Analysis Overview
SHA256
1c04ed11ce29fcfc3186144f0f907b70296132eb3db89044463cb14b97eb87d0
Threat Level: Shows suspicious behavior
The file PollyMC-Windows-MinGW-w64-Setup-8.0.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Unsigned PE
Enumerates physical storage devices
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:51
Reported
2024-02-23 12:56
Platform
win11-20240221-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\curseforge | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\curseforge\URL Protocol | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\curseforge\shell\open\command | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\curseforge\shell | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\curseforge\shell\open | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PollyMC\\pollymc.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
C:\Windows\SysWOW64\TaskKill.exe
TaskKill /IM pollymc.exe /F
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
"C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 185.199.110.153:443 | meta.unmojang.org | tcp |
| US | 8.8.8.8:53 | 153.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| DE | 207.180.202.55:443 | cf.polymc.org | tcp |
| DE | 3.70.101.28:443 | prismlauncher.org | tcp |
| US | 185.199.109.153:443 | meta.unmojang.org | tcp |
| US | 185.199.109.153:443 | meta.unmojang.org | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\nsExec.dll
| MD5 | 675c4948e1efc929edcabfe67148eddd |
| SHA1 | f5bdd2c4329ed2732ecfe3423c3cc482606eb28e |
| SHA256 | 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906 |
| SHA512 | 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 7e16ac22948dde905e026a5d90ec0769 |
| SHA1 | 6557efdbd738f4f599f31cb237161cd02002131a |
| SHA256 | 1c036bf953ab1a11047fa460016b7f768e71cdea9ddc2c7bbef62ab2e93f9a35 |
| SHA512 | ce14f12b9d78a1a38f08154568e38fc5ce807c31c1e5125b2f766467c9bd29bb25b4ef51486b34dfa7647ed4c4fe505ef4f407e4183985d88a54c5f1f6925faa |
C:\Users\Admin\AppData\Local\Temp\nsb4AF4.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 562e3d1795a21a1787a2e825be45e097 |
| SHA1 | 6d113b40bc0fb2aee4ceb0c15aa3701d222356fe |
| SHA256 | 304d948690e58dff2aa924e2f75c8c97516ff9c247a6ec9a3b280326cef61dfa |
| SHA512 | 423e2d144d0c7508aa36274cb9b3bc902a3395fe9c46845aa051ca71fbcfb23876554f227c1a0c8b0c195bc104d00aa787df756ce6ea1805d429e98f534b180f |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | cbaa5c0de9f6b28e8c8e2f5ff774636d |
| SHA1 | fc3d95e5c248d6634ccf6802be02e1c1d640438f |
| SHA256 | a179c877ff8530b372efee6be7cecf4118605e2da336331db8c0f1ed9ee269fd |
| SHA512 | fd7ff753fb4990e73be006304f06ef58270fd1113ae929a3d620afec848303f0552cd922c504c141b9971dc5672fcde045833aed0f1660a3e16ab96d0c774266 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll
| MD5 | 4f00b5dc128eaaf2f2c639cf37f4bd52 |
| SHA1 | e265e3e22aabf45d3702522a84fcb6b6443bad14 |
| SHA256 | b29808898336dbcdbe7de56a1d59cf6d675f715e306fced20480dbfd9737e6df |
| SHA512 | ee303930d47dcaebb3d4d7c6b7a2648c2003e1b155a8e7fe78598dc239996b46a3ea262367032a2ef0c8f56bb0e3906fcfb1254e65694022f5aa0469ccb7c123 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | 022ddc0cb35bdd36bbe37d7658c9f75e |
| SHA1 | 23055d5692d89b63204f6f5dd0d17c93d477d04c |
| SHA256 | 560cbd8c7b1db7ac0d9115c2ce02afc675a01720653a5a2078119c9f3a6df4a2 |
| SHA512 | 65ff2074a7ca1eb89a863000444822a82b3b71db9e13ca5506ea47877762ef4af4d66bef1c3f4e0888f090a110cfbc24e49c54aa37355645fb2efb6d5eac1780 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | d3f8ad5fd2a8de66b4a692fb0801c12c |
| SHA1 | 854ba22f19eb5eed86e486191072ef1cf322dff3 |
| SHA256 | 0be25fa86b2142ee8a5c5d792bef726b703122e5157661b0ac6276e5a30dad17 |
| SHA512 | 9e20229748021f802cecdd4ef1cd451dc86b539474fa4321bacb3d6a195d4d78aef00197ec730fbad0acace50efc2296d71abc9c087a39d8c9da9eeb510497b9 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll
| MD5 | eb7b7d23ba50e5abfe3f97e058812959 |
| SHA1 | be25e3c3396ccc87873d4bcf0e2ec296aac0e32d |
| SHA256 | 87f42f85375a7e0980e16c38344944ec9fdac8dfd0173a4a76adb8e52f4eb6fc |
| SHA512 | c4c629aee442315e22916c0979547d328fd25d3e53fe06b28a2a190810377b6f6b3825bc453a37fa8a2dd0e7579903b334f33c960bf1a6d4122de41ba563d4b9 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll
| MD5 | e869660982276c16de6f39a99210aad7 |
| SHA1 | d6e2075f5e6ec09ed840eb1dab4bee845c730e9f |
| SHA256 | 0c965d6756806d4ee7799b2c8dbe65fe1435901ccae6a78b37b3ba8612b3f892 |
| SHA512 | 7b9aedb467dc62a9639f2ea066619718031b76e9bf76be9da40cf6169ab2e44854d42057491351c02624eac3ac0f2f57022ab058c4853cf7d3eab35fa77d96f8 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll
| MD5 | d12dccdf41cc425bf2a7d387d788d24f |
| SHA1 | 61f297bfb4908cfff8c9fdd45be76f208a6836a0 |
