Analysis Overview
SHA256
1c04ed11ce29fcfc3186144f0f907b70296132eb3db89044463cb14b97eb87d0
Threat Level: Likely malicious
The file PollyMC-Windows-MinGW-w64-Setup-8.0.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
Checks computer location settings
Checks installed software on the system
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: AddClipboardFormatListener
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Modifies registry class
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:34
Reported
2024-02-23 12:47
Platform
win10v2004-20240221-en
Max time kernel
721s
Max time network
727s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240645171.tmp\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240660609.tmp\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240661000.tmp\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\curseforge\shell\open | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PollyMC\\pollymc.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1392040655-2056082574-619088944-1000\{7219A5A3-07A2-4698-9C95-E7FA52161428} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\curseforge | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\curseforge\URL Protocol | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\curseforge\shell\open\command | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\curseforge\shell | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 646718.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240645171.tmp\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240645171.tmp\JavaSetup8u401.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffcd13946f8,0x7ffcd1394708,0x7ffcd1394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 /prefetch:8
C:\Users\Admin\Downloads\JavaSetup8u401.exe
"C:\Users\Admin\Downloads\JavaSetup8u401.exe"
C:\Users\Admin\AppData\Local\Temp\jds240645171.tmp\JavaSetup8u401.exe
"C:\Users\Admin\AppData\Local\Temp\jds240645171.tmp\JavaSetup8u401.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
C:\Users\Admin\Downloads\JavaSetup8u401.exe
"C:\Users\Admin\Downloads\JavaSetup8u401.exe"
C:\Users\Admin\AppData\Local\Temp\jds240660609.tmp\JavaSetup8u401.exe
"C:\Users\Admin\AppData\Local\Temp\jds240660609.tmp\JavaSetup8u401.exe"
C:\Users\Admin\Downloads\JavaSetup8u401.exe
"C:\Users\Admin\Downloads\JavaSetup8u401.exe"
C:\Users\Admin\AppData\Local\Temp\jds240661000.tmp\JavaSetup8u401.exe
"C:\Users\Admin\AppData\Local\Temp\jds240661000.tmp\JavaSetup8u401.exe"
C:\Windows\SysWOW64\TaskKill.exe
TaskKill /IM pollymc.exe /F
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
"C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15666735005034742888,1644469770588826466,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 143.128.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.171:443 | th.bing.com | tcp |
| GB | 92.123.128.171:443 | th.bing.com | tcp |
| GB | 92.123.128.170:443 | th.bing.com | tcp |
| GB | 92.123.128.170:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 171.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.java.com | udp |
| GB | 92.123.128.139:443 | www.java.com | tcp |
| GB | 92.123.128.139:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | c.oracleinfinity.io | udp |
| US | 8.8.8.8:53 | www.oracle.com | udp |
| US | 8.8.8.8:53 | static.ocecdn.oraclecloud.com | udp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| GB | 92.123.128.150:443 | c.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | dc.oracleinfinity.io | udp |
| GB | 23.204.227.109:443 | static.ocecdn.oraclecloud.com | tcp |
| DE | 147.154.150.92:443 | dc.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 2.19.168.132:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 139.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.227.204.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.150.154.147.in-addr.arpa | udp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| GB | 92.123.128.150:443 | c.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | 132.168.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| IT | 108.139.243.24:443 | consent.trustarc.com | tcp |
| IT | 108.139.243.24:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| IT | 3.160.212.15:443 | consent-pref.trustarc.com | tcp |
| US | 8.8.8.8:53 | 24.243.139.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.189.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent-st.trustarc.com | udp |
| IT | 18.66.218.119:443 | consent-st.trustarc.com | tcp |
| US | 8.8.8.8:53 | 15.212.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.218.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| GB | 23.44.232.84:443 | sdlc-esd.oracle.com | tcp |
| US | 8.8.8.8:53 | 117.232.204.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.84.88.195:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | 195.88.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| GB | 23.44.232.84:443 | sdlc-esd.oracle.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | tcp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | tcp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | tcp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 139.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i18n.prismlauncher.org | udp |
| US | 185.199.109.153:443 | i18n.prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cf.polymc.org | udp |
| DE | 207.180.202.55:443 | cf.polymc.org | tcp |
| US | 8.8.8.8:53 | prismlauncher.org | udp |
| DE | 18.192.231.252:443 | prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.231.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.202.180.207.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsk3903.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d4c957a0a66b47d997435ead0940becf |
| SHA1 | 1aed2765dd971764b96455003851f8965e3ae07d |
| SHA256 | 53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163 |
| SHA512 | 19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 343e73b39eb89ceab25618efc0cd8c8c |
| SHA1 | 6a5c7dcfd4cd4088793de6a3966aa914a07faf4c |
| SHA256 | 6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223 |
| SHA512 | 54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd |
\??\pipe\LOCAL\crashpad_3236_AIQAXDMWINGTVYGE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44ba394e-1a05-43cb-921e-bbfcb84fa2f6.tmp
| MD5 | f10bdc07e7478de50ca493d6c058c0de |
| SHA1 | a728b0b0b85a59252f39508af0c850f9c6d4b2a9 |
| SHA256 | a55ad5e45c17cc867439d4f7a24f1879a949ee814a800fa39b8406e73af8c5b6 |
| SHA512 | c26f21445c08a749d5a12097ae8b9531d37d8031fbbc4c6837f5d75fb716b130b7200e39ce62aa55a28ed2180941eeab9c896c5be91964ac7b74fd663195a262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3ecce2d6-1c82-435b-9df3-8f2720c07c89.tmp
| MD5 | 3bc291ee848f49e79b7e8ce40e02bd95 |
| SHA1 | 5d69162d852da694f9af303a971963554b613b60 |
| SHA256 | 1c438cd5457d957604d9d1686b8950852318727fd8e3749971feb8fc1254995e |
| SHA512 | c46c757a415eec7bf330a332e377e3353ef919bb894f273eb24954fa77eefd168a0bb44fec64935ad3365b93bd86389665583752273fba62c978af38b88f347b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c34d31e-ff20-4a79-a5d8-eb65181918dd.tmp
| MD5 | 096724b5fed052745d9044edc9db9cea |
| SHA1 | 76be411abd1ed886782b03c1c828339bf71630f5 |
| SHA256 | 2b15855a751bd05017cf65388e8a9f1b0293caf2617f6b568386361622c685cb |
| SHA512 | 4be3d2acbf242a8ebdc19c6f2c745487352dd6b554a0b851db7839c37416e135251bd529a2dfd3a78bf9190266817f5bfa0331d9e2558c72bcd7d78f3cc7ee4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5efb85d82e3989c47fccc670cc7f84ac |
| SHA1 | d5cac607c58b0eec5736cc6d71ea7f0082a3b7b3 |
| SHA256 | 806c542398d4eadb1aeba40befe25b8b7358211a74f79ed5ef27586c903f9db5 |
| SHA512 | 7d5deba478a4494e0f2b8367766b7caedaab29a1b649128330726ab0dc60ceb644b4f6a77787c31dc77e77bd7460da1d6fb307f024852add1cfd0727d0e490bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3e9a853b42d14163196186ce8758c7c |
| SHA1 | 0551aef7fba6741a83805f25b6caae4773f25595 |
| SHA256 | c889c53fb3f71da64c8d73d65615eecd37f39ecc225a592edcd36f15e40e0041 |
