Resubmissions

23/02/2024, 13:06

240223-qcaxlagh64 7

23/02/2024, 12:51

240223-p3xnlsgf64 7

23/02/2024, 12:34

240223-prvd4sgc56 8

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23/02/2024, 12:51

General

  • Target

    PollyMC-Windows-MinGW-w64-Setup-8.0.exe

  • Size

    36.6MB

  • MD5

    77f098ad333889de410f665e4f9a8702

  • SHA1

    6b8e8abe6a374f02a88058961f180818cfcf7670

  • SHA256

    1c04ed11ce29fcfc3186144f0f907b70296132eb3db89044463cb14b97eb87d0

  • SHA512

    711326a015e02dd4789023fbefeaedc769d0ef33668497c107cb3c512a2acc2fa312d3cd5011d3a510ccb87ce236bfe0fc1d4b253b332c2e6ecd9ff6e7c6af9c

  • SSDEEP

    786432:2KQbhz5LGoCjmcE/ppyp22HaxvPAXkFeOLV61DDKr0wlqDIgtQ:2FLCjmphS2iSvfJLQxKr0wlw2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 55 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
    "C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3656
    • C:\Windows\SysWOW64\TaskKill.exe
      TaskKill /IM pollymc.exe /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3812
    • C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
      "C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
        3⤵
          PID:4876
        • C:\Program Files\Java\jdk-1.8\bin\javaw.exe
          "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
          3⤵
            PID:3168
          • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
            javaw -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1784
            • C:\Windows\system32\icacls.exe
              C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
              4⤵
              • Modifies file permissions
              PID:2892
          • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
            "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
            3⤵
              PID:2368
            • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
              "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
              3⤵
                PID:1580
              • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
                "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
                3⤵
                  PID:4608

            Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll

                    Filesize

                    768KB

                    MD5

                    d3f8ad5fd2a8de66b4a692fb0801c12c

                    SHA1

                    854ba22f19eb5eed86e486191072ef1cf322dff3

                    SHA256

                    0be25fa86b2142ee8a5c5d792bef726b703122e5157661b0ac6276e5a30dad17

                    SHA512

                    9e20229748021f802cecdd4ef1cd451dc86b539474fa4321bacb3d6a195d4d78aef00197ec730fbad0acace50efc2296d71abc9c087a39d8c9da9eeb510497b9

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll

                    Filesize

                    4.4MB

                    MD5

                    9ec38e133a0e33ab8f9fe5fc2419b444

                    SHA1

                    3845d6ff175adc0d92b9a047736a147d4b57475a

                    SHA256

                    e67bbaf4a5a5f11f6411eb543233ceeb14776ded8e6840ff5ae64b31a890c980

                    SHA512

                    3b81b02566e39e67ed012ab71910d62ccd0be101eb9787786397510f9fce7dd8e205e7f72e3747dc0b2625b547873d61a69bc43678ec4f2c8279a5183b69a791

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core5Compat.dll

                    Filesize

                    408KB

                    MD5

                    ab88dd4c87ff60a81b698c5b194d0d92

                    SHA1

                    a5c114e642297ee477db5f38286d5e24eafe1920

                    SHA256

                    792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5

                    SHA512

                    43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll

                    Filesize

                    627KB

                    MD5

                    cbaa5c0de9f6b28e8c8e2f5ff774636d

                    SHA1

                    fc3d95e5c248d6634ccf6802be02e1c1d640438f

                    SHA256

                    a179c877ff8530b372efee6be7cecf4118605e2da336331db8c0f1ed9ee269fd

                    SHA512

                    fd7ff753fb4990e73be006304f06ef58270fd1113ae929a3d620afec848303f0552cd922c504c141b9971dc5672fcde045833aed0f1660a3e16ab96d0c774266

