Analysis Overview
SHA256
1c04ed11ce29fcfc3186144f0f907b70296132eb3db89044463cb14b97eb87d0
Threat Level: Shows suspicious behavior
The file PollyMC-Windows-MinGW-w64-Setup-8.0.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:29
Reported
2024-02-23 12:32
Platform
win11-20240221-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531651392655057" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell\open | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\New folder\\PollyMC\\pollymc.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\URL Protocol | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\curseforge\shell\open\command | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
C:\Windows\SysWOW64\TaskKill.exe
TaskKill /IM pollymc.exe /F
C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
"C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar "C:/Users/Admin/Desktop/New folder/PollyMC/jars/JavaCheck.jar"
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbdc99758,0x7ffcbdc99768,0x7ffcbdc99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3900 --field-trial-handle=1796,i,2280156615330680944,16605287448096327567,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 185.199.108.153:443 | i18n.prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\nsExec.dll
| MD5 | 675c4948e1efc929edcabfe67148eddd |
| SHA1 | f5bdd2c4329ed2732ecfe3423c3cc482606eb28e |
| SHA256 | 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906 |
| SHA512 | 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683 |
C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
| MD5 | 6d1b19dbd04fe40ee73bcb6235647d18 |
| SHA1 | 0d74369ed02357880ccb77941ffb5309c7f01cfd |
| SHA256 | a0deee27e08aab87113c15788ffa0068f693423210e4c36f24f222a80af5b8c7 |
| SHA512 | 4587a5f22ca1e979fd2a69dc33124ace7627d493efe9a216d44d96bf16a0642418aa68537eeaced726addf4c58a2a80fb4c4ee8977113e6786c6f0dbff73d700 |
C:\Users\Admin\AppData\Local\Temp\nsfADE4.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
| MD5 | d30127e378b99deab11c47dd24bdfb16 |
| SHA1 | 530cc7307bc8136039f8e5eca34ab424717cbed5 |
| SHA256 | 2c7d235e55e84be4069dae83fe9157290da0bd6893f32a1fc07c947499bf1eff |
| SHA512 | 5ccbbbd4056a43b92cf689433aa38f8980e527e0009e43c411dc55ff5dbf41ce77b7417666570c66020fb4189fa70342754777431db8f16dcaa1091aebb66cf2 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Xml.dll
| MD5 | 63e76c8c687df6aec9f41e3d8a1d0746 |
| SHA1 | 7577d4d681c012a3ded924e2f30aa6969ca5e815 |
| SHA256 | 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e |
| SHA512 | e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141 |
C:\Users\Admin\Desktop\New folder\PollyMC\libintl-8.dll
| MD5 | e3de79fc630d7fabb9118a4f7ea53971 |
| SHA1 | dcd7b2f6d68f897501b6464588537f452ec29726 |
| SHA256 | 4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb |
| SHA512 | 47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll
| MD5 | 77bb4abad4e14be55a5fc4186af6a960 |
| SHA1 | 7f5820337e6bf289c0c32ca9dd598dde2d8bde79 |
| SHA256 | bfbe143b4ff6fa08859d9f4c375de5b3cf49eee747879a8e7203ef526d308d7c |
| SHA512 | eb50de33ddd9fcadac345b151b0ee39161741d8fdefc404a693f5a5666ca6c225b44b78a819f4658815ed93e146bd045b66643530d2c477a6b34b6705f83247e |
C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll
| MD5 | 6fd324e99fab74ddf6c78369105e5f4f |
| SHA1 | 78f77f93def4f8830e4c28f2e6ae5d079e4ff65e |
| SHA256 | 7dc17dce9a8e44d42fde3579e51fd3632e9657ec240d5b61924f334c22455925 |
| SHA512 | 250425c2dffbe5476fd2e0f0bb91632c73c7b853f624e15831064d1a33a88db8733f214e4e942002e9b53add63e7ef5f20f1201abb51bca5efbad51ace4004a6 |
memory/1084-194-0x00007FF6CF620000-0x00007FF6D0304000-memory.dmp
memory/1084-203-0x00007FFCAFE00000-0x00007FFCB03B8000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll
| MD5 | 3574af39c490411c6556c3ec5dc2a930 |
| SHA1 | 0b87d4f876bd164ea657aad8bd058b52b9b25219 |
| SHA256 | e3ce65d4871bae8fdd15972c331b9cbee4ee395476f12ac12aa560cab2596710 |
| SHA512 | eebe2ec0e28d5abd645abe339050140b26cdfe84b45a1bda7a56a2e7466c88b7ddb332ed7bbe707cce724f8783a4c720943d042b091f2af2053562328a1e1a60 |
C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-8-0.dll
| MD5 | 15d5c11c10693fbf46c929f71b1de96d |
| SHA1 | 273a39b7bb3651bb51caf05504213303b341d942 |
| SHA256 | 57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c |
| SHA512 | 70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll
| MD5 | 4f5e7f691ea441ca8bd00a0a60438796 |
| SHA1 | da6d305b43a177f62baa9ceba4d13a71e608e178 |
| SHA256 | c5398b79c2606b08d55685cd2eebb08d35ac3e02738d71eb8949d058e8f74bc0 |
| SHA512 | 3b2032731a2e16f6648e2e52d3a6c0dcc9af2ad6c368a8e876bd2f8b3e8ed152d0ae468a3d0ebccfbbfbb72eaff806ca415189b23bbb10344cd55f2bd0fda8de |