| SHA512 | c518a05b24c10d23d7570b912cb03edae3642caa6f4ed4cc4a5aa250719e94b12231c58a336cb617f968a866f6638c872859564c7a001bc9a25437145c6ebf2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a0c4.TMP
| MD5 | d4cfaa5bedceb1f99f13530ba478aa97 |
| SHA1 | c14586ef82df2efc0bddd3e124615407f3dbeccd |
| SHA256 | 977ba25cf4963703bf0ac0fda8e48196e56dee42a6512c2ce151490c46b54d33 |
| SHA512 | 96e8cdf93b8874699e99012323065027f4e9a176a6f65d91b5ce778a783b02adf5a5e5ba0b47a009a11092eb0eb69503fe2832105beecce3c482d82cfe4becb0 |
C:\Users\Admin\Downloads\Unconfirmed 646718.crdownload
| MD5 | 6b561cdbb5c764d8b7d1b2dd583e1fdb |
| SHA1 | e6ab66aa100f8a04b183d188193c693d01122f76 |
| SHA256 | 936cee4941ca401e556ece5206dc4d9fc70c3660aaecf27cdb6c4d1ca5252ee3 |
| SHA512 | 9aa375f24e3b63937c2d9b0231d356a395b81438dbf723af712c61baa87d3760319b977fdf8e060f1f38a2a5a12d302e3aa21826d3d0b4983d7a48e4e3ac1d1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d95890859071eb18dbd45e13f70a95d2 |
| SHA1 | 41ed0502a306ba1bf3d88b2575cdc53fb6c3a320 |
| SHA256 | 485ef2e6507cb58cccf4bfc0b2f28a439bba3f1e75fcfc6c8982d00f828eeca1 |
| SHA512 | 688d229967aeab92ba84c2366deb959494d0f928b91efea22010b34f28847222c1c28ed69da3b901e488a069d166fb6278931f4871c1c511cd10619b9add2068 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e63b8d5e665ab0525588e0dd3345d0a7 |
| SHA1 | d84750703081baa95613286516026a303749d5a2 |
| SHA256 | d4125d543a28410b684aa8d772d7b4f075b7a0c69dff88f549222e53c35bf4ab |
| SHA512 | 39897563bc9dd3b98f708f3d41b7c68cf67f8e437b1ac3f5f07305c93ab4ec450d6694826a66d2aaae165797e8cf25a4f7409f279b757f94ae1a98d9db598bfe |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 5984954c805ab4a1669303ccee55e7d1 |
| SHA1 | 5a5507b6ba9a0b36c72e6f8e8b33a7d1d596b409 |
| SHA256 | c1a5a1fe905945feee3b7aad03048b5c6e8bb6e247d7904564ae77369d0d31aa |
| SHA512 | 657300df5d1e827cf3d8bd95b04fc97babb87a3fc54c0cd52dc1eaa8578b34784bf8adcaf288e37979c1bcd4dd7b15ccecac5fb03ff3b0fe4a59c222980719cc |
C:\Users\Admin\AppData\Local\Temp\jds240645171.tmp\JavaSetup8u401.exe
| MD5 | 24ca1c45b2830c06a9bd61e0158d9953 |
| SHA1 | d18e796dcf31fc4f8a176f80f4140b7e128718ca |
| SHA256 | 0e6c46fc45d9a7a8ddd13f67ee05cde85212c8391a09c917aceb375c26adccdf |
| SHA512 | 5171c318fb069f82e14c1a73b4e011e846b1dabab5e8b8cbdb1d830e7a98a5c3af25e2bdb9172e512ba560a04fcb8311e10c3c42e17536fdec345a400d4174d9 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | edb4743187dedf9d0c6731a99aa969db |
| SHA1 | 322f63d3413c4f872554f7f6d0e585622967570b |
| SHA256 | 0ce007fc27da85fc06889dd2c3256f8c8f52ff92c83c06a7049ee4fc4aa15739 |
| SHA512 | e7bfd4e2bbd2346cb14079e5f0a5d032b451a1a4d4d0bf7f0e5ec6b8bb6b63dce6f538a4fb2da4c8e1a1cef7a5105f012b5dea80b750081fc1b851d60fe5ecb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2019f086636361b0ebf95def5845f9a6 |
| SHA1 | c79821491c4bd19c1f233805eaf60fbbbf5dd2e4 |
| SHA256 | 83ba3c81de47c9af8e044595f57b3cd2771ce66a42cad124082985c8e15f524c |
| SHA512 | 5329647fc99e966adca1a51d0fe3d58706f7ee6b5236891da656ab95a031eac221ed8ae9709518f08a1861d3a2a357a833f03d5b5304ad2f35513e9b1a374623 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 295f925322b336e839089f1bcbe7a870 |
| SHA1 | 793160c5f33f59e3b75a7c6576e55c6c1a48417a |
| SHA256 | 74cdf67fca21fbbffa367ae48b599b7dc5b99a665c68a673ba9ea459ee3f6e5a |
| SHA512 | 8be6830eec9cbd83da8bd166daa5a51a1a914dd64eb54322cb9ad3a5438b1bf09f37bf45811ce1bf2265bc028a38cfe2f9eb93f0e8708b14b92a44a898e325d8 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 2de1b43fc057200d83a20ec17ba789f4 |
| SHA1 | 30bbae5fb264b83b05e197fb9d48ba1d249a81a5 |
| SHA256 | ebe2121c1b00211339bf4d74b24b3f64eab2077da0e0d6365d671d7ceb2639e1 |
| SHA512 | 58ad510ed22c9001317837a4291ffb5fa52b954668ceaee6117a544c6525ed45a2935aba5704c5d3ac8690274182899798e7e1986851dbc73444b0e6ec0c5715 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 2c5727c04da42327307a266bf6caa3b0 |
| SHA1 | 3ede98be053fed84c65a99ce195ac52af1be4e92 |
| SHA256 | 4fd6fc24476a79c3f10d00b558a91e8960a493d23d537c2d338e0bb23cdd78d8 |
| SHA512 | d34fed63f08969a209865b31b585629024ed50fdf77dec34f4203c2cf1741ace792616b6b5686bd8e2f6f5950ca9d7c7413720db9eb73e5201afd85f37379288 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 03ebf11e4643fedddcdb152696b889be |
| SHA1 | 9eace9e19fece91f998262486d391644e9f09425 |
| SHA256 | 06c88866bdb5f986231b22692a349777a31af7ce4c4d8071585dd5048fc2c2c8 |
| SHA512 | a5374d99ff8d73eee2e29a8890fb2d9576bb6a04907c6d02f5837368aaab9de53030fc85f734c76f4aae0e8b362437827f3ce2367efbeda9f4b17361861b1e7c |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 129c5496d5af7225c54a30697c11381d |
| SHA1 | 64045cda34445867629f179a7c3fe9ef31949de3 |
| SHA256 | 22374119ad2e09be6ab6aba72dc25bcf599bab9de2233129e5e720a37a5309c6 |
| SHA512 | 30b65718c03ba16ecd3919155366014aeee138720499ba14ece5eaac61824cb4b40eeb32a30b36e7f9cd9bb2bb126496863a62c102c9a5f25a0e55dfdb9ad391 |
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\Java3BillDevices.png
| MD5 | 8e52efc6798ed074072f527309a1ba25 |
| SHA1 | 347d4c6b4f92e7315d9b199a97dd5cf7d86b2431 |
| SHA256 | 12491ebc4eb99bf014d3bc44f770114bde013e84cbec2633303559a8c6e5f991 |
| SHA512 | 0653c6e7f94ac36fe555db3eda8465f99d17cdbab91ea6413c6bd68dbbbb4db5df06e5d62768f6f4dfcef8d207d771e0b6924adfe403b92729bc4c5689e4fca7 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | a10662a647e89194fbd55eaccbb344ef |
| SHA1 | 4a66075e56ac24514f4bb07ca2d2a86b7e10138b |
| SHA256 | 5986fac7e16ca9e35378d50fca52582a57b559d8e66b96fd4ca4509fae2357c9 |
| SHA512 | 0c416de4a0a89234e142831fde4b53cdb76903a96c9af55e56e97c39b3397b8983c717650c597310809f33fd07b4092960b22dae992c01c7d6fd254c4da09323 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | a2ead8584ca1873ea811a893a6e4f9c1 |
| SHA1 | 04d7d299c5627151009ce610630ca191e216b2d4 |
| SHA256 | 451839d3057ccc1dcb30021de4dd534162259116559be62e6a35cbe3d941f07b |
| SHA512 | 833737310b872f24ec55973af4cab4a7fb8369af06faf7d1addc4ecbc6625ba0d5613733c3f3f722f4f654a008dbab25d5f21ad608cd69b0bbc6d43c19b6dfc1 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 18fd73b954953aca278638c9fb667a85 |
| SHA1 | 35f943452b28e0b90d576840a5df8e5dfda42c8c |
| SHA256 | 353cffe7b9cd764c0a5ff4da74c1058b535ac2a99c546a749402accd2d42d820 |
| SHA512 | a4d52b6cdbf04edf24c47a5eb874dbf40b8793fb7d7923e2014c38e2badd4e9d269891b3d9f843c5a420f259079816746767284d17870b0e90afdbca35337848 |
C:\Users\Admin\AppData\Local\Temp\nsk3903.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 968e284258fff9989c9b9416e9a78626 |
| SHA1 | 048030018f4d2ba71b208268f1caf8f532ebd436 |
| SHA256 | 086bd0cbbf646056bb2c4d01f7c36d0d5f0c7a40628c25200e053ed5d0f56e25 |
| SHA512 | 432000aa1ce4266ab4a121a884b1ad0cfabb9c1068bd2c9e5678c868525b5a8908b93f45141c01e576634a381c20f9853685843ebb84c4c895d7a30f12ca9b07 |
C:\Users\Admin\AppData\Local\Temp\nsk3903.tmp\nsExec.dll
| MD5 | 675c4948e1efc929edcabfe67148eddd |
| SHA1 | f5bdd2c4329ed2732ecfe3423c3cc482606eb28e |
| SHA256 | 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906 |
| SHA512 | 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a6fc556c0f16d926e330cde74b9bae8a |
| SHA1 | 951656e56e9c6dc083cc24de1ebd8807119efecc |
| SHA256 | 5d5288208affa633b8eee96ccfc873eba9dd6e461645e4822ed73674199fb636 |
| SHA512 | 3f6b59059b7cbaf968af8ad0ab70f4d5bb78f2f05eadf3ecad567fe6ae307e4337827a0e574faf7d2ea04151f756a7fa9f2b6632523a5cee19426091efcd2375 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 7e16ac22948dde905e026a5d90ec0769 |
| SHA1 | 6557efdbd738f4f599f31cb237161cd02002131a |
| SHA256 | 1c036bf953ab1a11047fa460016b7f768e71cdea9ddc2c7bbef62ab2e93f9a35 |
| SHA512 | ce14f12b9d78a1a38f08154568e38fc5ce807c31c1e5125b2f766467c9bd29bb25b4ef51486b34dfa7647ed4c4fe505ef4f407e4183985d88a54c5f1f6925faa |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 562e3d1795a21a1787a2e825be45e097 |
| SHA1 | 6d113b40bc0fb2aee4ceb0c15aa3701d222356fe |
| SHA256 | 304d948690e58dff2aa924e2f75c8c97516ff9c247a6ec9a3b280326cef61dfa |
| SHA512 | 423e2d144d0c7508aa36274cb9b3bc902a3395fe9c46845aa051ca71fbcfb23876554f227c1a0c8b0c195bc104d00aa787df756ce6ea1805d429e98f534b180f |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | d96d3faa17230a98abc9bfc9bd44451e |
| SHA1 | aa77383560eed940dc5a1183f5bfffe3ad8e3b74 |
| SHA256 | c83c760462cb02bead2d1381db0f1c42b9f859aff4b94141686d7f62a4395297 |
