Analysis Overview
SHA256
2127916ed879446537a6c72fcb3a3485a2f9074ea7f89a69cdce645d6a8dec31
Threat Level: Shows suspicious behavior
The file plato.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:42
Reported
2024-02-23 12:43
Platform
win10-20240221-es
Max time kernel
35s
Max time network
38s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell\open | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Plato\\prod\\plato.exe" | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\ = "URL:Plato" | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\URL Protocol | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell\open\command | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\plato.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3444 wrote to memory of 1792 | N/A | C:\Users\Admin\AppData\Local\Temp\plato.exe | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe |
| PID 3444 wrote to memory of 1792 | N/A | C:\Users\Admin\AppData\Local\Temp\plato.exe | C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\plato.exe
"C:\Users\Admin\AppData\Local\Temp\plato.exe"
C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe
C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe -db C:\Users\Admin\AppData\Local\Plato\prod\data -supervisor C:\Users\Admin\AppData\Local\Temp\plato.exe -install-dir C:\Users\Admin\AppData\Local\Plato\prod -logs C:\Users\Admin\AppData\Local\Plato\prod\data\logs\prod-0.5.26-51191be1-20240223124305-log.txt
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.platocdn.com | udp |
| US | 104.18.21.157:443 | download.platocdn.com | tcp |
| US | 8.8.8.8:53 | 157.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-desktop-prod.platocorp.com | udp |
| US | 8.8.8.8:53 | _grpc_config.api-desktop-prod.platocorp.com | udp |
| US | 8.8.8.8:53 | app.platoapp.com | udp |
| US | 54.212.75.215:443 | api-desktop-prod.platocorp.com | tcp |
| US | 54.68.243.200:443 | app.platoapp.com | tcp |
| US | 8.8.8.8:53 | 215.75.212.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.189.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.243.68.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clientmonitor.platocorp.com | udp |
| US | 50.112.145.10:443 | clientmonitor.platocorp.com | tcp |
| US | 8.8.8.8:53 | 10.145.112.50.in-addr.arpa | udp |
| US | 54.68.243.200:443 | app.platoapp.com | tcp |
| US | 8.8.8.8:53 | profanity-prod.platocorp.com | udp |
| US | 50.112.145.10:443 | profanity-prod.platocorp.com | tcp |
| US | 8.8.8.8:53 | blob-prod.platocdn.com | udp |
| US | 104.18.20.157:443 | blob-prod.platocdn.com | tcp |
| US | 104.18.20.157:443 | blob-prod.platocdn.com | tcp |
| US | 8.8.8.8:53 | image.platoapp.com | udp |
| US | 8.8.8.8:53 | plato-image-assets-prod.platocdn.com | udp |
| US | 104.18.21.157:443 | plato-image-assets-prod.platocdn.com | tcp |
| IT | 108.157.194.29:443 | image.platoapp.com | tcp |
| IT | 108.157.194.29:443 | image.platoapp.com | tcp |
| IT | 108.157.194.29:443 | image.platoapp.com | tcp |
| IT | 108.157.194.29:443 | image.platoapp.com | tcp |
| IT | 108.157.194.29:443 | image.platoapp.com | tcp |
| IT | 108.157.194.29:443 | image.platoapp.com | tcp |
