                d304f11896c25deac02d1fa2ea4f8d9cb89e29d275dfaf330c6483bcc9aad67a94775f546058104f0b17521d2e2a73c14383974e21e18e40493b1ef4c6efc24b

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core5Compat.dll

                Filesize

                408KB

                MD5

                ab88dd4c87ff60a81b698c5b194d0d92

                SHA1

                a5c114e642297ee477db5f38286d5e24eafe1920

                SHA256

                792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5

                SHA512

                43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll

                Filesize

                901KB

                MD5

                1f47ad78e5195f61de5c775cd7bf2b3b

                SHA1

                8de6358a7358aac977e87293df10a2044dc8f8a5

                SHA256

                300a5355df5859b5395b32ac0cc63b2eade17f43104a5044df7e8a91db16af06

                SHA512

                08b65158994ec2a729e82e073ee3a8fcb72dfa588bdbe3a65f8499ad52811878c3e89ac328d7114afddc217bd19907e94a82bacd3ec125e4e9148ab9caf262a6

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll

                Filesize

                1.5MB

                MD5

                3452647638f2278152e2991c9faeb2d6

                SHA1

                6816d12c2218f9e3a232f2eff536f7020238c5aa

                SHA256

                c078c43de5254dfb7d451c93af3c57cce8d09e5bdb73dcb4108962fffb21d7c1

                SHA512

                c59468b00c809b76406bda50335c2790678ff201312a15e18a89f6cee2a320a79aa8d6a1a8213c8329d6bdb34752be3ae7c2f2c387253706709331100d781573

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll

                Filesize

                877KB

                MD5

                d9b57d14905846388993ef5a2606aa24

                SHA1

                81d2435b02e2402982908bcf9679efed24e51a88

                SHA256

                d7fae97f648284ce005c32e8bf44cc458b257550cd80ef687d4db0fef7f2ce5b

                SHA512

                1d8943b836272afcb52ef9891a157abdb11c5e57bef03cdc0ab17b9d5c442b80b77b323cd54905fe7fbd7d715c2778fff3b7acdde691ea33f4045b2dc1e2bc23

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll

                Filesize

                956KB

                MD5

                a64f830e2a2c3afaef4c895469310f56

                SHA1

                32c7299b0cd28788f2cbd1a1e978b38966988f77

                SHA256

                c4c38214aa3f6392294356cf5ba6ceb09a82164aa3024cf684922ad6eb3a3d51

                SHA512

                36458a5ff55ba5e0816647d8049e14eacf0da4d2f64a0df9a31f0e79d7ebce461889c21d1bb1a71fdb42a94a6ca1fb1c0e2f33f41791d172d061f47a928c43e0

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll

                Filesize

                2.0MB

                MD5

                deb377f167f88c3f6f7b63eb12b6950b

                SHA1

                fc784526fda5152974c7bdeff288dc4bb3c000f4

                SHA256

                69d424b4e0995d1e20316fbf24a88d93bd9a3826b9ffee2c08013ae732ac73fe

                SHA512

                089603d67527cd4cb0465dd08d34368365137c17ccb064afb28e2774e2e79729c47ba6fdbb9208771438ebb4bc52d876b9600ca7ddf400544aadd166b3ccdaf8

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll

                Filesize

                1.7MB

                MD5

                2d8ddd678a2a74b5ef76a81944600056

                SHA1

                975d8a580108d8d705d3744b92b70d89a9d2a433

                SHA256

                b3dbab5b2f471fa21024113b9f5ca80df4022d55c94dd55a1cbc94a37056d72f

                SHA512

                d404698dc67e1089360517e2a54f079ddd0a07552ea0bcb45560f4a3c8528212da10213b65bca9842a7597698f407f42edcc4222d2ef222ffa96f2ef17128526

