What is PlariumPlaySetup.exe?
PlariumPlaySetup.exe is part of Plarium Play and developed by Plarium according to the PlariumPlaySetup.exe version information.
PlariumPlaySetup.exe's description is "Plarium Play"
PlariumPlaySetup.exe is digitally signed by PLARIUM GLOBAL LTD..
PlariumPlaySetup.exe is usually located in the 'c:\users\%USERNAME%\appdata\local\plarium\plariumplay\standaloneapps\application\5.0.0\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about PlariumPlaySetup.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on PlariumPlaySetup.exe:
| Property | Value |
|---|---|
| Product name | Plarium Play |
| Company name | Plarium |
| File description | Plarium Play |
| Internal name | setup |
| Original filename | PlariumPlaySetup.exe |
| Legal copyright | Copyright (c) Plarium. All rights reserved. |
| Product version | 5.0.0 |
| File version | 5.0.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | Plarium Play |
| Company name | Plarium |
| File description | Plarium Play |
| Internal name | setup |
| Original filename | PlariumPlaySetup.exe |
| Legal copyright | Copyright (c) Plarium. All rights re.. |
| Product version | 5.0.0 |
| File version | 5.0.0 |
Digital signatures [?]
PlariumPlaySetup.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | PLARIUM GLOBAL LTD. |
| Certificate issuer name | COMODO RSA Extended Validation Code Signing CA |
| Certificate serial number | 29df3dfab5f64b8bf46ea488c39e9619 |
VirusTotal report
None of the 71 anti-virus programs at VirusTotal detected the PlariumPlaySetup.exe file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1053\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Plarium_Play_20191204211306.log",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.be\\PlariumPlaySetup.exe",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\Newtonsoft.Json.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\3082\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\PlariumPlayCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\ICSharpCode.SharpZipLib.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\SetupWPF.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\System.Windows.Interactivity.dll",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1051\\mbapreq.wxl"
],
"directory_created": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1060\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1055\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1028\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1043\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1041\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1038\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1051\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1045\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1036\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1053\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1035\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1031\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\3082\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1049\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2052\\",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1042\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1029\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1040\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1046\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1044\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.be",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1032\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2070\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1030\\"