| SHA256 | 76eeee6063949f989bfdfc3a6350a87a316d9e883223b709647e70c884aa103d |
| SHA512 | da3a29fd446ad2ad4d446462abf1a2cf02af5b2cd5c362012733daa73cb402817eb7eaf34fbde641a771e51a3a1ed437769366ae3120af9252d96cd69d5c8160 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll
| MD5 | 750c971e17a08e2943d84d6794cc610e |
| SHA1 | c81c5692deccb796912cc80f95c2217a3122205f |
| SHA256 | 94ab3f6ac9cc76d8e92c65e2b4af8e48dd275478e9e2ed464444a773236e902a |
| SHA512 | dcf9439bdf1fccad9d225eec27d3dd1e192cf1f2917d76baa60ac9c92f30000d60b97545a274e31fd203d03beea18aaf5b4eb64dca1a7a65819f0bb0cfc37b74 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libb2-1.dll
| MD5 | 87ab9208b130b7d7b2dbf6e887aafc5f |
| SHA1 | afc23cf59beea5dea0e7b4d7f96b936ab4594511 |
| SHA256 | d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af |
| SHA512 | fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libmd4c.dll
| MD5 | 0423171e4336ab4edc15d3c259acb493 |
| SHA1 | ae3edb580215fbbb82df8ccfd01efa6fb930263c |
| SHA256 | 788cd4a59811f9c19f54f64a59dfd2f1dabddd5434152dbd51032beebc32b017 |
| SHA512 | 08bf2b19d7d66231cb04340ac280e52fb64251ba0e310b3f7b1c863285462ca99e5b53a127a6c6a07e367ea6e72e4bb1db2106651ed0ce55dc3e4d9e667e0e1b |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-8-0.dll
| MD5 | 15d5c11c10693fbf46c929f71b1de96d |
| SHA1 | 273a39b7bb3651bb51caf05504213303b341d942 |
| SHA256 | 57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c |
| SHA512 | 70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19 |
memory/2468-194-0x00007FF6EEE60000-0x00007FF6EFB44000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlicommon.dll
| MD5 | 00bc42b62d1a5adeb2f599a591403d9a |
| SHA1 | 42fb609f84e1fa97451a10aba914cda6db950b06 |
| SHA256 | fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7 |
| SHA512 | 2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll
| MD5 | 57167d5e13651c542045b72d880b950d |
| SHA1 | 0a7adf978a50576cc0e2e4f7c1361e8544ee1dcc |
| SHA256 | 1cee2939e385258fe32fdf010b878c4c695c784cc78eb47916b7f142c393453a |
| SHA512 | 2d72ecb78911157c0dee9ef763424fc95794616475b2db5f0100d43c0fec83631382c1ac3ff715d0e1c0c5f1679a383cccf88173d5cd38b0e0a668feaf981fe2 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libgraphite2.dll
| MD5 | c8dfe47f78c491446d7b1c39449d82be |
| SHA1 | 218fab832b78f14072be0d2f9d7d9775bba24323 |
| SHA256 | 51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4 |
| SHA512 | 39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libintl-8.dll
| MD5 | e3de79fc630d7fabb9118a4f7ea53971 |
| SHA1 | dcd7b2f6d68f897501b6464588537f452ec29726 |
| SHA256 | 4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb |
| SHA512 | 47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll
| MD5 | e5cac1960181ceee198818ed98aab8e0 |
| SHA1 | 9de2f0aef00de17855a7232a99e07e21661d0da8 |
| SHA256 | 451f6de29a44a7a525d1c43e3439837e4afe5bcd0cfc1b8715bcc85ae2556d4e |
| SHA512 | 11ff53b6ce7bed01c0935b6d336262f646b35c9083cc88c721acddf838bccfc0b9f71e11514e97815c008a6c7bd93767ac3c79be1917c925c5bc67682a969c19 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll
| MD5 | 4ecebb81171478eb0ea25486d8f0e877 |
| SHA1 | fc64cf8c67825ba28a7aff8778f0503a0f5cbaea |
| SHA256 | 6a94f8630b1207ac14460c7baed819133bf96b06e33a86ec98c5487c0a2e351a |
| SHA512 | 330492251c3e52b084e8349d01dc36b6d8552ddb91767095a1a888da9dfc93cf489ed0b55a49eb1becaa31886600a23ae8f8dc372cf9a24954bbe2b8fb3ea675 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll
| MD5 | bfbc59dbaafec6562bcba743cd0563aa |
| SHA1 | 4a7f04018348b389ad1e59303e18e6ce469c3d62 |
| SHA256 | 8e2caeca1ce8035cf26f3cdf1a60cbf9ec94723d430433286cceb9c60b8d0b73 |
| SHA512 | 8b71d034993de35585a38ddbfdcffc05262157b32d7105df72e4c1b50017aee926587f1ec0e9f9024f4729023b97dc36d9f0d7097c10c86d371e893ce5c52218 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libfreetype-6.dll
| MD5 | 7e0efe15a52434441699b4e18a403012 |
| SHA1 | d4564f3ba2e8236003d13e2e5bce71248fc655c6 |
| SHA256 | 7a3258d807643e786983c107c49a9bcbe9bc755bc0a32e0f548d3bf8c048e818 |
| SHA512 | b60c46832556fcceaebd81f72667c6548e4f0c1655bb2d9a8e424564751fe46a766339850c92a4145064c3439a020ff23734228abc7151e1dfdf1b76f5ca2916 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpng16-16.dll
| MD5 | 980ce62995e2b0fc6d809a64bfc02896 |
| SHA1 | 601eca760fbea62b992f1bbc9ef83e6b33235392 |
| SHA256 | 0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a |
| SHA512 | d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libharfbuzz-0.dll
| MD5 | 4234bf41775eda6bbe8fe5991184b8e1 |
| SHA1 | cf4e906b6eda0e8bdb50cd6f53e9b13f058d5716 |
| SHA256 | cd99ef0a232ec917816e8be1792213fb00a196b9428e9cb0a6cd022fc5f04ffd |
