Malware Analysis Report

2025-08-05 09:29

Sample ID 240223-pn1fysff6w
Target PollyMC-Windows-MinGW-w64-Setup-8.0.exe
SHA256 1c04ed11ce29fcfc3186144f0f907b70296132eb3db89044463cb14b97eb87d0
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1c04ed11ce29fcfc3186144f0f907b70296132eb3db89044463cb14b97eb87d0

Threat Level: Shows suspicious behavior

The file PollyMC-Windows-MinGW-w64-Setup-8.0.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks computer location settings

Modifies file permissions

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:29

Reported

2024-02-23 12:32

Platform

win11-20240221-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TaskKill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531651392655057" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell\open C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\New folder\\PollyMC\\pollymc.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\URL Protocol C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell\open\command C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\TaskKill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3112 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe C:\Windows\SysWOW64\TaskKill.exe
PID 3112 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe C:\Windows\SysWOW64\TaskKill.exe
PID 3112 wrote to memory of 588 N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe C:\Windows\SysWOW64\TaskKill.exe
PID 3112 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
PID 3112 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
PID 1084 wrote to memory of 4196 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files\Java\jre-1.8\bin\javaw.exe
PID 1084 wrote to memory of 4196 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files\Java\jre-1.8\bin\javaw.exe
PID 1084 wrote to memory of 2192 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files\Java\jdk-1.8\bin\javaw.exe
PID 1084 wrote to memory of 2192 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files\Java\jdk-1.8\bin\javaw.exe
PID 1084 wrote to memory of 1760 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
PID 1084 wrote to memory of 1760 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
PID 1084 wrote to memory of 4844 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
PID 1084 wrote to memory of 4844 N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
PID 2192 wrote to memory of 3608 N/A C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\system32\icacls.exe
PID 2192 wrote to memory of 3608 N/A C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Windows\system32\icacls.exe
PID 832 wrote to memory of 2576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 2576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 832 wrote to memory of 3668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe

"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"

C:\Windows\SysWOW64\TaskKill.exe

TaskKill /IM pollymc.exe /F

C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe

"C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

javaw -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbdc99758,0x7ffcbdc99768,0x7ffcbdc99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3900 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 i18n.prismlauncher.org udp
US 185.199.108.153:443 i18n.prismlauncher.org tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\nsExec.dll

MD5 675c4948e1efc929edcabfe67148eddd
SHA1 f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA256 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA512 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe

MD5 6d1b19dbd04fe40ee73bcb6235647d18
SHA1 0d74369ed02357880ccb77941ffb5309c7f01cfd
SHA256 a0deee27e08aab87113c15788ffa0068f693423210e4c36f24f222a80af5b8c7
SHA512 4587a5f22ca1e979fd2a69dc33124ace7627d493efe9a216d44d96bf16a0642418aa68537eeaced726addf4c58a2a80fb4c4ee8977113e6786c6f0dbff73d700

C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe

MD5 d30127e378b99deab11c47dd24bdfb16
SHA1 530cc7307bc8136039f8e5eca34ab424717cbed5
SHA256 2c7d235e55e84be4069dae83fe9157290da0bd6893f32a1fc07c947499bf1eff
SHA512 5ccbbbd4056a43b92cf689433aa38f8980e527e0009e43c411dc55ff5dbf41ce77b7417666570c66020fb4189fa70342754777431db8f16dcaa1091aebb66cf2

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Xml.dll

MD5 63e76c8c687df6aec9f41e3d8a1d0746
SHA1 7577d4d681c012a3ded924e2f30aa6969ca5e815
SHA256 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e
SHA512 e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141

C:\Users\Admin\Desktop\New folder\PollyMC\libintl-8.dll

MD5 e3de79fc630d7fabb9118a4f7ea53971
SHA1 dcd7b2f6d68f897501b6464588537f452ec29726
SHA256 4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb
SHA512 47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280

C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll

MD5 77bb4abad4e14be55a5fc4186af6a960
SHA1 7f5820337e6bf289c0c32ca9dd598dde2d8bde79
SHA256 bfbe143b4ff6fa08859d9f4c375de5b3cf49eee747879a8e7203ef526d308d7c
SHA512 eb50de33ddd9fcadac345b151b0ee39161741d8fdefc404a693f5a5666ca6c225b44b78a819f4658815ed93e146bd045b66643530d2c477a6b34b6705f83247e

C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll

MD5 6fd324e99fab74ddf6c78369105e5f4f
SHA1 78f77f93def4f8830e4c28f2e6ae5d079e4ff65e
SHA256 7dc17dce9a8e44d42fde3579e51fd3632e9657ec240d5b61924f334c22455925
SHA512 250425c2dffbe5476fd2e0f0bb91632c73c7b853f624e15831064d1a33a88db8733f214e4e942002e9b53add63e7ef5f20f1201abb51bca5efbad51ace4004a6

memory/1084-194-0x00007FF6CF620000-0x00007FF6D0304000-memory.dmp

memory/1084-203-0x00007FFCAFE00000-0x00007FFCB03B8000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll

MD5 3574af39c490411c6556c3ec5dc2a930
SHA1 0b87d4f876bd164ea657aad8bd058b52b9b25219
SHA256 e3ce65d4871bae8fdd15972c331b9cbee4ee395476f12ac12aa560cab2596710
SHA512 eebe2ec0e28d5abd645abe339050140b26cdfe84b45a1bda7a56a2e7466c88b7ddb332ed7bbe707cce724f8783a4c720943d042b091f2af2053562328a1e1a60

C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-8-0.dll

MD5 15d5c11c10693fbf46c929f71b1de96d
SHA1 273a39b7bb3651bb51caf05504213303b341d942
SHA256 57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c
SHA512 70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19