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll

                    Filesize

                    4.1MB

                    MD5

                    b3bb49d8407734f515162fa889c22286

                    SHA1

                    70dda304976db1f63356403bef091d217881df6e

                    SHA256

                    31728abf03ef28b178f60a0525a21e12d6cc2d6ab591c00c8aef2c8d0cd14d39

                    SHA512

                    d12b00d447562f2f54edbc6e9131295e44eaff6c334cf13c1b12a3cfa2cec4738100fe4be979b92854c72f102e31dae59d27d60eda38c6da396b97059ea64e5e

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll

                    Filesize

                    4.4MB

                    MD5

                    666bdcc222fdc795da8cc2076a26a72b

                    SHA1

                    9cf75109ffa62cdafa2e05181c3160d38ecfd0b5

                    SHA256

                    ccbdea1ce6ea884867203ed186a26a88a34fa2cf1657865e333b3d32a8af952f

                    SHA512

                    ef4456ad3a8c34cce1994d78a686bb3e1553bae22adb8ae7da209ac0a067fdf83b2a2acf3f93276f239bdbe1e2ac8177aab6dc858992562f6a72c20bf7a8f598

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll

                    Filesize

                    192KB

                    MD5

                    eb7b7d23ba50e5abfe3f97e058812959

                    SHA1

                    be25e3c3396ccc87873d4bcf0e2ec296aac0e32d

                    SHA256

                    87f42f85375a7e0980e16c38344944ec9fdac8dfd0173a4a76adb8e52f4eb6fc

                    SHA512

                    c4c629aee442315e22916c0979547d328fd25d3e53fe06b28a2a190810377b6f6b3825bc453a37fa8a2dd0e7579903b334f33c960bf1a6d4122de41ba563d4b9

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll

                    Filesize

                    2.0MB

                    MD5

                    0f315a61e5d7a8693c55458f9576f292

                    SHA1

                    8a9e1caea0f3f629f3def7d05e047a9bf0173942

                    SHA256

                    ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8

                    SHA512

                    de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll

                    Filesize

                    512KB

                    MD5

                    022ddc0cb35bdd36bbe37d7658c9f75e

                    SHA1

                    23055d5692d89b63204f6f5dd0d17c93d477d04c

                    SHA256

                    560cbd8c7b1db7ac0d9115c2ce02afc675a01720653a5a2078119c9f3a6df4a2

                    SHA512

                    65ff2074a7ca1eb89a863000444822a82b3b71db9e13ca5506ea47877762ef4af4d66bef1c3f4e0888f090a110cfbc24e49c54aa37355645fb2efb6d5eac1780

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll

                    Filesize

                    4.3MB

                    MD5

                    7516b92902253dc13bdb1f60fe6e2e3e

                    SHA1

                    5fc7ad8b4624f1bab9541bb0c3629528a13b170f

                    SHA256

                    96f36cdbb385d9d294944d05ec1645aaef4f9313a81e2c7c1091f28ffffdd494

                    SHA512

                    2e43c4f84323a9d5653f91b261f814964cfbfb2abc7bda3cbd1a3ca1ca8d6e54da54738f26c742f05620e2edf6168e2ac2b78a7c5cf94cf425bea6d6587d4e3d