| SHA512 | 8331d5e039fb8c766f64670096c07c866826786cbe4802418ed2ab6eb38a2bd1e57bdb85e0d06a431883b87ba8943366013d26a8ae5d790e6fa93ae11743566c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libmd4c.dll
| MD5 | 09eee10544ef56a8fa86517fa80f2bf5 |
| SHA1 | 68977088641b2356fccbcaefd4cf0cd37aeb68ca |
| SHA256 | bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06 |
| SHA512 | 5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll
| MD5 | 4cc2b0f5e67f781406696b8032f30b72 |
| SHA1 | cf957e5f56c148d8fcf005989da1443c55ef190e |
| SHA256 | f9b8f326310503b8a79f8d16a80367728af0240af7cb3ea820f81144d2010fc3 |
| SHA512 | b31e6377134dfcbc3b03c6be30d20bb721ec9dc395f68e497292469eff39dbd543e30593d0e18ba4548cb1c85f0e9b0a3c2ea8a4fb2ec8134a3ff93005daad79 |
memory/2468-211-0x00007FFA7EBD0000-0x00007FFA7F188000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-16-0.dll
| MD5 | e5609c3469858b9f5ce8bb294275cd22 |
| SHA1 | 47229f6eb790ad7d1b56f1e06c913850a8591e81 |
| SHA256 | 285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d |
| SHA512 | eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c |
memory/2468-212-0x00007FFA7DC30000-0x00007FFA7DDF6000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\libdouble-conversion.dll
| MD5 | 20d6fca191ec4998242748eb54df4905 |
| SHA1 | e2d5afc4a3778c73762ebb4af9c446689a355a92 |
| SHA256 | 52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7 |
| SHA512 | 49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll
| MD5 | 36d2fa039a890672c8cf67fae90d0658 |
| SHA1 | cd0991e07eb8540d2a034c3060543be91029dcfe |
| SHA256 | 111f1a66b1f3d380f2782e00b964eaf4d9fa4aaf64efc3d0010fd261d8872755 |
| SHA512 | 2206f368e1d93af09f70ebb66e47a26d7177e7363059811f52e99ed6e6b3780c89ce01c457cddc53496da917f72f1adc74b9ffc343ade09bde0fad525e8467ce |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlidec.dll
| MD5 | 6b933641e6a997c2a100191783370ce9 |
| SHA1 | 0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f |
| SHA256 | ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27 |
| SHA512 | 6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2 |
memory/2468-213-0x00007FFA7D670000-0x00007FFA7D93F000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbz2-1.dll
| MD5 | b843434a8eae82adea4f9eaa2fbffe47 |
| SHA1 | b34aaa305cfc1a4936a88592b5689b0c978ffaa4 |
| SHA256 | 22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9 |
| SHA512 | 9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libcmark.dll
| MD5 | f5f97439ea8c9b6ee10b76b9f94e2fde |
| SHA1 | 4e1ba63e394087fadbb908274b6ae77c3b92b59f |
| SHA256 | 503c476dbc9f57cacff1062e6bc48f70e3d9f00453180ba7bc4cbf4373810fa6 |
| SHA512 | 091e2997e29862aae35d9d9deb7db83356933cb3de89f80f5a239f9f3914d8f4218a1f2393055000707826baae9c4f4a3f43625a4eb3fd4f098f91ca34fe819b |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | 666bdcc222fdc795da8cc2076a26a72b |
| SHA1 | 9cf75109ffa62cdafa2e05181c3160d38ecfd0b5 |
| SHA256 | ccbdea1ce6ea884867203ed186a26a88a34fa2cf1657865e333b3d32a8af952f |
| SHA512 | ef4456ad3a8c34cce1994d78a686bb3e1553bae22adb8ae7da209ac0a067fdf83b2a2acf3f93276f239bdbe1e2ac8177aab6dc858992562f6a72c20bf7a8f598 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\zlib1.dll
| MD5 | 17d86210bfddc727ba2751fd02c533e1 |
| SHA1 | c1c53c48c78852003045114c030747dcff017aa9 |
| SHA256 | 7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8 |
| SHA512 | c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | b3bb49d8407734f515162fa889c22286 |
| SHA1 | 70dda304976db1f63356403bef091d217881df6e |
| SHA256 | 31728abf03ef28b178f60a0525a21e12d6cc2d6ab591c00c8aef2c8d0cd14d39 |
| SHA512 | d12b00d447562f2f54edbc6e9131295e44eaff6c334cf13c1b12a3cfa2cec4738100fe4be979b92854c72f102e31dae59d27d60eda38c6da396b97059ea64e5e |
memory/2468-216-0x00007FFA7EA60000-0x00007FFA7EBCA000-memory.dmp
memory/2468-217-0x00007FFA90340000-0x00007FFA9039C000-memory.dmp
memory/2468-219-0x00007FFA90EA0000-0x00007FFA90ECB000-memory.dmp
memory/2468-218-0x00007FFA903A0000-0x00007FFA903DA000-memory.dmp
memory/2468-215-0x00007FFA7EBD0000-0x00007FFA7F188000-memory.dmp
memory/2468-214-0x00007FFA7DE00000-0x00007FFA7E53D000-memory.dmp
memory/2468-220-0x00007FFA892A0000-0x00007FFA892CC000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Xml.dll
| MD5 | 63e76c8c687df6aec9f41e3d8a1d0746 |
| SHA1 | 7577d4d681c012a3ded924e2f30aa6969ca5e815 |
| SHA256 | 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e |
| SHA512 | e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | 9ec38e133a0e33ab8f9fe5fc2419b444 |
| SHA1 | 3845d6ff175adc0d92b9a047736a147d4b57475a |
| SHA256 | e67bbaf4a5a5f11f6411eb543233ceeb14776ded8e6840ff5ae64b31a890c980 |
| SHA512 | 3b81b02566e39e67ed012ab71910d62ccd0be101eb9787786397510f9fce7dd8e205e7f72e3747dc0b2625b547873d61a69bc43678ec4f2c8279a5183b69a791 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core5Compat.dll
