Malware Analysis Report

2025-08-05 09:27

Sample ID 240223-pxp2ksfh5w
Target plato.exe
SHA256 2127916ed879446537a6c72fcb3a3485a2f9074ea7f89a69cdce645d6a8dec31
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2127916ed879446537a6c72fcb3a3485a2f9074ea7f89a69cdce645d6a8dec31

Threat Level: Shows suspicious behavior

The file plato.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:42

Reported

2024-02-23 12:43

Platform

win10-20240221-es

Max time kernel

35s

Max time network

38s

Command Line

"C:\Users\Admin\AppData\Local\Temp\plato.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell C:\Users\Admin\AppData\Local\Temp\plato.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell\open C:\Users\Admin\AppData\Local\Temp\plato.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Plato\\prod\\plato.exe" C:\Users\Admin\AppData\Local\Temp\plato.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato C:\Users\Admin\AppData\Local\Temp\plato.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\ = "URL:Plato" C:\Users\Admin\AppData\Local\Temp\plato.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\URL Protocol C:\Users\Admin\AppData\Local\Temp\plato.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Plato\shell\open\command C:\Users\Admin\AppData\Local\Temp\plato.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3444 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\plato.exe C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe
PID 3444 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\plato.exe C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe

Processes

C:\Users\Admin\AppData\Local\Temp\plato.exe

"C:\Users\Admin\AppData\Local\Temp\plato.exe"

C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe

C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe -db C:\Users\Admin\AppData\Local\Plato\prod\data -supervisor C:\Users\Admin\AppData\Local\Temp\plato.exe -install-dir C:\Users\Admin\AppData\Local\Plato\prod -logs C:\Users\Admin\AppData\Local\Plato\prod\data\logs\prod-0.5.26-51191be1-20240223124305-log.txt

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3ec

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.platocdn.com udp
US 104.18.21.157:443 download.platocdn.com tcp
US 8.8.8.8:53 157.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 api-desktop-prod.platocorp.com udp
US 8.8.8.8:53 _grpc_config.api-desktop-prod.platocorp.com udp
US 8.8.8.8:53 app.platoapp.com udp
US 54.212.75.215:443 api-desktop-prod.platocorp.com tcp
US 54.68.243.200:443 app.platoapp.com tcp
US 8.8.8.8:53 215.75.212.54.in-addr.arpa udp
US 8.8.8.8:53 57.189.138.108.in-addr.arpa udp
US 8.8.8.8:53 200.243.68.54.in-addr.arpa udp
US 8.8.8.8:53 clientmonitor.platocorp.com udp
US 50.112.145.10:443 clientmonitor.platocorp.com tcp
US 8.8.8.8:53 10.145.112.50.in-addr.arpa udp
US 54.68.243.200:443 app.platoapp.com tcp
US 8.8.8.8:53 profanity-prod.platocorp.com udp
US 50.112.145.10:443 profanity-prod.platocorp.com tcp
US 8.8.8.8:53 blob-prod.platocdn.com udp
US 104.18.20.157:443 blob-prod.platocdn.com tcp
US 104.18.20.157:443 blob-prod.platocdn.com tcp
US 8.8.8.8:53 image.platoapp.com udp
US 8.8.8.8:53 plato-image-assets-prod.platocdn.com udp
US 104.18.21.157:443 plato-image-assets-prod.platocdn.com tcp
IT 108.157.194.29:443 image.platoapp.com tcp
IT 108.157.194.29:443 image.platoapp.com tcp
IT 108.157.194.29:443 image.platoapp.com tcp
IT 108.157.194.29:443 image.platoapp.com tcp
IT 108.157.194.29:443 image.platoapp.com tcp
IT 108.157.194.29:443 image.platoapp.com tcp
IT 108.157.194.29:443 image.platoapp.com tcp
US 8.8.8.8:53 157.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 29.194.157.108.in-addr.arpa udp
US 8.8.8.8:53 news-prod.platocorp.com udp
US 8.8.8.8:53 games-prod.platocdn.com udp
US 35.162.240.136:443 news-prod.platocorp.com tcp
US 104.18.21.157:443 games-prod.platocdn.com tcp
US 8.8.8.8:53 136.240.162.35.in-addr.arpa udp
US 8.8.8.8:53 profile.platocdn.com udp
US 104.18.20.157:443 profile.platocdn.com tcp