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Xml.dll

                    Filesize

                    187KB

                    MD5

                    63e76c8c687df6aec9f41e3d8a1d0746

                    SHA1

                    7577d4d681c012a3ded924e2f30aa6969ca5e815

                    SHA256

                    04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e

                    SHA512

                    e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libb2-1.dll

                    Filesize

                    42KB

                    MD5

                    87ab9208b130b7d7b2dbf6e887aafc5f

                    SHA1

                    afc23cf59beea5dea0e7b4d7f96b936ab4594511

                    SHA256

                    d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af

                    SHA512

                    fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlicommon.dll

                    Filesize

                    145KB

                    MD5

                    00bc42b62d1a5adeb2f599a591403d9a

                    SHA1

                    42fb609f84e1fa97451a10aba914cda6db950b06

                    SHA256

                    fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7

                    SHA512

                    2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlidec.dll

                    Filesize

                    63KB

                    MD5

                    6b933641e6a997c2a100191783370ce9

                    SHA1

                    0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f

                    SHA256

                    ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27

                    SHA512

                    6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libbz2-1.dll

                    Filesize

                    96KB

                    MD5

                    b843434a8eae82adea4f9eaa2fbffe47

                    SHA1

                    b34aaa305cfc1a4936a88592b5689b0c978ffaa4

                    SHA256

                    22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9

                    SHA512

                    9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll

                    Filesize

                    512KB

                    MD5

                    4f00b5dc128eaaf2f2c639cf37f4bd52

                    SHA1

                    e265e3e22aabf45d3702522a84fcb6b6443bad14

                    SHA256

                    b29808898336dbcdbe7de56a1d59cf6d675f715e306fced20480dbfd9737e6df

                    SHA512

                    ee303930d47dcaebb3d4d7c6b7a2648c2003e1b155a8e7fe78598dc239996b46a3ea262367032a2ef0c8f56bb0e3906fcfb1254e65694022f5aa0469ccb7c123

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll

                    Filesize

                    192KB

                    MD5

                    e869660982276c16de6f39a99210aad7

                    SHA1

                    d6e2075f5e6ec09ed840eb1dab4bee845c730e9f

                    SHA256

                    0c965d6756806d4ee7799b2c8dbe65fe1435901ccae6a78b37b3ba8612b3f892

                    SHA512

                    7b9aedb467dc62a9639f2ea066619718031b76e9bf76be9da40cf6169ab2e44854d42057491351c02624eac3ac0f2f57022ab058c4853cf7d3eab35fa77d96f8

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libcmark.dll

                    Filesize

                    249KB

                    MD5

                    f5f97439ea8c9b6ee10b76b9f94e2fde

                    SHA1

                    4e1ba63e394087fadbb908274b6ae77c3b92b59f

                    SHA256

                    503c476dbc9f57cacff1062e6bc48f70e3d9f00453180ba7bc4cbf4373810fa6

                    SHA512

                    091e2997e29862aae35d9d9deb7db83356933cb3de89f80f5a239f9f3914d8f4218a1f2393055000707826baae9c4f4a3f43625a4eb3fd4f098f91ca34fe819b

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libdouble-conversion.dll

                    Filesize

                    78KB

                    MD5

                    20d6fca191ec4998242748eb54df4905

                    SHA1

                    e2d5afc4a3778c73762ebb4af9c446689a355a92

                    SHA256

                    52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7

                    SHA512

                    49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libfreetype-6.dll

                    Filesize

                    828KB

                    MD5

                    7e0efe15a52434441699b4e18a403012

                    SHA1

                    d4564f3ba2e8236003d13e2e5bce71248fc655c6

                    SHA256

                    7a3258d807643e786983c107c49a9bcbe9bc755bc0a32e0f548d3bf8c048e818

                    SHA512

                    b60c46832556fcceaebd81f72667c6548e4f0c1655bb2d9a8e424564751fe46a766339850c92a4145064c3439a020ff23734228abc7151e1dfdf1b76f5ca2916

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll

                    Filesize

                    1.5MB

                    MD5

                    e5cac1960181ceee198818ed98aab8e0

                    SHA1

                    9de2f0aef00de17855a7232a99e07e21661d0da8

                    SHA256

                    451f6de29a44a7a525d1c43e3439837e4afe5bcd0cfc1b8715bcc85ae2556d4e

                    SHA512

                    11ff53b6ce7bed01c0935b6d336262f646b35c9083cc88c721acddf838bccfc0b9f71e11514e97815c008a6c7bd93767ac3c79be1917c925c5bc67682a969c19