| MD5 | ab88dd4c87ff60a81b698c5b194d0d92 |
| SHA1 | a5c114e642297ee477db5f38286d5e24eafe1920 |
| SHA256 | 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5 |
| SHA512 | 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll
| MD5 | 92fd1c7887462c3e2d8c4b75329c14d5 |
| SHA1 | 3305b83190612b47a90f34e20687fc2159d8f7e7 |
| SHA256 | 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e |
| SHA512 | 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll
| MD5 | 0f315a61e5d7a8693c55458f9576f292 |
| SHA1 | 8a9e1caea0f3f629f3def7d05e047a9bf0173942 |
| SHA256 | ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8 |
| SHA512 | de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | 7516b92902253dc13bdb1f60fe6e2e3e |
| SHA1 | 5fc7ad8b4624f1bab9541bb0c3629528a13b170f |
| SHA256 | 96f36cdbb385d9d294944d05ec1645aaef4f9313a81e2c7c1091f28ffffdd494 |
| SHA512 | 2e43c4f84323a9d5653f91b261f814964cfbfb2abc7bda3cbd1a3ca1ca8d6e54da54738f26c742f05620e2edf6168e2ac2b78a7c5cf94cf425bea6d6587d4e3d |
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.VabpXH
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
memory/2468-231-0x00007FFA840A0000-0x00007FFA840B5000-memory.dmp
memory/2468-232-0x00007FFA7B290000-0x00007FFA7B2E4000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock
| MD5 | 3de20e38394aac729405fcdb49eef09f |
| SHA1 | c0e06cf5a69dfb243b16c467f903a31ac2b70428 |
| SHA256 | c703f3bc55aa2c930cf4b57fa09254bd8120d16b2d78072d11c622606611feb4 |
| SHA512 | 26806076cb3a33b5e980eac940252b3bd012431d6361a5a2b9d318dc2f8a69618eb75cabe8724c285aa732c6d37f3013fa70ad7835283abe446e2ce88be2dcf4 |
memory/2468-249-0x00007FFA7B170000-0x00007FFA7B1A7000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | 7f6d30b0d2518075150c7d3da3ad8c84 |
| SHA1 | b1f97c4974649da678fdb85afc2ae4584e682d94 |
| SHA256 | 3ebc1bd214170e8029a6fc0f214fe89537130e2cad4516951a6dd945b79a2358 |
| SHA512 | a07c2916293ca417531b24f69453bdbca2fb6d71e7aebaf4172dc1a76c1747aef750b1d9ba0c43cadda941a761e26b4d22e354b617a0045a6688686202038e3f |
memory/1784-303-0x000001D5DF310000-0x000001D5DF311000-memory.dmp
memory/3168-300-0x0000028A23160000-0x0000028A24160000-memory.dmp
memory/3168-305-0x0000028A218C0000-0x0000028A218C1000-memory.dmp
memory/2368-307-0x000002774F400000-0x000002774F401000-memory.dmp
memory/4876-309-0x000001B2DA260000-0x000001B2DA261000-memory.dmp
memory/4876-314-0x000001B2DBAD0000-0x000001B2DBD40000-memory.dmp
memory/1784-315-0x000001D5E0BF0000-0x000001D5E0E60000-memory.dmp
memory/2368-316-0x0000027750CC0000-0x0000027750F30000-memory.dmp
memory/1580-330-0x000002C1B0520000-0x000002C1B0521000-memory.dmp
memory/1580-332-0x000002C1B1DF0000-0x000002C1B2DF0000-memory.dmp
memory/3168-336-0x0000028A23160000-0x0000028A24160000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | d1a76b43313af4cd78182660a0ac434d |
| SHA1 | 26c2b9b8162a47dcae4a4c6d3dc173a7385d0bbf |
| SHA256 | 62338749abc6ea8fb6919b7bf4ed20df854f0596528ea6677e8f37a03d122607 |
| SHA512 | cf95f6628c693b71afa6dbe11735505a93b1a646f9f02d76c679e12d5388f7e4b85a83a8f60559436c9c8745e350efa68c7e26224ed896fcdd96072d05adc1ff |
memory/1580-357-0x000002C1B1DF0000-0x000002C1B2DF0000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | 9e0619cd1d708f8b29f1611f367b1b43 |
| SHA1 | be769bac980905f9058baef9be86a90520c680d8 |
| SHA256 | 9299298c1ecf14364cc86a724b449528c4dc7bc5c6bb71f74cc7242ce4282ec6 |
| SHA512 | 4e1853f672e8b835bb0978285a314e35f3a93d4385f2b04fba61ec1dd7261a369b85b645973f960e6e04833362f2f60f0039d62e76a3753ae4aef2ef6e1040f8 |
C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg
| MD5 | 5c37f07a846b5ec90150bb2cb48aa7f3 |
| SHA1 | a40b379e27cf1a0d855ec16ba3c3c2843c36191d |
| SHA256 | b9f20ba25b868dc8f23d4a3204f295dbb5cd63a3ab09eed65f565133961b8e15 |
| SHA512 | 06655fac8c56e89c05f2b5c76d08a314590e882405182506db0476a8a89ed743ef1eda38d35f384e2553302bf9117329c030cad62f4bb8adca8df1a07886d5aa |
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | f5230717ad9de2af61194e6803e5d32b |
| SHA1 | 95a6a692274bcc82decd04a2ddce836bc2a9d4c3 |
| SHA256 | 522388acb56ca405504494f28d527bfbdf4c31c91e7cf4a717bdc50932f05d6b |
| SHA512 | b0e731193276afeacb749e82426f34cfadb4bd4f6821b2b28a13416e6fb79116bc7d79160a60ded1584fc07819ca2fa72f0e4a508a67fb76ae14b2589087c4c0 |
C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg
| MD5 | 2c5da1c1174ac4b5ea5b47c471fd1184 |
| SHA1 | fd559a6cb171790bb765bbcb35b46fd0744708bd |
| SHA256 | 2a82959cc65277e554fc00013a8ba2b48ae443bcdb2edc740475b8b706c15ec8 |
| SHA512 | d45e4c4375b38e3b72b817dbd64be04edef33e2138256e9f0ef0ebc6e985029494db558acd1e4151d3704f3685b55d018f7a5e247bdf7433029850ee50afe2b7 |
C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg
| MD5 | a2e680b768abdf301094570221982066 |
| SHA1 | 7863cf7fe9daf50810256da7e9f462ea93f4a1e1 |
| SHA256 | dbd7820c59f05ee3d78690e69d08166e7943aaa3ebb653647e1e83dfd6f603c1 |
| SHA512 | 7628cc3a7fc0afa3ba1b9595a0514459809a345e6cd54f1d7c43caad35c9ab6c4d7643e3ed031f45f33956571ad56ca9b0126a108e2ba81c3b387ac237404ea8 |
C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\instance.cfg
| MD5 | 9468f5ed2e86f7ceabd217b01deff854 |
| SHA1 | b3ea276ddabfe0f92e3def7c042ebebc13a2faed |
| SHA256 | 451f34a96cb0df10794f118264a5a7f08e5073d8a13172ee57ca3b75d3cff467 |
| SHA512 | e4c98c7545265164016851ca71139900fb5d5ce5e96fa782fe670311d4bab7241e89b9d35e3b5ded6d12eae691529e3ef326a14da289884eeb0894c0779cc4cf |
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | 2fe5f6ca557c288f2cbc7f4654b6cc15 |
| SHA1 | 6f3547fdcdb2099ec1cab0d1ddbe491effbf834a |
| SHA256 | 65b6786df8f921e6b1a63d88e91a50aa1a021ff764a65f6ec71fbae612e1ce32 |
| SHA512 | 711ed738b8200bdaff383777020fcd126def978c272f54546bd3555af5f5d97a6657499780cb62c3fd330e8b4920803fad28ee10a3356c722fa1261049733f3e |
memory/4608-812-0x000001FA00000000-0x000001FA01000000-memory.dmp
memory/4608-817-0x000001FA7B390000-0x000001FA7B391000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\instances\1.12.1\mmc-pack.json
| MD5 | e47778979f9a1578f98bb0049bbbeb3f |
| SHA1 | ddc04137b7db5c9f44d41f1d79cffa4020cf49e9 |
| SHA256 | 8591d96d38924850ca49696d18e39f05c71cdce6231d96d2597cb5c9909397d3 |
| SHA512 | d9e612acebf6f8a80c19d774f2025c42d27650c152dbf22616382dfc07d5aabceed9aa423afc87e5a75a19c53838c82f3fbf7af281a3bb63801907bbdfc61803 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:51
Reported
2024-02-23 12:56
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\curseforge\shell\open\command | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\curseforge\shell | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\curseforge\shell\open | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PollyMC\\pollymc.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\curseforge | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\curseforge\URL Protocol | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
C:\Windows\SysWOW64\TaskKill.exe
TaskKill /IM pollymc.exe /F
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
"C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 185.199.108.153:443 | i18n.prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\nsExec.dll
| MD5 | 675c4948e1efc929edcabfe67148eddd |
| SHA1 | f5bdd2c4329ed2732ecfe3423c3cc482606eb28e |
| SHA256 | 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906 |
| SHA512 | 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683 |
C:\Users\Admin\AppData\Local\Temp\nsv3B16.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 2924007c83434aa7aa9d4a826d2fe3b7 |
| SHA1 | 3265b45b2cad83181279ba3563d03bd515989d6b |
| SHA256 | 9b117bbb0531bf51c631657dea70202e17adafd67532220a24039dd993d254ef |
| SHA512 | 8423404cc5eea8ce45f4e9293fdbd57b057753128b77ef0c0e7d36979050d5e0e26c32759f546015f6175a0ee30fd4f7ca9f817bd2db444110f3133dc10f202a |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll
| MD5 | d9b57d14905846388993ef5a2606aa24 |
| SHA1 | 81d2435b02e2402982908bcf9679efed24e51a88 |
| SHA256 | d7fae97f648284ce005c32e8bf44cc458b257550cd80ef687d4db0fef7f2ce5b |
| SHA512 | 1d8943b836272afcb52ef9891a157abdb11c5e57bef03cdc0ab17b9d5c442b80b77b323cd54905fe7fbd7d715c2778fff3b7acdde691ea33f4045b2dc1e2bc23 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core5Compat.dll
| MD5 | ab88dd4c87ff60a81b698c5b194d0d92 |
| SHA1 | a5c114e642297ee477db5f38286d5e24eafe1920 |
| SHA256 | 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5 |
| SHA512 | 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Xml.dll
| MD5 | 63e76c8c687df6aec9f41e3d8a1d0746 |
| SHA1 | 7577d4d681c012a3ded924e2f30aa6969ca5e815 |
| SHA256 | 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e |
| SHA512 | e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | 8cfcbe834fb1f0cb5ece4e8a643e37ee |
| SHA1 | 1b89221060d9ec8239aa73d866cee1faedf90f3d |
| SHA256 | 406e132173cc1c329adc517434ba62c097858636c81794a35cec686acc3bb2fc |
| SHA512 | d304f11896c25deac02d1fa2ea4f8d9cb89e29d275dfaf330c6483bcc9aad67a94775f546058104f0b17521d2e2a73c14383974e21e18e40493b1ef4c6efc24b |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll
| MD5 | 92fd1c7887462c3e2d8c4b75329c14d5 |
| SHA1 | 3305b83190612b47a90f34e20687fc2159d8f7e7 |
| SHA256 | 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e |
| SHA512 | 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll
| MD5 | a64f830e2a2c3afaef4c895469310f56 |
| SHA1 | 32c7299b0cd28788f2cbd1a1e978b38966988f77 |
| SHA256 | c4c38214aa3f6392294356cf5ba6ceb09a82164aa3024cf684922ad6eb3a3d51 |