Files

C:\Users\Admin\AppData\Local\Plato\prod\plato.exe

MD5 2f69077139324e79c98f1e9ddda3bfa2
SHA1 4c7eb8d16476c2fa56b8565273ffc02bbf50b355
SHA256 702fc0cea0955dc5c286c07deee30863610376cab86f782958b5de50f2b34283
SHA512 f3b77bd09c02f6671c48792e8bb8d26766a7cb76c5b229a340cf99b72c7f619a19f54c0c6a49d49205cc73527d39efa8ae7e394032526001dc2f283f5033cccd

C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe

MD5 ff87f01954c7e3f8976726af959827a8
SHA1 ae4bd3a3430e448fb98f251ee3781359b49d75d2
SHA256 16a8788e9df2c6633e4892636e734baed2ea18dda2310f04e0a9cdafcb48d60a
SHA512 273734f0636a6c882473f3adcacb6a2827970c641405fe11c845d5ef07af675ea181913090ebfcc90038af051ec6b6a3d757829ee21a2b9c97eb4e18437b10f1

\Users\Admin\AppData\Local\Plato\prod\0.5.37\libwinpthread-1.dll

MD5 733d05b314199d8c78691f02468a60ea
SHA1 15d4e94c5a473d04373f92a17eb1547df26a1441
SHA256 dc01d23b272d7cf1f8c698a88141399b9376f563ffb0edff2f3ebcec8bcd26ca
SHA512 5ac6d62301727f28aaee3b23f93a65ff026acff9c18845640c9d9a9d094be1eb2f49729ed0955bf1ccfa773965ecd6a4b865997bd77b4485e963402aee6d21a9

\Users\Admin\AppData\Local\Plato\prod\0.5.37\libGLESv2.dll

MD5 dfcf238c6e196eee412d875c293a82ee
SHA1 ff231d341b3a355c000e2d03d2c7563775f58993
SHA256 84c8adca5ac21f0c324ad85bade9caf265de6e61f28b84cac61d893d088dcef2
SHA512 79a70570b51eb30784eaba7e08044b404d1914be3d5e98442b9002d9ad85fd6ea5961f7333ad2c3fa8d52f09cd202c54220b243629e0cfd37e6787794123c0d4

\Users\Admin\AppData\Local\Plato\prod\0.5.37\libEGL.dll

MD5 e9208c49c80f09f8167db476788cedad
SHA1 e9f7ec37e0d574a14bf4b55daa2958f4e630689d
SHA256 c90b1024204a9db27807488322d063016984470ed22c48f22b2e786c3ba29d24
SHA512 d53be53319d3096856b9e3563bed5c04408d66118ff4b3a4663bf91d196f8000216e42df4809625a536c76a66d5f7aa0fabf25dab4965487e23a6f6a4e53d957

\Users\Admin\AppData\Local\Plato\prod\0.5.37\zlib1.dll

MD5 f5ee141fb811e541f684b49d104fab39
SHA1 d5572426ac96fb1c9338fc48a6b9c2f54a73931f
SHA256 f1026242564b8a7079a463db2594eaf3a94972c1c839781b1ee1c8d131fa729f
SHA512 2d224d366d64674ea205bf1f0bc852836fd742f628f842069869a5e32981895b6566791fd4fdb5e8a6b5c7bc77dcacadeb24f783eb610b4c5c036887d2ac3f06

\Users\Admin\AppData\Local\Plato\prod\0.5.37\libstdc++-6.dll

MD5 b11988763791cb941b3e99b7960e88f1
SHA1 84d00bfe5dfe206296c14235b076af9262959abc
SHA256 0487227d3821b8222e445b6da6f62d956680c4a4405d6d60f38f147478df7583
SHA512 48a36df542f967e78b3efc86ed06c4c6d47caf56dcfa76c29952cd57ffa64aed9e010f2feaac83d9c3130e4497f8e2b5eccc9d5b3dad826719a9bcdf13e34dc0