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libgraphite2.dll

                    Filesize

                    149KB

                    MD5

                    c8dfe47f78c491446d7b1c39449d82be

                    SHA1

                    218fab832b78f14072be0d2f9d7d9775bba24323

                    SHA256

                    51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4

                    SHA512

                    39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libharfbuzz-0.dll

                    Filesize

                    1.2MB

                    MD5

                    4234bf41775eda6bbe8fe5991184b8e1

                    SHA1

                    cf4e906b6eda0e8bdb50cd6f53e9b13f058d5716

                    SHA256

                    cd99ef0a232ec917816e8be1792213fb00a196b9428e9cb0a6cd022fc5f04ffd

                    SHA512

                    8331d5e039fb8c766f64670096c07c866826786cbe4802418ed2ab6eb38a2bd1e57bdb85e0d06a431883b87ba8943366013d26a8ae5d790e6fa93ae11743566c

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll

                    Filesize

                    1.1MB

                    MD5

                    57167d5e13651c542045b72d880b950d

                    SHA1

                    0a7adf978a50576cc0e2e4f7c1361e8544ee1dcc

                    SHA256

                    1cee2939e385258fe32fdf010b878c4c695c784cc78eb47916b7f142c393453a

                    SHA512

                    2d72ecb78911157c0dee9ef763424fc95794616475b2db5f0100d43c0fec83631382c1ac3ff715d0e1c0c5f1679a383cccf88173d5cd38b0e0a668feaf981fe2

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll

                    Filesize

                    3.3MB

                    MD5

                    bfbc59dbaafec6562bcba743cd0563aa

                    SHA1

                    4a7f04018348b389ad1e59303e18e6ce469c3d62

                    SHA256

                    8e2caeca1ce8035cf26f3cdf1a60cbf9ec94723d430433286cceb9c60b8d0b73

                    SHA512

                    8b71d034993de35585a38ddbfdcffc05262157b32d7105df72e4c1b50017aee926587f1ec0e9f9024f4729023b97dc36d9f0d7097c10c86d371e893ce5c52218

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll

                    Filesize

                    3.5MB

                    MD5

                    4ecebb81171478eb0ea25486d8f0e877

                    SHA1

                    fc64cf8c67825ba28a7aff8778f0503a0f5cbaea

                    SHA256

                    6a94f8630b1207ac14460c7baed819133bf96b06e33a86ec98c5487c0a2e351a

                    SHA512

                    330492251c3e52b084e8349d01dc36b6d8552ddb91767095a1a888da9dfc93cf489ed0b55a49eb1becaa31886600a23ae8f8dc372cf9a24954bbe2b8fb3ea675

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll

                    Filesize

                    128KB

                    MD5

                    d12dccdf41cc425bf2a7d387d788d24f

                    SHA1

                    61f297bfb4908cfff8c9fdd45be76f208a6836a0

                    SHA256

                    76eeee6063949f989bfdfc3a6350a87a316d9e883223b709647e70c884aa103d

                    SHA512

                    da3a29fd446ad2ad4d446462abf1a2cf02af5b2cd5c362012733daa73cb402817eb7eaf34fbde641a771e51a3a1ed437769366ae3120af9252d96cd69d5c8160

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll

                    Filesize

                    2.0MB

                    MD5

                    36d2fa039a890672c8cf67fae90d0658

                    SHA1

                    cd0991e07eb8540d2a034c3060543be91029dcfe

                    SHA256

                    111f1a66b1f3d380f2782e00b964eaf4d9fa4aaf64efc3d0010fd261d8872755

                    SHA512

                    2206f368e1d93af09f70ebb66e47a26d7177e7363059811f52e99ed6e6b3780c89ce01c457cddc53496da917f72f1adc74b9ffc343ade09bde0fad525e8467ce

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libintl-8.dll

                    Filesize

                    196KB

                    MD5

                    e3de79fc630d7fabb9118a4f7ea53971

                    SHA1

                    dcd7b2f6d68f897501b6464588537f452ec29726

                    SHA256

                    4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb

                    SHA512

                    47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libmd4c.dll

                    Filesize

                    78KB

                    MD5

                    09eee10544ef56a8fa86517fa80f2bf5

                    SHA1

                    68977088641b2356fccbcaefd4cf0cd37aeb68ca

                    SHA256

                    bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06

                    SHA512

                    5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libmd4c.dll

                    Filesize

                    14KB

                    MD5

                    0423171e4336ab4edc15d3c259acb493

                    SHA1

                    ae3edb580215fbbb82df8ccfd01efa6fb930263c

                    SHA256

                    788cd4a59811f9c19f54f64a59dfd2f1dabddd5434152dbd51032beebc32b017

                    SHA512

                    08bf2b19d7d66231cb04340ac280e52fb64251ba0e310b3f7b1c863285462ca99e5b53a127a6c6a07e367ea6e72e4bb1db2106651ed0ce55dc3e4d9e667e0e1b