| SHA512 | 36458a5ff55ba5e0816647d8049e14eacf0da4d2f64a0df9a31f0e79d7ebce461889c21d1bb1a71fdb42a94a6ca1fb1c0e2f33f41791d172d061f47a928c43e0 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | 1f47ad78e5195f61de5c775cd7bf2b3b |
| SHA1 | 8de6358a7358aac977e87293df10a2044dc8f8a5 |
| SHA256 | 300a5355df5859b5395b32ac0cc63b2eade17f43104a5044df7e8a91db16af06 |
| SHA512 | 08b65158994ec2a729e82e073ee3a8fcb72dfa588bdbe3a65f8499ad52811878c3e89ac328d7114afddc217bd19907e94a82bacd3ec125e4e9148ab9caf262a6 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlicommon.dll
| MD5 | 00bc42b62d1a5adeb2f599a591403d9a |
| SHA1 | 42fb609f84e1fa97451a10aba914cda6db950b06 |
| SHA256 | fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7 |
| SHA512 | 2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-8-0.dll
| MD5 | 15d5c11c10693fbf46c929f71b1de96d |
| SHA1 | 273a39b7bb3651bb51caf05504213303b341d942 |
| SHA256 | 57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c |
| SHA512 | 70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19 |
memory/3064-185-0x00007FF8EE740000-0x00007FF8EECF8000-memory.dmp
memory/3064-175-0x00007FF6950B0000-0x00007FF695D94000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll
| MD5 | fb0d4aaa918c60ca66968b6ae110c942 |
| SHA1 | a2e943a06eab5d6dc8c1607ef473111acf0e9533 |
| SHA256 | ee07e16e8d82e4a437e1cb8cdcd24a81cf9769b00b6b1c9760001c1be2b67568 |
| SHA512 | a6ffe0d17a7d444ac691eeb99a4b213f5e824c6b2237714221cef7f645f96dd34ac57332cde60f53ffd63947c40814702840ffc277241f663b6eb2de5ed2072a |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll
| MD5 | fcff203893c732186bee931e9a37be50 |
| SHA1 | 1c1fb4e3d532531fc59d19edd27aaf507f379e0f |
| SHA256 | 5e734863012eb2e1a2a6343afb7feea1b3811623baf993360c03a570f8bd323e |
| SHA512 | 91483e3f319cec2daf675fd31ea3ac4a0470b93867838c0f977846ef23c11869239c7266f8b8fec53b0260941fa8ce1b8f76847419472b4d034011f72cc225ac |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libintl-8.dll
| MD5 | e3de79fc630d7fabb9118a4f7ea53971 |
| SHA1 | dcd7b2f6d68f897501b6464588537f452ec29726 |
| SHA256 | 4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb |
| SHA512 | 47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libgraphite2.dll
| MD5 | c8dfe47f78c491446d7b1c39449d82be |
| SHA1 | 218fab832b78f14072be0d2f9d7d9775bba24323 |
| SHA256 | 51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4 |
| SHA512 | 39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll
| MD5 | 008a9f6f4967111804ec8d3dfa02e7df |
| SHA1 | b5b747837558e7383d2626ab45f9ec101f78596f |
| SHA256 | a27c0a6ec90914c8f96b14180864c16a58e39e42af510bf686095d1e6ab17603 |
| SHA512 | 9a8b8ed0a1334e92b8da87e61d6a86383805584abdf9ea292e07d0ff7abee2ed7d7a120bd3e9078544773d31fbfaed45f06e745f8ae702d6329a30b369429678 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll
| MD5 | c419d28603045bf14fcf2cd931e0062b |
| SHA1 | d90818cb26d30924ab5952870d10bd8ce052deec |
| SHA256 | c45f2212bddffbfd3d13d2d14da4b29f46c893644546fe3693a2db96891048c1 |
| SHA512 | 7b70a926b61cd7d33abe6b421b52e7dcf31ed59ce25cc65bcb6b1271fc30aa056dc087573d97492c7730a697465e71fb24264679cc221c83eadeffb5bee285ae |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll
| MD5 | 2d315e8d04ddf9218ca0367b9a591b23 |
| SHA1 | fd4a190e82ca9192224e2af9984a06be66b8f076 |
| SHA256 | 1cc3214fcf8522fc9aad780295cf2bd9db0714f8bc9742090f640c395b240cc9 |
| SHA512 | 5517a7beebfec4a1f74de149f7825c8771b7ff0ae3221acb7d44a347fee2c01d2966b9d1b95e65c698d8db0d2eebbcaf2157b7a2e3a7b15d98ac90875eea5bb0 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpng16-16.dll
| MD5 | 980ce62995e2b0fc6d809a64bfc02896 |
| SHA1 | 601eca760fbea62b992f1bbc9ef83e6b33235392 |
| SHA256 | 0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a |
| SHA512 | d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libfreetype-6.dll
| MD5 | 8abd44edb41ae39caaf70b8cb45072b2 |
| SHA1 | 7c7c55ecb8c631b123ae0bd551ff0253947449cb |
| SHA256 | 641ffe911ff08bec6ca31a6a806f4b815df2ecb1c03b7ab15388cf54d00906a7 |
| SHA512 | dabff4459ca11a90a5f02c86db0cfe50d41a5c2df649e16f20d3ca8afac16658f0e7c7da9f3f391d42a321d8f8765ff3c0edb93832b4d31d79c0036c976abd54 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libfreetype-6.dll
| MD5 | acd42a7dbfd9ac98758ad54544bf3114 |
| SHA1 | 687e813ba72ce98441dcc04c2456308f252c68ef |
| SHA256 | 694530d211595fb4d1f4e65be0c85053e7b352fd5ed0d6a8fd9f30225ea6e719 |
| SHA512 | 72529ed458d1426d5ebfda17ee0339dd6a1de15bb66ad04a3d0e13faf92708eac0d5ba7f1f7198203448c8d64b16c0fc7726ebf2b0d84fb5b9c65e855290d150 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libmd4c.dll
| MD5 | 09eee10544ef56a8fa86517fa80f2bf5 |
| SHA1 | 68977088641b2356fccbcaefd4cf0cd37aeb68ca |
| SHA256 | bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06 |
| SHA512 | 5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libharfbuzz-0.dll