],
"dll_loaded": [
"C:\\Windows\\system32\\wininet.dll",
"C:\\Windows\\system32\\feclient.dll",
"C:\\Windows\\system32\\clbcatq.dll",
"kernel32",
"api-ms-win-core-localization-l1-2-1",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\msi.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"api-ms-win-core-synch-l1-2-0",
"C:\\Windows\\system32\\uxtheme.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"C:\\Windows\\system32\\cabinet.dll",
"C:\\Windows\\system32\\msasn1.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.dll",
"OLEAUT32.DLL",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\bafunctions.dll",
"C:\\Windows\\system32\\comres.dll",
"WindowsCodecs.dll",
"C:\\Windows\\system32\\version.dll",
"CLBCatQ.DLL",
"comctl32.dll",
"feclient.dll",
"VERSION.dll",
"C:\\Windows\\system32\\AdvApi32.dll",
"api-ms-win-core-fibers-l1-1-1",
"msi.dll",
"C:\\Windows\\system32\\crypt32.dll",
"C:\\Windows\\system32\\Msi.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbahost.dll",
"Cabinet.dll"
],
"file_opened": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_CURRENT_USER\\Software\\Classes\\Installer\\Dependencies\\{C366F7F8-D15D-4763-A451-A3F34C7EAA13}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\8F7F663CD51D36744A153A3FC4E7AA31",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-21-699399860-4089948139-3198924279-1001\\Products\\8F7F663CD51D36744A153A3FC4E7AA31\\InstallProperties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\03E4682133BAFEC4EB5EB88954E0FA2E",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\8F7F663CD51D36744A153A3FC4E7AA31",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_CURRENT_USER\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent",
"HKEY_CURRENT_USER\\Software\\Classes\\Installer\\Dependencies\\{2937dde6-33d4-412d-a45f-89538c3130f8}\\Dependents\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\03E4682133BAFEC4EB5EB88954E0FA2E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx",
"HKEY_CURRENT_USER\\Msxml2.DOMDocument",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}.RebootRequired",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\TreatAs",
"HKEY_CURRENT_USER\\Software\\Classes\\Installer\\Dependencies\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\03E4682133BAFEC4EB5EB88954E0FA2E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData"
],
"command_line": [
"\"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin\" -burn.clean.room=\"C:\\Users\\cuck\\AppData\\Local\\Temp\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin\" -burn.filehandle.attached=192 -burn.filehandle.self=200 "
],
"file_written": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1053\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Plarium_Play_20191204211306.log",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.be\\PlariumPlaySetup.exe",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\Newtonsoft.Json.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\3082\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\PlariumPlayCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\ICSharpCode.SharpZipLib.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\SetupWPF.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\System.Windows.Interactivity.dll",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1051\\mbapreq.wxl"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Package Cache\\{C366F7F8-D15D-4763-A451-A3F34C7EAA13}v5.0.0\\",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\"
],
"guid": [