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-16-0.dll

                    Filesize

                    353KB

                    MD5

                    e5609c3469858b9f5ce8bb294275cd22

                    SHA1

                    47229f6eb790ad7d1b56f1e06c913850a8591e81

                    SHA256

                    285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d

                    SHA512

                    eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-8-0.dll

                    Filesize

                    392KB

                    MD5

                    15d5c11c10693fbf46c929f71b1de96d

                    SHA1

                    273a39b7bb3651bb51caf05504213303b341d942

                    SHA256

                    57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c

                    SHA512

                    70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libpng16-16.dll

                    Filesize

                    269KB

                    MD5

                    980ce62995e2b0fc6d809a64bfc02896

                    SHA1

                    601eca760fbea62b992f1bbc9ef83e6b33235392

                    SHA256

                    0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a

                    SHA512

                    d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll

                    Filesize

                    250KB

                    MD5

                    92fd1c7887462c3e2d8c4b75329c14d5

                    SHA1

                    3305b83190612b47a90f34e20687fc2159d8f7e7

                    SHA256

                    3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e

                    SHA512

                    61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll

                    Filesize

                    256KB

                    MD5

                    750c971e17a08e2943d84d6794cc610e

                    SHA1

                    c81c5692deccb796912cc80f95c2217a3122205f

                    SHA256

                    94ab3f6ac9cc76d8e92c65e2b4af8e48dd275478e9e2ed464444a773236e902a

                    SHA512

                    dcf9439bdf1fccad9d225eec27d3dd1e192cf1f2917d76baa60ac9c92f30000d60b97545a274e31fd203d03beea18aaf5b4eb64dca1a7a65819f0bb0cfc37b74

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll

                    Filesize

                    999KB

                    MD5

                    4cc2b0f5e67f781406696b8032f30b72

                    SHA1

                    cf957e5f56c148d8fcf005989da1443c55ef190e

                    SHA256

                    f9b8f326310503b8a79f8d16a80367728af0240af7cb3ea820f81144d2010fc3

                    SHA512

                    b31e6377134dfcbc3b03c6be30d20bb721ec9dc395f68e497292469eff39dbd543e30593d0e18ba4548cb1c85f0e9b0a3c2ea8a4fb2ec8134a3ff93005daad79

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe

                    Filesize

                    15.0MB

                    MD5

                    7e16ac22948dde905e026a5d90ec0769

                    SHA1

                    6557efdbd738f4f599f31cb237161cd02002131a

                    SHA256

                    1c036bf953ab1a11047fa460016b7f768e71cdea9ddc2c7bbef62ab2e93f9a35

                    SHA512

                    ce14f12b9d78a1a38f08154568e38fc5ce807c31c1e5125b2f766467c9bd29bb25b4ef51486b34dfa7647ed4c4fe505ef4f407e4183985d88a54c5f1f6925faa

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe

                    Filesize

                    448KB

                    MD5

                    562e3d1795a21a1787a2e825be45e097

                    SHA1

                    6d113b40bc0fb2aee4ceb0c15aa3701d222356fe

                    SHA256

                    304d948690e58dff2aa924e2f75c8c97516ff9c247a6ec9a3b280326cef61dfa

                    SHA512

                    423e2d144d0c7508aa36274cb9b3bc902a3395fe9c46845aa051ca71fbcfb23876554f227c1a0c8b0c195bc104d00aa787df756ce6ea1805d429e98f534b180f