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Xml.dll

                Filesize

                187KB

                MD5

                63e76c8c687df6aec9f41e3d8a1d0746

                SHA1

                7577d4d681c012a3ded924e2f30aa6969ca5e815

                SHA256

                04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e

                SHA512

                e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libb2-1.dll

                Filesize

                42KB

                MD5

                87ab9208b130b7d7b2dbf6e887aafc5f

                SHA1

                afc23cf59beea5dea0e7b4d7f96b936ab4594511

                SHA256

                d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af

                SHA512

                fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlicommon.dll

                Filesize

                145KB

                MD5

                00bc42b62d1a5adeb2f599a591403d9a

                SHA1

                42fb609f84e1fa97451a10aba914cda6db950b06

                SHA256

                fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7

                SHA512

                2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlidec.dll

                Filesize

                63KB

                MD5

                6b933641e6a997c2a100191783370ce9

                SHA1

                0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f

                SHA256

                ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27

                SHA512

                6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libbz2-1.dll

                Filesize

                96KB

                MD5

                b843434a8eae82adea4f9eaa2fbffe47

                SHA1

                b34aaa305cfc1a4936a88592b5689b0c978ffaa4

                SHA256

                22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9

                SHA512

                9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll

                Filesize

                1.4MB

                MD5

                0314b68d4684f7fa62c9273df902bced

                SHA1

                c8cd94d2a41c66c56b3dd465868c800bfd201a83

                SHA256

                7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b

                SHA512

                de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libcmark.dll

                Filesize

                249KB

                MD5

                f5f97439ea8c9b6ee10b76b9f94e2fde

                SHA1

                4e1ba63e394087fadbb908274b6ae77c3b92b59f

                SHA256

                503c476dbc9f57cacff1062e6bc48f70e3d9f00453180ba7bc4cbf4373810fa6

                SHA512

                091e2997e29862aae35d9d9deb7db83356933cb3de89f80f5a239f9f3914d8f4218a1f2393055000707826baae9c4f4a3f43625a4eb3fd4f098f91ca34fe819b

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libdouble-conversion.dll

                Filesize

                78KB

                MD5

                20d6fca191ec4998242748eb54df4905

                SHA1

                e2d5afc4a3778c73762ebb4af9c446689a355a92

                SHA256

                52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7

                SHA512

                49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libfreetype-6.dll

                Filesize

                576KB

                MD5

                acd42a7dbfd9ac98758ad54544bf3114

                SHA1

                687e813ba72ce98441dcc04c2456308f252c68ef

                SHA256

                694530d211595fb4d1f4e65be0c85053e7b352fd5ed0d6a8fd9f30225ea6e719

                SHA512

                72529ed458d1426d5ebfda17ee0339dd6a1de15bb66ad04a3d0e13faf92708eac0d5ba7f1f7198203448c8d64b16c0fc7726ebf2b0d84fb5b9c65e855290d150

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libfreetype-6.dll

                Filesize

                672KB

                MD5

                8abd44edb41ae39caaf70b8cb45072b2

                SHA1

                7c7c55ecb8c631b123ae0bd551ff0253947449cb

                SHA256

                641ffe911ff08bec6ca31a6a806f4b815df2ecb1c03b7ab15388cf54d00906a7

                SHA512

                dabff4459ca11a90a5f02c86db0cfe50d41a5c2df649e16f20d3ca8afac16658f0e7c7da9f3f391d42a321d8f8765ff3c0edb93832b4d31d79c0036c976abd54

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll

                Filesize

                796KB

                MD5

                5f995d2aa53bd2a4537a0118ca22e218

                SHA1

                0de6a478fb4637dd95a573cf4bdc0fb51860bb60

                SHA256

                01e83364b16a013ba717321f25ee66bc569152fb5af7cb161503408eb2efb1bd

                SHA512

                c36f596c2a50a302de01e70f3448ad7d8aeb8e9f6ca093d147d76ff23582e81a93f1c68c52eee9bf96be7911d37f1413f8d6bf43d1d65fcb386b26c0e7d46941