C:\Users\Admin\Desktop\New folder\PollyMC\libgraphite2.dll
| MD5 | c8dfe47f78c491446d7b1c39449d82be |
| SHA1 | 218fab832b78f14072be0d2f9d7d9775bba24323 |
| SHA256 | 51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4 |
| SHA512 | 39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll
| MD5 | 1ca5b7297e5afdcea2703b89f42c9c4a |
| SHA1 | 16f6dd4ea37e699d61cc99964c729b1fcc570139 |
| SHA256 | 43fb41684e968fb4b5ff38e0b38edec42da7e4649fcee609bf2d40d74970d4bf |
| SHA512 | 36f82a843747496c8c7d5f4a126a9626b5aa31b8fc6c7f8d89a720bbef7f2cadc2205bfbed3587c78d6c901eb9d6233734f8f711bd8dc3700de0615a859bbca4 |
C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll
| MD5 | 94b2d5d665a890eebcae127bebc9621c |
| SHA1 | bded4b753f69d32e46612197f44b3dc4ae0b3c81 |
| SHA256 | 92a78b5fc44d32d0e0b47d0f7ed4f9193d792e2358d30f3716c010e4744c82a8 |
| SHA512 | 2cf0aff828f9300469115c6e4921f77126e3b6174a90411e825fcc0defc916d85460f5caba557db8ded3d247e05c10efbbf776e2b868f55b4737d2899f9cde88 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll
| MD5 | 947a2cb14aa296c9256771012617526a |
| SHA1 | 67e8dc936693f8f7c8045d14ed5f52e65390f661 |
| SHA256 | 3f8399b196895110afde2aa1e0a6b5f557f908294938aab134da83ccb1f27d6c |
| SHA512 | 2338dc788781f8333fbd26aeb2a3fc325d882e8a8661de34e35399c8467ed3a677544f703968898728afb052041379b103413d6a9c8adc1a4a17fee5ca41f3e5 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll
| MD5 | 3887400042525e2c976f6ccf9ed77ba7 |
| SHA1 | 4edb5798f73c874591d26c196f09c2139f90fc62 |
| SHA256 | a6954486fd81ad3464845af7f0fe7f06a5424b5ab84f033f9627ac7f1e82395c |
| SHA512 | ce94fc4a65ea2a0277d45e60b0e87d0b86730ff26ed9977b2b256dea6790965fe8c432e4a444c27c72341c965d6faea685847cdc9ef90150b72e1ae10ee5d3dc |
C:\Users\Admin\Desktop\New folder\PollyMC\libmd4c.dll
| MD5 | 09eee10544ef56a8fa86517fa80f2bf5 |
| SHA1 | 68977088641b2356fccbcaefd4cf0cd37aeb68ca |
| SHA256 | bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06 |
| SHA512 | 5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1 |
C:\Users\Admin\Desktop\New folder\PollyMC\libcmark.dll
| MD5 | f5f97439ea8c9b6ee10b76b9f94e2fde |
| SHA1 | 4e1ba63e394087fadbb908274b6ae77c3b92b59f |
| SHA256 | 503c476dbc9f57cacff1062e6bc48f70e3d9f00453180ba7bc4cbf4373810fa6 |
| SHA512 | 091e2997e29862aae35d9d9deb7db83356933cb3de89f80f5a239f9f3914d8f4218a1f2393055000707826baae9c4f4a3f43625a4eb3fd4f098f91ca34fe819b |
C:\Users\Admin\Desktop\New folder\PollyMC\libfreetype-6.dll
| MD5 | 7e0efe15a52434441699b4e18a403012 |
| SHA1 | d4564f3ba2e8236003d13e2e5bce71248fc655c6 |
| SHA256 | 7a3258d807643e786983c107c49a9bcbe9bc755bc0a32e0f548d3bf8c048e818 |
| SHA512 | b60c46832556fcceaebd81f72667c6548e4f0c1655bb2d9a8e424564751fe46a766339850c92a4145064c3439a020ff23734228abc7151e1dfdf1b76f5ca2916 |
C:\Users\Admin\Desktop\New folder\PollyMC\libharfbuzz-0.dll
| MD5 | 4234bf41775eda6bbe8fe5991184b8e1 |
| SHA1 | cf4e906b6eda0e8bdb50cd6f53e9b13f058d5716 |
| SHA256 | cd99ef0a232ec917816e8be1792213fb00a196b9428e9cb0a6cd022fc5f04ffd |
| SHA512 | 8331d5e039fb8c766f64670096c07c866826786cbe4802418ed2ab6eb38a2bd1e57bdb85e0d06a431883b87ba8943366013d26a8ae5d790e6fa93ae11743566c |
C:\Users\Admin\Desktop\New folder\PollyMC\libpng16-16.dll
| MD5 | 980ce62995e2b0fc6d809a64bfc02896 |
| SHA1 | 601eca760fbea62b992f1bbc9ef83e6b33235392 |
| SHA256 | 0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a |
| SHA512 | d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67 |
C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-16-0.dll
| MD5 | e5609c3469858b9f5ce8bb294275cd22 |
| SHA1 | 47229f6eb790ad7d1b56f1e06c913850a8591e81 |
| SHA256 | 285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d |
| SHA512 | eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c |
C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlicommon.dll
| MD5 | 00bc42b62d1a5adeb2f599a591403d9a |
| SHA1 | 42fb609f84e1fa97451a10aba914cda6db950b06 |
| SHA256 | fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7 |
| SHA512 | 2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll
| MD5 | 1f97e0ce5b718ef60002bb25aaa8b503 |
| SHA1 | e8a00b1f9233e1b5a46a57a9b7660d72710ef2b5 |
| SHA256 | 303d6ba2b6f614118d75fde6d76fbf8fd64298125c146dd023bd7e03f8c94224 |
| SHA512 | b705e8576f389d1cba10a37529ced8c41b0e4d437fb1dacb8aab6c9656f0d2cc1cd98ea885bf5a7ad79ba270f4c7126117b658cbb3ece98778f8cf05957cbf8f |
C:\Users\Admin\Desktop\New folder\PollyMC\libbz2-1.dll
| MD5 | b843434a8eae82adea4f9eaa2fbffe47 |
| SHA1 | b34aaa305cfc1a4936a88592b5689b0c978ffaa4 |
| SHA256 | 22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9 |
| SHA512 | 9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570 |
C:\Users\Admin\Desktop\New folder\PollyMC\libb2-1.dll
| MD5 | 87ab9208b130b7d7b2dbf6e887aafc5f |
| SHA1 | afc23cf59beea5dea0e7b4d7f96b936ab4594511 |
| SHA256 | d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af |
| SHA512 | fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6 |
memory/1084-212-0x00007FFCAF770000-0x00007FFCAF936000-memory.dmp
memory/1084-213-0x00007FFCAFB30000-0x00007FFCAFDFF000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\libdouble-conversion.dll
| MD5 | 20d6fca191ec4998242748eb54df4905 |
| SHA1 | e2d5afc4a3778c73762ebb4af9c446689a355a92 |
| SHA256 | 52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7 |
| SHA512 | 49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e |
memory/1084-214-0x00007FFCB03C0000-0x00007FFCB0AFD000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll
| MD5 | 5581bb033e2f1642adbc5293fbb162c0 |
| SHA1 | 584c2b3743cda8211d4e337ea0594ac42b70a0e0 |
| SHA256 | cc10b564387bc005692d7e178483b27b63953f73dc7f3eb87d4e32935ed4367b |
| SHA512 | ff22a99c3a4f3bf52da0e08047bf3ce16f2479166526a4f70b27c0b5b7eca85d123eeb5c7e2c26ede8237ed24976fe3f3bf4d7d5fce93cc39201144d2ce494c7 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll
| MD5 | 86a99f5649c44e13dd794da3d8d31282 |
| SHA1 | a008ffeff79ad11ea4d470bfcb73cf431ea3ee20 |
| SHA256 | b34cbdf9cf69b171c0ac354ffcd619de416a5c19b471b4dc170b5834ab974125 |
| SHA512 | 1cb8803bd1fcec84af05a410b8466d79132dea9d93505862d38f91d4dfe22c98f0a0071d16338fbe2df354819166f74a0bcc18bde060878679beb78a27e411b8 |
memory/1084-215-0x00007FFCAFE00000-0x00007FFCB03B8000-memory.dmp
memory/1084-216-0x00007FFCB1120000-0x00007FFCB128A000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll
| MD5 | 6b55d5447953ccaf9d729957e94ea335 |
| SHA1 | c40cf59c7ad209f0dd827a16f3cf4d379c9f90b1 |
| SHA256 | 81fc2ffdcfe2d99dac8a26a9d2038e3f142387f183f1dd042e46ee5c8ceefc60 |
| SHA512 | ad3ebc580aa74262a793942e21693802c79ac75cd5d58e1fc72d499c60e11783ed6d8b8f444a92bb23d06c383ed41527a34b8f3c4c1e75e32993907ffa2f8b06 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll
| MD5 | ad7f584de4a936d2aa0c320031fda8d1 |
| SHA1 | ed5d8e4c0c4762866686920261d56b3c01cedeb2 |
| SHA256 | 0848ca2e049e4dd2a7a0fe01c5ddb9e7c1210bc1291cf9396d403ff12c99b5b0 |
| SHA512 | 7b1386be23f646397a1b545b203430f427483e7952ef108e4fc771ed0189672be551d481c0e82bc0b63db857c06214af1e625aabd38603e3b8127bbd538fd058 |
C:\Users\Admin\Desktop\New folder\PollyMC\libzstd.dll
| MD5 | 4cc2b0f5e67f781406696b8032f30b72 |
| SHA1 | cf957e5f56c148d8fcf005989da1443c55ef190e |
| SHA256 | f9b8f326310503b8a79f8d16a80367728af0240af7cb3ea820f81144d2010fc3 |
| SHA512 | b31e6377134dfcbc3b03c6be30d20bb721ec9dc395f68e497292469eff39dbd543e30593d0e18ba4548cb1c85f0e9b0a3c2ea8a4fb2ec8134a3ff93005daad79 |
C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlidec.dll
| MD5 | 6b933641e6a997c2a100191783370ce9 |
| SHA1 | 0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f |
| SHA256 | ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27 |
| SHA512 | 6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2 |
C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll
| MD5 | e5cac1960181ceee198818ed98aab8e0 |
| SHA1 | 9de2f0aef00de17855a7232a99e07e21661d0da8 |
| SHA256 | 451f6de29a44a7a525d1c43e3439837e4afe5bcd0cfc1b8715bcc85ae2556d4e |
| SHA512 | 11ff53b6ce7bed01c0935b6d336262f646b35c9083cc88c721acddf838bccfc0b9f71e11514e97815c008a6c7bd93767ac3c79be1917c925c5bc67682a969c19 |
C:\Users\Admin\Desktop\New folder\PollyMC\zlib1.dll
| MD5 | 17d86210bfddc727ba2751fd02c533e1 |
| SHA1 | c1c53c48c78852003045114c030747dcff017aa9 |
| SHA256 | 7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8 |
| SHA512 | c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core5Compat.dll
| MD5 | ab88dd4c87ff60a81b698c5b194d0d92 |
| SHA1 | a5c114e642297ee477db5f38286d5e24eafe1920 |
| SHA256 | 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5 |
| SHA512 | 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c |
C:\Users\Admin\Desktop\New folder\PollyMC\libquazip1-qt6.dll
| MD5 | 92fd1c7887462c3e2d8c4b75329c14d5 |
| SHA1 | 3305b83190612b47a90f34e20687fc2159d8f7e7 |
| SHA256 | 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e |
| SHA512 | 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll
| MD5 | 64c13789039704f42acc277ad449b3b8 |
| SHA1 | c63f8936c59bb3d412afc0231754e3b39d3b8a8a |
| SHA256 | ecd0641d1efcc2d60e3b25b37b0125d114d84589922442e2c901473db59026e1 |
| SHA512 | 609535ca24e2bfd0987ef230a02055300234c3a4760be4195389e98f6912bbced7951784dba57db7102bb36ff6400d049cbb87953d16fb707368ffdd2dc9ac13 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Network.dll
| MD5 | 0f315a61e5d7a8693c55458f9576f292 |
| SHA1 | 8a9e1caea0f3f629f3def7d05e047a9bf0173942 |
| SHA256 | ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8 |
| SHA512 | de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll
| MD5 | 819293e4e3d236e8de4de58d3d6e5335 |
| SHA1 | 6412954a51fcd0b84d1726b3d31a79046fb7a345 |
| SHA256 | a38de1d04942eb7722c284b890a26402e7b2cb130038b7f8851d5faabb05e214 |
| SHA512 | 72d13f039b122d456d42662db42169f370ce479e675ff5730ddb96a39c62d6ac94fb3c3553a08a427beefd21c716a04b49cbbaa5a9eb17601d693e6f4f4ce2b7 |
C:\Users\Admin\Desktop\New folder\PollyMC\libc++.dll
| MD5 | 0314b68d4684f7fa62c9273df902bced |
| SHA1 | c8cd94d2a41c66c56b3dd465868c800bfd201a83 |
| SHA256 | 7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b |
| SHA512 | de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25 |
memory/1084-217-0x00007FFCC2E30000-0x00007FFCC2E8C000-memory.dmp
memory/1084-219-0x00007FFCC2190000-0x00007FFCC21BB000-memory.dmp
memory/1084-218-0x00007FFCC2F50000-0x00007FFCC2F8A000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll
| MD5 | 8a2e6c6cc6b35797a98928b5f08aea4c |
| SHA1 | c01eaa1744767ef6609bd137d2a172245985058f |
| SHA256 | a310758983d55ad1abba5cd275541e80935bcf9ad04bcd6d36db4542af8b88d6 |
| SHA512 | 5eb2d653e270fbf7729a27469ac9c405a760df1692c3192389b4bab95a6c96c9e37db1106bf2aa376df66114d4c8b31a4672f78da6c49731116e6e3410d7ba3b |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll
| MD5 | 190f4bbde9cf1bd67097633899302cca |
| SHA1 | 556835731eb165e27ca89fb03e2169a7d6467bea |
| SHA256 | 0f8264e423c16a3497ba5e41fcf42c8c15238ecf8eec2de80975e52e5682b681 |
| SHA512 | 900d1d4b405ce8c5995702f72094085650f438e8604e984f9fab397badbc69cc8784dee8e917312bf62bded7baf830666210abd8943925b32e751ba3f5cd23eb |
memory/1084-220-0x00007FFCBD680000-0x00007FFCBD6AC000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.tIuFiM
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
memory/1084-231-0x00007FFCAD360000-0x00007FFCAD375000-memory.dmp
memory/1084-232-0x00007FFCAD2E0000-0x00007FFCAD334000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock
| MD5 | 8e75bb54bf6af4246dd2394ee1e8d14b |
| SHA1 | 4c9e47e37fc4a7c2b753260c1b4a717de80776b3 |
| SHA256 | f144c90a9438d87e447ce0b36bb0e7f530d738b7ed40392299fd3afb51457100 |
| SHA512 | 61d6ca6b314d1b0b2499a05585bbcb6e9c37848462ce3e8dd6ed830f241b360225f542c3a49cdfc98b51879cdec05cd618ee0cabbd0803705d05e0d2eb12bf7c |
memory/1084-249-0x00007FFCC2EA0000-0x00007FFCC2ED7000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | d0762f7cbbe8598689dd72a0e25f0722 |
| SHA1 | 02c72f1a92351acc379693c33fa1d8f1d9756896 |
| SHA256 | 4413e48dc99e87e3f466db9d73f3d748615fe702a89de93525c0a38b0ca9fa44 |
| SHA512 | 978a7720fe37a33afddcd0ed0bfd5f6fea85fd533a36e7b13052beadb8d174b308788ceb5f7489093427028154e012960600c9386e1286bec1325da918ee779e |
memory/1760-288-0x00000280E0B20000-0x00000280E1B20000-memory.dmp
memory/2192-308-0x00000285D7880000-0x00000285D7881000-memory.dmp
memory/4196-310-0x00000131987B0000-0x00000131987B1000-memory.dmp
memory/4196-311-0x00000131987D0000-0x0000013198A40000-memory.dmp
memory/4844-312-0x0000023CA14C0000-0x0000023CA1730000-memory.dmp
memory/2192-313-0x00000285D8EC0000-0x00000285D9130000-memory.dmp
memory/1760-318-0x00000280E0B20000-0x00000280E1B20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0daffdd0-d589-4ab3-837b-6a3aac4e5e0a.tmp
| MD5 | 8473bc7e0adcfe53d74b33d3faa1c625 |
| SHA1 | fd7905132b0f5c7127dd5678fe18ff7bd48c5d45 |
| SHA256 | 66fdf09fc73bd8e6e3edf6676814bd1490ebe83157f2c0408a20521ce72db95d |
| SHA512 | 3793822d451c54d85e6309425c6bfba6e49a2c7b36f39aaa64b1ba9981a3faa709fef8d62e86de5eb339272c63084ab54aff31a2e5535e5c60adaffec117cb92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c5939b724fdec580041bb5cf54d3740 |
| SHA1 | 267b5ab0553a76438a305e768bfe0e85b0bfcda0 |
| SHA256 | 3b4cec612ee4574f40621e6173b712daf6ad86f1ad3bdd106ed3da2b4caa5d2c |
| SHA512 | 14a500fddefb2c58f422aa85a2f5a4f9fd1a69c79d5abdc623baea927abee6010975d38c35b6d07e97b5e2610ab7183aed6eaf4c0b9bfe5fa0670ea4e2b2e320 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f164d837d459ca94d96a40cbd2d1e9de |
| SHA1 | 0689cec050c5c8df9f6964d112b792d80d106b16 |
| SHA256 | 0ebcd10e3ab54a4a680de01db5a50fe862cec0bcc7b83e3576fb717e3dcb8ad4 |
| SHA512 | 6a9b6cef7dce08aa7f77d491085632c88ed513b6387d09118d52affed228f28da01e2466a13260fdfdfc59661494478849741e41dda68e91d246461c5dcfb130 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5b941ee7b8e0d298709638b7736760d8 |
| SHA1 | c6217b2a09a1c37efa1a782c2e0cfd4140877e8b |
| SHA256 | 463ae2d333bc09968166df6b151079db8bd1f5dcc1de14749e3e44061285adff |