                  • C:\Users\Admin\AppData\Local\Programs\PollyMC\zlib1.dll

                    Filesize

                    108KB

                    MD5

                    17d86210bfddc727ba2751fd02c533e1

                    SHA1

                    c1c53c48c78852003045114c030747dcff017aa9

                    SHA256

                    7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8

                    SHA512

                    c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152

                  • C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\System.dll

                    Filesize

                    12KB

                    MD5

                    cff85c549d536f651d4fb8387f1976f2

                    SHA1

                    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

                    SHA256

                    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

                    SHA512

                    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

                  • C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\modern-wizard.bmp

                    Filesize

                    25KB

                    MD5

                    cbe40fd2b1ec96daedc65da172d90022

                    SHA1

                    366c216220aa4329dff6c485fd0e9b0f4f0a7944

                    SHA256

                    3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

                    SHA512

                    62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

                  • C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\nsDialogs.dll

                    Filesize

                    9KB

                    MD5

                    6c3f8c94d0727894d706940a8a980543

                    SHA1

                    0d1bcad901be377f38d579aafc0c41c0ef8dcefd

                    SHA256

                    56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

                    SHA512

                    2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

                  • C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\nsExec.dll

                    Filesize

                    7KB

                    MD5

                    675c4948e1efc929edcabfe67148eddd

                    SHA1

                    f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

                    SHA256

                    1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

                    SHA512

                    61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

                  • C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg

                    Filesize

                    60B

                    MD5

                    5c37f07a846b5ec90150bb2cb48aa7f3

                    SHA1

                    a40b379e27cf1a0d855ec16ba3c3c2843c36191d

                    SHA256

                    b9f20ba25b868dc8f23d4a3204f295dbb5cd63a3ab09eed65f565133961b8e15

                    SHA512

                    06655fac8c56e89c05f2b5c76d08a314590e882405182506db0476a8a89ed743ef1eda38d35f384e2553302bf9117329c030cad62f4bb8adca8df1a07886d5aa

                  • C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg

                    Filesize

                    388B

                    MD5

                    2c5da1c1174ac4b5ea5b47c471fd1184

                    SHA1

                    fd559a6cb171790bb765bbcb35b46fd0744708bd

                    SHA256

                    2a82959cc65277e554fc00013a8ba2b48ae443bcdb2edc740475b8b706c15ec8

                    SHA512

                    d45e4c4375b38e3b72b817dbd64be04edef33e2138256e9f0ef0ebc6e985029494db558acd1e4151d3704f3685b55d018f7a5e247bdf7433029850ee50afe2b7

                  • C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg

                    Filesize

                    1KB

                    MD5

                    a2e680b768abdf301094570221982066

                    SHA1

                    7863cf7fe9daf50810256da7e9f462ea93f4a1e1

                    SHA256

                    dbd7820c59f05ee3d78690e69d08166e7943aaa3ebb653647e1e83dfd6f603c1

                    SHA512

                    7628cc3a7fc0afa3ba1b9595a0514459809a345e6cd54f1d7c43caad35c9ab6c4d7643e3ed031f45f33956571ad56ca9b0126a108e2ba81c3b387ac237404ea8

                  • C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg

                    Filesize

                    1KB

                    MD5

                    9468f5ed2e86f7ceabd217b01deff854

                    SHA1

                    b3ea276ddabfe0f92e3def7c042ebebc13a2faed

                    SHA256

                    451f34a96cb0df10794f118264a5a7f08e5073d8a13172ee57ca3b75d3cff467

                    SHA512

                    e4c98c7545265164016851ca71139900fb5d5ce5e96fa782fe670311d4bab7241e89b9d35e3b5ded6d12eae691529e3ef326a14da289884eeb0894c0779cc4cf