C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll

MD5 4f5e7f691ea441ca8bd00a0a60438796
SHA1 da6d305b43a177f62baa9ceba4d13a71e608e178
SHA256 c5398b79c2606b08d55685cd2eebb08d35ac3e02738d71eb8949d058e8f74bc0
SHA512 3b2032731a2e16f6648e2e52d3a6c0dcc9af2ad6c368a8e876bd2f8b3e8ed152d0ae468a3d0ebccfbbfbb72eaff806ca415189b23bbb10344cd55f2bd0fda8de

C:\Users\Admin\Desktop\New folder\PollyMC\libgraphite2.dll

MD5 c8dfe47f78c491446d7b1c39449d82be
SHA1 218fab832b78f14072be0d2f9d7d9775bba24323
SHA256 51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4
SHA512 39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903

C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll

MD5 1ca5b7297e5afdcea2703b89f42c9c4a
SHA1 16f6dd4ea37e699d61cc99964c729b1fcc570139
SHA256 43fb41684e968fb4b5ff38e0b38edec42da7e4649fcee609bf2d40d74970d4bf
SHA512 36f82a843747496c8c7d5f4a126a9626b5aa31b8fc6c7f8d89a720bbef7f2cadc2205bfbed3587c78d6c901eb9d6233734f8f711bd8dc3700de0615a859bbca4

C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll

MD5 94b2d5d665a890eebcae127bebc9621c
SHA1 bded4b753f69d32e46612197f44b3dc4ae0b3c81
SHA256 92a78b5fc44d32d0e0b47d0f7ed4f9193d792e2358d30f3716c010e4744c82a8
SHA512 2cf0aff828f9300469115c6e4921f77126e3b6174a90411e825fcc0defc916d85460f5caba557db8ded3d247e05c10efbbf776e2b868f55b4737d2899f9cde88

C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll

MD5 947a2cb14aa296c9256771012617526a
SHA1 67e8dc936693f8f7c8045d14ed5f52e65390f661
SHA256 3f8399b196895110afde2aa1e0a6b5f557f908294938aab134da83ccb1f27d6c
SHA512 2338dc788781f8333fbd26aeb2a3fc325d882e8a8661de34e35399c8467ed3a677544f703968898728afb052041379b103413d6a9c8adc1a4a17fee5ca41f3e5

C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll

MD5 3887400042525e2c976f6ccf9ed77ba7
SHA1 4edb5798f73c874591d26c196f09c2139f90fc62
SHA256 a6954486fd81ad3464845af7f0fe7f06a5424b5ab84f033f9627ac7f1e82395c
SHA512 ce94fc4a65ea2a0277d45e60b0e87d0b86730ff26ed9977b2b256dea6790965fe8c432e4a444c27c72341c965d6faea685847cdc9ef90150b72e1ae10ee5d3dc

C:\Users\Admin\Desktop\New folder\PollyMC\libmd4c.dll

MD5 09eee10544ef56a8fa86517fa80f2bf5
SHA1 68977088641b2356fccbcaefd4cf0cd37aeb68ca
SHA256 bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06
SHA512 5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1

C:\Users\Admin\Desktop\New folder\PollyMC\libcmark.dll

MD5 f5f97439ea8c9b6ee10b76b9f94e2fde
SHA1 4e1ba63e394087fadbb908274b6ae77c3b92b59f
SHA256 503c476dbc9f57cacff1062e6bc48f70e3d9f00453180ba7bc4cbf4373810fa6
SHA512 091e2997e29862aae35d9d9deb7db83356933cb3de89f80f5a239f9f3914d8f4218a1f2393055000707826baae9c4f4a3f43625a4eb3fd4f098f91ca34fe819b

C:\Users\Admin\Desktop\New folder\PollyMC\libfreetype-6.dll

MD5 7e0efe15a52434441699b4e18a403012
SHA1 d4564f3ba2e8236003d13e2e5bce71248fc655c6
SHA256 7a3258d807643e786983c107c49a9bcbe9bc755bc0a32e0f548d3bf8c048e818
SHA512 b60c46832556fcceaebd81f72667c6548e4f0c1655bb2d9a8e424564751fe46a766339850c92a4145064c3439a020ff23734228abc7151e1dfdf1b76f5ca2916

C:\Users\Admin\Desktop\New folder\PollyMC\libharfbuzz-0.dll

MD5 4234bf41775eda6bbe8fe5991184b8e1
SHA1 cf4e906b6eda0e8bdb50cd6f53e9b13f058d5716
SHA256 cd99ef0a232ec917816e8be1792213fb00a196b9428e9cb0a6cd022fc5f04ffd
SHA512 8331d5e039fb8c766f64670096c07c866826786cbe4802418ed2ab6eb38a2bd1e57bdb85e0d06a431883b87ba8943366013d26a8ae5d790e6fa93ae11743566c

C:\Users\Admin\Desktop\New folder\PollyMC\libpng16-16.dll

MD5 980ce62995e2b0fc6d809a64bfc02896
SHA1 601eca760fbea62b992f1bbc9ef83e6b33235392
SHA256 0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a
SHA512 d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67

C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-16-0.dll

MD5 e5609c3469858b9f5ce8bb294275cd22
SHA1 47229f6eb790ad7d1b56f1e06c913850a8591e81
SHA256 285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d
SHA512 eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c

C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlicommon.dll

MD5 00bc42b62d1a5adeb2f599a591403d9a
SHA1 42fb609f84e1fa97451a10aba914cda6db950b06
SHA256 fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7
SHA512 2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c