| IT | 108.157.194.29:443 | image.platoapp.com | tcp |
| US | 8.8.8.8:53 | 157.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.194.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | news-prod.platocorp.com | udp |
| US | 8.8.8.8:53 | games-prod.platocdn.com | udp |
| US | 35.162.240.136:443 | news-prod.platocorp.com | tcp |
| US | 104.18.21.157:443 | games-prod.platocdn.com | tcp |
| US | 8.8.8.8:53 | 136.240.162.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | profile.platocdn.com | udp |
| US | 104.18.20.157:443 | profile.platocdn.com | tcp |
Files
C:\Users\Admin\AppData\Local\Plato\prod\plato.exe
| MD5 | 2f69077139324e79c98f1e9ddda3bfa2 |
| SHA1 | 4c7eb8d16476c2fa56b8565273ffc02bbf50b355 |
| SHA256 | 702fc0cea0955dc5c286c07deee30863610376cab86f782958b5de50f2b34283 |
| SHA512 | f3b77bd09c02f6671c48792e8bb8d26766a7cb76c5b229a340cf99b72c7f619a19f54c0c6a49d49205cc73527d39efa8ae7e394032526001dc2f283f5033cccd |
C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe
| MD5 | ff87f01954c7e3f8976726af959827a8 |
| SHA1 | ae4bd3a3430e448fb98f251ee3781359b49d75d2 |
| SHA256 | 16a8788e9df2c6633e4892636e734baed2ea18dda2310f04e0a9cdafcb48d60a |
| SHA512 | 273734f0636a6c882473f3adcacb6a2827970c641405fe11c845d5ef07af675ea181913090ebfcc90038af051ec6b6a3d757829ee21a2b9c97eb4e18437b10f1 |
\Users\Admin\AppData\Local\Plato\prod\0.5.37\libwinpthread-1.dll
| MD5 | 733d05b314199d8c78691f02468a60ea |
| SHA1 | 15d4e94c5a473d04373f92a17eb1547df26a1441 |
| SHA256 | dc01d23b272d7cf1f8c698a88141399b9376f563ffb0edff2f3ebcec8bcd26ca |
| SHA512 | 5ac6d62301727f28aaee3b23f93a65ff026acff9c18845640c9d9a9d094be1eb2f49729ed0955bf1ccfa773965ecd6a4b865997bd77b4485e963402aee6d21a9 |
\Users\Admin\AppData\Local\Plato\prod\0.5.37\libGLESv2.dll
| MD5 | dfcf238c6e196eee412d875c293a82ee |
| SHA1 | ff231d341b3a355c000e2d03d2c7563775f58993 |
| SHA256 | 84c8adca5ac21f0c324ad85bade9caf265de6e61f28b84cac61d893d088dcef2 |
| SHA512 | 79a70570b51eb30784eaba7e08044b404d1914be3d5e98442b9002d9ad85fd6ea5961f7333ad2c3fa8d52f09cd202c54220b243629e0cfd37e6787794123c0d4 |
\Users\Admin\AppData\Local\Plato\prod\0.5.37\libEGL.dll
| MD5 | e9208c49c80f09f8167db476788cedad |
| SHA1 | e9f7ec37e0d574a14bf4b55daa2958f4e630689d |
| SHA256 | c90b1024204a9db27807488322d063016984470ed22c48f22b2e786c3ba29d24 |
| SHA512 | d53be53319d3096856b9e3563bed5c04408d66118ff4b3a4663bf91d196f8000216e42df4809625a536c76a66d5f7aa0fabf25dab4965487e23a6f6a4e53d957 |
\Users\Admin\AppData\Local\Plato\prod\0.5.37\zlib1.dll
| MD5 | f5ee141fb811e541f684b49d104fab39 |
| SHA1 | d5572426ac96fb1c9338fc48a6b9c2f54a73931f |
| SHA256 | f1026242564b8a7079a463db2594eaf3a94972c1c839781b1ee1c8d131fa729f |
| SHA512 | 2d224d366d64674ea205bf1f0bc852836fd742f628f842069869a5e32981895b6566791fd4fdb5e8a6b5c7bc77dcacadeb24f783eb610b4c5c036887d2ac3f06 |
\Users\Admin\AppData\Local\Plato\prod\0.5.37\libstdc++-6.dll
| MD5 | b11988763791cb941b3e99b7960e88f1 |
| SHA1 | 84d00bfe5dfe206296c14235b076af9262959abc |
| SHA256 | 0487227d3821b8222e445b6da6f62d956680c4a4405d6d60f38f147478df7583 |
| SHA512 | 48a36df542f967e78b3efc86ed06c4c6d47caf56dcfa76c29952cd57ffa64aed9e010f2feaac83d9c3130e4497f8e2b5eccc9d5b3dad826719a9bcdf13e34dc0 |