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll

                Filesize

                579KB

                MD5

                008a9f6f4967111804ec8d3dfa02e7df

                SHA1

                b5b747837558e7383d2626ab45f9ec101f78596f

                SHA256

                a27c0a6ec90914c8f96b14180864c16a58e39e42af510bf686095d1e6ab17603

                SHA512

                9a8b8ed0a1334e92b8da87e61d6a86383805584abdf9ea292e07d0ff7abee2ed7d7a120bd3e9078544773d31fbfaed45f06e745f8ae702d6329a30b369429678

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libgraphite2.dll

                Filesize

                149KB

                MD5

                c8dfe47f78c491446d7b1c39449d82be

                SHA1

                218fab832b78f14072be0d2f9d7d9775bba24323

                SHA256

                51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4

                SHA512

                39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libharfbuzz-0.dll

                Filesize

                658KB

                MD5

                bc57bfaa23ed52def478b351094af220

                SHA1

                476b9fdb89f084e5dbac9b6df29ac29cd89776d6

                SHA256

                ee3eb98a0f5588a9e3665abb7548d3d01eaab680c04de133a1999d6218a0ed32

                SHA512

                59f7b7c1d4c55236d1e627a42129eb994472b14e3f36b6675e4a514bd4d679d025c914655d3258a55b31342aa3982ddcb1213a2b04822593cb6a5dba5b8af4e7

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libharfbuzz-0.dll

                Filesize

                691KB

                MD5

                0c8036e8a7303d1ae32da1de67682d9c

                SHA1

                882ca077626bf156b2025431dc8bcfe060e084e6

                SHA256

                75918380b88ed316f09690f199ce1dfa8c60a6642832894ee17ad16505bb8c58

                SHA512

                a2cb20dae42ec8e3fe2c52b6026d14be91e9b5bc721614c9dde5516283631294fe629a96c9ceef08bcbe7b3f1cf60a505057480d66b4da1f852a09eb8332be5e

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll

                Filesize

                370KB

                MD5

                fcff203893c732186bee931e9a37be50

                SHA1

                1c1fb4e3d532531fc59d19edd27aaf507f379e0f

                SHA256

                5e734863012eb2e1a2a6343afb7feea1b3811623baf993360c03a570f8bd323e

                SHA512

                91483e3f319cec2daf675fd31ea3ac4a0470b93867838c0f977846ef23c11869239c7266f8b8fec53b0260941fa8ce1b8f76847419472b4d034011f72cc225ac

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll

                Filesize

                624KB

                MD5

                fb0d4aaa918c60ca66968b6ae110c942

                SHA1

                a2e943a06eab5d6dc8c1607ef473111acf0e9533

                SHA256

                ee07e16e8d82e4a437e1cb8cdcd24a81cf9769b00b6b1c9760001c1be2b67568

                SHA512

                a6ffe0d17a7d444ac691eeb99a4b213f5e824c6b2237714221cef7f645f96dd34ac57332cde60f53ffd63947c40814702840ffc277241f663b6eb2de5ed2072a

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll

                Filesize

                723KB

                MD5

                2d315e8d04ddf9218ca0367b9a591b23

                SHA1

                fd4a190e82ca9192224e2af9984a06be66b8f076

                SHA256

                1cc3214fcf8522fc9aad780295cf2bd9db0714f8bc9742090f640c395b240cc9

                SHA512

                5517a7beebfec4a1f74de149f7825c8771b7ff0ae3221acb7d44a347fee2c01d2966b9d1b95e65c698d8db0d2eebbcaf2157b7a2e3a7b15d98ac90875eea5bb0

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll

                Filesize

                396KB

                MD5

                c419d28603045bf14fcf2cd931e0062b

                SHA1

                d90818cb26d30924ab5952870d10bd8ce052deec

                SHA256

                c45f2212bddffbfd3d13d2d14da4b29f46c893644546fe3693a2db96891048c1

                SHA512

                7b70a926b61cd7d33abe6b421b52e7dcf31ed59ce25cc65bcb6b1271fc30aa056dc087573d97492c7730a697465e71fb24264679cc221c83eadeffb5bee285ae