C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll

MD5 1f97e0ce5b718ef60002bb25aaa8b503
SHA1 e8a00b1f9233e1b5a46a57a9b7660d72710ef2b5
SHA256 303d6ba2b6f614118d75fde6d76fbf8fd64298125c146dd023bd7e03f8c94224
SHA512 b705e8576f389d1cba10a37529ced8c41b0e4d437fb1dacb8aab6c9656f0d2cc1cd98ea885bf5a7ad79ba270f4c7126117b658cbb3ece98778f8cf05957cbf8f

C:\Users\Admin\Desktop\New folder\PollyMC\libbz2-1.dll

MD5 b843434a8eae82adea4f9eaa2fbffe47
SHA1 b34aaa305cfc1a4936a88592b5689b0c978ffaa4
SHA256 22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9
SHA512 9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570

C:\Users\Admin\Desktop\New folder\PollyMC\libb2-1.dll

MD5 87ab9208b130b7d7b2dbf6e887aafc5f
SHA1 afc23cf59beea5dea0e7b4d7f96b936ab4594511
SHA256 d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af
SHA512 fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6

memory/1084-212-0x00007FFCAF770000-0x00007FFCAF936000-memory.dmp

memory/1084-213-0x00007FFCAFB30000-0x00007FFCAFDFF000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\libdouble-conversion.dll

MD5 20d6fca191ec4998242748eb54df4905
SHA1 e2d5afc4a3778c73762ebb4af9c446689a355a92
SHA256 52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7
SHA512 49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e

memory/1084-214-0x00007FFCB03C0000-0x00007FFCB0AFD000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll

MD5 5581bb033e2f1642adbc5293fbb162c0
SHA1 584c2b3743cda8211d4e337ea0594ac42b70a0e0
SHA256 cc10b564387bc005692d7e178483b27b63953f73dc7f3eb87d4e32935ed4367b
SHA512 ff22a99c3a4f3bf52da0e08047bf3ce16f2479166526a4f70b27c0b5b7eca85d123eeb5c7e2c26ede8237ed24976fe3f3bf4d7d5fce93cc39201144d2ce494c7

C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll

MD5 86a99f5649c44e13dd794da3d8d31282
SHA1 a008ffeff79ad11ea4d470bfcb73cf431ea3ee20
SHA256 b34cbdf9cf69b171c0ac354ffcd619de416a5c19b471b4dc170b5834ab974125
SHA512 1cb8803bd1fcec84af05a410b8466d79132dea9d93505862d38f91d4dfe22c98f0a0071d16338fbe2df354819166f74a0bcc18bde060878679beb78a27e411b8

memory/1084-215-0x00007FFCAFE00000-0x00007FFCB03B8000-memory.dmp

memory/1084-216-0x00007FFCB1120000-0x00007FFCB128A000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll

MD5 6b55d5447953ccaf9d729957e94ea335
SHA1 c40cf59c7ad209f0dd827a16f3cf4d379c9f90b1
SHA256 81fc2ffdcfe2d99dac8a26a9d2038e3f142387f183f1dd042e46ee5c8ceefc60
SHA512 ad3ebc580aa74262a793942e21693802c79ac75cd5d58e1fc72d499c60e11783ed6d8b8f444a92bb23d06c383ed41527a34b8f3c4c1e75e32993907ffa2f8b06

C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll

MD5 ad7f584de4a936d2aa0c320031fda8d1
SHA1 ed5d8e4c0c4762866686920261d56b3c01cedeb2
SHA256 0848ca2e049e4dd2a7a0fe01c5ddb9e7c1210bc1291cf9396d403ff12c99b5b0
SHA512 7b1386be23f646397a1b545b203430f427483e7952ef108e4fc771ed0189672be551d481c0e82bc0b63db857c06214af1e625aabd38603e3b8127bbd538fd058

C:\Users\Admin\Desktop\New folder\PollyMC\libzstd.dll

MD5 4cc2b0f5e67f781406696b8032f30b72
SHA1 cf957e5f56c148d8fcf005989da1443c55ef190e
SHA256 f9b8f326310503b8a79f8d16a80367728af0240af7cb3ea820f81144d2010fc3
SHA512 b31e6377134dfcbc3b03c6be30d20bb721ec9dc395f68e497292469eff39dbd543e30593d0e18ba4548cb1c85f0e9b0a3c2ea8a4fb2ec8134a3ff93005daad79

C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlidec.dll

MD5 6b933641e6a997c2a100191783370ce9
SHA1 0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f
SHA256 ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27
SHA512 6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2

C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll

MD5 e5cac1960181ceee198818ed98aab8e0
SHA1 9de2f0aef00de17855a7232a99e07e21661d0da8
SHA256 451f6de29a44a7a525d1c43e3439837e4afe5bcd0cfc1b8715bcc85ae2556d4e
SHA512 11ff53b6ce7bed01c0935b6d336262f646b35c9083cc88c721acddf838bccfc0b9f71e11514e97815c008a6c7bd93767ac3c79be1917c925c5bc67682a969c19

C:\Users\Admin\Desktop\New folder\PollyMC\zlib1.dll

MD5 17d86210bfddc727ba2751fd02c533e1
SHA1 c1c53c48c78852003045114c030747dcff017aa9
SHA256 7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8
SHA512 c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core5Compat.dll

MD5 ab88dd4c87ff60a81b698c5b194d0d92
SHA1 a5c114e642297ee477db5f38286d5e24eafe1920
SHA256 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5
SHA512 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c

C:\Users\Admin\Desktop\New folder\PollyMC\libquazip1-qt6.dll

MD5 92fd1c7887462c3e2d8c4b75329c14d5
SHA1 3305b83190612b47a90f34e20687fc2159d8f7e7
SHA256 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e
SHA512 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll

MD5 64c13789039704f42acc277ad449b3b8
SHA1 c63f8936c59bb3d412afc0231754e3b39d3b8a8a
SHA256 ecd0641d1efcc2d60e3b25b37b0125d114d84589922442e2c901473db59026e1
SHA512 609535ca24e2bfd0987ef230a02055300234c3a4760be4195389e98f6912bbced7951784dba57db7102bb36ff6400d049cbb87953d16fb707368ffdd2dc9ac13

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Network.dll

MD5 0f315a61e5d7a8693c55458f9576f292
SHA1 8a9e1caea0f3f629f3def7d05e047a9bf0173942
SHA256 ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8
SHA512 de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll

MD5 819293e4e3d236e8de4de58d3d6e5335
SHA1 6412954a51fcd0b84d1726b3d31a79046fb7a345
SHA256 a38de1d04942eb7722c284b890a26402e7b2cb130038b7f8851d5faabb05e214
SHA512 72d13f039b122d456d42662db42169f370ce479e675ff5730ddb96a39c62d6ac94fb3c3553a08a427beefd21c716a04b49cbbaa5a9eb17601d693e6f4f4ce2b7

C:\Users\Admin\Desktop\New folder\PollyMC\libc++.dll

MD5 0314b68d4684f7fa62c9273df902bced
SHA1 c8cd94d2a41c66c56b3dd465868c800bfd201a83
SHA256 7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b
SHA512 de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25

memory/1084-217-0x00007FFCC2E30000-0x00007FFCC2E8C000-memory.dmp

memory/1084-219-0x00007FFCC2190000-0x00007FFCC21BB000-memory.dmp

memory/1084-218-0x00007FFCC2F50000-0x00007FFCC2F8A000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll

MD5 8a2e6c6cc6b35797a98928b5f08aea4c
SHA1 c01eaa1744767ef6609bd137d2a172245985058f
SHA256 a310758983d55ad1abba5cd275541e80935bcf9ad04bcd6d36db4542af8b88d6
SHA512 5eb2d653e270fbf7729a27469ac9c405a760df1692c3192389b4bab95a6c96c9e37db1106bf2aa376df66114d4c8b31a4672f78da6c49731116e6e3410d7ba3b

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll

MD5 190f4bbde9cf1bd67097633899302cca
SHA1 556835731eb165e27ca89fb03e2169a7d6467bea
SHA256 0f8264e423c16a3497ba5e41fcf42c8c15238ecf8eec2de80975e52e5682b681
SHA512 900d1d4b405ce8c5995702f72094085650f438e8604e984f9fab397badbc69cc8784dee8e917312bf62bded7baf830666210abd8943925b32e751ba3f5cd23eb

memory/1084-220-0x00007FFCBD680000-0x00007FFCBD6AC000-memory.dmp

C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.tIuFiM

MD5 a6dc16331f06bc5831e5ddc9799284ec
SHA1 d344f83d549df8c3e2c959182ba37f8c81d885a5
SHA256 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807
SHA512 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

memory/1084-231-0x00007FFCAD360000-0x00007FFCAD375000-memory.dmp

memory/1084-232-0x00007FFCAD2E0000-0x00007FFCAD334000-memory.dmp

C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock

MD5 8e75bb54bf6af4246dd2394ee1e8d14b
SHA1 4c9e47e37fc4a7c2b753260c1b4a717de80776b3
SHA256 f144c90a9438d87e447ce0b36bb0e7f530d738b7ed40392299fd3afb51457100
SHA512 61d6ca6b314d1b0b2499a05585bbcb6e9c37848462ce3e8dd6ed830f241b360225f542c3a49cdfc98b51879cdec05cd618ee0cabbd0803705d05e0d2eb12bf7c

memory/1084-249-0x00007FFCC2EA0000-0x00007FFCC2ED7000-memory.dmp

C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg

MD5 d0762f7cbbe8598689dd72a0e25f0722
SHA1 02c72f1a92351acc379693c33fa1d8f1d9756896
SHA256 4413e48dc99e87e3f466db9d73f3d748615fe702a89de93525c0a38b0ca9fa44
SHA512 978a7720fe37a33afddcd0ed0bfd5f6fea85fd533a36e7b13052beadb8d174b308788ceb5f7489093427028154e012960600c9386e1286bec1325da918ee779e

memory/1760-288-0x00000280E0B20000-0x00000280E1B20000-memory.dmp

memory/2192-308-0x00000285D7880000-0x00000285D7881000-memory.dmp

memory/4196-310-0x00000131987B0000-0x00000131987B1000-memory.dmp

memory/4196-311-0x00000131987D0000-0x0000013198A40000-memory.dmp

memory/4844-312-0x0000023CA14C0000-0x0000023CA1730000-memory.dmp

memory/2192-313-0x00000285D8EC0000-0x00000285D9130000-memory.dmp

memory/1760-318-0x00000280E0B20000-0x00000280E1B20000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0daffdd0-d589-4ab3-837b-6a3aac4e5e0a.tmp

MD5 8473bc7e0adcfe53d74b33d3faa1c625
SHA1 fd7905132b0f5c7127dd5678fe18ff7bd48c5d45
SHA256 66fdf09fc73bd8e6e3edf6676814bd1490ebe83157f2c0408a20521ce72db95d
SHA512 3793822d451c54d85e6309425c6bfba6e49a2c7b36f39aaa64b1ba9981a3faa709fef8d62e86de5eb339272c63084ab54aff31a2e5535e5c60adaffec117cb92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c5939b724fdec580041bb5cf54d3740
SHA1 267b5ab0553a76438a305e768bfe0e85b0bfcda0
SHA256 3b4cec612ee4574f40621e6173b712daf6ad86f1ad3bdd106ed3da2b4caa5d2c
SHA512 14a500fddefb2c58f422aa85a2f5a4f9fd1a69c79d5abdc623baea927abee6010975d38c35b6d07e97b5e2610ab7183aed6eaf4c0b9bfe5fa0670ea4e2b2e320