| SHA512 | 311d5ec83af6841ec2b40948690b3a67f563e293abd67b843a3739aad737f2ac84023917150e14ad408edafb93a16bc826cb125c8eb308703fc1ac683f152c34 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll
| MD5 | c42087a277a4b821859cf843836ab723 |
| SHA1 | 931c0438d24ef726fd2d904d692e4219807d570f |
| SHA256 | c6dfc8dd0d725a598c1030970c4f405f1c59c02058aacef4474001f7f216b31b |
| SHA512 | 73290e78fca0d612f81027c151094b38a677c075c7dfa07cd10288c2e819245b9059c1e691473082b6b1d7513358820ca18cef03843cd3b304bd4c59722c1f75 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll
| MD5 | 53009463c90bad2a966547048154e83c |
| SHA1 | 87f14771ef5a33b6473709b6eb768f9202d30908 |
| SHA256 | 16b26514406b48242cf872a4f8594218cc0dc665e6e0ad3c611389462b516729 |
| SHA512 | 895e7bad3c136f3d1f7e6cec9111ed2357b67bb945ce9534a7a743fbf4d1504ded5a0bc25ff0ca9e38b7ea70be7768be1416115c57403e9fb747195c79627a52 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | 2dac4be9f1020bdf2f0b4b88fda2c35c |
| SHA1 | 606e6325128e7c91793b3971b41a4c7df892cc58 |
| SHA256 | 966cf7895626d7b37889d541ddcfc35bbc9e9552c9b97956b8f7cc066bb1ca33 |
| SHA512 | 48fc522221c63cc1a1547f49205a47fe1c0582202601d23d1eef2011d9732bbf12e6ad710b8afa55a4387615b871f254f94617dd724bd7ca64553835c3952002 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll
| MD5 | 798f4ba444d85d9552ba3a43d59d502b |
| SHA1 | 2328f76036230c1a45a3d5a1678294dcc7a2f43f |
| SHA256 | 919baf2cf28412c294561078addb0def462597de29415ac8d8a6ac5e49f6760d |
| SHA512 | 3c66143b5a2f628dd7d8eaaa6ce6aebc91ae1f291bf8f09ff5e6f7db4999cdcab4b6f35adc1392059dbcc33d9f214ea040e3ed9593aa601e19430550a92c8ccf |
C:\Users\Admin\AppData\Local\Programs\PollyMC\zlib1.dll
| MD5 | b90c185c715c2b2ce68cefc8db82f254 |
| SHA1 | 2399e58d0aa0787309a2d7cc355a6cf048474a51 |
| SHA256 | 417ba013bf0aae808c58cde7991efa8c436bf6ce7323fb2de8ebdc135f2dfe71 |
| SHA512 | 3f539dceb19843c1cfce88dbfad6744feda5ffe85f6529e755629e1dc940ccbcfd452c811131501dee46e91e5782c4a3ee4462c42de1aa36b19de565e4d0ca46 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libcmark.dll
| MD5 | 20bc39efead1fb6238b18b4c89bdcd51 |
| SHA1 | ae0f84a694cce1a8a7546d16c1b05aa29af1dc92 |
| SHA256 | 64a28e8b2ddf3a3899260202ceed027c87334b3a53dc866c4dd7387b58ec7cd3 |
| SHA512 | 3ea643fb35f09991bae04e5195e75048e3b9ee01bc521e056c8a402179c2c495d05cd098a741e81d6128394030ade8be978113bcb379dab4e757d90f2797a23d |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Xml.dll
| MD5 | 63e76c8c687df6aec9f41e3d8a1d0746 |
| SHA1 | 7577d4d681c012a3ded924e2f30aa6969ca5e815 |
| SHA256 | 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e |
| SHA512 | e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141 |
C:\Users\Admin\AppData\Local\Temp\nsk3903.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | 810c13ba0c74eb6589d26ce18bdb54e7 |
| SHA1 | 27770493a50ed9d1a9e371b9543ef45eb7c416f7 |
| SHA256 | 733326e03f7db3b29ee37f3f589cf9db3c0cbba61384bf61535ecc60fd6ea86b |
| SHA512 | 29e7ec7c5f4fdddc6643934a688755d20eb8bd0718a59d02fc26e286a3f61668b568ea59f00c8d24e713bbd3cddaca7cd636481e8967c315bffccec7f96dc8d8 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core5Compat.dll
| MD5 | ab88dd4c87ff60a81b698c5b194d0d92 |
| SHA1 | a5c114e642297ee477db5f38286d5e24eafe1920 |
| SHA256 | 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5 |
| SHA512 | 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll
| MD5 | 0f315a61e5d7a8693c55458f9576f292 |
| SHA1 | 8a9e1caea0f3f629f3def7d05e047a9bf0173942 |
| SHA256 | ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8 |
| SHA512 | de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll
| MD5 | 92fd1c7887462c3e2d8c4b75329c14d5 |
| SHA1 | 3305b83190612b47a90f34e20687fc2159d8f7e7 |
| SHA256 | 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e |
| SHA512 | 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | 3fefa6aa74b9c47902cb52a8d93257bc |
| SHA1 | 7a7cf62b7f2bc51f8fbfdce70766a22cb8fae35e |
| SHA256 | e5395ac714f0b7a836b74c547a18cc3672ca956f8ebd1405fc61c5ea9e4d95d6 |
| SHA512 | 2827ab0c459f6fa50907a8f7e99281bb9a12c65cad9d6f334983e2521fc2cc0d7d437e2a51b8a46d5c02dc1bf80c3e9ad8e7c9100dedeab23007a69a6db705af |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll
| MD5 | 0314b68d4684f7fa62c9273df902bced |
| SHA1 | c8cd94d2a41c66c56b3dd465868c800bfd201a83 |
| SHA256 | 7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b |
| SHA512 | de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | d4a5ca9f2e0eda47509adfacbd804a7b |
| SHA1 | 5212338cb3d0437bb1219ddbb5ac6c5a1c35bdff |
| SHA256 | dbbb93d49898e4dff746ae69e06ac425cf27500c69e359d6456171bd351b2146 |
| SHA512 | 22e9a61855d6d69f012a969c2e5cf272ba2889ac767c453ce10b10719d12b5428ec8eab8efbfe623342ae49a0800053c1c054d66db964b0e182369c0db5d1732 |
memory/4792-894-0x00007FF6D1330000-0x00007FF6D2014000-memory.dmp
memory/4792-895-0x00007FFCCE980000-0x00007FFCCEF38000-memory.dmp
memory/4792-897-0x00007FFCCE090000-0x00007FFCCE35F000-memory.dmp
memory/4792-896-0x00007FFCCDEC0000-0x00007FFCCE086000-memory.dmp
memory/4792-898-0x00007FFCCBA10000-0x00007FFCCC14D000-memory.dmp
memory/4792-899-0x00007FFCCE980000-0x00007FFCCEF38000-memory.dmp
memory/4792-900-0x00007FFCD1A50000-0x00007FFCD1BBA000-memory.dmp
memory/4792-903-0x00007FFCE4910000-0x00007FFCE493B000-memory.dmp
memory/4792-902-0x00007FFCE4940000-0x00007FFCE497A000-memory.dmp
memory/4792-901-0x00007FFCDD360000-0x00007FFCDD3BC000-memory.dmp
memory/4792-904-0x00007FFCD1A20000-0x00007FFCD1A4C000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.sXvShN
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
memory/4792-916-0x00007FFCCAFA0000-0x00007FFCCAFB5000-memory.dmp
memory/4792-917-0x00007FFCC9F20000-0x00007FFCC9F74000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock
| MD5 | 06c2cb3604ac0cb0958665c5ddaecee0 |
| SHA1 | f709bd09a8732c68cc2ed834dee79dec9704c746 |
| SHA256 | 1ac4f5f359e7965d202e920d80b7c021dfd30c50d640d1212c469d61e71681ba |
| SHA512 | a7a26cb6f56066e0ad3ffe13398684b21f495b54a9205a50161fb9da348da3cb456df8998349609169cca7a6e04cb9ca293d105a12d95b122794eef60f363685 |
memory/4792-934-0x00007FFCC9D80000-0x00007FFCC9DB7000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | 30da12d95284de0729a8ab4951f516fa |
| SHA1 | 334ae8d4c458af7a10132382caf635072520189a |
| SHA256 | 845b2fd27e9ce966fc6789435fdbbb62facaec4295122323ed331c1640ca7e6c |
| SHA512 | 18d4a478795ad3202aa54efa5db0496c6338fa19803c137bf9c1d6d1f6481a365904ddf89ee854a553c55d4388fa95de575498bbfb368928f1e08a28e7d8b661 |
memory/1308-965-0x0000027D16CC0000-0x0000027D17CC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\194a0346-d7b2-456f-be43-ae1e82661727.tmp
| MD5 | 3f560408ac0b432a50b91500ea3f756b |
| SHA1 | 81a28a65bbdbb8dd4010a8ab4f50864646c2619a |
| SHA256 | fbee3b9243e9fa1bc1dcad89b21b4cd3a11dc309b8aaac0fe8664f39170cb887 |
| SHA512 | 3112c09f76b98afefb516cf95037085340f0e93bce40d969639635ee327bcc40b0c09d51cb63ad2e4f029f8259159605c3afd11aa60ccd6fccd5049553c4ab50 |
memory/1632-986-0x000002226B8E0000-0x000002226B8E1000-memory.dmp
memory/4568-998-0x000001B968C10000-0x000001B968C11000-memory.dmp
memory/1632-1002-0x000002226B900000-0x000002226BB70000-memory.dmp
memory/3408-1001-0x00000250A7690000-0x00000250A7900000-memory.dmp
memory/4568-1003-0x000001B96A4C0000-0x000001B96A730000-memory.dmp
memory/1308-1009-0x0000027D16CC0000-0x0000027D17CC0000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.TcasOn
| MD5 | fb5c1c74372450388b3d734f8ff0229a |
| SHA1 | dfd51c18accb781158eb8c7097ec229be7e85100 |
| SHA256 | a45b320941050c5efd4d442833231cbace70f0e595c983a2d7f74f294715b9c3 |
| SHA512 | ecadd19337a7401e79089bf19df188688fcc93109058bbe699ebd7c24e9d155ebd2e8739e338844d5971b541b1c5330b6f341b26973a6b6b8f8a677a19fb92ac |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:34
Reported
2024-02-23 12:47
Platform
win11-20240221-en
Max time kernel
706s
Max time network