\Users\Admin\AppData\Local\Plato\prod\0.5.37\libgcc_s_seh-1.dll

MD5 bd5749c30e8f97227ad3993bcaa312c9
SHA1 2c241a2ea6b7132ad37bdac693dbad38cf8a39cc
SHA256 0fda0844b07c9976f405b19f2b946770a89a2de63b3260a852daefffdb9d4af8
SHA512 d12e98a7f278db76c77c2dce84e62d3ebef04018ff8d5932c6c392a1356f8f43b0a98f3d7eb78118b3b7ab4539027c6ee39222819fc2f502dc64ec9ba9bc8862

C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\client.exe

MD5 81e344af12af595a5ea4ad72ceb03165
SHA1 4374f6dec7fbefc85cce361f7b9224c1c94592f5
SHA256 ac4ddabb72a541bb69b46f6b863d611fa89b20d6cc0b76bc40c2dfb15d737f0d
SHA512 6822227acc2dcb5c89e2671b7b5818a3e1fa1fc51ac6959beea4c418323eea406889fa0660a2a8711e736c08f12886c9e99e7f2a7147271599dcc9f6a497c445

C:\Users\Admin\AppData\Local\font_index_v2.cache

MD5 f01c7f1a3294304503d46ba013f2e8f9
SHA1 42564c759426ae4a0771548ad1220e00f86418e2
SHA256 15e06f9105562a4b0d2e49c53a90869d882d14736c3f971ea955cf3cb667643a
SHA512 9026bd02ccca9d82a268313ccaacec5de4f4b54325eff177444155c15500bce01203eb7a3b2fc4a96bcb0d415f4a063958a329b2afaafe7b6ed035d6b74aa0e8

memory/3444-54-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp

C:\Users\Admin\AppData\Local\Plato\prod\data\logs\prod-0.5.26-51191be1-20240223124305-log.txt

MD5 34001407175bf1d07ba35a19b317490d
SHA1 5e206f560c3ee11f06468d42867ed9bfe5e600c9
SHA256 68910291d486d661c1dce8120644e9ad315f027bf41382e0ce66defc00982cdc
SHA512 32842e9613cfb7124405c8d39ee3af7a44e1a7b140d8c88e9fbb36c01a48ade915d5e3d2966d0098e0ecd0eda32e1242c877bbf2136716a2f876c73a7e141b9b

memory/1792-62-0x00007FF7AFCF0000-0x00007FF7B3D77000-memory.dmp

memory/1792-72-0x00007FFE763E0000-0x00007FFE76591000-memory.dmp

memory/1792-73-0x00007FFE76B40000-0x00007FFE76B64000-memory.dmp

memory/1792-69-0x00007FFE7AB80000-0x00007FFE7AB9C000-memory.dmp

memory/1792-74-0x00007FFE76CF0000-0x00007FFE76D06000-memory.dmp

memory/3444-82-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp

C:\Users\Admin\AppData\Local\Plato\prod\0.5.37\d3dcompiler_47.dll

MD5 086cffe6323a116b1885b56448a82e76
SHA1 a69ea6fe1ed67a3e6af5a823234983f60fabb8e2
SHA256 a0aa1b7e60f7c2a6100980215e51f2f958b50711b4e8455ddeddb5065af306bc
SHA512 c066ba6afd1a4f12ddc0b0a2adf632d8edbac5ea986a13ae5250162a6c96b4f78f81d6a4b1593062b7def88c356caa836da9cbbc263ace0033d48b1c93878ad8

memory/1792-90-0x00007FF7AFCF0000-0x00007FF7B3D77000-memory.dmp

memory/1792-91-0x00007FFE7AB80000-0x00007FFE7AB9C000-memory.dmp

memory/1792-94-0x00007FFE763E0000-0x00007FFE76591000-memory.dmp

memory/1792-96-0x00007FFE76CF0000-0x00007FFE76D06000-memory.dmp

memory/3444-97-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp

memory/1792-103-0x00007FF7AFCF0000-0x00007FF7B3D77000-memory.dmp

memory/1792-104-0x00007FFE7AB80000-0x00007FFE7AB9C000-memory.dmp

memory/1792-105-0x00007FFE763E0000-0x00007FFE76591000-memory.dmp

memory/1792-106-0x00007FFE76B40000-0x00007FFE76B64000-memory.dmp

memory/1792-107-0x00007FFE76CF0000-0x00007FFE76D06000-memory.dmp

memory/3444-108-0x00007FF6B4E00000-0x00007FF6B6273000-memory.dmp