"{f6d90f11-9c73-11d3-b32e-00c04f990bb4}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{2933bf81-7b36-11d2-b20e-00c04f983e60}",
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}"
],
"file_read": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleUpgradeCode",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleUpgradeCode"
],
"directory_enumerated": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Package Cache\\{2937dde6-33d4-412d-a45f-89538c3130f8}\\PlariumPlaySetup.exe",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1033\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1033\\mbapreq.wxl"
]
}Dropped
[
{
"yara": [],
"sha1": "e76629973f6c1cfc06f60ba64fe9f237b2db9698",
"name": "f4aa983e39fb29c9_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1045\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "f4aa983e39fb29c95e3306082f034b3a43e1d26489c997b8e6697b6a3b2f9f3c",
"urls": [],
"crc32": "2E2AA59C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/f4aa983e39fb29c9_mbapreq.wxl",
"ssdeep": null,
"size": 2368,
"sha512": "964f73e572bdcb1ad946c770e6a2fb4a1ce54af4b5bb072f64256083ba27a223f4dad4a95b9d2a646180806d1f977726147970b06aac35eed75aec6ca89ed337",
"pids": [
2872
],
"md5": "96acaaa5aef7798e9048baff4c3fa8d3"
},
{
"yara": [],
"sha1": "e831e8978a48beafa04aad52a564b7eaded4311d",
"name": "cac263e0e90a4087_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1030\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "cac263e0e90a4087446a290055257b1c39f17e11f065598cb2286df4332c7696",
"urls": [],
"crc32": "31F17E6E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/cac263e0e90a4087_mbapreq.wxl",
"ssdeep": null,
"size": 2286,
"sha512": "2a02415a3e5f073f4530fd87c97b685d95b8c0e1b15efd185cc5cb046fcf1d0dce28db9889ad52588b96fe01841a7a61f6b7d6d2f669eab10a8926c46b8e93d1",
"pids": [
2872
],
"md5": "7c6e4ce87870b3b5e71d3ef4555500f8"
},
{
"yara": [],
"sha1": "11577021465379e9d1ff4260e607149ba5dfa6b3",
"name": "c63de5f309502f92_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"type": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sha256": "c63de5f309502f9272402587a6be22624d1bc2feacd1bd33fb11e44cd6614b96",
"urls": [],
"crc32": "AAB98835",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/c63de5f309502f92_mbapreq.wxl",
"ssdeep": null,
"size": 2464,
"sha512": "ae791c1f05821167f1d2e1d07dbf95fe7e72b35b3e4b1e22720006c7a672b1330b748414792392b0e806f111aa4efc1c424f4479ebde349e3f079792dbb3bf47",
"pids": [
2872
],
"md5": "4d2c8d10c5dcca6b938b71c8f02ca8a8"
},
{
"yara": [],
"sha1": "4e44e656a0d552b2ffd65911cb45245364e5dbf3",
"name": "631d46cb048fb6cf_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1031\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "631d46cb048fb6cf0b9a1362f8e5a1854c46e9525a0260c7841a04b2316c8295",
"urls": [],
"crc32": "4A99111D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/631d46cb048fb6cf_mbapreq.wxl",
"ssdeep": null,
"size": 2442,
"sha512": "fd7e8896f9414f0db7a88f926f55ee24e0591da676f330200bc6bb829eb32648d90d3094e0011bfe36c7ba8be41dfd74b12d444afea0d2866801258da4fa16e8",
"pids": [
2872
],
"md5": "c8e7e0b4e63b3076047b7f49c76d56e1"
},
{
"yara": [],
"sha1": "c0a18c8c5bcd7b88c384b5304b56eeb85a0da3dc",
"name": "ccdcdb111efa152c_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1041\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "ccdcdb111efa152c5f9ff4930033698b843390a549699ae802098d87431f16fe",
"urls": [],
"crc32": "49BCD237",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/ccdcdb111efa152c_mbapreq.wxl",
"ssdeep": null,
"size": 2545,