714s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240786453.tmp\JavaSetup8u401.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\curseforge\URL Protocol | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\curseforge\shell\open\command | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\curseforge\shell | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\curseforge\shell\open | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\curseforge\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PollyMC\\pollymc.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-627134735-902745853-4257352768-1000\{F9B1261D-1C06-4F74-AA2E-AD425E7F58B1} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\curseforge | C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\JavaSetup8u401.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\1_12_authlib.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 44616.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\TaskKill.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240786453.tmp\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240786453.tmp\JavaSetup8u401.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240786453.tmp\JavaSetup8u401.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe
"C:\Users\Admin\AppData\Local\Temp\PollyMC-Windows-MinGW-w64-Setup-8.0.exe"
C:\Windows\SysWOW64\TaskKill.exe
TaskKill /IM pollymc.exe /F
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
"C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffba45a3cb8,0x7ffba45a3cc8,0x7ffba45a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 /prefetch:8
C:\Users\Admin\Downloads\JavaSetup8u401.exe
"C:\Users\Admin\Downloads\JavaSetup8u401.exe"
C:\Users\Admin\AppData\Local\Temp\jds240786453.tmp\JavaSetup8u401.exe
"C:\Users\Admin\AppData\Local\Temp\jds240786453.tmp\JavaSetup8u401.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PollyMC/jars/JavaCheck.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4756 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000480 0x0000000000000490
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,16822227345478725420,360194442078562843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_1_12_authlib.zip\authlib-1.5.25.jar"
Network
| Country | Destination | Domain | Proto |
| US | 185.199.108.153:443 | i18n.prismlauncher.org | tcp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| GB | 92.123.128.169:443 | www.java.com | tcp |
| GB | 92.123.128.169:443 | www.java.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.188:443 | r.bing.com | tcp |
| GB | 92.123.128.188:443 | r.bing.com | tcp |
| GB | 92.123.128.140:443 | th.bing.com | tcp |
| GB | 92.123.128.140:443 | th.bing.com | tcp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| GB | 92.123.128.139:443 | th.bing.com | tcp |
| GB | 92.123.128.139:443 | th.bing.com | tcp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| GB | 23.204.227.109:443 | static.ocecdn.oraclecloud.com | tcp |
| GB | 92.123.128.150:443 | c.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 2.19.168.132:443 | s.go-mpulse.net | tcp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| GB | 92.123.128.150:443 | c.oracleinfinity.io | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| IT | 108.139.243.85:443 | consent.trustarc.com | tcp |
| IT | 108.139.243.85:443 | consent.trustarc.com | tcp |
| IT | 3.160.212.15:443 | consent-pref.trustarc.com | tcp |
| IT | 18.66.218.119:443 | consent-st.trustarc.com | tcp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| GB | 23.44.232.84:443 | sdlc-esd.oracle.com | tcp |
| GB | 104.84.88.195:443 | javadl-esd-secure.oracle.com | tcp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| GB | 23.44.232.84:443 | sdlc-esd.oracle.com | tcp |
| DE | 207.180.202.55:443 | cf.polymc.org | tcp |
| DE | 52.58.254.253:443 | prismlauncher.org | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| GB | 92.123.128.158:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.145:443 | th.bing.com | tcp |
| GB | 92.123.128.180:443 | r.bing.com | tcp |
| GB | 92.123.128.180:443 | r.bing.com | tcp |
| GB | 92.123.128.145:443 | th.bing.com | tcp |
| SE | 20.190.181.2:443 | login.microsoftonline.com | tcp |
| DE | 195.201.80.5:443 | ely.by | tcp |
| DE | 195.201.80.5:443 | ely.by | tcp |
| US | 8.8.8.8:53 | cdn.polyfill.io | udp |
| US | 151.101.1.26:443 | cdn.polyfill.io | tcp |
| US | 192.124.249.36:80 | certificates.starfieldtech.com | tcp |
| US | 8.8.8.8:53 | 26.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.249.124.192.in-addr.arpa | udp |
| BE | 142.251.173.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | tcp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | udp |
| US | 151.101.1.26:443 | cdn.polyfill.io | udp |
| DE | 195.201.80.5:443 | account.ely.by | tcp |
| GB | 92.123.128.195:443 | th.bing.com | tcp |
| DE | 52.222.191.6:443 | www.treccani.it | tcp |
| DE | 52.222.191.6:443 | www.treccani.it | tcp |
| DE | 195.201.80.5:443 | account.ely.by | tcp |
| DE | 195.201.80.5:443 | account.ely.by | tcp |
| US | 151.101.1.26:443 | cdn.polyfill.io | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| DE | 195.201.80.5:443 | account.ely.by | tcp |
| BE | 142.251.173.157:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsb96D2.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nsb96D2.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsb96D2.tmp\nsExec.dll
| MD5 | 675c4948e1efc929edcabfe67148eddd |
| SHA1 | f5bdd2c4329ed2732ecfe3423c3cc482606eb28e |
| SHA256 | 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906 |
| SHA512 | 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 8dafd54d3f06d848f8f4f3a98ade5f0a |
| SHA1 | 837aa21141b1a41fde45c38d478511a8aec1709c |
| SHA256 | 5aab212e71918662a6ecee21694b3d28264a55e6aa88741e1cf0be2880de9f14 |
| SHA512 | dbb28c8835715f38eccdedf7e253208a0c76029975902cdcb6b5067c041e02e52eef6487b0e2a295d333a2bc07aba1efb52b86ea8c52842c8123a8265b596e02 |
C:\Users\Admin\AppData\Local\Temp\nsb96D2.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\pollymc.exe
| MD5 | 04246c734685526f102b71376f526ccb |
| SHA1 | aae3636e291a12e8afcbdd8c35f67ad3968843af |
| SHA256 | 377d96be766e7dfc1a3a91ce176eff25eb20bb94ceeafbd8e265c268555c4a6e |
| SHA512 | 5bc30cceea584248401547c4b17a6958d17320734201c6063fdf59380c86976ab29b7093309b40199e00a4b17838f41f35c3f941dc8dc116d50ec830a58a5ffa |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll
| MD5 | 506799e3badd405c23ae64fb2cbd826d |
| SHA1 | 20a33501380c8eb750a62c7a01b8e5527677975b |
| SHA256 | 92674e264809a18d44748379a0b62cfcafa4e59fca4861cef1a66dcafa95e430 |
| SHA512 | 99dbefd08270f85ebfa9c254da39b47269796fb359dbfec1963757aaf587de56d145e4dec702c51b7ec6295d180081057d49bf24f7684c53291636590fb540da |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | 2dac4be9f1020bdf2f0b4b88fda2c35c |
| SHA1 | 606e6325128e7c91793b3971b41a4c7df892cc58 |
| SHA256 | 966cf7895626d7b37889d541ddcfc35bbc9e9552c9b97956b8f7cc066bb1ca33 |
| SHA512 | 48fc522221c63cc1a1547f49205a47fe1c0582202601d23d1eef2011d9732bbf12e6ad710b8afa55a4387615b871f254f94617dd724bd7ca64553835c3952002 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | d96d3faa17230a98abc9bfc9bd44451e |
| SHA1 | aa77383560eed940dc5a1183f5bfffe3ad8e3b74 |
| SHA256 | c83c760462cb02bead2d1381db0f1c42b9f859aff4b94141686d7f62a4395297 |
| SHA512 | 311d5ec83af6841ec2b40948690b3a67f563e293abd67b843a3739aad737f2ac84023917150e14ad408edafb93a16bc826cb125c8eb308703fc1ac683f152c34 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | 5b68656c1288c36255add1c12c3833b3 |
| SHA1 | ed35fe8d01bec53315e25f150d78e195b8188590 |
| SHA256 | 7b0f5d6aa4b0bc7120f162c520a3227e77d98aada6f9ceb55c672424cb68e496 |
| SHA512 | 02a6e89035c1796b6b15c70e681384ac3cfe0226bb8136eb21e6a7edfe17a532f73f5a7af0efb40b17263b74fb71fbf5de59a5b8569986179a2ab89c7b9558c9 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core5Compat.dll
| MD5 | 88ac35b4c74f20a532f16ac89008831b |
| SHA1 | dc8b062b9da81c49f6b50b6ce4acd96f46a2b6d7 |
| SHA256 | 3735ffcd13705d6eec6c6e2a0baf0577a4f3fb7f1325f812f2328b78645e5475 |
| SHA512 | d192f3b02ad32f10ccbc59b590b11e5ff0228350391f94711caa043458a5e3a7d7236b326c70397a546f107f918c4a9b9f04ccd58927b26c968929ecfc0c7ac6 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll
| MD5 | 798f4ba444d85d9552ba3a43d59d502b |
| SHA1 | 2328f76036230c1a45a3d5a1678294dcc7a2f43f |
| SHA256 | 919baf2cf28412c294561078addb0def462597de29415ac8d8a6ac5e49f6760d |