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f164d837d459ca94d96a40cbd2d1e9de
SHA1 0689cec050c5c8df9f6964d112b792d80d106b16
SHA256 0ebcd10e3ab54a4a680de01db5a50fe862cec0bcc7b83e3576fb717e3dcb8ad4
SHA512 6a9b6cef7dce08aa7f77d491085632c88ed513b6387d09118d52affed228f28da01e2466a13260fdfdfc59661494478849741e41dda68e91d246461c5dcfb130

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5b941ee7b8e0d298709638b7736760d8
SHA1 c6217b2a09a1c37efa1a782c2e0cfd4140877e8b
SHA256 463ae2d333bc09968166df6b151079db8bd1f5dcc1de14749e3e44061285adff
SHA512 a275295df36590dff5a30fbf86167eff5aeb58c9a2149e358d018ed80086c625f7dafbc1039a9c859572b1f163e4d75260658c9bb9398b23b1b8d4d4eefa8f90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e26a7178e0d0f9b9b6477c933cbf51c
SHA1 b1e18338cf03138800340d82ce9fc97e0399183f
SHA256 38f5406cbbb9ead596b6997143fa3f99c1642e730cc0db92ce1710099ee35428
SHA512 f5f464e46e6d5f85cd5ea610dc4614277b294349ffdf23fdf8b81b7ee90145526722b0f42e46a554365cb196d47c9da2df0db5cf538e10046f92c2e74d5229e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3166edd6aac66fdb7136ed0f057e41c9
SHA1 17450dba261360995544b61710cf711266c710d4
SHA256 050567d62a88836ae1e4018ec82b9beb35bfe01d424e0dd75bfe5781b77dc8ee
SHA512 721d2a50cb2fa044c30fc1d04cfe14a3039f65a51d883d5c6103d5d423823b8af41bb64e2ca516aca1547922c72a3b965c1d0413105face12c961f54242bd67d

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:29

Reported

2024-02-23 12:32

Platform

win10v2004-20240221-en

Max time kernel

153s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TaskKill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\URL Protocol C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell\open\command C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell\open C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\New folder\\PollyMC\\pollymc.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\TaskKill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe

"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"

C:\Windows\SysWOW64\TaskKill.exe

TaskKill /IM pollymc.exe /F

C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe

"C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 i18n.prismlauncher.org udp
US 185.199.109.153:443 i18n.prismlauncher.org tcp
US 8.8.8.8:53 153.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\nsExec.dll

MD5 675c4948e1efc929edcabfe67148eddd
SHA1 f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA256 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA512 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe

MD5 46139892c11d9b3f30d07368af1dab5b
SHA1 1d1cfa4e38c78b782d6cc926a895a058a8589de9
SHA256 d9c3cd7f291a2238593b0da0c8125ab79be9d7e50fbbd9e28b2e8946a524dc96
SHA512 f07e5356997399a99cd28970ccd62d613e1f1f7e34211c3afde7f60b87e4f99d3b9e60bb95aadcb139d9cc46c04f816876c6114425210b432300c0f802897792

C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe

MD5 acad93608adb54618879e022b862b19b
SHA1 071d81be2e0a339adc02f6d91c5f7fa091a37a97
SHA256 4be0298bd5a5fa91d324e017cbbd6119f059962333786cdc87d69e8c1e807c65
SHA512 2798b1c16b8f7dc68e7cac260449332758aa737d4bf583dc15cef45ba04a3b55f36a3d47a873b18ef73fba7a649b08e5a7d662096ca968804ac948867e2fe254

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll

MD5 addae4a147aa2ed8a2169dca9b664ecb
SHA1 c7108df0dbadd892a65b9a96dc6d9b1e55b81e06
SHA256 e7554b5c1017600e75c83d4b1dc847b234296a56abf1315e3bd086a31e4181b5
SHA512 d81d2d08f453dcb6c6c01044e18790bdd0a59d9e74263f57c6fac0a027868700e8c4d400bc044ecd8435b1ac7555240bb589b8310a7c309593c466d14ec6d941

C:\Users\Admin\Desktop\New folder\PollyMC\zlib1.dll

MD5 be9764cd884766755e1f53ad8c2a7149
SHA1 b7be969d75a08c7822462f0298b54eb2fdcb362a
SHA256 b0f14b5fa660d5161a716194b4b7be5f002d895c1e9d7e06a1130f682f760236
SHA512 3ac1b922c808911fe96d2f87e408380bdd6083339927f38cfad6839c9d0982a58f85307d211079449acbf4753d914e7ccdd0e78cbd6b06c35e5ea982818a41c8

C:\Users\Admin\Desktop\New folder\PollyMC\libcmark.dll

MD5 55ddf21ce27e8fb1d3cbe9c4907b5372
SHA1 fc601d6cb8d35a040633a9772c51a969f903a97c
SHA256 2355c808fbbfc63e4b6ef606250981e3156670de78cad1abe70b2e90c1dcad0d
SHA512 08ec83093e9ee335c20bc99be2f67437a4510540bdec9b681744d02d7be56f285485752194493578b2954c038b3faa2b30aea0e09256f541c072b1570776fc97

C:\Users\Admin\Desktop\New folder\PollyMC\libcmark.dll

MD5 45a086563e8a560fb3fb40347eb7e59f
SHA1 00a7773944cb8c202d8b8b4390ba077d8f41c6b4
SHA256 a917fdd34e384dfcaae1849558ce1d588b4dd2f6244f87b4dcb95988cecd2f8f
SHA512 bd5992489d9e9ea2f722f73de21ec44630b6718b8dc32a85f59f45de1f5e6a2902457facdf846b0dd218f56398e446d437215e81b40fcecb6fde7249734e0543

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Xml.dll

MD5 63e76c8c687df6aec9f41e3d8a1d0746
SHA1 7577d4d681c012a3ded924e2f30aa6969ca5e815
SHA256 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e
SHA512 e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll

MD5 79ceb7e9fbb02911eddd829808eb4376
SHA1 34c738355ebf9ca9c5de1b30aedee5aa87d80c5e
SHA256 49fbb1ce9389bf9030b91f23107ed8851d1f367427ec56978161d3c8a9d0ecc0
SHA512 3ebf7b5a8f2712c8e56e017021b2b9cd88f43bdff44bc24b914e04ec91bd9ce7ee0865192d7777d458394e76893090c49098c394bfeac8cdee4e275a45698158

C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1556-196-0x00007FFAEDF70000-0x00007FFAEE528000-memory.dmp

memory/1556-197-0x00007FF7969A0000-0x00007FF797684000-memory.dmp

memory/1556-212-0x00007FFAEE530000-0x00007FFAEEC6D000-memory.dmp

memory/1556-215-0x00007FFB03500000-0x00007FFB0355C000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\qtlogging.ini

MD5 58967a7fcc8cd9d2bdb9b0fc24eed94d
SHA1 b09f4ed1fe53850307cf8cb8cd2767524c26335b
SHA256 ba15aee260e7ca1d48016546bab52fe30c3da264356b629739c125cd4eb3c700
SHA512 5d44670d283b8a88892fd8def2fd2f2f9222d5115b25cc4b9e2b04a7c5f004930dc0b5e2d11ae128ab844f826ba079a0f93e17d5428355bdb4d21a04ee58055a

C:\Users\Admin\Desktop\New folder\PollyMC\qt.conf

MD5 7215ee9c7d9dc229d2921a40e899ec5f
SHA1 b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512 f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

memory/1556-217-0x00007FFAFF020000-0x00007FFAFF04B000-memory.dmp

memory/1556-216-0x00007FFB03560000-0x00007FFB0359A000-memory.dmp

memory/1556-214-0x00007FFAFE960000-0x00007FFAFEACA000-memory.dmp

memory/1556-220-0x00007FFAFDE00000-0x00007FFAFDE2C000-memory.dmp

C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.atSzOn

MD5 a6dc16331f06bc5831e5ddc9799284ec
SHA1 d344f83d549df8c3e2c959182ba37f8c81d885a5
SHA256 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807
SHA512 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

memory/1556-213-0x00007FFAEDF70000-0x00007FFAEE528000-memory.dmp

memory/1556-232-0x00007FFAEEFD0000-0x00007FFAEF024000-memory.dmp

memory/1556-231-0x00007FFAF5B60000-0x00007FFAF5B75000-memory.dmp

memory/1556-211-0x00007FFAEDAD0000-0x00007FFAEDD9F000-memory.dmp

memory/1556-210-0x00007FFAEDDA0000-0x00007FFAEDF66000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll

MD5 8b117942fcda8d8bd75d47fea74fb7dd
SHA1 d82d99938fceae1dd181b9685bc262801f79bd97
SHA256 180433020969669ffa2f0033eef9a96485c0b4600cfdd71949cfcd438c01ca8b
SHA512 c3cf462e98704e43c4a252773985d046376d8154f198831d75eb7b7724520564baed0276851e6d412322519d270b61dba789a44c8caaee2707245dd1a1bdbb1a

C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-8-0.dll

MD5 15d5c11c10693fbf46c929f71b1de96d
SHA1 273a39b7bb3651bb51caf05504213303b341d942
SHA256 57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c
SHA512 70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19

C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll

MD5 1c7e5558a932129f5209e696d76e91ad
SHA1 86648ea3bb6cea7b071fff6de240672fc383b939
SHA256 08db14ff3a078039cb5ed20ea10a5efcc55c10c2a40346063e0a965cfae94818
SHA512 8e7e7f6d2ef593ec9bfd3583c6482bb1398d448f158f75e7d16f96da9c6bb6ec92397845ea4e3787ca880e8ff45c40be0c6846fc069b9e11fe28dd53255fb28a

C:\Users\Admin\Desktop\New folder\PollyMC\libintl-8.dll

MD5 e3de79fc630d7fabb9118a4f7ea53971
SHA1 dcd7b2f6d68f897501b6464588537f452ec29726
SHA256 4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb
SHA512 47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280

C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock

MD5 08805ba56716944fb08955db0c8bf28c
SHA1 1864215d18f58eadf258e7d1172bfd3891be0707
SHA256 7194389d8103256a721b73adb2bc6861ded68ac45e76e45a5cc09c7bbad1e2bf
SHA512 45be90766405789a702a0735036135d512aa020c50f278ebab0429decd97f868a3955736b77c489af0d1435a55f5595814b757847912c3dc4d7b84f3ee99503f

C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll

MD5 329555ba5407023791e536176bec83c6
SHA1 0fc8c03e0bb149e2e39af7d4b752244309372222
SHA256 23eabc02bdb021ce775c230416f69c79870dee951eabb577c49136e95ce87f3c
SHA512 aa093840509b80554e52a0c111e72bc03710011732ad649b6f8ca15818bb765168eef8abf01613357c5939b8a2ff41026ed4a9d1038847083a97b2cce5d5f76d

C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlicommon.dll

MD5 00bc42b62d1a5adeb2f599a591403d9a
SHA1 42fb609f84e1fa97451a10aba914cda6db950b06
SHA256 fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7
SHA512 2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c

C:\Users\Admin\Desktop\New folder\PollyMC\libgraphite2.dll

MD5 c8dfe47f78c491446d7b1c39449d82be
SHA1 218fab832b78f14072be0d2f9d7d9775bba24323
SHA256 51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4
SHA512 39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903

C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll

MD5 b7b25491a6e44b616bccbe56ba919f9b
SHA1 479f316b076b591b656d15b1ebdd7ccf303d2fac
SHA256 c332862744bb6931c064e91980112ad6af951ae3347d2f8840a125cbbd161fc6
SHA512 db574b3aee26769944ca4815faca57625afce1a59060a76c9595a01941df99f408112a85c9cf0b2cee94fb8dd48abcd579cde68e0b13c62e0934cf031ce8e008

C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll

MD5 2e4616af26a59699f3960cb6b9bbc630
SHA1 222c198a09520a726045364f6d083f6228b7636e
SHA256 104dcaec637983d6455fe26f3b3f6beb8651c31fa47b5636415e68c9fffcca0d
SHA512 3d469cccdbefe0db02b69f5e4a8209914a78287307d8dd78aefbac90caa41bae674901f3eed0b19a983c0e323868f7c3d574b19d6e62658677d38fb0fb8ebbea

C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-16-0.dll

MD5 e5609c3469858b9f5ce8bb294275cd22
SHA1 47229f6eb790ad7d1b56f1e06c913850a8591e81
SHA256 285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d
SHA512 eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c

C:\Users\Admin\Desktop\New folder\PollyMC\libb2-1.dll

MD5 87ab9208b130b7d7b2dbf6e887aafc5f
SHA1 afc23cf59beea5dea0e7b4d7f96b936ab4594511
SHA256 d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af
SHA512 fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6

C:\Users\Admin\Desktop\New folder\PollyMC\libdouble-conversion.dll

MD5 20d6fca191ec4998242748eb54df4905
SHA1 e2d5afc4a3778c73762ebb4af9c446689a355a92
SHA256 52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7
SHA512 49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e

C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll

MD5 9209f811884a1f627ddb7eb62ae48a61
SHA1 96aef728c2eb58f76e247fd2f2d24212f39dde63
SHA256 aecadf79646c65d188beb8c77f0e35587978f7f389afb9bc70b5b434a55b0cc0
SHA512 9b60f47a5703d0fb7967ed4ee2e4b705bae26540108e456477c677e707a38803ecb042bf95c47e85bbe65a329c26ce36ca79cb5d4da1b080ee5e647545686505

C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll

MD5 85da15e41bc69fdf222ad876f7956ea8
SHA1 559d6114e284685486d705a18286ed1202912253
SHA256 661e1316dad14e70c7b60d987d55179db03db82b716a163a15817039df3ab6c3
SHA512 e6218a8845b69f482481ff9a1c0b08b90d0bbc0b97535145ad0df0a182c809f97cdd48c9030714de03b7be643615c17ec1ccd1b7a70ac02566369d49f79f8d0b

C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll

MD5 74cd1a19ba690a10a5743391dc23db01
SHA1 9a9d275510b300d351d6b48cec5f18a9d24b88ef
SHA256 a69360728d03154b78a0493f6353538a2dcebfac12776be8b6b53ab2ec494a6b
SHA512 b3683eadebed8f74ebe2428b8e65479e6145a32fbda40f1b15b07dee8019d1bab672d73d431665763ac9beff8f55a2726aba019221c5d3b67771769c1f636c28

C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll

MD5 de35a7fb5631c778e69fe0a024c04df1
SHA1 3a2e410ff9fc899ddfc16893505f93ff1e90ce40
SHA256 d2d8ff2e28d460d394f9174411dab4d1226a2e59821fad6d16951963d4617689
SHA512 8af6db38b9873c2477e532f75563e76d9cc8fa5655fd1d93e972fef8e4a944b3c005b2c6dcca2ec83aff248dd555bff544643eedebd70169bb57a6f32600d461

C:\Users\Admin\Desktop\New folder\PollyMC\libbz2-1.dll

MD5 b843434a8eae82adea4f9eaa2fbffe47
SHA1 b34aaa305cfc1a4936a88592b5689b0c978ffaa4
SHA256 22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9
SHA512 9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570

C:\Users\Admin\Desktop\New folder\PollyMC\libzstd.dll

MD5 c7240458c8995d530f5e6fd8d015e0d4
SHA1 b244880161f0da8d2f8b5ebaf53ebad256ed6545
SHA256 5443bdf7ce21114063d7bc9d74810569ca7741a0251f253493e54e2cc1839d13
SHA512 5925dfa114111f42710d9e81cc8cc21d4001792c3b7338ec031ce795b7b71b9f564abeeae7d8a667891f5018462669a94eaacd3819811c3446ff6a23c5b22694

C:\Users\Admin\Desktop\New folder\PollyMC\libzstd.dll

MD5 a5a025948728670f0bfbeb74f230e707
SHA1 9f1731b0e6eabe9aa95298bef969b0c13fed3a62
SHA256 ccb7d0ab3f2b27de35df97af338a286c20f5f7d110b822c42481ec92e57bee74
SHA512 4d1efb01f695b30d8730043edeb388a283429b5dba7279cd33afb2987adcaf0dde090c44c19b6f03381fd158bdff41a6eea8ab8e8119db8483ea3f1e44477f89