"sha512": "589522bd4a26bf54ccf3564e392e41bbba4e7b3fd1ed74e7f4f6ad6f2e65cde11fff32d0c5f3bcd09052fe5110fdc361d1926e220fd0bad2d38cac21bbe93211",
"pids": [
2872
],
"md5": "db0f5bab42403fd67c0a18e35e6880ec"
},
{
"yara": [],
"sha1": "22234426c42637e069a46217019551e4434a4ab6",
"name": "06bfb6dfbc38105c_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1055\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "06bfb6dfbc38105c699dea226a029df3ef673c33e4b8928dc4ec7fb8f761487d",
"urls": [],
"crc32": "80DA48EC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/06bfb6dfbc38105c_mbapreq.wxl",
"ssdeep": null,
"size": 2303,
"sha512": "8bdcf7533a6bcfa231b42a7ef845a70c7535fbf607d62ff6404928d5941ba6afbf139450a1a1b58c65facf88dc0785aec4abefbcc803466a58b1930f7c468cdd",
"pids": [
2872
],
"md5": "01b200e06ba600a4ef00c00f7aac5ce4"
},
{
"yara": [],
"sha1": "f20c7db38b3161b143dec4e578ce71d7f585f436",
"name": "4a7fdf4a9033fe05_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1051\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "4a7fdf4a9033fe05c31f565ed3ae5b8c67d324b7aeadb737ce95dbb416d46868",
"urls": [],
"crc32": "A0E9EF21",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/4a7fdf4a9033fe05_mbapreq.wxl",
"ssdeep": null,
"size": 2334,
"sha512": "310c85b27e1ecf4c6729e88051037150cfba0234a0138666c26662b3d665ff38b74e95abcaddeef6cbebb23e3357fac487e6ee5eb8fe158c269d77672191b042",
"pids": [
2872
],
"md5": "016c278e515f87f589ad22c856b201f7"
},
{
"yara": [],
"sha1": "f80b1f416539d33206ce3c24ba3b14b799a84813",
"name": "a40c94eb33f8841c_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1040\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "a40c94eb33f8841c79e9f6958433affd517f97b4570f731666af572e63178bb7",
"urls": [],
"crc32": "2895C5D4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/a40c94eb33f8841c_mbapreq.wxl",
"ssdeep": null,
"size": 2304,
"sha512": "bbd9794181eec95d6be7a1b7ba83fd61af2b2df61d9da8dda2788b61bec53c30fcefe5222edf134166532b36d3ab6ce8996f2d670dc6907c1864af881a21ea40",
"pids": [
2872
],
"md5": "50261379b89457b1980ff19cfabe6a08"
},
{
"yara": [],
"sha1": "0156b230cadd6169ac2820865e3c031ed79785ef",
"name": "c91c9e87ab4a6db0_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1049\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "c91c9e87ab4a6db078f1991f4a2cdc726b58a40e47bce49d39168a8f8f151c3b",
"urls": [],
"crc32": "8A30533C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/c91c9e87ab4a6db0_mbapreq.wxl",
"ssdeep": null,
"size": 2880,
"sha512": "5e87ee3838e3595adbd7eaba6e3e33cdfea5e15ed716fbccdbd55235b3e53e1e41ea5a907f425e96c35167543c7f75ac5214b5aee177d299fc2464a68b22851e",
"pids": [
2872
],
"md5": "daf167af4031ef47e562056a7d51aa73"
},
{
"yara": [],
"sha1": "5d5acbc56e7078af4d04c45b78c0ff090c02ee6a",
"name": "6dd61cc6b87b53ea_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1053\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "6dd61cc6b87b53eaf28430068a2a459730fd4b2bcf876ccdf040212d04c4fe7d",
"urls": [],
"crc32": "61D80120",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/6dd61cc6b87b53ea_mbapreq.wxl",
"ssdeep": null,
"size": 2132,
"sha512": "9e4ba81a145574818dd6a1f1d0ec38ea1629c7771919c35923f440e31ea9912e1630d94fcdb82b71104ebd61d0321dcdf935ba20d69988ee6e9b22259186af0c",
"pids": [
2872
],
"md5": "d95e81164c57b6fd75e7c3022454192e"
},
{
"yara": [],
"sha1": "9252a309c1cb32573f4d58a595a78660fdf54b2f",
"name": "b884c4abb8867553_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\3082\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "b884c4abb8867553c1ffadd6721c2135ec5f9f1455c3f668d711ccea65363d1a",
"urls": [],
"crc32": "2E4AD29A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/b884c4abb8867553_mbapreq.wxl",