| SHA512 | 3c66143b5a2f628dd7d8eaaa6ce6aebc91ae1f291bf8f09ff5e6f7db4999cdcab4b6f35adc1392059dbcc33d9f214ea040e3ed9593aa601e19430550a92c8ccf |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | e48cf97e677d5eba1c344568821f3a4b |
| SHA1 | 93ba00ac4c3fa5a4f6203643d972512e1f96f429 |
| SHA256 | 6fb0ec3c45ace69ea39b49f2115d1cd5adaeb6ed7319bd7e6f87c4b685e320f7 |
| SHA512 | 25fe57006b9b5ea4e5a8bd1ae5a7f6b0a421d086f153ca72e3a2ed1d344971bc0ebc8c25c701e6518128cfa877bdc4a1bca7294690d105595120c9086ed957c5 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll
| MD5 | 37a6087e59ccb6e7cfee02dc1e824831 |
| SHA1 | b9de9f7f6bd1343f1a7db3965b8a709619a6d822 |
| SHA256 | f69a55f59c71c91fbdacad54c100d601c8de4414f0f8a294907bbbbb6e235ae3 |
| SHA512 | 0c2e970d646893a97314095ba4add2347e12ea41f3afe03643bbba7f67a012910d9ed945c02414bb52f7588ad8432933dbdee4e6464bcc8e433d9f5ae90d5acc |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbz2-1.dll
| MD5 | b843434a8eae82adea4f9eaa2fbffe47 |
| SHA1 | b34aaa305cfc1a4936a88592b5689b0c978ffaa4 |
| SHA256 | 22289ed41efbe633f798047de836b31170336e5e40e7e7b586c915bdbda7fcd9 |
| SHA512 | 9f7c152c3b7ef52c0b3131d865960f8529bfe43776bfcf00c668fc41258e4ba4fcecb09888a99f77634534b42202d57e71806b808d9efe9ca6125712b8db7570 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-8-0.dll
| MD5 | 15d5c11c10693fbf46c929f71b1de96d |
| SHA1 | 273a39b7bb3651bb51caf05504213303b341d942 |
| SHA256 | 57dadbe91cd2a7aa36e4bf30794dbe9bedd4183cc9277a3fc2b8ba50a78a273c |
| SHA512 | 70da5db227271e3dcd5876cb7eba47316a304791c40bb824bc1cba3ab2625b9174842a3504555454a3244fe91e3cf48dc87f47aa1a6fa2c5a5bfd5b28031db19 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libgraphite2.dll
| MD5 | c8dfe47f78c491446d7b1c39449d82be |
| SHA1 | 218fab832b78f14072be0d2f9d7d9775bba24323 |
| SHA256 | 51ad68c31e706d4d9181cf3f15df259e5962644f664a3723d6ca48f0ef4fb8c4 |
| SHA512 | 39ea8978571db1c5b1c89134e53d799932092f5102e0390aaa28cebde3ce1049e92287db49ed9cc2b57e4662a464e17bf945b221a496ea90bad52b882e86d903 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll
| MD5 | 867865e81d829a19b5494cf16d8051a7 |
| SHA1 | ca1f7e5a4825536f1f37ee73526375eba3fd9d97 |
| SHA256 | 4bb21a2349c668caafff58e7d394865e32151e8a16d848c49aa23260c178186e |
| SHA512 | 87f05a27ab0e7ac1dfd1a79c4e6d29be25cf77ed5a401486ec374e7f8c8c3bb486a99bd2c320fddfb46a23421a353bda5bf162cd32e19c346769b37295b109cc |
memory/844-210-0x00007FFBB3330000-0x00007FFBB38E8000-memory.dmp
memory/844-184-0x00007FF6C3AB0000-0x00007FF6C4794000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-8-0.dll
| MD5 | 070e93e09858a1c087b5959d2937aa24 |
| SHA1 | 2416eb4959d1db18d8370b0c13f50694c43d52ce |
| SHA256 | 94dfc91c955215ea9c4e7e076565b7c8ac56cee6b8e9be9d1515547b88a4c437 |
| SHA512 | 0424ff16fbb58669849eeccef9ed65312f075612cb5069dc2b7d0f9e533c8ede81d03f34e5a94afd6620ed270461ed870e97212db00d474ea8cfa800acbec506 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll
| MD5 | ea0ef7a8273f9d21e301573b40cffa06 |
| SHA1 | 66ad754b00eb7498141dee3283a0356cb5590d8f |
| SHA256 | 9bbdc5d2c5db774eed40e5ec07469cea1716fc5b93efb1e911b3cdb29d996fc3 |
| SHA512 | 7b8c35925232afff2c5c65dc755d2d2acbe592e55ccd1a4b39386eb1967e5aa2b2c9c22ac453a4cda4f60faf73cb08e94e4f70288fdbee4c9d6b3e3b1400f1f8 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libiconv-2.dll
| MD5 | 893d916fd1b339b990881d17aa61e254 |
| SHA1 | cdb371f40ff71417af4cc5a04437e0c0a9d4cf75 |
| SHA256 | b6b7b1990d9c0146956e8d767dd4e6d89b14f057c003a14e7b7364f00c3f6c60 |
| SHA512 | 498d0facd6ff0644e7e2b665c6f8ed714d17c22bba5a952121e973d891cd41395446126b64b05c661f015c83238924004a218adf30994b91953a612cd193cf1d |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll
| MD5 | f65fdba9e21f5f22a8f7a80378c30de9 |
| SHA1 | 61072db199da9625054ec63296343bd5af517f2c |
| SHA256 | 77bcdde9274da46c182de25e7f23b42791b345ca8935a9b7098dc55b6dbcaafe |
| SHA512 | 4fee8e0c4e5df1a7986643ca3f0ad667208930c6d8ab20e776ac3c3ac8aeebeb52442cee89723b34ab97d3fdad04fce25fdbc9bc236642a0a465c29193709113 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libintl-8.dll
| MD5 | e3de79fc630d7fabb9118a4f7ea53971 |
| SHA1 | dcd7b2f6d68f897501b6464588537f452ec29726 |
| SHA256 | 4dc000c25b05ff454bf4387ece7002fd77049a2d2daf98d228ba657f3dccd4fb |
| SHA512 | 47a7cca88728d89b097603ae244b5abb27c4fa2c20291180f1829e31fa4de15e89afdeaa058dcaa3750fc9db481e1778537632eabdfe63b55f2707b627cdf280 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlicommon.dll
| MD5 | 00bc42b62d1a5adeb2f599a591403d9a |
| SHA1 | 42fb609f84e1fa97451a10aba914cda6db950b06 |
| SHA256 | fc5bf42b62da64ac76ffcdf50f232c8c821c9c278e23f63c9477c75a74b2b7b7 |
| SHA512 | 2407e732a44b5293260a882b8118cd18d1e5d5339735d19efdef0c33ec5bed64aa4d099f1ab7eb590324e0c860c4a5bc7ba04eb04f5d9fadb1407c078d32d91c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libglib-2.0-0.dll
| MD5 | e5cac1960181ceee198818ed98aab8e0 |
| SHA1 | 9de2f0aef00de17855a7232a99e07e21661d0da8 |
| SHA256 | 451f6de29a44a7a525d1c43e3439837e4afe5bcd0cfc1b8715bcc85ae2556d4e |
| SHA512 | 11ff53b6ce7bed01c0935b6d336262f646b35c9083cc88c721acddf838bccfc0b9f71e11514e97815c008a6c7bd93767ac3c79be1917c925c5bc67682a969c19 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libfreetype-6.dll
| MD5 | 7e0efe15a52434441699b4e18a403012 |
| SHA1 | d4564f3ba2e8236003d13e2e5bce71248fc655c6 |
| SHA256 | 7a3258d807643e786983c107c49a9bcbe9bc755bc0a32e0f548d3bf8c048e818 |
| SHA512 | b60c46832556fcceaebd81f72667c6548e4f0c1655bb2d9a8e424564751fe46a766339850c92a4145064c3439a020ff23734228abc7151e1dfdf1b76f5ca2916 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libharfbuzz-0.dll
| MD5 | 4234bf41775eda6bbe8fe5991184b8e1 |
| SHA1 | cf4e906b6eda0e8bdb50cd6f53e9b13f058d5716 |
| SHA256 | cd99ef0a232ec917816e8be1792213fb00a196b9428e9cb0a6cd022fc5f04ffd |
| SHA512 | 8331d5e039fb8c766f64670096c07c866826786cbe4802418ed2ab6eb38a2bd1e57bdb85e0d06a431883b87ba8943366013d26a8ae5d790e6fa93ae11743566c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicudt74.dll
| MD5 | 02d31a0a7d6936ce91218db66306dcf4 |
| SHA1 | 9ab6fa39e8921961e05b7af547647a2664846453 |
| SHA256 | 96160de650754467ae1d92414207f0360b6e591d74a540a25118b05e047ccb93 |
| SHA512 | 24a05ac98fd794c9e0351c91ebd45ec9263ff09da7d76e945255f4be234127bd3016849af2bd81446627b43b53196c793ffcb00cb0565db1ad95b4e2708390a2 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libmd4c.dll
| MD5 | 09eee10544ef56a8fa86517fa80f2bf5 |
| SHA1 | 68977088641b2356fccbcaefd4cf0cd37aeb68ca |
| SHA256 | bdbafd132c7b5a162b6d83e5c49a3e0b3d86a609ae01be8f99d2f7573f7cca06 |
| SHA512 | 5684315cf49061d517341b8d1f2ffbc579f0ca0907f42c234b68e9fcf928d65b33f75f16d1f2908a07285598e3a4c92d69f754d7cfe58c6f25f8c94529b5a4c1 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpng16-16.dll
| MD5 | 980ce62995e2b0fc6d809a64bfc02896 |
| SHA1 | 601eca760fbea62b992f1bbc9ef83e6b33235392 |
| SHA256 | 0b51dd5b254595dbfa003d5ce27363412ee098612837e569edebabe2149b636a |
| SHA512 | d5b2e88a165ca41b45fc03f35eed02995fd0028067fe92fefff0e5fb57895f69608934a754face68b2555b2bcbe747166f172f720d5e32ff07d961a4f3860c67 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll
| MD5 | 87d67d14f9ef4a1048a328ecd15557b5 |
| SHA1 | 29c5acc7842549bb565ef7f4cb97d29e0f7db1c2 |
| SHA256 | 1d89ab12f1823cd08122aaca7d6f8564a8138ca7d7ad246bfd1eff95dc45d4d8 |
| SHA512 | 25342c949fc582333ba00cf060daf440fcb7ed303e7f472f98940ad4341567d1b5f3e621b39d19f82d7a10f2aeadeec3dd6275bb8eeea4e35c2e3b516f39c77e |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libbrotlidec.dll
| MD5 | 6b933641e6a997c2a100191783370ce9 |
| SHA1 | 0ec5b215cdcb3c5ab1fcca8c1591474349cdab7f |
| SHA256 | ce832348f2e913ceba2d0b94d9a8fe655035e438067ad9a7527b1d7e556acc27 |
| SHA512 | 6308a7a34ff517e7b43958ad119206b44f92b75456617285b520e8706bede28d1b319c3b57253cca45d208988a6ef4e2720c3e343b0cf7ca876ecb0cfed2e3c2 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libpcre2-16-0.dll
| MD5 | e5609c3469858b9f5ce8bb294275cd22 |
| SHA1 | 47229f6eb790ad7d1b56f1e06c913850a8591e81 |
| SHA256 | 285824fa911fafbdb10949c5785b8902b4605a8333c4d7bce3bc9ab63016de6d |