| MD5 | 0c8036e8a7303d1ae32da1de67682d9c |
| SHA1 | 882ca077626bf156b2025431dc8bcfe060e084e6 |
| SHA256 | 75918380b88ed316f09690f199ce1dfa8c60a6642832894ee17ad16505bb8c58 |
| SHA512 | a2cb20dae42ec8e3fe2c52b6026d14be91e9b5bc721614c9dde5516283631294fe629a96c9ceef08bcbe7b3f1cf60a505057480d66b4da1f852a09eb8332be5e |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libharfbuzz-0.dll
| MD5 | bc57bfaa23ed52def478b351094af220 |
| SHA1 | 476b9fdb89f084e5dbac9b6df29ac29cd89776d6 |
| SHA256 | ee3eb98a0f5588a9e3665abb7548d3d01eaab680c04de133a1999d6218a0ed32 |
| SHA512 | 59f7b7c1d4c55236d1e627a42129eb994472b14e3f36b6675e4a514bd4d679d025c914655d3258a55b31342aa3982ddcb1213a2b04822593cb6a5dba5b8af4e7 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll
| MD5 | 17f5ea301f0cef5a104e398f98ba4a53 |
| SHA1 | 5d7036a8397f1bea794d4f31824728323c9dc0ce |
| SHA256 | 52f5e7fc5d0bbbba18c76557c930a5209eb89f6f28d8a954c0e95e743e10e06d |
| SHA512 | 57f5da110cd0ee989428d64e343b8e5d5f0ecca85d64d1b88a5d4c82e4d9982c929869b57302fded49262e5d27533c5fe05e314255bcf8e7029249aad5713c23 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll
| MD5 | 80482be992bd05be3dced7ba265971b3 |
| SHA1 | e01081db1f7b3590ac12a8ae0cee27fb2ccbfcbc |
| SHA256 | 07a340d7068d4f33fc05f92359a5b4cc171ddcd58cfeaa629c08a12cc31894c7 |
| SHA512 | 4fab7a4ddc6a9b84d11430f04f77a52548550ec69f6165e960a9c61ea577bf3cf28b06775cc2b19f8c052623a94165095d08b0f902cdc5107318e9ebebe5eb1a |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll
| MD5 | 8c929e1966b9fc4415138caf72494c70 |
| SHA1 | 7e3e722c63368203ac710af49ba694ea11f5843d |
| SHA256 | be6e81c35737a4ac7ac2fd0e836d5eb4136257e34651f010e9daba576a0483c5 |
| SHA512 | 9c0bef851042efafba34aa961f0abfb4d78b0d5272b6d33307cc4af89eb8c790ca3d5068c474dcb3c741e9aa05456394b3a197d382d5f5fc5ebcf3651320e38d |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-16-0.dll
| MD5 | e5609c3469858b9f5ce8bb294275cd22 |
| SHA1 | 47229f6eb790ad7d1b56f1e06c913850a8591e81 |
| SHA256 | 285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d |
| SHA512 | eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll
| MD5 | 5f995d2aa53bd2a4537a0118ca22e218 |
| SHA1 | 0de6a478fb4637dd95a573cf4bdc0fb51860bb60 |
| SHA256 | 01e83364b16a013ba717321f25ee66bc569152fb5af7cb161503408eb2efb1bd |
| SHA512 | c36f596c2a50a302de01e70f3448ad7d8aeb8e9f6ca093d147d76ff23582e81a93f1c68c52eee9bf96be7911d37f1413f8d6bf43d1d65fcb386b26c0e7d46941 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll
| MD5 | cde4b35881e5880a46998c1a471aefe9 |
| SHA1 | a843a8ef2c89ae8f1f6248d5181e2db7949482de |
| SHA256 | 3c5c2d8317ea31ee434d64cf31207c42564f68aa065715a13b5e544cbe0af514 |
| SHA512 | c5843c6d08f1da90efe71529d29bf181f14f25fb4805bfb70781accec23a7a72b4af05773e159bb53f206a57b95c3d1c19c5d0ae28cd9533142f9a565d02db9d |
memory/3064-209-0x00007FF8EDE30000-0x00007FF8EDFF6000-memory.dmp
memory/3064-210-0x00007FF8EBB70000-0x00007FF8EBE3F000-memory.dmp
memory/3064-212-0x00007FF8EE740000-0x00007FF8EECF8000-memory.dmp
memory/3064-213-0x00007FF8EF220000-0x00007FF8EF38A000-memory.dmp
memory/3064-215-0x00007FF903680000-0x00007FF9036BA000-memory.dmp
memory/3064-216-0x00007FF8F6310000-0x00007FF8F633B000-memory.dmp
memory/3064-214-0x00007FF8FEB30000-0x00007FF8FEB8C000-memory.dmp
memory/3064-211-0x00007FF8EE000000-0x00007FF8EE73D000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\libb2-1.dll
| MD5 | 87ab9208b130b7d7b2dbf6e887aafc5f |
| SHA1 | afc23cf59beea5dea0e7b4d7f96b936ab4594511 |
| SHA256 | d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af |
| SHA512 | fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libdouble-conversion.dll
| MD5 | 20d6fca191ec4998242748eb54df4905 |
| SHA1 | e2d5afc4a3778c73762ebb4af9c446689a355a92 |
| SHA256 | 52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7 |
| SHA512 | 49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | 3452647638f2278152e2991c9faeb2d6 |
| SHA1 | 6816d12c2218f9e3a232f2eff536f7020238c5aa |
| SHA256 | c078c43de5254dfb7d451c93af3c57cce8d09e5bdb73dcb4108962fffb21d7c1 |
| SHA512 | c59468b00c809b76406bda50335c2790678ff201312a15e18a89f6cee2a320a79aa8d6a1a8213c8329d6bdb34752be3ae7c2f2c387253706709331100d781573 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll
| MD5 | 97ac339d3d333b68e9f5faf639469465 |
| SHA1 | bae4cba88c7bce858eccf760e6930505976c541d |
| SHA256 | 1028086815eaebf83966ead54cdd01110ab3a2fdaac45548749ac5aea217704c |
| SHA512 | 4e5729d6deaa6c6036ac61fa35d9dcd282c6a887d6bbe8e8d0cb953cdd47fcab2ac19abded1a5f6e32028d69fe182cea0091ed9e2de8fe4b1717d298b2bf940b |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll
| MD5 | f39e85c5ac012b7a2d9f9c90c1ea9bc9 |
| SHA1 | b242846aa9776e1e2067dc928b16161488a390c1 |
| SHA256 | a78af09d7a99ce9f4472a8b7fa49a669bcd1cee872855d09ef1c4ac74c9ae512 |