"ssdeep": null,
"size": 2400,
"sha512": "77e6dd332104c0461b7c5a08469161af3f1dc51d3b55585d39dd9fc9e2088da036bdf2278cfb96ca702fd26ce073c6c6f66611313270700b9e7a76600c1c8e38",
"pids": [
2872
],
"md5": "1024aa88ae01bc7ba797193cc6023375"
},
{
"yara": [],
"sha1": "67496db91cbaa85ac0727b12fc2d35e990537dac",
"name": "d22f6ada97dbffc1_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1042\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "d22f6ada97dbffc1e7548e52163807f982b30b11a2a5109e71f42985102cccbd",
"urls": [],
"crc32": "13CA2993",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/d22f6ada97dbffc1_mbapreq.wxl",
"ssdeep": null,
"size": 2236,
"sha512": "a350eaf9e7aeafab1163d7c0b8d014afe07ee98bae3915cbdd3c26282e345a0838e853c89bae8943474758dcbcfd0bb0724a0c75cbf969f321fab4944e8704fd",
"pids": [
2872
],
"md5": "442f8463ef5ca42b99b2efaca696bd01"
},
{
"yara": [],
"sha1": "bca088ab33cfb69adeae11a272e9c8a83f39a8c9",
"name": "886cb2a994461f09_bootstrappercore.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "886cb2a994461f091752fc7b21e3143c212efd8841c757909e74ac32761880da",
"urls": [],
"crc32": "F8215505",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/886cb2a994461f09_bootstrappercore.dll",
"ssdeep": null,
"size": 81920,
"sha512": "df2ca029e95f80fc5870e541db8b1d5a03266307bb5f7680ad630868a9a3c584b3a702fbec09c26fef7287c99f5d9d1f59cd59b74dcf740c9a8e7508e07d18b5",
"pids": [
2872
],
"md5": "c4f7146ddc56763ccdb1cb3c09478708"
},
{
"yara": [],
"sha1": "ce6c4c18cf638f980905b9cb6710ee1fa73bb397",
"name": "93fbc59e4880afc9_system.windows.interactivity.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\System.Windows.Interactivity.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf",
"urls": [
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut_2010-06-23.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt0",
"http:\/\/expression\/system.windows.interactivity.dll0",
"http:\/\/www.microsoft.com\/pkiops\/certs\/MicCodSigPCA2011_2011-07-08.crt0",
"http:\/\/www.microsoft.com\/pkiops\/docs\/primarycps.htm0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicCodSigPCA_08-31-2010.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftTimeStampPCA.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicTimStaPCA_2010-07-01.crt0",
"http:\/\/www.microsoft.com\/PKI\/docs\/CPS\/default.htm0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftRootCert.crt0",
"http:\/\/www.microsoft.com\/pkiops\/crl\/MicCodSigPCA2011_2011-07-08.crl0a"
],
"crc32": "CB613811",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/93fbc59e4880afc9_system.windows.interactivity.dll",
"ssdeep": null,
"size": 55904,
"sha512": "2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0",
"pids": [
2872
],
"md5": "580244bc805220253a87196913eb3e5e"
},
{
"yara": [],
"sha1": "4cd21661e341080fb8c2defd9f32f134561fc3ba",
"name": "88e7ddacd6b714d9_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1036\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "88e7ddacd6b714d94d5322876bd50051479b7a0c686dc2e9eb06b3b7a0bc06c9",
"urls": [],
"crc32": "D317E7F4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/88e7ddacd6b714d9_mbapreq.wxl",
"ssdeep": null,
"size": 2306,
"sha512": "78e201f369e65535e25722dfc0efe99edf641f7c14eff1526dc1cc047ff11640079f1e3d25c9072cf25f4804195891be006fc5ed313063afcb91fb5700120b88",
"pids": [
2872
],
"md5": "aa32a059aadd42431f7837cb1be7257f"
},
{
"yara": [],
"sha1": "df53ed9440d027401d502f3297668009030350a7",
"name": "7b9f919a3d1974fd_mbapreq.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "7b9f919a3d1974fd8fa35ad189edc8bf287f476bd377e713e616b26864a4b0d3",