                  • C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\mmc-pack.json

                    Filesize

                    173B

                    MD5

                    e47778979f9a1578f98bb0049bbbeb3f

                    SHA1

                    ddc04137b7db5c9f44d41f1d79cffa4020cf49e9

                    SHA256

                    8591d96d38924850ca49696d18e39f05c71cdce6231d96d2597cb5c9909397d3

                    SHA512

                    d9e612acebf6f8a80c19d774f2025c42d27650c152dbf22616382dfc07d5aabceed9aa423afc87e5a75a19c53838c82f3fbf7af281a3bb63801907bbdfc61803

                  • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg

                    Filesize

                    116B

                    MD5

                    7f6d30b0d2518075150c7d3da3ad8c84

                    SHA1

                    b1f97c4974649da678fdb85afc2ae4584e682d94

                    SHA256

                    3ebc1bd214170e8029a6fc0f214fe89537130e2cad4516951a6dd945b79a2358

                    SHA512

                    a07c2916293ca417531b24f69453bdbca2fb6d71e7aebaf4172dc1a76c1747aef750b1d9ba0c43cadda941a761e26b4d22e354b617a0045a6688686202038e3f

                  • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg

                    Filesize

                    2KB

                    MD5

                    9e0619cd1d708f8b29f1611f367b1b43

                    SHA1

                    be769bac980905f9058baef9be86a90520c680d8

                    SHA256

                    9299298c1ecf14364cc86a724b449528c4dc7bc5c6bb71f74cc7242ce4282ec6

                    SHA512

                    4e1853f672e8b835bb0978285a314e35f3a93d4385f2b04fba61ec1dd7261a369b85b645973f960e6e04833362f2f60f0039d62e76a3753ae4aef2ef6e1040f8

                  • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg

                    Filesize

                    228B

                    MD5

                    d1a76b43313af4cd78182660a0ac434d

                    SHA1

                    26c2b9b8162a47dcae4a4c6d3dc173a7385d0bbf

                    SHA256

                    62338749abc6ea8fb6919b7bf4ed20df854f0596528ea6677e8f37a03d122607

                    SHA512

                    cf95f6628c693b71afa6dbe11735505a93b1a646f9f02d76c679e12d5388f7e4b85a83a8f60559436c9c8745e350efa68c7e26224ed896fcdd96072d05adc1ff

                  • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg

                    Filesize

                    2KB

                    MD5

                    f5230717ad9de2af61194e6803e5d32b

                    SHA1

                    95a6a692274bcc82decd04a2ddce836bc2a9d4c3

                    SHA256

                    522388acb56ca405504494f28d527bfbdf4c31c91e7cf4a717bdc50932f05d6b

                    SHA512

                    b0e731193276afeacb749e82426f34cfadb4bd4f6821b2b28a13416e6fb79116bc7d79160a60ded1584fc07819ca2fa72f0e4a508a67fb76ae14b2589087c4c0

                  • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg

                    Filesize

                    2KB

                    MD5

                    2fe5f6ca557c288f2cbc7f4654b6cc15

                    SHA1

                    6f3547fdcdb2099ec1cab0d1ddbe491effbf834a

                    SHA256

                    65b6786df8f921e6b1a63d88e91a50aa1a021ff764a65f6ec71fbae612e1ce32

                    SHA512

                    711ed738b8200bdaff383777020fcd126def978c272f54546bd3555af5f5d97a6657499780cb62c3fd330e8b4920803fad28ee10a3356c722fa1261049733f3e

                  • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.VabpXH

                    Filesize

                    30B

                    MD5

                    a6dc16331f06bc5831e5ddc9799284ec

                    SHA1

                    d344f83d549df8c3e2c959182ba37f8c81d885a5

                    SHA256

                    9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

                    SHA512

                    43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

                  • C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock

                    Filesize

                    60B

                    MD5

                    3de20e38394aac729405fcdb49eef09f

                    SHA1

                    c0e06cf5a69dfb243b16c467f903a31ac2b70428

                    SHA256

                    c703f3bc55aa2c930cf4b57fa09254bd8120d16b2d78072d11c622606611feb4

                    SHA512

                    26806076cb3a33b5e980eac940252b3bd012431d6361a5a2b9d318dc2f8a69618eb75cabe8724c285aa732c6d37f3013fa70ad7835283abe446e2ce88be2dcf4