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll

                Filesize

                1.7MB

                MD5

                f39e85c5ac012b7a2d9f9c90c1ea9bc9

                SHA1

                b242846aa9776e1e2067dc928b16161488a390c1

                SHA256

                a78af09d7a99ce9f4472a8b7fa49a669bcd1cee872855d09ef1c4ac74c9ae512

                SHA512

                812bde8a2527c9d840d4dde9684f0f7bdbaf76bc041c16f922d16b045878394092484833f546e42ed2173012abde00558b98a8a964123388c4197f411f7971f3

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll

                Filesize

                797KB

                MD5

                8c929e1966b9fc4415138caf72494c70

                SHA1

                7e3e722c63368203ac710af49ba694ea11f5843d

                SHA256

                be6e81c35737a4ac7ac2fd0e836d5eb4136257e34651f010e9daba576a0483c5

                SHA512

                9c0bef851042efafba34aa961f0abfb4d78b0d5272b6d33307cc4af89eb8c790ca3d5068c474dcb3c741e9aa05456394b3a197d382d5f5fc5ebcf3651320e38d

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll

                Filesize

                1.7MB

                MD5

                97ac339d3d333b68e9f5faf639469465

                SHA1

                bae4cba88c7bce858eccf760e6930505976c541d

                SHA256

                1028086815eaebf83966ead54cdd01110ab3a2fdaac45548749ac5aea217704c

                SHA512

                4e5729d6deaa6c6036ac61fa35d9dcd282c6a887d6bbe8e8d0cb953cdd47fcab2ac19abded1a5f6e32028d69fe182cea0091ed9e2de8fe4b1717d298b2bf940b

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll

                Filesize

                525KB

                MD5

                80482be992bd05be3dced7ba265971b3

                SHA1

                e01081db1f7b3590ac12a8ae0cee27fb2ccbfcbc

                SHA256

                07a340d7068d4f33fc05f92359a5b4cc171ddcd58cfeaa629c08a12cc31894c7

                SHA512

                4fab7a4ddc6a9b84d11430f04f77a52548550ec69f6165e960a9c61ea577bf3cf28b06775cc2b19f8c052623a94165095d08b0f902cdc5107318e9ebebe5eb1a

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll

                Filesize

                688KB

                MD5

                17f5ea301f0cef5a104e398f98ba4a53

                SHA1

                5d7036a8397f1bea794d4f31824728323c9dc0ce

                SHA256

                52f5e7fc5d0bbbba18c76557c930a5209eb89f6f28d8a954c0e95e743e10e06d

                SHA512

                57f5da110cd0ee989428d64e343b8e5d5f0ecca85d64d1b88a5d4c82e4d9982c929869b57302fded49262e5d27533c5fe05e314255bcf8e7029249aad5713c23