"urls": [],
"crc32": "6778E6CA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/7b9f919a3d1974fd_mbapreq.dll",
"ssdeep": null,
"size": 179200,
"sha512": "1a29e9e9bd798c892a7cd3cd4ff259195e4a92e26f53e8f1a86c75c5eb8fdda58ceba312cd791651fad5ce04529696195815a4ba5c143ad52a5ea0d7c539bb77",
"pids": [
2872
],
"md5": "8ca04519005ad03b4d9e062b97d7f79d"
},
{
"yara": [],
"sha1": "98af031ddf3cf1cd8fce99dd12a93abb646e690f",
"name": "27854a5dff080814_bootstrapperapplicationdata.xml",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"type": "XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators",
"sha256": "27854a5dff0808147af1503d82dd97fb3bba7a51735c70c66e03382745060c34",
"urls": [],
"crc32": "91D86BFC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/27854a5dff080814_bootstrapperapplicationdata.xml",
"ssdeep": null,
"size": 2386,
"sha512": "775a0f8ac395ea87fb3c1ab78ed9a63f771dffba73aa8d17f7117b1b03f061d809007655a064277577e526b6b63b6b42d5e45bf62e69d8d28e67f57b86d208d2",
"pids": [
2872
],
"md5": "432a36cc000d5e8ae8b3d52423aa45cf"
},
{
"yara": [],
"sha1": "85d843b7248a5e1173ff9bd59cb73bb505f69b66",
"name": "226b778604236931_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1043\\mbapreq.wxl",
"type": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sha256": "226b778604236931b4ae45f6f272586c884a11517444a34bf45cd5cae49be62e",
"urls": [],
"crc32": "4083F126",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/226b778604236931_mbapreq.wxl",
"ssdeep": null,
"size": 2312,
"sha512": "7bc7d3e6e19ecf865b2cabfc46c75d516561d5a8a81a8ed55b4edba41a13a7110f474473740200afb035b9597a2511d08c2a2e7a9ade2c2ab4d3f168944b8328",
"pids": [
2872
],
"md5": "67f28bcdb3ba6774cd66aa198b06ff38"
},
{
"yara": [],
"sha1": "dba5d60848a7c24ce837225709d9e23690bb5cb3",
"name": "977998aec486395e_newtonsoft.json.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\Newtonsoft.Json.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "977998aec486395eaba6ce5661648425a1a181ce18c2c87c6288af62b87d5eca",
"urls": [
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut_2010-06-23.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt0",
"http:\/\/www.microsoft.com\/pkiops\/certs\/MicCodSigPCA2011_2011-07-08.crt0",
"http:\/\/www.microsoft.com\/pkiops\/docs\/primarycps.htm0",
"http:\/\/www.microsoft.com\/PKI\/docs\/CPS\/default.htm0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicCodSigPCA_08-31-2010.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftTimeStampPCA.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicTimStaPCA_2010-07-01.crt0",
"http:\/\/expression\/newtonsoft.json.dll",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftRootCert.crt0",
"http:\/\/www.microsoft.com\/pkiops\/crl\/MicCodSigPCA2011_2011-07-08.crl0a"
],
"crc32": "BBAF9FC9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/977998aec486395e_newtonsoft.json.dll",
"ssdeep": null,
"size": 407776,
"sha512": "eb05696f92881a698b7def0f8852286212a5eb235a2ff8a41460dedbc6ae1964bfbef613d3bec736df66525bf6e5a6c95ff5e0a71c904fa70b5c6675e2275a34",
"pids": [
2872
],
"md5": "f75fe8d06448d07720d5456f2a327f08"
},
{
"yara": [],
"sha1": "241a57018ace1210881583a9cf646e7d2e51412f",
"name": "41545ac1247b61c3_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1044\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "41545ac1247b61c3c3e2a7e4659d9fad2bcca8347c69f2eb7b9d0cf5fc31e113",
"urls": [],
"crc32": "DCBDAF22",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/41545ac1247b61c3_mbapreq.wxl",
"ssdeep": null,
"size": 2171,
"sha512": "40e311eada299996e32a7d35223ca678a03c869d63c023d59bc97a7b2049b0252aa9d0a7ec8558d5acb73bd14c7bfa913097e65abee7455658db7e35bbda8ae1",
"pids": [
2872
],
"md5": "5454f724c9cdab8172678a1cc7057220"
},
{
"yara": [],
"sha1": "a6e0fa91cd50048511c7bef1be3a8d32b42b6d1f",
"name": "89c559c6765f8d64_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2052\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "89c559c6765f8d643469e3c8f4aa93023f09369b0395ea647fad5af3c2893eb6",
"urls": [],
"crc32": "6BE387C5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/89c559c6765f8d64_mbapreq.wxl",
"ssdeep": null,
"size": 1980,
"sha512": "0f1d7bc4fd64e18eeec488cdce01fb6bfa5cd3bff614a8d03e388d39f569b8341e74302946877eb25ba1eb17aec137499189605e251fafb6b20051744cb463b1",
"pids": [
2872
],
"md5": "a34dcf7771198c779648b89156483e83"
},
{
"yara": [],
"sha1": "1ff0c20a8157247892de9479221b66614e03d9ff",
"name": "de00d7c20d865605_bootstrappercore.config",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"type": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sha256": "de00d7c20d865605f692c972381d3005c5e02a9e41a20c8ada06a66e3b7311c2",
"urls": [],
"crc32": "6895AC88",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/de00d7c20d865605_bootstrappercore.config",
"ssdeep": null,
"size": 702,
"sha512": "8020a371adf7f55a964f61825695a3010718cdc8c43ef4fde5d786ac9d4d574eac898bf05f3d3ade72a4ad617038234cf53f677351fa512f4bdae08052fa8a03",
"pids": [
2872
],
"md5": "b8dc197db83c527581961fa442e2227a"
},
{
"yara": [],
"sha1": "1b3ed82655aec8a52daec60f8674bc7e07f8cfeb",
"name": "1b93556f07c35ac0_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1028\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "1b93556f07c35ac0564d57e0743ccba231950962c6506c8d4a74a31cd66fd04c",
"urls": [],
"crc32": "4D05D825",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/1b93556f07c35ac0_mbapreq.wxl",
"ssdeep": null,
"size": 2025,
"sha512": "c6ccb188281f161debf02dcdde24b77d8d14943deed8852e77e5afb18f3f62683ab1ae06dceb1e09d53804a76df6400a360712d8e7e228b7f971054bb4fb2496",
"pids": [
2872
],
"md5": "1d4b831f77efec96ffbc70bc4b59b8b5"
},
{
"yara": [],
"sha1": "74c131b5fd80446ffdf2afad723762dd36621309",
"name": "f8c3a03f47f0b9b3_mbapreq.thm",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"type": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sha256": "f8c3a03f47f0b9b3c20f0522a2481da28c77fecdbb302f8dd8fbed87758cbaea",
"urls": [
"http:\/\/wixtoolset.org\/schemas\/thmutil\/2010"
],
"crc32": "44760318",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/f8c3a03f47f0b9b3_mbapreq.thm",
"ssdeep": null,
"size": 3915,
"sha512": "47f34a9f416d223dcbf071e7292a05554af3d27cde67fc8c161c1bed564c6e7fc448c2f482e05f33149c782e09c681bd65730ca00cf9ec68b284128214b75529",
"pids": [
2872
],
"md5": "a20778ec90a094a62a6c3a6ab2a6dc7d"
},
{
"yara": [],
"sha1": "49cd0213a1655dcdb493668083ab2d7f55135381",
"name": "b925d9d3e1e2c49b_mbahost.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbahost.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "b925d9d3e1e2c49bf05a1b0713e2750ee6e0c43c7adc9d3c3a1b9fb8c557c3df",
"urls": [],
"crc32": "16CA4DAE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/b925d9d3e1e2c49b_mbahost.dll",
"ssdeep": null,
"size": 113664,
"sha512": "22ca87979ca68f10b5fda64c27913d0f2a12c359b04e4a6caa3645303fbd47cd598c805fd9a43c8f3e0934e9d2db85f7a4e1eff26cb33d233efc05ee2613cfc1",
"pids": [
2872
],
"md5": "d7c697ceb6f40ce91dabfcbe8df08e22"
},
{
"yara": [],
"sha1": "91d4bdda8d2b703879cfe2c28550e0a46074fa57",
"name": "b8e90e20edf110aa_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1032\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "b8e90e20edf110aaaaea54fbc8533872831777be5589e380cfdd17e1f93147b5",