C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlidec.dll

MD5 6b933641e6a997c2a100191783370ce9
SHA1 0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f
SHA256 ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27
SHA512 6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2

C:\Users\Admin\Desktop\New folder\PollyMC\libfreetype-6.dll

MD5 7e0efe15a52434441699b4e18a403012
SHA1 d4564f3ba2e8236003d13e2e5bce71248fc655c6
SHA256 7a3258d807643e786983c107c49a9bcbe9bc755bc0a32e0f548d3bf8c048e818
SHA512 b60c46832556fcceaebd81f72667c6548e4f0c1655bb2d9a8e424564751fe46a766339850c92a4145064c3439a020ff23734228abc7151e1dfdf1b76f5ca2916

C:\Users\Admin\Desktop\New folder\PollyMC\libmd4c.dll

MD5 09eee10544ef56a8fa86517fa80f2bf5
SHA1 68977088641b2356fccbcaefd4cf0cd37aeb68ca
SHA256 bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06
SHA512 5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1

C:\Users\Admin\Desktop\New folder\PollyMC\libharfbuzz-0.dll

MD5 028bc7a3f6bf9fa788485b0d436367a0
SHA1 ef5dda530f89b17c20081a21ba910319e8782e4b
SHA256 ff38e5e18020c32a82d11b61a6c37583cff14a42f742fafd6588807f5f759c56
SHA512 c00896f1af7b078c3f06da5b27457ed8bd296c5a9991d3c9df2c178c4e68d96e9f7c6efb5cf660b8ed6d38537aa6a66a196007b96f03890f54335c561d79bd6d

C:\Users\Admin\Desktop\New folder\PollyMC\libharfbuzz-0.dll

MD5 9eb81f20f078271d2070b40d9e5feebd
SHA1 621be81d73004cda60f5e330d2c504d9b7f179ab
SHA256 08b9e80a403fec50969de26d9823c59f1c4a112df276616ec685d5c40fd88fe6
SHA512 441ef9eb2c64f37f9a41922332c96f462b70791cb5b7164ed0b07f00a43c3fec3c418adf5cfda345a46db70bdee0f053c8af44e7bbdafaaea50d09e82deb6518

C:\Users\Admin\Desktop\New folder\PollyMC\libpng16-16.dll

MD5 980ce62995e2b0fc6d809a64bfc02896
SHA1 601eca760fbea62b992f1bbc9ef83e6b33235392
SHA256 0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a
SHA512 d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67

C:\Users\Admin\Desktop\New folder\PollyMC\zlib1.dll

MD5 17d86210bfddc727ba2751fd02c533e1
SHA1 c1c53c48c78852003045114c030747dcff017aa9
SHA256 7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8
SHA512 c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll

MD5 1f9a06f59c6b20d1843072a9e91cb8f4
SHA1 6ae6616da89f2910bad780e401856aa2b23ddff1
SHA256 011a41d057af7ba00c68dbb9d6f12517fa4fba8fc77008a996d93eb454bf01a5
SHA512 defe5deedbbfc0c1fe590e8ae7f26abad91e3dee353ae6f55e12cbb38ce042291eef375c3f4a662ad9d944c6859d051593f908e8aeb6827d8667498ec8a18431

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core5Compat.dll

MD5 ab88dd4c87ff60a81b698c5b194d0d92
SHA1 a5c114e642297ee477db5f38286d5e24eafe1920
SHA256 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5
SHA512 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c

C:\Users\Admin\Desktop\New folder\PollyMC\libquazip1-qt6.dll

MD5 92fd1c7887462c3e2d8c4b75329c14d5
SHA1 3305b83190612b47a90f34e20687fc2159d8f7e7
SHA256 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e
SHA512 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc

memory/1556-249-0x00007FFAEB550000-0x00007FFAEB587000-memory.dmp

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Network.dll

MD5 0f315a61e5d7a8693c55458f9576f292
SHA1 8a9e1caea0f3f629f3def7d05e047a9bf0173942
SHA256 ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8
SHA512 de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll

MD5 61118487975fbbc80b14102b0971776e
SHA1 d87eac8ec1cd8bf0669b8b887d89ed7521d453b6
SHA256 2acbf44e4b0320c82f27b47a667830b4c823528cbac36b5d14d22f6dc037997e
SHA512 2c3539934e0ad4f59ca26c342d65dffdc7c42578d1e89a915d42af526b1351656b4b89fd3dd16a5c4008fe26dd604f237cf267def5a3b8a6622ec397a7da3cd1

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll

MD5 5e9c2eaad662577215e95b8828bd5218
SHA1 c587baa36ab88a8888695d7813afe6ed9b1b8fa7
SHA256 4708f05bc01d3bf58e533dc4b02065d038a5087ac87e28a5768c5712d95b1d25
SHA512 82afff68ec0ab33a1b319f818e100c184a095d67c2f8010ef82f9c49a683cf18008bb5a00e7ab486b939a26c9085f9a263b06decd2a3ad933dd76f779db461e3

C:\Users\Admin\Desktop\New folder\PollyMC\libc++.dll

MD5 0314b68d4684f7fa62c9273df902bced
SHA1 c8cd94d2a41c66c56b3dd465868c800bfd201a83
SHA256 7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b
SHA512 de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25

C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll

MD5 a429797b61b1c82986aedd2a341eef3a
SHA1 266b95bc599f4019588dedba8a50bf2061c164c0
SHA256 b889be03147797c34e3c3042b25ae88df8196f3012962ca07c7eba19d1c48eba
SHA512 b03e7ea5709912b6d6d6044bd5806dedfc28c8cfd6d6ae13cf2709a7759b6bffb070f68c7c405eb4c5a37a980c51831c7ec97b87ad52c1fc046e2997461148eb