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libintl-8.dll

                Filesize

                196KB

                MD5

                e3de79fc630d7fabb9118a4f7ea53971

                SHA1

                dcd7b2f6d68f897501b6464588537f452ec29726

                SHA256

                4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb

                SHA512

                47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libmd4c.dll

                Filesize

                78KB

                MD5

                09eee10544ef56a8fa86517fa80f2bf5

                SHA1

                68977088641b2356fccbcaefd4cf0cd37aeb68ca

                SHA256

                bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06

                SHA512

                5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-16-0.dll

                Filesize

                353KB

                MD5

                e5609c3469858b9f5ce8bb294275cd22

                SHA1

                47229f6eb790ad7d1b56f1e06c913850a8591e81

                SHA256

                285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d

                SHA512

                eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-8-0.dll

                Filesize

                392KB

                MD5

                15d5c11c10693fbf46c929f71b1de96d

                SHA1

                273a39b7bb3651bb51caf05504213303b341d942

                SHA256

                57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c

                SHA512

                70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libpng16-16.dll

                Filesize

                269KB

                MD5

                980ce62995e2b0fc6d809a64bfc02896

                SHA1

                601eca760fbea62b992f1bbc9ef83e6b33235392

                SHA256

                0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a

                SHA512

                d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll

                Filesize

                250KB

                MD5

                92fd1c7887462c3e2d8c4b75329c14d5

                SHA1

                3305b83190612b47a90f34e20687fc2159d8f7e7

                SHA256

                3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e

                SHA512

                61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll

                Filesize

                999KB

                MD5

                4cc2b0f5e67f781406696b8032f30b72

                SHA1

                cf957e5f56c148d8fcf005989da1443c55ef190e

                SHA256

                f9b8f326310503b8a79f8d16a80367728af0240af7cb3ea820f81144d2010fc3

                SHA512

                b31e6377134dfcbc3b03c6be30d20bb721ec9dc395f68e497292469eff39dbd543e30593d0e18ba4548cb1c85f0e9b0a3c2ea8a4fb2ec8134a3ff93005daad79

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll

                Filesize

                633KB

                MD5

                cde4b35881e5880a46998c1a471aefe9

                SHA1

                a843a8ef2c89ae8f1f6248d5181e2db7949482de

                SHA256

                3c5c2d8317ea31ee434d64cf31207c42564f68aa065715a13b5e544cbe0af514

                SHA512

                c5843c6d08f1da90efe71529d29bf181f14f25fb4805bfb70781accec23a7a72b4af05773e159bb53f206a57b95c3d1c19c5d0ae28cd9533142f9a565d02db9d

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe

                Filesize

                754KB

                MD5

                2924007c83434aa7aa9d4a826d2fe3b7

                SHA1

                3265b45b2cad83181279ba3563d03bd515989d6b

                SHA256

                9b117bbb0531bf51c631657dea70202e17adafd67532220a24039dd993d254ef

                SHA512

                8423404cc5eea8ce45f4e9293fdbd57b057753128b77ef0c0e7d36979050d5e0e26c32759f546015f6175a0ee30fd4f7ca9f817bd2db444110f3133dc10f202a

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe

                Filesize

                2.0MB

                MD5

                33dfb58d1063f5432a7684dea952a3b5

                SHA1

                8711d06889c58090a1fa692ec0cc31798ddcb2b4

                SHA256

                e0bcb4bdb49c8a311504fbec0ef824576447eda35a69300a976c4812ce12d754

                SHA512

                63508f7cd6e2fd586d99038466b205bd1e827b3bcdabbdf3de7d4474598c562bf36d06e7c095e04c57c22b2537ba06c0911ebf8be424bfb56ff81ddb623c0034

              • C:\Users\Admin\AppData\Local\Programs\PollyMC\zlib1.dll

                Filesize

                108KB

                MD5

                17d86210bfddc727ba2751fd02c533e1

                SHA1

                c1c53c48c78852003045114c030747dcff017aa9

                SHA256

                7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8

                SHA512

                c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152

              • C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\System.dll

                Filesize

                12KB

                MD5

                cff85c549d536f651d4fb8387f1976f2

                SHA1

                d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

                SHA256

                8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

                SHA512

                531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

              • C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\modern-wizard.bmp

                Filesize

                25KB

                MD5

                cbe40fd2b1ec96daedc65da172d90022

                SHA1

                366c216220aa4329dff6c485fd0e9b0f4f0a7944

                SHA256

                3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

                SHA512

                62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

              • C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\nsDialogs.dll

                Filesize

                9KB

                MD5

                6c3f8c94d0727894d706940a8a980543

                SHA1

                0d1bcad901be377f38d579aafc0c41c0ef8dcefd

                SHA256

                56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

                SHA512

                2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

              • C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\nsExec.dll

                Filesize

                7KB

                MD5

                675c4948e1efc929edcabfe67148eddd

                SHA1

                f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

                SHA256

                1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

                SHA512

                61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

              • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg

                Filesize

                116B

                MD5

                8391487f5cc3fe04bda14b0a47ff556b

                SHA1

                e3d5359e065699aa8a14c3e93ed280dee8d1e7b2

                SHA256

                fecc5c513d86bfd3a01c65e48dd3c6674d320b0db7fb8ee411fcc05aafe891df

                SHA512

                131f7625f50abf7099835cfdda421b5f268a153e5d5023f77e66543537ae3cdae3cebebd2289d9fec0b5d5b39cc6ffd0f1423450bfe797fa53aae06740e5d83c

              • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock

                Filesize

                60B

                MD5

                aa9e772143d71ce7f39aa5e3098e45a6

                SHA1

                b8aa585f6fed2363c33f1f96302e7483b9416e66

                SHA256

                380adc99e6a09b8299b664ac6500b897c69e5eea878f7ed6d71e751e2e92d9bc

                SHA512

                0b4fd6eca40defd81e66df463e58cec6b99c6846f3a67fb787a41b3dfd605652a43a5e1d34f797d763c0ca1805533bcc104b72640e5fda8b41389c9940644d80

              • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.mvybDY

                Filesize

                30B

                MD5

                a6dc16331f06bc5831e5ddc9799284ec

                SHA1

                d344f83d549df8c3e2c959182ba37f8c81d885a5

                SHA256

                9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

                SHA512

                43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

              • memory/548-279-0x000001D11B930000-0x000001D11C930000-memory.dmp

                Filesize

                16.0MB

              • memory/1272-295-0x00000214444B0000-0x00000214444B1000-memory.dmp

                Filesize

                4KB

              • memory/1272-299-0x0000021445D90000-0x0000021446000000-memory.dmp

                Filesize

                2.4MB

              • memory/3064-212-0x00007FF8EE740000-0x00007FF8EECF8000-memory.dmp

                Filesize

                5.7MB

              • memory/3064-228-0x00007FF8EB4E0000-0x00007FF8EB4F5000-memory.dmp

                Filesize

                84KB

              • memory/3064-175-0x00007FF6950B0000-0x00007FF695D94000-memory.dmp

                Filesize

                12.9MB

              • memory/3064-211-0x00007FF8EE000000-0x00007FF8EE73D000-memory.dmp

                Filesize

                7.2MB

              • memory/3064-217-0x00007FF8EF4C0000-0x00007FF8EF4EC000-memory.dmp

                Filesize

                176KB

              • memory/3064-214-0x00007FF8FEB30000-0x00007FF8FEB8C000-memory.dmp

                Filesize

                368KB

              • memory/3064-229-0x00007FF8EB460000-0x00007FF8EB4B4000-memory.dmp

                Filesize

                336KB

              • memory/3064-185-0x00007FF8EE740000-0x00007FF8EECF8000-memory.dmp

                Filesize

                5.7MB

              • memory/3064-216-0x00007FF8F6310000-0x00007FF8F633B000-memory.dmp

                Filesize

                172KB

              • memory/3064-246-0x00007FF8EB320000-0x00007FF8EB357000-memory.dmp

                Filesize

                220KB

              • memory/3064-215-0x00007FF903680000-0x00007FF9036BA000-memory.dmp

                Filesize

                232KB

              • memory/3064-213-0x00007FF8EF220000-0x00007FF8EF38A000-memory.dmp

                Filesize

                1.4MB

              • memory/3064-209-0x00007FF8EDE30000-0x00007FF8EDFF6000-memory.dmp

                Filesize

                1.8MB

              • memory/3064-210-0x00007FF8EBB70000-0x00007FF8EBE3F000-memory.dmp

                Filesize

                2.8MB

              • memory/3252-301-0x000001EF8BCB0000-0x000001EF8CCB0000-memory.dmp

                Filesize

                16.0MB

              • memory/4848-298-0x0000021F65700000-0x0000021F65970000-memory.dmp

                Filesize

                2.4MB