| SHA512 | eca1cc9ab9a355d778b952e3a22098b56932f39238268b09c747508f923cfb52453d6618af77baba96a0e4b2e8ce9f692af2f59720a273da78487b7c43d9bd9c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libzstd.dll
| MD5 | 4cc2b0f5e67f781406696b8032f30b72 |
| SHA1 | cf957e5f56c148d8fcf005989da1443c55ef190e |
| SHA256 | f9b8f326310503b8a79f8d16a80367728af0240af7cb3ea820f81144d2010fc3 |
| SHA512 | b31e6377134dfcbc3b03c6be30d20bb721ec9dc395f68e497292469eff39dbd543e30593d0e18ba4548cb1c85f0e9b0a3c2ea8a4fb2ec8134a3ff93005daad79 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll
| MD5 | 4893b2d6f6f8ad23c36556213ad68657 |
| SHA1 | 874a05a8cc99301f4dfe3a218fc24d6154c1e45f |
| SHA256 | d05802c260a72cedb7e00661ef3906dd0ba461dbf653307b2d3ac9cbc94ac393 |
| SHA512 | 56e0427a06604e49059102709587286b74f408bf0ca406c4a1af3edb13ece0924d314940c605170e46849f1c75b900000c4d472b2a52829270a1dcefcf6ceb34 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libb2-1.dll
| MD5 | 87ab9208b130b7d7b2dbf6e887aafc5f |
| SHA1 | afc23cf59beea5dea0e7b4d7f96b936ab4594511 |
| SHA256 | d6754584336b179a02722cfb80854f764024b6649e6f0cbf2d3878407e5678af |
| SHA512 | fee411c30bc4df1777f42df27deb198114851672c916b197e8a1eb44f39fc88ba801703f24d06c51a72ec952d91ed992695f1c38b32689b54be8c578f23db8c6 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libdouble-conversion.dll
| MD5 | 20d6fca191ec4998242748eb54df4905 |
| SHA1 | e2d5afc4a3778c73762ebb4af9c446689a355a92 |
| SHA256 | 52a913618d12f2e02d756d7c8af5199ed77d61c47cf3c94cd23209f64b001eb7 |
| SHA512 | 49d6bcfd5f2d9c304b81fae3a18d642302a5055f64a98b27e72e277b1f5cfb2ddb77d0080624ad5bf2ab62bdb215da7a44441dede5999b056954159c75184a1e |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Gui.dll
| MD5 | 545b6016eecd088d22ed786e407952bf |
| SHA1 | 7901dddeb02ab236b4b8d80bc0bb5d056632ec3b |
| SHA256 | 573094bfe86d8278a2ec8f995664ee34def435ee1b0121fa6a0cf9d235b48019 |
| SHA512 | 84e2192e284dd735dfb40c317d0bd45f7374c69c2baf3fc35e0838048f063ff43828051bf45707943dd7b30cb454b61554901a87133573ca3379a0c4f8451f3e |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuuc74.dll
| MD5 | 36d2fa039a890672c8cf67fae90d0658 |
| SHA1 | cd0991e07eb8540d2a034c3060543be91029dcfe |
| SHA256 | 111f1a66b1f3d380f2782e00b964eaf4d9fa4aaf64efc3d0010fd261d8872755 |
| SHA512 | 2206f368e1d93af09f70ebb66e47a26d7177e7363059811f52e99ed6e6b3780c89ce01c457cddc53496da917f72f1adc74b9ffc343ade09bde0fad525e8467ce |
C:\Users\Admin\AppData\Local\Programs\PollyMC\zlib1.dll
| MD5 | 17d86210bfddc727ba2751fd02c533e1 |
| SHA1 | c1c53c48c78852003045114c030747dcff017aa9 |
| SHA256 | 7ef90c6875d176bae42aedc6720bd27d8515431a19b37c6a071f3b19f82a9eb8 |
| SHA512 | c7f1a80a2285de93d63c9b7f069da1966ed16415ca01f02faeb9bd48b3d00f6e6d190aaf5f24d11f8ad78b6b2a8ff9c96ef7bfb7e80d6954cdfb73dca24c9152 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libicuin74.dll
| MD5 | 4ecebb81171478eb0ea25486d8f0e877 |
| SHA1 | fc64cf8c67825ba28a7aff8778f0503a0f5cbaea |
| SHA256 | 6a94f8630b1207ac14460c7baed819133bf96b06e33a86ec98c5487c0a2e351a |
| SHA512 | 330492251c3e52b084e8349d01dc36b6d8552ddb91767095a1a888da9dfc93cf489ed0b55a49eb1becaa31886600a23ae8f8dc372cf9a24954bbe2b8fb3ea675 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libcmark.dll
| MD5 | f5f97439ea8c9b6ee10b76b9f94e2fde |
| SHA1 | 4e1ba63e394087fadbb908274b6ae77c3b92b59f |
| SHA256 | 503c476dbc9f57cacff1062e6bc48f70e3d9f00453180ba7bc4cbf4373810fa6 |
| SHA512 | 091e2997e29862aae35d9d9deb7db83356933cb3de89f80f5a239f9f3914d8f4218a1f2393055000707826baae9c4f4a3f43625a4eb3fd4f098f91ca34fe819b |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core5Compat.dll
| MD5 | ab88dd4c87ff60a81b698c5b194d0d92 |
| SHA1 | a5c114e642297ee477db5f38286d5e24eafe1920 |
| SHA256 | 792cdcf3a9843bd46e1af141029e714464ce125a45b74582b5de1d7ef01801b5 |
| SHA512 | 43089e7cd5bb983af01413d2774febfefebfc85cccdcdfe7097eedc8bb571c5b90ffb269a6c5e029b8db8aca96d32c2cf9c216211dfe762db5167e6e52f66f3c |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Xml.dll
| MD5 | 63e76c8c687df6aec9f41e3d8a1d0746 |
| SHA1 | 7577d4d681c012a3ded924e2f30aa6969ca5e815 |
| SHA256 | 04ff3840b3a84ae2ed1b4a388a5e6ba5e7fe05f64bde8919d10739a7fcb8917e |
| SHA512 | e4a65b254b0e7b2c1cd0f19d6c3b7df5b044ed7f90aa08e8163f93998624f6ffee13715796f55c5a780b77ac2c900fd2070dbf9b2799ba43f3b0d8fc7cc5b141 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Network.dll
| MD5 | 0f315a61e5d7a8693c55458f9576f292 |
| SHA1 | 8a9e1caea0f3f629f3def7d05e047a9bf0173942 |
| SHA256 | ee860831eeaf34792d403b1d42fb5313fc0b3396c370f8b36924491f159c85f8 |
| SHA512 | de85ac62c0d596e5f147770d0b6ef2df9ffce2d51331e36110838816da49150c52ee33e2eda961d7749274ff20ce6ac10e10e421662a4c92e7190c2e771df397 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libc++.dll
| MD5 | 0314b68d4684f7fa62c9273df902bced |
| SHA1 | c8cd94d2a41c66c56b3dd465868c800bfd201a83 |
| SHA256 | 7c2515f1a68339b2f100a56aa69c2fbd1223a1e649caaf220e3b81c779a1b08b |
| SHA512 | de5219e3e2d415b1c02b64191b4de51ae6080059495f8109bf01a88365a27ac1691012a11ffddb81279fab792453f67a148def4aa52c012a8a9b6a7fecf4fb25 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\libquazip1-qt6.dll
| MD5 | 92fd1c7887462c3e2d8c4b75329c14d5 |
| SHA1 | 3305b83190612b47a90f34e20687fc2159d8f7e7 |
| SHA256 | 3f06ff804caff1aa10da61ff9b3c8e060b1a9ad54cf336e582bf7422f7ea639e |
| SHA512 | 61a25ff7ef8f7651c4798659a17f9fdd2111752e9cc5da13488d54da8e90fd3e1259dac69342a19cf2f2b882df2442d290dcd72bee2ec7fc6c610c3fe0f99fcc |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Core.dll
| MD5 | 7ddba2aefe80c5a615b1b59475582461 |
| SHA1 | 69ad2c640a0661b9e35d3d9883ac2082993c586c |
| SHA256 | 6c4aa6b85b022aa9f2cbca7a9c9039e0551e9c4c6875c6c589321d1941f3d161 |
| SHA512 | ccfe7b9a4074b82789d43022c13b09ac8b9a6c8ebf225aed48cd6d42913a2f17c024f13963cc1a53c0ed5c25e9228f23867738b19d02630cfc37e32b3d1b6348 |
C:\Users\Admin\AppData\Local\Programs\PollyMC\Qt6Widgets.dll
| MD5 | b8155ea0777b3968b5ca8ff7a6bb4618 |
| SHA1 | 7318626ca2d3eb41aa831db07a5f8f1506f5809d |
| SHA256 | cd94a1e1f9bf4e8377b4d8379e97d32b2f8fdf9934db6e364e366c68a77ceb12 |
| SHA512 | fb804c8c870de6310cc45655eb9d8e833c3e3b799ed667ea59eaf48226608726bf81c152638cb81e1a8c2d3cf300a07427086a8f1b87cc10957e44ffbd225133 |
memory/844-212-0x00007FFBA6BC0000-0x00007FFBA6E8F000-memory.dmp
memory/844-211-0x00007FFBA6E90000-0x00007FFBA7056000-memory.dmp
memory/844-213-0x00007FFBA7060000-0x00007FFBA779D000-memory.dmp
memory/844-214-0x00007FFBB3330000-0x00007FFBB38E8000-memory.dmp
memory/844-215-0x00007FFBA77A0000-0x00007FFBA790A000-memory.dmp
memory/844-216-0x00007FFBBCB50000-0x00007FFBBCBAC000-memory.dmp
memory/844-217-0x00007FFBBCAB0000-0x00007FFBBCAEA000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\qt.conf
| MD5 | 7215ee9c7d9dc229d2921a40e899ec5f |
| SHA1 | b858cb282617fb0956d960215c8e84d1ccf909c6 |
| SHA256 | 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 |
| SHA512 | f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768 |
memory/844-218-0x00007FFBBCBB0000-0x00007FFBBCBDB000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PollyMC\qtlogging.ini
| MD5 | 58967a7fcc8cd9d2bdb9b0fc24eed94d |
| SHA1 | b09f4ed1fe53850307cf8cb8cd2767524c26335b |
| SHA256 | ba15aee260e7ca1d48016546bab52fe30c3da264356b629739c125cd4eb3c700 |
| SHA512 | 5d44670d283b8a88892fd8def2fd2f2f9222d5115b25cc4b9e2b04a7c5f004930dc0b5e2d11ae128ab844f826ba079a0f93e17d5428355bdb4d21a04ee58055a |
memory/844-222-0x00007FFBABB30000-0x00007FFBABB5C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 577e1c0c1d7ab0053d280fcc67377478 |
| SHA1 | 60032085bb950466bba9185ba965e228ec8915e5 |
| SHA256 | 1d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158 |
| SHA512 | 39d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5 |
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.RxtNur
| MD5 | a6dc16331f06bc5831e5ddc9799284ec |
| SHA1 | d344f83d549df8c3e2c959182ba37f8c81d885a5 |
| SHA256 | 9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807 |
| SHA512 | 43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14 |
memory/844-238-0x00007FFBA41A0000-0x00007FFBA41B5000-memory.dmp
memory/844-239-0x00007FFBA4120000-0x00007FFBA4174000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg.lock
| MD5 | b0844bd6a6e7999bbbcceaf7af5b0941 |