\Users\Admin\AppData\Local\Plato\prod\0.5.37\libgcc_s_seh-1.dll
| MD5 | bd5749c30e8f97227ad3993bcaa312c9 |
| SHA1 | 2c241a2ea6b7132ad37bdac693dbad38cf8a39cc |
| SHA256 | 0fda0844b07c9976f405b19f2b946770a89a2de63b3260a852daefffdb9d4af8 |
| SHA512 | d12e98a7f278db76c77c2dce84e62d3ebef04018ff8d5932c6c392a1356f8f43b0a98f3d7eb78118b3b7ab4539027c6ee39222819fc2f502dc64ec9ba9bc8862 |
C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe
| MD5 | 81e344af12af595a5ea4ad72ceb03165 |
| SHA1 | 4374f6dec7fbefc85cce361f7b9224c1c94592f5 |
| SHA256 | ac4ddabb72a541bb69b46f6b863d611fa89b20d6cc0b76bc40c2dfb15d737f0d |
| SHA512 | 6822227acc2dcb5c89e2671b7b5818a3e1fa1fc51ac6959beea4c418323eea406889fa0660a2a8711e736c08f12886c9e99e7f2a7147271599dcc9f6a497c445 |
C:\Users\Admin\AppData\Local\font_index_v2.cache
| MD5 | f01c7f1a3294304503d46ba013f2e8f9 |
| SHA1 | 42564c759426ae4a0771548ad1220e00f86418e2 |
| SHA256 | 15e06f9105562a4b0d2e49c53a90869d882d14736c3f971ea955cf3cb667643a |
| SHA512 | 9026bd02ccca9d82a268313ccaacec5de4f4b54325eff177444155c15500bce01203eb7a3b2fc4a96bcb0d415f4a063958a329b2afaafe7b6ed035d6b74aa0e8 |
memory/3444-54-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp
C:\Users\Admin\AppData\Local\Plato\prod\data\logs\prod-0.5.26-51191be1-20240223124305-log.txt
| MD5 | 34001407175bf1d07ba35a19b317490d |
| SHA1 | 5e206f560c3ee11f06468d42867ed9bfe5e600c9 |
| SHA256 | 68910291d486d661c1dce8120644e9ad315f027bf41382e0ce66defc00982cdc |
| SHA512 | 32842e9613cfb7124405c8d39ee3af7a44e1a7b140d8c88e9fbb36c01a48ade915d5e3d2966d0098e0ecd0eda32e1242c877bbf2136716a2f876c73a7e141b9b |
memory/1792-62-0x00007FF7AFCF0000-0x00007FF7B3D77000-memory.dmp
memory/1792-72-0x00007FFE763E0000-0x00007FFE76591000-memory.dmp
memory/1792-73-0x00007FFE76B40000-0x00007FFE76B64000-memory.dmp
memory/1792-69-0x00007FFE7AB80000-0x00007FFE7AB9C000-memory.dmp
memory/1792-74-0x00007FFE76CF0000-0x00007FFE76D06000-memory.dmp
memory/3444-82-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp
C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\d3dcompiler_47.dll
| MD5 | 086cffe6323a116b1885b56448a82e76 |
| SHA1 | a69ea6fe1ed67a3e6af5a823234983f60fabb8e2 |
| SHA256 | a0aa1b7e60f7c2a6100980215e51f2f958b50711b4e8455ddeddb5065af306bc |
| SHA512 | c066ba6afd1a4f12ddc0b0a2adf632d8edbac5ea986a13ae5250162a6c96b4f78f81d6a4b1593062b7def88c356caa836da9cbbc263ace0033d48b1c93878ad8 |
memory/1792-90-0x00007FF7AFCF0000-0x00007FF7B3D77000-memory.dmp
memory/1792-91-0x00007FFE7AB80000-0x00007FFE7AB9C000-memory.dmp
memory/1792-94-0x00007FFE763E0000-0x00007FFE76591000-memory.dmp
memory/1792-96-0x00007FFE76CF0000-0x00007FFE76D06000-memory.dmp
memory/3444-97-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp
memory/1792-103-0x00007FF7AFCF0000-0x00007FF7B3D77000-memory.dmp
memory/1792-104-0x00007FFE7AB80000-0x00007FFE7AB9C000-memory.dmp
memory/1792-105-0x00007FFE763E0000-0x00007FFE76591000-memory.dmp
memory/1792-106-0x00007FFE76B40000-0x00007FFE76B64000-memory.dmp
memory/1792-107-0x00007FFE76CF0000-0x00007FFE76D06000-memory.dmp
memory/3444-108-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp