Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19-08-2024 17:37
Static task
static1
Behavioral task
behavioral1
Sample
abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe
-
Size
588KB
-
MD5
abf12ab43ca9db2b629ca3014ccf7036
-
SHA1
019758a6577fee24e70edc41ecca79ee99c87aa8
-
SHA256
ba7ca6bdd5436f20a2e60807374a70e9c13e5bab43bdb543ff4c47daf0c67821
-
SHA512
e85c73e388986acd9d630366f2b0f2dc489451893341301d9974815bf3fd87ab434476be14f19d9ce24cdbeee89567e25b98e707f56cbd4922c31bf08b03b11c
-
SSDEEP
12288:BsibihGXxVRI+wyxx9FzjtlOR+NFQZ2RgA3SpigL+2UX:B5NNmT2RnSIq2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2956 plog.exe -
Executes dropped EXE 64 IoCs
pid Process 2956 plog.exe 3948 plog.exe 4776 plog.exe 232 plog.exe 1084 plog.exe 1128 plog.exe 5096 plog.exe 1616 plog.exe 892 plog.exe 5032 plog.exe 3596 plog.exe 3248 plog.exe 3552 plog.exe 1376 plog.exe 948 plog.exe 3432 plog.exe 1744 plog.exe 1148 plog.exe 624 plog.exe 4636 plog.exe 4928 plog.exe 4836 plog.exe 540 plog.exe 3764 plog.exe 2492 plog.exe 912 plog.exe 5084 plog.exe 4832 plog.exe 1292 plog.exe 1420 plog.exe 4820 plog.exe 636 plog.exe 2496 plog.exe 1344 plog.exe 4624 plog.exe 2816 plog.exe 4352 plog.exe 2896 plog.exe 1452 plog.exe 5048 plog.exe 4520 plog.exe 3736 plog.exe 3680 plog.exe 4164 plog.exe 2388 plog.exe 3508 plog.exe 4988 plog.exe 3756 plog.exe 4276 plog.exe 2016 plog.exe 1664 plog.exe 3984 plog.exe 968 plog.exe 692 plog.exe 3964 plog.exe 3588 plog.exe 4956 plog.exe 4856 plog.exe 4944 plog.exe 2592 plog.exe 2708 plog.exe 228 plog.exe 4828 plog.exe 2204 plog.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Snow = "C:\\Windows\\system32\\swon4.exe" plog.exe -
Drops file in System32 directory 5 IoCs
description ioc Process File created C:\Windows\SysWOW64\plog.exe abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\plog.exe abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe File created C:\Windows\SysWOW64\swon4.exe abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe File created C:\Windows\SysWOW64\plog.exe plog.exe File opened for modification C:\Windows\SysWOW64\swon4.exe plog.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\sk.exe plog.exe File created C:\Windows\sk.exe abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language plog.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeShutdownPrivilege 3708 abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe Token: SeShutdownPrivilege 2956 plog.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3708 wrote to memory of 2956 3708 abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe 84 PID 3708 wrote to memory of 2956 3708 abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe 84 PID 3708 wrote to memory of 2956 3708 abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe 84 PID 2956 wrote to memory of 3948 2956 plog.exe 87 PID 2956 wrote to memory of 3948 2956 plog.exe 87 PID 2956 wrote to memory of 3948 2956 plog.exe 87 PID 2956 wrote to memory of 4776 2956 plog.exe 89 PID 2956 wrote to memory of 4776 2956 plog.exe 89 PID 2956 wrote to memory of 4776 2956 plog.exe 89 PID 2956 wrote to memory of 232 2956 plog.exe 90 PID 2956 wrote to memory of 232 2956 plog.exe 90 PID 2956 wrote to memory of 232 2956 plog.exe 90 PID 2956 wrote to memory of 1084 2956 plog.exe 91 PID 2956 wrote to memory of 1084 2956 plog.exe 91 PID 2956 wrote to memory of 1084 2956 plog.exe 91 PID 2956 wrote to memory of 1128 2956 plog.exe 92 PID 2956 wrote to memory of 1128 2956 plog.exe 92 PID 2956 wrote to memory of 1128 2956 plog.exe 92 PID 2956 wrote to memory of 5096 2956 plog.exe 93 PID 2956 wrote to memory of 5096 2956 plog.exe 93 PID 2956 wrote to memory of 5096 2956 plog.exe 93 PID 2956 wrote to memory of 1616 2956 plog.exe 94 PID 2956 wrote to memory of 1616 2956 plog.exe 94 PID 2956 wrote to memory of 1616 2956 plog.exe 94 PID 2956 wrote to memory of 892 2956 plog.exe 97 PID 2956 wrote to memory of 892 2956 plog.exe 97 PID 2956 wrote to memory of 892 2956 plog.exe 97 PID 2956 wrote to memory of 5032 2956 plog.exe 99 PID 2956 wrote to memory of 5032 2956 plog.exe 99 PID 2956 wrote to memory of 5032 2956 plog.exe 99 PID 2956 wrote to memory of 3596 2956 plog.exe 100 PID 2956 wrote to memory of 3596 2956 plog.exe 100 PID 2956 wrote to memory of 3596 2956 plog.exe 100 PID 2956 wrote to memory of 3248 2956 plog.exe 101 PID 2956 wrote to memory of 3248 2956 plog.exe 101 PID 2956 wrote to memory of 3248 2956 plog.exe 101 PID 2956 wrote to memory of 3552 2956 plog.exe 102 PID 2956 wrote to memory of 3552 2956 plog.exe 102 PID 2956 wrote to memory of 3552 2956 plog.exe 102 PID 2956 wrote to memory of 1376 2956 plog.exe 104 PID 2956 wrote to memory of 1376 2956 plog.exe 104 PID 2956 wrote to memory of 1376 2956 plog.exe 104 PID 2956 wrote to memory of 948 2956 plog.exe 106 PID 2956 wrote to memory of 948 2956 plog.exe 106 PID 2956 wrote to memory of 948 2956 plog.exe 106 PID 2956 wrote to memory of 3432 2956 plog.exe 107 PID 2956 wrote to memory of 3432 2956 plog.exe 107 PID 2956 wrote to memory of 3432 2956 plog.exe 107 PID 2956 wrote to memory of 1744 2956 plog.exe 108 PID 2956 wrote to memory of 1744 2956 plog.exe 108 PID 2956 wrote to memory of 1744 2956 plog.exe 108 PID 2956 wrote to memory of 1148 2956 plog.exe 109 PID 2956 wrote to memory of 1148 2956 plog.exe 109 PID 2956 wrote to memory of 1148 2956 plog.exe 109 PID 2956 wrote to memory of 624 2956 plog.exe 110 PID 2956 wrote to memory of 624 2956 plog.exe 110 PID 2956 wrote to memory of 624 2956 plog.exe 110 PID 2956 wrote to memory of 4636 2956 plog.exe 111 PID 2956 wrote to memory of 4636 2956 plog.exe 111 PID 2956 wrote to memory of 4636 2956 plog.exe 111 PID 2956 wrote to memory of 4928 2956 plog.exe 112 PID 2956 wrote to memory of 4928 2956 plog.exe 112 PID 2956 wrote to memory of 4928 2956 plog.exe 112 PID 2956 wrote to memory of 4836 2956 plog.exe 113
Processes
-
C:\Users\Admin\AppData\Local\Temp\abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3708 -
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe 608 "C:\Users\Admin\AppData\Local\Temp\abf12ab43ca9db2b629ca3014ccf7036_JaffaCakes118.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3948
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4776
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:232
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1084
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1128
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:5096
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1616
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:892
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:5032
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3596
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3248
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3552
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1376
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:948
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3432
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1744
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1148
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:624
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4636
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4928
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4836
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:540
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3764
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:2492
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:912
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:5084
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4832
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1292
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1420
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4820
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:636
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:2496
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1344
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4624
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2816
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4352
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:2896
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1452
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:5048
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4520
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3736
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3680
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4164
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2388
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3508
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4988
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3756
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4276
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:2016
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:1664
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3984
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:968
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:692
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3964
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:3588
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4956
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4856
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4944
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:2592
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:2708
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:228
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:4828
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- Executes dropped EXE
PID:2204
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4548
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1888
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1232
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4432
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:448
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1192
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1504
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4344
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1568
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2064
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4656
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1236
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1428
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2420
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1676
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3868
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3772
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4708
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3420
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3044
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5092
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1136
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4864
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2024
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1008
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3428
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1448
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:244
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1952
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1144
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2800
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1284
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2084
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:832
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2240
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2392
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5064
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2152
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2188
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4360
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4964
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3244
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3212
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4620
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4300
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:4404
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3488
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1840
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2120
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4092
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3424
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1688
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1660
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1184
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:804
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2928
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:396
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:700
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1116
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3256
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4348
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2676
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4220
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:720
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3548
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4940
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:536
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1012
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4016
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:2744
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4732
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4072
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3160
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3988
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4104
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1564
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3824
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2324
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:464
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:760
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5072
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:4396
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2460
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3876
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2464
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:2604
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4980
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3632
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4924
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4720
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4272
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1400
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5000
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5036
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4804
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1848
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3200
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3224
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5136
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5156
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5176
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5196
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5284
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5340
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5384
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5404
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5424
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5452
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5492
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5516
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5548
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5568
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5588
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5608
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5628
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5648
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5672
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5692
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5712
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5732
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5752
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5772
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5796
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5816
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5836
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5856
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5884
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5904
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5928
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5948
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5968
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5988
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6012
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6036
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6060
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6080
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6104
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6124
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4060
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5152
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5212
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5292
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5236
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5240
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5264
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5280
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:564
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5436
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1844
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3096
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5356
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5528
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5564
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:468
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5616
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5644
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5680
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5724
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:216
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5760
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5808
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5832
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5864
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5900
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5940
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5980
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6004
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6032
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6068
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6112
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6140
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5164
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5296
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5228
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:3536
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5256
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5396
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5476
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4188
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5512
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5560
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5596
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:4552
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5556
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5668
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5828
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5868
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5912
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6000
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6024
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6088
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6136
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5128
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5220
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2396
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5412
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2248
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5544
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5440
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5656
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:5740
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5852
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5792
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4448
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2576
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6052
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6132
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5204
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5276
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5420
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4868
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3932
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1052
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5892
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2616
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5960
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6096
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5132
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5252
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5604
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5540
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5788
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1140
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:1796
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2796
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5536
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4768
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5920
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5144
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5640
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4900
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4296
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5704
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:2380
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5708
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4564
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4168
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2664
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4996
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5784
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4792
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6160
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6196
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6216
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6240
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6260
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6280
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6300
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6320
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6340
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6364
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6384
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6404
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6424
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6444
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6464
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6488
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6508
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6528
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6548
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6568
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6620
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6684
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6732
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6760
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6784
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6804
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6832
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6856
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6876
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6896
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6916
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6936
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6956
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6980
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7000
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7020
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7044
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7064
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7084
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7108
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7128
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7152
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6148
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6188
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6208
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6252
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4516
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6276
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6308
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6328
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6380
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6396
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5316
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5372
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6432
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6452
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6500
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6516
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6556
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6632
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6704
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6748
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6596
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6664
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6612
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6588
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6796
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6820
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6868
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6892
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6932
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6968
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6988
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7036
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7052
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6976
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7116
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7148
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6176
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6228
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1784
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6296
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4496
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3208
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6232
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6392
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5376
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4148
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:1988
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6536
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6584
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6744
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6660
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6644
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6768
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6848
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6884
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6852
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7012
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6924
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4376
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7164
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7104
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3636
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6332
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6348
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1624
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:400
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6524
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6692
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6608
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6472
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6844
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6928
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6992
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5100
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7144
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6192
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6288
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5304
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6436
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6580
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6716
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6888
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7056
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6152
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7120
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7092
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6480
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6604
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1908
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6180
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:924
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6680
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6964
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6236
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6360
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7100
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6352
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:5328
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7176
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7200
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7220
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7256
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7276
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7296
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7320
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7340
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7360
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7384
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7404
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7424
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7444
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7464
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7488
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7512
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7532
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7552
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7576
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7596
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7616
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7640
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7660
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7680
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7700
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7720
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7740
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7764
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7784
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7804
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7824
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7844
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7864
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7888
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7908
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7928
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7948
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7968
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7988
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8008
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8036
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8136
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7196
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7240
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7368
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7496
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7712
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7772
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7812
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7836
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7860
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7944
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7372
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7420
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7476
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7500
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7484
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8096
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8088
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8164
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8156
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7304
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8064
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7800
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:6752
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7880
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7584
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7508
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7612
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7728
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7548
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8056
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8032
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7236
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7316
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8144
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7916
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7400
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8148
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7452
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8020
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8068
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8128
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7308
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7636
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6756
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7876
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7564
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7736
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7776
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8000
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7252
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7392
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7940
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8044
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7524
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3176
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7284
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7816
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7748
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:6676
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7980
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7172
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7432
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:7896
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7656
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7964
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7924
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8112
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8120
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8028
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:180
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7520
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7884
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8200
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8228
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8260
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8280
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8304
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8336
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8356
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8412
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8432
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8460
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8480
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8504
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8524
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8548
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8568
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8588
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8608
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8632
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8652
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8672
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8696
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8716
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8736
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8760
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8784
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8804
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8828
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8848
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8868
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8892
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8912
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8932
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8956
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8976
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9000
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9028
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9056
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9080
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9100
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9124
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9144
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9172
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9196
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1364
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8208
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:2028
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8272
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8292
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8312
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8372
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8420
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8328
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8512
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8564
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8600
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4368
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2052
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4600
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8668
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8684
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8628
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8748
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8776
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8792
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8812
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8756
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8904
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8928
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8968
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8996
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9020
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9052
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9096
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9136
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9156
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9192
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8196
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8240
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:412
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8276
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8348
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8424
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8468
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2720
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8536
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8500
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8624
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8664
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1020
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8732
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8780
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8816
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8880
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8908
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8952
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9012
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9040
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7288
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8576
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8620
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8184
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8532
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4080
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8840
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8940
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:388
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9064
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:1488
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8296
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7540
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9140
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9204
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2736
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8640
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2820
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:696
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8844
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:8944
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2456
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8236
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3828
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9164
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9120
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8556
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8692
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8992
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:4256
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8316
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:7472
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8648
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8876
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:2548
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8116
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:8820
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9036
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:3204
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9008
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9188
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:1984
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9048
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9228
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9252
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9276
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9296
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9320
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9348
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9368
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9392
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9412
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9432
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9452
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9476
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9500
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9520
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9544
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9564
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9584
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9612
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9632
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9652
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9672
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9692
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9716
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9744
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9764
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9788
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9808
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:9828
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9852
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9876
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9900
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9924
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9944
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9968
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:9988
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵
- System Location Discovery: System Language Discovery
PID:10016
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:10040
-
-
C:\Windows\SysWOW64\plog.exeC:\Windows\system32\plog.exe3⤵PID:10064
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
588KB
MD5abf12ab43ca9db2b629ca3014ccf7036
SHA1019758a6577fee24e70edc41ecca79ee99c87aa8
SHA256ba7ca6bdd5436f20a2e60807374a70e9c13e5bab43bdb543ff4c47daf0c67821
SHA512e85c73e388986acd9d630366f2b0f2dc489451893341301d9974815bf3fd87ab434476be14f19d9ce24cdbeee89567e25b98e707f56cbd4922c31bf08b03b11c