| SHA1 | 6a9def019bd672ef87177e247e6f99daf94d7412 |
| SHA256 | ae67d66abd9a303279dfa537ff1ad537e4a1e44c968625d047f220b86e30114a |
| SHA512 | 627487ee4608176faf03082ff26fcb5d9476c1486aac5f987e8b3d82883c7484d067a49edfc21d16b373f399d5f612dc17a8250bf64284b36b20ca20a7fd6538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d4604cbec2768d84c36d8ab35dfed413 |
| SHA1 | a5b3db6d2a1fa5a8de9999966172239a9b1340c2 |
| SHA256 | 4ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2 |
| SHA512 | c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855 |
memory/844-266-0x00007FFBA31E0000-0x00007FFBA3217000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd3204f003d4b1df1341ec98d5a2b6df |
| SHA1 | d3cba23f93fdaf2bd062fffeb1fc5064979ffd18 |
| SHA256 | 92271caec409dffba8de0ed51a81dd60ad8dee98a7c214a2bdd17adbe7a8b19f |
| SHA512 | a599a79943bff0f7294b37c0a30c1dd1880b9999ac2b86973cdacb9e405b8b3acb39ea868e28a61d2222140612ff4210f59848869b15abf9155930ea1004413b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 408d4cc8a423c3317eb66266ee79a117 |
| SHA1 | 25b41d30f4b22ef35a56308901d8eacfa03045e8 |
| SHA256 | 283d4255a89ae2d0cdb29ee41a20c23b3067ba33620f6a82169d4c2c95e5c4b8 |
| SHA512 | 3443c0346196da1bcec61886dee02833df166989895ff4e2d70c80c8a1b5ed3f48b9eab94212c0d63440be993ab0e1e54bd5365b0a6416080e515d33083f59c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 356e4858f1d53e84bc307bf6af66410c |
| SHA1 | bb6d8300fe7a2b88b795755c59f1e67ebcc9fd79 |
| SHA256 | e6729b3195782f19698eb5401dd168f1a418ca456418ec0cee8f58b4c36464ec |
| SHA512 | 7d6ffc4955a46c20944887fb5ab826877d3313a5e4a1dd0ec236125bcd0fd3bcbbc6b5b09b676ba8c3b39e60e5cf045e4b9caf987b24379a6bd15b8348d6c26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5100e867584205f984cf1ed966deeea2 |
| SHA1 | 9f7c716fa40f388dc06d52854d7d01ac940b4fd9 |
| SHA256 | 3d0fa8259e6eb0633751049a46347e46909ce517af59dd6d42e5b80b2783a272 |
| SHA512 | 66cc84691ed364d10f26738e3bf431edd090ef23049b8a667e3aaaae4c6cc0c86a2eca2a78bca51a06ea49c4b2caf8970130b3c03e1c9930e3cfadf958029543 |
C:\Users\Admin\Downloads\Unconfirmed 44616.crdownload
| MD5 | 6b561cdbb5c764d8b7d1b2dd583e1fdb |
| SHA1 | e6ab66aa100f8a04b183d188193c693d01122f76 |
| SHA256 | 936cee4941ca401e556ece5206dc4d9fc70c3660aaecf27cdb6c4d1ca5252ee3 |
| SHA512 | 9aa375f24e3b63937c2d9b0231d356a395b81438dbf723af712c61baa87d3760319b977fdf8e060f1f38a2a5a12d302e3aa21826d3d0b4983d7a48e4e3ac1d1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 04764680e56ca4722530f614c472dcc9 |
| SHA1 | 7dd2a4dbb17c939bde938bf19bf11e7afc466f44 |
| SHA256 | 28ecee408cfd95fa9357c2bca936e8ae8d33af6de46e891fee441cc85df66395 |
| SHA512 | 37dfb62ac34ab0fc43cb0c19a9c41c278dd3c3dc60141512e21ed5467203e67684a02f224f4a84ed51af46b2b3461bec0fc79e90bca6814f36fd8579190bd1b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59db43.TMP
| MD5 | 1ec8c458b9f3a1f3e84162d81c1f4336 |
| SHA1 | ce3dbea9e735ec4d5efd948a4479d43d733f49d1 |
| SHA256 | 8c9c99a54000f93b8788d640b4155f61ec7c650f52233647f9dcd3e414842b93 |
| SHA512 | 25035a27ebd355c28364ff289dde0f68ee8a8cc13930d3a0e1306c76c5271f91f9dc94ee7e5f06244aa28d5c734238efa25cca21b3194c4af32fb683aa8a4cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 048db155dc6865271a5c6f3bdc5178ae |
| SHA1 | f9e1ceef39970a103427c236bb65304ed5f89d01 |
| SHA256 | 7890a8f0a1b80664ba685dff879590943f030437dbe8fe1960dcd53588698f13 |
| SHA512 | 369bfe9062ae47156bac081b6f87eb5e1c48c2fb43f516b06c9dd9281fd3a647a54f1f069511af600ce7754f11075b29a0431a6a144b6de67185b31839887001 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | f90ab9cf3de9032841433905207a13b8 |
| SHA1 | 8043d54ee2fe8ca9e195534337b50932575f5649 |
| SHA256 | c4f233afac41972adc72de669c34701972a355717bd76263610ee4b499d040fa |
| SHA512 | e778fcad665ac93ad114edefed53da893d70e61008fa9ef420393845eb4b804a06fce3296dfbb441dccdb35a8ea2da4e03949698619abde36c6993fd90f3a4fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ddc692ae157bdf8d5bbc8e4cc69bcd81 |
| SHA1 | 3d100bb347f7cf062c2af329293757a0282a7005 |
| SHA256 | 083221fcf113fd8d33c213e48c7068f67b3f5a4771573046d794283c2e2b0a2b |
| SHA512 | 6c81b366b8a9ad88cb609778c1f985ccf06e322aee014306f688f95f37314facd34bd5be55f47286e78cb40248341e2ce26452b66cef3b91e1c2c6c16e51345e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 282df4b83896533f6cd231126d76ef20 |
| SHA1 | 1557ba8a35275bf456ba1d292647e7f17bb1357a |
| SHA256 | 0ebf891ee83f43263feac98be82af6fd19490ac0bb632b9489d2a7ef0cb56aa5 |
| SHA512 | c9f703e58d14efc698e620c5b19a662fb498438ea2f09547a75051d763d2ec40ff9fc1cb6330b0b9f5538e2215918fa68247429504cee25e19442785b57f7559 |
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | 1ee2656be1389a5909a261daeef2767d |
| SHA1 | 340dcbb461fdbb2ec2219eb768868e21b568c7f8 |
| SHA256 | 087e9318ab1b9cc30dfcbcf25f46f19f7a7dab3c8bac09a9b00d0161daacf12b |
| SHA512 | c40f16be75edc3a1f8b8f8e0cf1e51b8d8691c822cf4d880780f072189d6967e14fcd420b3a27de9955b6165ef44a2ec3e6dcc65be618f2bab1f7b9945ded6c8 |
memory/2144-737-0x000001EBC2370000-0x000001EBC3370000-memory.dmp
memory/2144-731-0x000001EBC0BA0000-0x000001EBC0BA1000-memory.dmp
memory/2652-769-0x0000027AABF90000-0x0000027AAC200000-memory.dmp
memory/448-770-0x0000024CE7F50000-0x0000024CE81C0000-memory.dmp
memory/884-771-0x00000215BEC40000-0x00000215BEEB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7f5e6a448723ff9171ed90911e8083a |
| SHA1 | 37495e1a41d9c8fb81dc6cb7de7f2f60b5f7e0fc |
| SHA256 | d5d2ebf1db961c878aeabaa1c3dadf9a0852a68c2a7adc47bc99cde58a5ddbef |
| SHA512 | cbd9d92dc58904a5be418c6f54f944e35859bfa422e86f268a7e884b279ea9a18e1c2c54812abcfd00878c473c3afd0c52c6e1c380c8163e100de824c0c9a249 |
memory/2144-745-0x000001EBC0BA0000-0x000001EBC0BA1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 51df2ae5ef2221a6a7340f0223cb5711 |
| SHA1 | fa39d6c65cca94aa6289289e0002e644be3e22ce |
| SHA256 | fce6391000f6d7bc887b0bcc76aeb3967fdeeee82002543681865b5b34f603f9 |
| SHA512 | a79a7d25f3186d2a25af52598075e720038bb34bcd31847c48036d9e0230e82aac8cba0276e358b512f4da57c62f565d6f09e17b2fb51c395303215c7b123393 |
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | 57432b4a95e4bf1ddf9de125a7785783 |
| SHA1 | e90a9c78cbc89e1d521576cf2e40baf9101aa048 |
| SHA256 | 5681dd34f041a678917308b8951a6ac05a31851055d0d14d16a0b0a825ccdcac |
| SHA512 | f7b49c7330c3cdf33c32e4f7c66f37285164bb1f81f65b6fd43d5f8138ac29ce90b26a9ff82624edf2bca43684c369d529c21ca11a2551f714e8a2bfb58c28e3 |
memory/2144-832-0x000001EBC2370000-0x000001EBC3370000-memory.dmp
C:\Users\Admin\AppData\Roaming\PollyMC\pollymc.cfg
| MD5 | a8771712ea3450cba7bb955499deaee4 |
| SHA1 | 3405b1090ce16d65183a292ebaca6167c5691bbd |
| SHA256 | 6f310b1d419033f5d6e6fee985ad13f18bac9fbc9f8a8fea5ddfbf47afd43bb5 |
| SHA512 | 10b40564857e99dbd5754a546fd6c23b44d60e685c457bb2e0085104ff1f4a945bf35d98d52f614fa9581c1312207c676bb02126b742369dcc18bf8619e834d8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0a19d8edcaa81eff5536addd7c77eedb |
| SHA1 | 4bd43031c9cba89872960cd6cb3dfd9dcc3d832b |
| SHA256 | 04bbf218e84f103567ac3c70e600717c1a2c86df0b9f603bab4e842f5f48eec1 |
| SHA512 | edeaeae60ea63e923f5298f2d9b030ca4a1ea0f3e8de03b388b0aef5eff71f1125b41e38138320ad0ac236408d0a942415e55da0217c8178c3aea0372101193f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c28ba872ba83fa77a9901f1a37bfb7d |
| SHA1 | ad8b4685d217875fbf7b56dcfce2117d797873a3 |
| SHA256 | 9f00ab5678623b22ac9fb254cc672350607e6ea4f8000f0a20e40bfa1383aabd |
| SHA512 | 55a59c0efb5efaf09a047cd7c2577ba3a8d14cf442e8e54cb068710705dbcdd469d6f5e9bc7a54f5ada1c54a794bd76168a5b3b012504472c31993e09ad95750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 6c05a4399969b7de349f93354fc86ead |
| SHA1 | 938abf2bc3a30b9264dda837e7e842ae4b5fc0c4 |
| SHA256 | d3f4c4cb9877879532f51bfb0479bb01955cebef1b972678f267e98c0337ffd8 |
| SHA512 | 3812bff10db590882bc0ed370d2eeec5e79d00f547222d3b86b5566925a023de05f0d4541759cf9e77f48c2943f45bb81429b2c0a0d4543c591de9bbd6621e3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | d307ce6ce114ea2d363c2e709df6f9c3 |
| SHA1 | e8173b7467489dbcc7fa23bd6dc2557a70624ac6 |
| SHA256 | ddc9046c4d6ff62e0859e12f84c4c2e7e154fbbb230dd415a788e132dba831df |