| SHA512 | 812bde8a2527c9d840d4dde9684f0f7bdbaf76bc041c16f922d16b045878394092484833f546e42ed2173012abde00558b98a8a964123388c4197f411f7971f3 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbz2-1.dll
| MD5 | b843434a8eae82adea4f9eaa2fbffe47 |
| SHA1 | b34aaa305cfc1a4936a88592b5689b0c978ffaa4 |
| SHA256 | 22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9 |
| SHA512 | 9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\zlib1.dll
| MD5 | 17d86210bfddc727ba2751fd02c533e1 |
| SHA1 | c1c53c48c78852003045114c030747dcff017aa9 |
| SHA256 | 7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8 |
| SHA512 | c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll
| MD5 | 4cc2b0f5e67f781406696b8032f30b72 |
| SHA1 | cf957e5f56c148d8fcf005989da1443c55ef190e |
| SHA256 | f9b8f326310503b8a79f8d16a80367728af0240af7cb3ea820f81144d2010fc3 |
| SHA512 | b31e6377134dfcbc3b03c6be30d20bb721ec9dc395f68e497292469eff39dbd543e30593d0e18ba4548cb1c85f0e9b0a3c2ea8a4fb2ec8134a3ff93005daad79 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlidec.dll
| MD5 | 6b933641e6a997c2a100191783370ce9 |
| SHA1 | 0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f |
| SHA256 | ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27 |
| SHA512 | 6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | 2d8ddd678a2a74b5ef76a81944600056 |
| SHA1 | 975d8a580108d8d705d3744b92b70d89a9d2a433 |
| SHA256 | b3dbab5b2f471fa21024113b9f5ca80df4022d55c94dd55a1cbc94a37056d72f |
| SHA512 | d404698dc67e1089360517e2a54f079ddd0a07552ea0bcb45560f4a3c8528212da10213b65bca9842a7597698f407f42edcc4222d2ef222ffa96f2ef17128526 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libcmark.dll
| MD5 | f5f97439ea8c9b6ee10b76b9f94e2fde |
| SHA1 | 4e1ba63e394087fadbb908274b6ae77c3b92b59f |
| SHA256 | 503c476dbc9f57cacff1062e6bc48f70e3d9f00453180ba7bc4cbf4373810fa6 |
| SHA512 | 091e2997e29862aae35d9d9deb7db83356933cb3de89f80f5a239f9f3914d8f4218a1f2393055000707826baae9c4f4a3f43625a4eb3fd4f098f91ca34fe819b |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll
| MD5 | 0314b68d4684f7fa62c9273df902bced |
| SHA1 | c8cd94d2a41c66c56b3dd465868c800bfd201a83 |
| SHA256 | 7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b |
| SHA512 | de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | deb377f167f88c3f6f7b63eb12b6950b |
| SHA1 | fc784526fda5152974c7bdeff288dc4bb3c000f4 |
| SHA256 | 69d424b4e0995d1e20316fbf24a88d93bd9a3826b9ffee2c08013ae732ac73fe |
| SHA512 | 089603d67527cd4cb0465dd08d34368365137c17ccb064afb28e2774e2e79729c47ba6fdbb9208771438ebb4bc52d876b9600ca7ddf400544aadd166b3ccdaf8 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | 907edcf90683c654fa95695c1c4199c0 |
| SHA1 | 6608201a76a0a4e59f25c877ab8ff705f2ec6c76 |
| SHA256 | e44d7cd0126b705aed0302bcd7b27ba9d455bcd34032c1d3ae5204dbfe01c29e |
| SHA512 | ee0a7b4eae09ef136849d6dd8de56d80a7dbc83b71002e839999e6f0604ed79bf1c303bca3775b7e4a6f228adabcde9cbf8fd5dc80cdf31a5f4c18c4743c578a |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 33dfb58d1063f5432a7684dea952a3b5 |
| SHA1 | 8711d06889c58090a1fa692ec0cc31798ddcb2b4 |
| SHA256 | e0bcb4bdb49c8a311504fbec0ef824576447eda35a69300a976c4812ce12d754 |
| SHA512 | 63508f7cd6e2fd586d99038466b205bd1e827b3bcdabbdf3de7d4474598c562bf36d06e7c095e04c57c22b2537ba06c0911ebf8be424bfb56ff81ddb623c0034 |
memory/3064-217-0x00007FF8EF4C0000-0x00007FF8EF4EC000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.mvybDY
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
memory/3064-229-0x00007FF8EB460000-0x00007FF8EB4B4000-memory.dmp
memory/3064-228-0x00007FF8EB4E0000-0x00007FF8EB4F5000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock
| MD5 | aa9e772143d71ce7f39aa5e3098e45a6 |
| SHA1 | b8aa585f6fed2363c33f1f96302e7483b9416e66 |
| SHA256 | 380adc99e6a09b8299b664ac6500b897c69e5eea878f7ed6d71e751e2e92d9bc |
| SHA512 | 0b4fd6eca40defd81e66df463e58cec6b99c6846f3a67fb787a41b3dfd605652a43a5e1d34f797d763c0ca1805533bcc104b72640e5fda8b41389c9940644d80 |
memory/3064-246-0x00007FF8EB320000-0x00007FF8EB357000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | 8391487f5cc3fe04bda14b0a47ff556b |
| SHA1 | e3d5359e065699aa8a14c3e93ed280dee8d1e7b2 |
| SHA256 | fecc5c513d86bfd3a01c65e48dd3c6674d320b0db7fb8ee411fcc05aafe891df |
| SHA512 | 131f7625f50abf7099835cfdda421b5f268a153e5d5023f77e66543537ae3cdae3cebebd2289d9fec0b5d5b39cc6ffd0f1423450bfe797fa53aae06740e5d83c |
memory/548-279-0x000001D11B930000-0x000001D11C930000-memory.dmp
memory/4848-298-0x0000021F65700000-0x0000021F65970000-memory.dmp
memory/1272-295-0x00000214444B0000-0x00000214444B1000-memory.dmp
memory/1272-299-0x0000021445D90000-0x0000021446000000-memory.dmp
memory/3252-301-0x000001EF8BCB0000-0x000001EF8CCB0000-memory.dmp