                  • memory/1580-332-0x000002C1B1DF0000-0x000002C1B2DF0000-memory.dmp

                    Filesize

                    16.0MB

                  • memory/1580-330-0x000002C1B0520000-0x000002C1B0521000-memory.dmp

                    Filesize

                    4KB

                  • memory/1580-357-0x000002C1B1DF0000-0x000002C1B2DF0000-memory.dmp

                    Filesize

                    16.0MB

                  • memory/1784-303-0x000001D5DF310000-0x000001D5DF311000-memory.dmp

                    Filesize

                    4KB

                  • memory/1784-315-0x000001D5E0BF0000-0x000001D5E0E60000-memory.dmp

                    Filesize

                    2.4MB

                  • memory/2368-307-0x000002774F400000-0x000002774F401000-memory.dmp

                    Filesize

                    4KB

                  • memory/2368-316-0x0000027750CC0000-0x0000027750F30000-memory.dmp

                    Filesize

                    2.4MB

                  • memory/2468-216-0x00007FFA7EA60000-0x00007FFA7EBCA000-memory.dmp

                    Filesize

                    1.4MB

                  • memory/2468-215-0x00007FFA7EBD0000-0x00007FFA7F188000-memory.dmp

                    Filesize

                    5.7MB

                  • memory/2468-194-0x00007FF6EEE60000-0x00007FF6EFB44000-memory.dmp

                    Filesize

                    12.9MB

                  • memory/2468-211-0x00007FFA7EBD0000-0x00007FFA7F188000-memory.dmp

                    Filesize

                    5.7MB

                  • memory/2468-212-0x00007FFA7DC30000-0x00007FFA7DDF6000-memory.dmp

                    Filesize

                    1.8MB

                  • memory/2468-249-0x00007FFA7B170000-0x00007FFA7B1A7000-memory.dmp

                    Filesize

                    220KB

                  • memory/2468-232-0x00007FFA7B290000-0x00007FFA7B2E4000-memory.dmp

                    Filesize

                    336KB

                  • memory/2468-231-0x00007FFA840A0000-0x00007FFA840B5000-memory.dmp

                    Filesize

                    84KB

                  • memory/2468-213-0x00007FFA7D670000-0x00007FFA7D93F000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/2468-220-0x00007FFA892A0000-0x00007FFA892CC000-memory.dmp

                    Filesize

                    176KB

                  • memory/2468-214-0x00007FFA7DE00000-0x00007FFA7E53D000-memory.dmp

                    Filesize

                    7.2MB

                  • memory/2468-217-0x00007FFA90340000-0x00007FFA9039C000-memory.dmp

                    Filesize

                    368KB

                  • memory/2468-218-0x00007FFA903A0000-0x00007FFA903DA000-memory.dmp

                    Filesize

                    232KB

                  • memory/2468-219-0x00007FFA90EA0000-0x00007FFA90ECB000-memory.dmp

                    Filesize

                    172KB

                  • memory/3168-305-0x0000028A218C0000-0x0000028A218C1000-memory.dmp

                    Filesize

                    4KB

                  • memory/3168-336-0x0000028A23160000-0x0000028A24160000-memory.dmp

                    Filesize

                    16.0MB

                  • memory/3168-300-0x0000028A23160000-0x0000028A24160000-memory.dmp

                    Filesize

                    16.0MB

                  • memory/4608-812-0x000001FA00000000-0x000001FA01000000-memory.dmp

                    Filesize

                    16.0MB

                  • memory/4608-817-0x000001FA7B390000-0x000001FA7B391000-memory.dmp

                    Filesize

                    4KB

                  • memory/4876-314-0x000001B2DBAD0000-0x000001B2DBD40000-memory.dmp

                    Filesize

                    2.4MB

                  • memory/4876-309-0x000001B2DA260000-0x000001B2DA261000-memory.dmp

                    Filesize

                    4KB