| SHA512 | 6e10b866683259c13aa5f956d50450866bf1e9f6401edbfaf9cc1388a1b6d83fb27f92fdfb3fd01de431dfd6c967f1e6c253f776ba2d3e87268fb88ac908be11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 170ecab156077b17177eeb77c67d3a3c |
| SHA1 | ff9fbea313648f5669d6c1772ee5c40868364b6d |
| SHA256 | 0001e0d344275eecceb4b04850677f4463773f237f82e83563b7e63275f50226 |
| SHA512 | ad88eb63ad336e9b9d2553e5da3951cdd031cd87938f0ea3a3af99ce6b320b70f05da83a350c00fe4f9fe2a4b9a06fff82648aafcdde93459d042e458910ef49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e4a81a2fe82594e90aa33abaebaae68 |
| SHA1 | 6813b22d6febcdbadac1d52c6397f59bfa115525 |
| SHA256 | fcddd585ab056d53526a17d6431f59815109e87166c07774137140d498dd7233 |
| SHA512 | 903359c2c68211b3eb7896532ebcbda806c376e77e7b0f0c53d22b3aaa0f8e795cdb40247940194c22435096a5530090e8467c08a58b4dea09e4e7d829a99ff1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 729acb391f224cea27e8dc3d44fddc85 |
| SHA1 | a1c78b0f8e26d9ed921bb0389cd26fbb9c9c204f |
| SHA256 | a2d315cf351db97e8018621e17998776045b0ddc5a328a458176f27cab6b6eba |
| SHA512 | 38015d24a0dc91de7cb960216f2cda327e588dfb7e60c94de8ac922cea14ff35576d63d65b2650d987825980201451673833f06b2e295c84ac7b34ac35ec87b2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a3339b25fcd7bdeaa2c3f68c60cd338 |
| SHA1 | f925835d256583848a0c8d081598e3dd52ae0da7 |
| SHA256 | 5b9570a7e2dddd05aa2516b207612922d75348c9a6231632b62c0c90dc9410f2 |
| SHA512 | 0c0119e3986a97aa336154dfde77b0179c76468f50e9bfb9e6eab14cc6a021317543253c9f9c38fbf32ba175102dd59c3175cff68e6aab0f83a6845738dfa79a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e6cb9ace779a00df7797bb3afd98b45 |
| SHA1 | c383adb34b9b759b1b7fa8666b8f3618f8616c43 |
| SHA256 | 2e6cb0d457207790df320f7730fe400d54e8f5dc1e998bd7300c9d15b6f0d8c7 |
| SHA512 | 248ed597fabf9bdd0dfdfa6270332b8cabdab9302ff912ca79cf2916bbcdbd500accc1940dfdf4870bc495d2226ddcb5c0a7b642afd7086113632987765c4040 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0b6660a1bcf44b6081712dee20be61e7 |
| SHA1 | 11a19f69157995c20a388e7c5f2513d4bac2a695 |
| SHA256 | 690f201e6b253e8201c5d6397659a1508226ae4000565cbd4cdfd34d64fa255d |
| SHA512 | db7f468b50661c41241f444774616cc441db46a73bd0134329312d5cfdc13beb77f552d9711537d04bc934f86ec89cf23e19ef6cccba902e7a2b6437cd12337b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b97377867c1d5a2b90b9c0e848b94f0a |
| SHA1 | 5c80020a9d9039f69932a01c3950646e2cb99531 |
| SHA256 | 8cd403df228f88e490caa196fdbfb70e3badbc454a73884b6daecd984431dabf |
| SHA512 | da0c49776f5f8d67b5b0044d87f6016b92ea7b339ee9d04e16803b99599c1969482a971590d636f2c52f4739ad5c64bb569e1217fc50609e27cad82e127452b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 1db559d5a90934ca4269e4a6dcf5e60f |
| SHA1 | fdd6707c372b71e2d75a928d824ec2ed5794faad |
| SHA256 | 3106f79cb71ac20b0fe040ff0f0a5b9fff409fa283e85fbf35c6c98ee77d721d |
| SHA512 | 8a9f4135d271569dac43930523bee499050a22bc65dd3dcd0a79f72a667b9c6bf07cb987210bcbbe3525473f94c0efd95bbc2d20ac6e0b34488370bd8d87d751 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 3cd0f2f60ab620c7be0c2c3dbf2cda97 |
| SHA1 | 47fad82bfa9a32d578c0c84aed2840c55bd27bfb |
| SHA256 | 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b |
| SHA512 | ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | cf989be758e8dab43e0a5bc0798c71e0 |
| SHA1 | 97537516ffd3621ffdd0219ede2a0771a9d1e01d |
| SHA256 | beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615 |
| SHA512 | f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c382f0c3a3624daa92017e0f75ee7b9c |
| SHA1 | 7333280452719fe3fcd7757f5e4d4ec357b6b93a |
| SHA256 | 3d20af586afc254ebeea7772e90d889c45d421ecfbc0c117a5acd21165e1adea |
| SHA512 | 9b381b7cf126ad1ebdcb23c285dd4f66b42bf842e6a3bd3c658946d0395828a2c5fa29e4cf4a63bb73db80a94ec271e8bed2d3057a7f3bcb797fe8fb02b75c40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1cc29e5622554b8c546d6cd4dc7e249 |
| SHA1 | fa145de8558fb67732f1e1e80b3c696fd84a00ed |
| SHA256 | 13f3c5db9311223186a207cd81824d64f24b567efd7aa67be8cfb41e4e9eaad0 |
| SHA512 | 75cb60db2b201b22027d5e19a5467a7487d7a3634bc75fdbf5357a6a67dd8fa57413384acf4d7bf0de450868adb53364991bad0bb123051cea89976f183396c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 24cab279a1b1479cd2848b4cf4db97d8 |
| SHA1 | c59c889167dfa25ea85e0ab5b93db29270cd9a3a |
| SHA256 | 2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51 |
| SHA512 | d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | bb3fc9718561b34e8ab4e7b60bf19da6 |
| SHA1 | 61c958bedf93d543622351633d91ad9dda838723 |
| SHA256 | d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141 |
| SHA512 | 97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 65b00bec774c969842aceb3199fbe254 |
| SHA1 | bd464411b9578497f081a5f8b6c04180b6ee0f0a |
| SHA256 | d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda |
| SHA512 | 0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ed5a30e019c90d73acddb8e07ad7c769 |
| SHA1 | faecc0c2be27f8400426b873cde6eceb379b044d |
| SHA256 | 2142c81edb01e0abd53fdc20fc61e62997bbd7d438012f7e5e31e191a3750664 |
| SHA512 | 695ce9fe8eeb858d0059cb7d4aeed828e826914491b8c13f59080a61d92bebb346ec48e47d9a78a92fd37635a294145d25cb56c42e513e2f2a18991491dfaf79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 231d864d0bf96537930b384c4c09dd23 |
| SHA1 | 931af39989a8cb33737b62a7d02382aec0afc107 |
| SHA256 | 5cc0619f934315b0cfd6e283ba0c97d52390a45d6e6ff8a90babc6fd44089ebd |
| SHA512 | 8cfb624bbce7d8bcad8d3a404a529d0209992c6d33ef659c4303756d6dbfc0bc873a7f6216e2a8b4d67452484ff4af04738ed9ce30ebabb3f14a3aebd8cd3e53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb5657c7fddca6729a94323ba7445a94 |
| SHA1 | 55c5aea1abc6991f0aa4443bac77b665b930b81a |
| SHA256 | 9efa7a1249bd4427f8eaabb26a75aa682234fff0f3d399a3de455b4501f71b86 |
| SHA512 | 2d431ea6e157bf54cb112cc0deaf08e17dd1691db265361b3fd94f5c30e59985ffda8b1f8d2fdba7739cfb3fa3f71a4a021cde169fd0fb7ac22ea31362390558 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b2c18df6781ac09d192042e1acbf196c |
| SHA1 | 5a4240fc0a2ec11506b8bcc71eaf00c0196cc67e |
| SHA256 | ba8f4ed6e49fd655190df426c2e650e8fee27104a5f25f27532afff749b0e4da |
| SHA512 | a9db6d7125f88ccedca14c88a094b84f78d6f8de6f6ab81a9e9665c14bc0068a0e22b17877f9be12e313cc8203f50de2f0d5f744420a9ecb60cf491f38f7dc29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3c66bbf56a15261f16265e4ce231c8c |
| SHA1 | 5eb39e194133b7f5250889d73393f038604c45fd |
| SHA256 | 17d3f7d33789422b0ec42ab6276d75f19a0f6f605d0e0f0daa678e1c4f0c75ae |
| SHA512 | 9f9e06d54e39c50b0eb6722f6de9526efb4256e508760958340ca02ddb87ababfddb49d629ff669671c52f2c4d3d06d56dbb2e8e4ef2efe7e9b7752ae9f582ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ccf32e1cbc70915e3a54a0d116beb5e0 |
| SHA1 | 21ab85f99cc30045967f4a9cbd53bfcf6fc2ffdb |
| SHA256 | fa4220d053f5bd53a3bea30f4c39215cd515a1fb2df2a6fe4e88136a342582ac |
| SHA512 | ae95336a930d8965eceee066a8ddb817fc7d37cb68e8a40798b1ad80b4eadf4196622f2445266a6ccdf38a3bc345de61a43ecc8938aae7982c341491ee8ef8ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 554f437cc1cb38444983d90e23cb0908 |
| SHA1 | 825f09289d3fe6827ac2e5b8a5fd19bc73c1078c |
| SHA256 | 3ca65ca70a50aca8855927838d46607ac055d4f4e7ebf73cf598871a6ba6a9c3 |
| SHA512 | d7ad03c2d5530ea1c959b7cb91f7c0289098737e86c57883e40f5f5a63f5306f06902cb022d84250b0587c5a2bbe5bf8ae2c3b3ab6f1e601bacf8082cd8239af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 306af0d5ad6c28c08a73d724b4f53820 |
| SHA1 | af76cd254c4a254a4b992893ab5456fc80bc02e5 |
| SHA256 | 871efce8385c9e3347dd830b6adca4215814207c20c11f3bc6cbff80ff7423f1 |
| SHA512 | 6976c6335849d9d86019d6e6948f67b6ad748fcb2b43792ac7bdaba486c3aa03db28e0556c8cffe155bbf2210ef89d07398b7581482aff7d99647611f84e2d63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9fd8948a83588feae325aa652a8eaea |
| SHA1 | 71c8c68ca1c6192a9676b3301f0af3a2bec6e286 |
| SHA256 | 3f3e8ca17cce50bac38b625b9f8d9bd60797d1381ea634084f9adafc0042ba08 |
| SHA512 | b7097a2b40924b5022acfecec3e12360cacbba5bc098ca74e820ee3a5c2c37b16777a3c6eb7636970b38a6206cef752a5695f2c9509921b3ce2e08cdc4e7638e |
memory/2428-1880-0x0000014F09EF0000-0x0000014F09EF1000-memory.dmp
memory/2428-1881-0x0000014F0B7A0000-0x0000014F0C7A0000-memory.dmp