| SHA512 | a275295df36590dff5a30fbf86167eff5aeb58c9a2149e358d018ed80086c625f7dafbc1039a9c859572b1f163e4d75260658c9bb9398b23b1b8d4d4eefa8f90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1e26a7178e0d0f9b9b6477c933cbf51c |
| SHA1 | b1e18338cf03138800340d82ce9fc97e0399183f |
| SHA256 | 38f5406cbbb9ead596b6997143fa3f99c1642e730cc0db92ce1710099ee35428 |
| SHA512 | f5f464e46e6d5f85cd5ea610dc4614277b294349ffdf23fdf8b81b7ee90145526722b0f42e46a554365cb196d47c9da2df0db5cf538e10046f92c2e74d5229e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3166edd6aac66fdb7136ed0f057e41c9 |
| SHA1 | 17450dba261360995544b61710cf711266c710d4 |
| SHA256 | 050567d62a88836ae1e4018ec82b9beb35bfe01d424e0dd75bfe5781b77dc8ee |
| SHA512 | 721d2a50cb2fa044c30fc1d04cfe14a3039f65a51d883d5c6103d5d423823b8af41bb64e2ca516aca1547922c72a3b965c1d0413105face12c961f54242bd67d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:29
Reported
2024-02-23 12:32
Platform
win10v2004-20240221-en
Max time kernel
153s
Max time network
161s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\URL Protocol | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell\open\command | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell\open | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\New folder\\PollyMC\\pollymc.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2252 wrote to memory of 2448 | N/A | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | C:\Windows\SysWOW64\TaskKill.exe |
| PID 2252 wrote to memory of 2448 | N/A | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | C:\Windows\SysWOW64\TaskKill.exe |
| PID 2252 wrote to memory of 2448 | N/A | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | C:\Windows\SysWOW64\TaskKill.exe |
| PID 2252 wrote to memory of 1556 | N/A | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe |
| PID 2252 wrote to memory of 1556 | N/A | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
C:\Windows\SysWOW64\TaskKill.exe
TaskKill /IM pollymc.exe /F
C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
"C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 185.199.109.153:443 | i18n.prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 153.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\nsExec.dll
| MD5 | 675c4948e1efc929edcabfe67148eddd |
| SHA1 | f5bdd2c4329ed2732ecfe3423c3cc482606eb28e |
| SHA256 | 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906 |
| SHA512 | 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683 |
C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
| MD5 | 46139892c11d9b3f30d07368af1dab5b |
| SHA1 | 1d1cfa4e38c78b782d6cc926a895a058a8589de9 |
| SHA256 | d9c3cd7f291a2238593b0da0c8125ab79be9d7e50fbbd9e28b2e8946a524dc96 |
| SHA512 | f07e5356997399a99cd28970ccd62d613e1f1f7e34211c3afde7f60b87e4f99d3b9e60bb95aadcb139d9cc46c04f816876c6114425210b432300c0f802897792 |
C:\Users\Admin\AppData\Local\Temp\nseF2F.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\Desktop\New folder\PollyMC\pollymc.exe
| MD5 | acad93608adb54618879e022b862b19b |
| SHA1 | 071d81be2e0a339adc02f6d91c5f7fa091a37a97 |
| SHA256 | 4be0298bd5a5fa91d324e017cbbd6119f059962333786cdc87d69e8c1e807c65 |
| SHA512 | 2798b1c16b8f7dc68e7cac260449332758aa737d4bf583dc15cef45ba04a3b55f36a3d47a873b18ef73fba7a649b08e5a7d662096ca968804ac948867e2fe254 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll
| MD5 | addae4a147aa2ed8a2169dca9b664ecb |
| SHA1 | c7108df0dbadd892a65b9a96dc6d9b1e55b81e06 |
| SHA256 | e7554b5c1017600e75c83d4b1dc847b234296a56abf1315e3bd086a31e4181b5 |
| SHA512 | d81d2d08f453dcb6c6c01044e18790bdd0a59d9e74263f57c6fac0a027868700e8c4d400bc044ecd8435b1ac7555240bb589b8310a7c309593c466d14ec6d941 |
C:\Users\Admin\Desktop\New folder\PollyMC\zlib1.dll
| MD5 | be9764cd884766755e1f53ad8c2a7149 |
| SHA1 | b7be969d75a08c7822462f0298b54eb2fdcb362a |
| SHA256 | b0f14b5fa660d5161a716194b4b7be5f002d895c1e9d7e06a1130f682f760236 |
| SHA512 | 3ac1b922c808911fe96d2f87e408380bdd6083339927f38cfad6839c9d0982a58f85307d211079449acbf4753d914e7ccdd0e78cbd6b06c35e5ea982818a41c8 |
C:\Users\Admin\Desktop\New folder\PollyMC\libcmark.dll
| MD5 | 55ddf21ce27e8fb1d3cbe9c4907b5372 |
| SHA1 | fc601d6cb8d35a040633a9772c51a969f903a97c |
| SHA256 | 2355c808fbbfc63e4b6ef606250981e3156670de78cad1abe70b2e90c1dcad0d |
| SHA512 | 08ec83093e9ee335c20bc99be2f67437a4510540bdec9b681744d02d7be56f285485752194493578b2954c038b3faa2b30aea0e09256f541c072b1570776fc97 |
C:\Users\Admin\Desktop\New folder\PollyMC\libcmark.dll
| MD5 | 45a086563e8a560fb3fb40347eb7e59f |
| SHA1 | 00a7773944cb8c202d8b8b4390ba077d8f41c6b4 |
| SHA256 | a917fdd34e384dfcaae1849558ce1d588b4dd2f6244f87b4dcb95988cecd2f8f |
| SHA512 | bd5992489d9e9ea2f722f73de21ec44630b6718b8dc32a85f59f45de1f5e6a2902457facdf846b0dd218f56398e446d437215e81b40fcecb6fde7249734e0543 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Xml.dll
| MD5 | 63e76c8c687df6aec9f41e3d8a1d0746 |
| SHA1 | 7577d4d681c012a3ded924e2f30aa6969ca5e815 |
| SHA256 | 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e |
| SHA512 | e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core.dll
| MD5 | 79ceb7e9fbb02911eddd829808eb4376 |
| SHA1 | 34c738355ebf9ca9c5de1b30aedee5aa87d80c5e |
| SHA256 | 49fbb1ce9389bf9030b91f23107ed8851d1f367427ec56978161d3c8a9d0ecc0 |
| SHA512 | 3ebf7b5a8f2712c8e56e017021b2b9cd88f43bdff44bc24b914e04ec91bd9ce7ee0865192d7777d458394e76893090c49098c394bfeac8cdee4e275a45698158 |
C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1556-196-0x00007FFAEDF70000-0x00007FFAEE528000-memory.dmp
memory/1556-197-0x00007FF7969A0000-0x00007FF797684000-memory.dmp
memory/1556-212-0x00007FFAEE530000-0x00007FFAEEC6D000-memory.dmp
memory/1556-215-0x00007FFB03500000-0x00007FFB0355C000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\qtlogging.ini
| MD5 | 58967a7fcc8cd9d2bdb9b0fc24eed94d |
| SHA1 | b09f4ed1fe53850307cf8cb8cd2767524c26335b |
| SHA256 | ba15aee260e7ca1d48016546bab52fe30c3da264356b629739c125cd4eb3c700 |
| SHA512 | 5d44670d283b8a88892fd8def2fd2f2f9222d5115b25cc4b9e2b04a7c5f004930dc0b5e2d11ae128ab844f826ba079a0f93e17d5428355bdb4d21a04ee58055a |
C:\Users\Admin\Desktop\New folder\PollyMC\qt.conf
| MD5 | 7215ee9c7d9dc229d2921a40e899ec5f |
| SHA1 | b858cb282617fb0956d960215c8e84d1ccf909c6 |
| SHA256 | 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 |
| SHA512 | f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768 |
memory/1556-217-0x00007FFAFF020000-0x00007FFAFF04B000-memory.dmp
memory/1556-216-0x00007FFB03560000-0x00007FFB0359A000-memory.dmp
memory/1556-214-0x00007FFAFE960000-0x00007FFAFEACA000-memory.dmp
memory/1556-220-0x00007FFAFDE00000-0x00007FFAFDE2C000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.atSzOn
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
memory/1556-213-0x00007FFAEDF70000-0x00007FFAEE528000-memory.dmp
memory/1556-232-0x00007FFAEEFD0000-0x00007FFAEF024000-memory.dmp
memory/1556-231-0x00007FFAF5B60000-0x00007FFAF5B75000-memory.dmp
memory/1556-211-0x00007FFAEDAD0000-0x00007FFAEDD9F000-memory.dmp
memory/1556-210-0x00007FFAEDDA0000-0x00007FFAEDF66000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\libiconv-2.dll
| MD5 | 8b117942fcda8d8bd75d47fea74fb7dd |
| SHA1 | d82d99938fceae1dd181b9685bc262801f79bd97 |
| SHA256 | 180433020969669ffa2f0033eef9a96485c0b4600cfdd71949cfcd438c01ca8b |
| SHA512 | c3cf462e98704e43c4a252773985d046376d8154f198831d75eb7b7724520564baed0276851e6d412322519d270b61dba789a44c8caaee2707245dd1a1bdbb1a |
C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-8-0.dll
| MD5 | 15d5c11c10693fbf46c929f71b1de96d |
| SHA1 | 273a39b7bb3651bb51caf05504213303b341d942 |
| SHA256 | 57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c |
| SHA512 | 70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll
| MD5 | 1c7e5558a932129f5209e696d76e91ad |
| SHA1 | 86648ea3bb6cea7b071fff6de240672fc383b939 |
| SHA256 | 08db14ff3a078039cb5ed20ea10a5efcc55c10c2a40346063e0a965cfae94818 |
| SHA512 | 8e7e7f6d2ef593ec9bfd3583c6482bb1398d448f158f75e7d16f96da9c6bb6ec92397845ea4e3787ca880e8ff45c40be0c6846fc069b9e11fe28dd53255fb28a |
C:\Users\Admin\Desktop\New folder\PollyMC\libintl-8.dll
| MD5 | e3de79fc630d7fabb9118a4f7ea53971 |
| SHA1 | dcd7b2f6d68f897501b6464588537f452ec29726 |
| SHA256 | 4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb |
| SHA512 | 47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280 |
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock
| MD5 | 08805ba56716944fb08955db0c8bf28c |
| SHA1 | 1864215d18f58eadf258e7d1172bfd3891be0707 |
| SHA256 | 7194389d8103256a721b73adb2bc6861ded68ac45e76e45a5cc09c7bbad1e2bf |
| SHA512 | 45be90766405789a702a0735036135d512aa020c50f278ebab0429decd97f868a3955736b77c489af0d1435a55f5595814b757847912c3dc4d7b84f3ee99503f |
C:\Users\Admin\Desktop\New folder\PollyMC\libicudt74.dll
| MD5 | 329555ba5407023791e536176bec83c6 |
| SHA1 | 0fc8c03e0bb149e2e39af7d4b752244309372222 |
| SHA256 | 23eabc02bdb021ce775c230416f69c79870dee951eabb577c49136e95ce87f3c |
| SHA512 | aa093840509b80554e52a0c111e72bc03710011732ad649b6f8ca15818bb765168eef8abf01613357c5939b8a2ff41026ed4a9d1038847083a97b2cce5d5f76d |
C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlicommon.dll
| MD5 | 00bc42b62d1a5adeb2f599a591403d9a |
| SHA1 | 42fb609f84e1fa97451a10aba914cda6db950b06 |
| SHA256 | fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7 |
| SHA512 | 2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c |
C:\Users\Admin\Desktop\New folder\PollyMC\libgraphite2.dll
| MD5 | c8dfe47f78c491446d7b1c39449d82be |
| SHA1 | 218fab832b78f14072be0d2f9d7d9775bba24323 |
| SHA256 | 51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4 |
| SHA512 | 39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903 |
C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll
| MD5 | b7b25491a6e44b616bccbe56ba919f9b |
| SHA1 | 479f316b076b591b656d15b1ebdd7ccf303d2fac |
| SHA256 | c332862744bb6931c064e91980112ad6af951ae3347d2f8840a125cbbd161fc6 |
| SHA512 | db574b3aee26769944ca4815faca57625afce1a59060a76c9595a01941df99f408112a85c9cf0b2cee94fb8dd48abcd579cde68e0b13c62e0934cf031ce8e008 |
C:\Users\Admin\Desktop\New folder\PollyMC\libglib-2.0-0.dll
| MD5 | 2e4616af26a59699f3960cb6b9bbc630 |
| SHA1 | 222c198a09520a726045364f6d083f6228b7636e |
| SHA256 | 104dcaec637983d6455fe26f3b3f6beb8651c31fa47b5636415e68c9fffcca0d |
| SHA512 | 3d469cccdbefe0db02b69f5e4a8209914a78287307d8dd78aefbac90caa41bae674901f3eed0b19a983c0e323868f7c3d574b19d6e62658677d38fb0fb8ebbea |
C:\Users\Admin\Desktop\New folder\PollyMC\libpcre2-16-0.dll
| MD5 | e5609c3469858b9f5ce8bb294275cd22 |
| SHA1 | 47229f6eb790ad7d1b56f1e06c913850a8591e81 |
| SHA256 | 285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d |
| SHA512 | eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c |
C:\Users\Admin\Desktop\New folder\PollyMC\libb2-1.dll
| MD5 | 87ab9208b130b7d7b2dbf6e887aafc5f |
| SHA1 | afc23cf59beea5dea0e7b4d7f96b936ab4594511 |
| SHA256 | d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af |
| SHA512 | fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6 |
C:\Users\Admin\Desktop\New folder\PollyMC\libdouble-conversion.dll
| MD5 | 20d6fca191ec4998242748eb54df4905 |
| SHA1 | e2d5afc4a3778c73762ebb4af9c446689a355a92 |
| SHA256 | 52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7 |
| SHA512 | 49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll
| MD5 | 9209f811884a1f627ddb7eb62ae48a61 |
| SHA1 | 96aef728c2eb58f76e247fd2f2d24212f39dde63 |
| SHA256 | aecadf79646c65d188beb8c77f0e35587978f7f389afb9bc70b5b434a55b0cc0 |
| SHA512 | 9b60f47a5703d0fb7967ed4ee2e4b705bae26540108e456477c677e707a38803ecb042bf95c47e85bbe65a329c26ce36ca79cb5d4da1b080ee5e647545686505 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuin74.dll
| MD5 | 85da15e41bc69fdf222ad876f7956ea8 |
| SHA1 | 559d6114e284685486d705a18286ed1202912253 |
| SHA256 | 661e1316dad14e70c7b60d987d55179db03db82b716a163a15817039df3ab6c3 |
| SHA512 | e6218a8845b69f482481ff9a1c0b08b90d0bbc0b97535145ad0df0a182c809f97cdd48c9030714de03b7be643615c17ec1ccd1b7a70ac02566369d49f79f8d0b |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll
| MD5 | 74cd1a19ba690a10a5743391dc23db01 |
| SHA1 | 9a9d275510b300d351d6b48cec5f18a9d24b88ef |
| SHA256 | a69360728d03154b78a0493f6353538a2dcebfac12776be8b6b53ab2ec494a6b |
| SHA512 | b3683eadebed8f74ebe2428b8e65479e6145a32fbda40f1b15b07dee8019d1bab672d73d431665763ac9beff8f55a2726aba019221c5d3b67771769c1f636c28 |
C:\Users\Admin\Desktop\New folder\PollyMC\libicuuc74.dll
| MD5 | de35a7fb5631c778e69fe0a024c04df1 |
| SHA1 | 3a2e410ff9fc899ddfc16893505f93ff1e90ce40 |
| SHA256 | d2d8ff2e28d460d394f9174411dab4d1226a2e59821fad6d16951963d4617689 |
| SHA512 | 8af6db38b9873c2477e532f75563e76d9cc8fa5655fd1d93e972fef8e4a944b3c005b2c6dcca2ec83aff248dd555bff544643eedebd70169bb57a6f32600d461 |
C:\Users\Admin\Desktop\New folder\PollyMC\libbz2-1.dll
| MD5 | b843434a8eae82adea4f9eaa2fbffe47 |
| SHA1 | b34aaa305cfc1a4936a88592b5689b0c978ffaa4 |
| SHA256 | 22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9 |
| SHA512 | 9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570 |
C:\Users\Admin\Desktop\New folder\PollyMC\libzstd.dll
| MD5 | c7240458c8995d530f5e6fd8d015e0d4 |
| SHA1 | b244880161f0da8d2f8b5ebaf53ebad256ed6545 |
| SHA256 | 5443bdf7ce21114063d7bc9d74810569ca7741a0251f253493e54e2cc1839d13 |
| SHA512 | 5925dfa114111f42710d9e81cc8cc21d4001792c3b7338ec031ce795b7b71b9f564abeeae7d8a667891f5018462669a94eaacd3819811c3446ff6a23c5b22694 |
C:\Users\Admin\Desktop\New folder\PollyMC\libzstd.dll
| MD5 | a5a025948728670f0bfbeb74f230e707 |
| SHA1 | 9f1731b0e6eabe9aa95298bef969b0c13fed3a62 |
| SHA256 | ccb7d0ab3f2b27de35df97af338a286c20f5f7d110b822c42481ec92e57bee74 |
| SHA512 | 4d1efb01f695b30d8730043edeb388a283429b5dba7279cd33afb2987adcaf0dde090c44c19b6f03381fd158bdff41a6eea8ab8e8119db8483ea3f1e44477f89 |
C:\Users\Admin\Desktop\New folder\PollyMC\libbrotlidec.dll
| MD5 | 6b933641e6a997c2a100191783370ce9 |
| SHA1 | 0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f |
| SHA256 | ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27 |
| SHA512 | 6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2 |
C:\Users\Admin\Desktop\New folder\PollyMC\libfreetype-6.dll
| MD5 | 7e0efe15a52434441699b4e18a403012 |
| SHA1 | d4564f3ba2e8236003d13e2e5bce71248fc655c6 |
| SHA256 | 7a3258d807643e786983c107c49a9bcbe9bc755bc0a32e0f548d3bf8c048e818 |
| SHA512 | b60c46832556fcceaebd81f72667c6548e4f0c1655bb2d9a8e424564751fe46a766339850c92a4145064c3439a020ff23734228abc7151e1dfdf1b76f5ca2916 |
C:\Users\Admin\Desktop\New folder\PollyMC\libmd4c.dll
| MD5 | 09eee10544ef56a8fa86517fa80f2bf5 |
| SHA1 | 68977088641b2356fccbcaefd4cf0cd37aeb68ca |
| SHA256 | bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06 |
| SHA512 | 5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1 |
C:\Users\Admin\Desktop\New folder\PollyMC\libharfbuzz-0.dll
| MD5 | 028bc7a3f6bf9fa788485b0d436367a0 |
| SHA1 | ef5dda530f89b17c20081a21ba910319e8782e4b |
| SHA256 | ff38e5e18020c32a82d11b61a6c37583cff14a42f742fafd6588807f5f759c56 |
| SHA512 | c00896f1af7b078c3f06da5b27457ed8bd296c5a9991d3c9df2c178c4e68d96e9f7c6efb5cf660b8ed6d38537aa6a66a196007b96f03890f54335c561d79bd6d |
C:\Users\Admin\Desktop\New folder\PollyMC\libharfbuzz-0.dll
| MD5 | 9eb81f20f078271d2070b40d9e5feebd |
| SHA1 | 621be81d73004cda60f5e330d2c504d9b7f179ab |
| SHA256 | 08b9e80a403fec50969de26d9823c59f1c4a112df276616ec685d5c40fd88fe6 |
| SHA512 | 441ef9eb2c64f37f9a41922332c96f462b70791cb5b7164ed0b07f00a43c3fec3c418adf5cfda345a46db70bdee0f053c8af44e7bbdafaaea50d09e82deb6518 |
C:\Users\Admin\Desktop\New folder\PollyMC\libpng16-16.dll
| MD5 | 980ce62995e2b0fc6d809a64bfc02896 |
| SHA1 | 601eca760fbea62b992f1bbc9ef83e6b33235392 |
| SHA256 | 0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a |
| SHA512 | d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67 |
C:\Users\Admin\Desktop\New folder\PollyMC\zlib1.dll
| MD5 | 17d86210bfddc727ba2751fd02c533e1 |
| SHA1 | c1c53c48c78852003045114c030747dcff017aa9 |
| SHA256 | 7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8 |
| SHA512 | c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll
| MD5 | 1f9a06f59c6b20d1843072a9e91cb8f4 |
| SHA1 | 6ae6616da89f2910bad780e401856aa2b23ddff1 |
| SHA256 | 011a41d057af7ba00c68dbb9d6f12517fa4fba8fc77008a996d93eb454bf01a5 |
| SHA512 | defe5deedbbfc0c1fe590e8ae7f26abad91e3dee353ae6f55e12cbb38ce042291eef375c3f4a662ad9d944c6859d051593f908e8aeb6827d8667498ec8a18431 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Core5Compat.dll
| MD5 | ab88dd4c87ff60a81b698c5b194d0d92 |
| SHA1 | a5c114e642297ee477db5f38286d5e24eafe1920 |
| SHA256 | 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5 |
| SHA512 | 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c |
C:\Users\Admin\Desktop\New folder\PollyMC\libquazip1-qt6.dll
| MD5 | 92fd1c7887462c3e2d8c4b75329c14d5 |
| SHA1 | 3305b83190612b47a90f34e20687fc2159d8f7e7 |
| SHA256 | 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e |
| SHA512 | 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc |
memory/1556-249-0x00007FFAEB550000-0x00007FFAEB587000-memory.dmp
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Network.dll
| MD5 | 0f315a61e5d7a8693c55458f9576f292 |
| SHA1 | 8a9e1caea0f3f629f3def7d05e047a9bf0173942 |
| SHA256 | ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8 |
| SHA512 | de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll
| MD5 | 61118487975fbbc80b14102b0971776e |
| SHA1 | d87eac8ec1cd8bf0669b8b887d89ed7521d453b6 |
| SHA256 | 2acbf44e4b0320c82f27b47a667830b4c823528cbac36b5d14d22f6dc037997e |
| SHA512 | 2c3539934e0ad4f59ca26c342d65dffdc7c42578d1e89a915d42af526b1351656b4b89fd3dd16a5c4008fe26dd604f237cf267def5a3b8a6622ec397a7da3cd1 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Gui.dll
| MD5 | 5e9c2eaad662577215e95b8828bd5218 |
| SHA1 | c587baa36ab88a8888695d7813afe6ed9b1b8fa7 |
| SHA256 | 4708f05bc01d3bf58e533dc4b02065d038a5087ac87e28a5768c5712d95b1d25 |
| SHA512 | 82afff68ec0ab33a1b319f818e100c184a095d67c2f8010ef82f9c49a683cf18008bb5a00e7ab486b939a26c9085f9a263b06decd2a3ad933dd76f779db461e3 |
C:\Users\Admin\Desktop\New folder\PollyMC\libc++.dll
| MD5 | 0314b68d4684f7fa62c9273df902bced |
| SHA1 | c8cd94d2a41c66c56b3dd465868c800bfd201a83 |
| SHA256 | 7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b |
| SHA512 | de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25 |
C:\Users\Admin\Desktop\New folder\PollyMC\Qt6Widgets.dll
| MD5 | a429797b61b1c82986aedd2a341eef3a |
| SHA1 | 266b95bc599f4019588dedba8a50bf2061c164c0 |
| SHA256 | b889be03147797c34e3c3042b25ae88df8196f3012962ca07c7eba19d1c48eba |
| SHA512 | b03e7ea5709912b6d6d6044bd5806dedfc28c8cfd6d6ae13cf2709a7759b6bffb070f68c7c405eb4c5a37a980c51831c7ec97b87ad52c1fc046e2997461148eb |