"urls": [],
"crc32": "61FAD742",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/b8e90e20edf110aa_mbapreq.wxl",
"ssdeep": null,
"size": 3400,
"sha512": "28dac36516bcc76bcc598c6e7abde359695f85ab7a830d6adbc844eb240d9fa372cb5a5ce4dbe21e250408c6b246d371d3cdd656d2178fb0ec22dac7d39cbd9f",
"pids": [
2872
],
"md5": "074d5921af07e6126049cb45814246ed"
},
{
"yara": [],
"sha1": "75ae41181581fd6376ca9ca88147011e48bf9a30",
"name": "a401a225addaf891_mbapreq.png",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"type": "PNG image data, 63 x 63, 8-bit\/color RGBA, non-interlaced",
"sha256": "a401a225addaf89110b4b0f6e8cf94779e7c0640bcdd2d670ffcf05aab0dad03",
"urls": [],
"crc32": "D108E74E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/a401a225addaf891_mbapreq.png",
"ssdeep": null,
"size": 797,
"sha512": "a0f7836aefa1747f481c116f6b085f503b5c09b3a1dd97cd2189f7ce4e6e7ea98f1f66503cba2e6a83e873248cc7507328710dfa670aa5763df8aedcc560285e",
"pids": [
2872
],
"md5": "a356956fd269567b8f4612a33802637b"
},
{
"yara": [],
"sha1": "b6842e816f9e0dcc559a5692e4d26101d10b4b16",
"name": "c015247d022bdc10_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1060\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "c015247d022bdc108b4ffcae89cb55d1e313034d7e6eed18744c1bb55f108f8c",
"urls": [],
"crc32": "6FBB1028",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/c015247d022bdc10_mbapreq.wxl",
"ssdeep": null,
"size": 2200,
"sha512": "640a79d6a756e591ad02ddccc53bc43f855c5148b8cbb5ce6c1caf5419ca02f7b2aff89cca4c056356814d3899ef79bf038b4e8b4b79eb85138a3cedcce93e5b",
"pids": [
2872
],
"md5": "5836f0c655bdd97093f68aaf69ab2bab"
},
{
"yara": [],
"sha1": "4f507a57baffb37ac71a98cff257907309ccf73e",
"name": "828ba5aaa720f43f_icsharpcode.sharpziplib.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\ICSharpCode.SharpZipLib.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "828ba5aaa720f43fa02afe60d50f7de1f6117cb2f83bdda63e183dd00cd3b454",
"urls": [],
"crc32": "6B6BF05E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/828ba5aaa720f43f_icsharpcode.sharpziplib.dll",
"ssdeep": null,
"size": 196608,
"sha512": "1792db805d9c9524c974d53320ddf75788603232f01842038f305f4ead817c9147e88e9bf526968c69e1f28e9db2c2c241456db09aba3c10fed2ff86d5b0be18",
"pids": [
2872
],
"md5": "c3991e3fe72665a29297fdbf8121e336"
},
{
"yara": [],
"sha1": "95ea7f570677aea52393d02fdb21cebb218a7343",
"name": "dc445e2457ed31ab_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1029\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "dc445e2457ed31abf536871f90ff7cc96800a40b6bc033f37d45e3156a3b4fa9",
"urls": [],
"crc32": "A18CE942",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/dc445e2457ed31ab_mbapreq.wxl",
"ssdeep": null,
"size": 2458,
"sha512": "a4b19ebc8bb0d88aba7d3d5783e28f8b6e0960582a540059bc71076b1203bf43bca15ea726272d15395c7b4e431046ada1cbb9d55072bbc5dbe7729c4599f0e0",
"pids": [
2872
],
"md5": "cc8c6d04dc707b38e0f0c08ba16fe49b"
},
{
"yara": [],
"sha1": "c99056d46fe51ffe56b7081aceae4af094c9a9eb",
"name": "b0af85326408d65e_plariumplaycore.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\PlariumPlayCore.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "b0af85326408d65e9129aa39fe3c87742dd1581d81c77810bbf95f9090f4110d",
"urls": [],
"crc32": "A106D2F2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/b0af85326408d65e_plariumplaycore.dll",
"ssdeep": null,
"size": 6656,
"sha512": "9e2353033fa478ea5cb456cf1248441a9d08c7631e666ecbc85868c519a8525464a01ca56b386a8562b683dbf8068ef4c73b635dd51adfe78aff85ea4a7c6a85",
"pids": [
2872
],
"md5": "99d944412d095a56c1776ed5476d1058"
},
{
"yara": [],
"sha1": "f4ba6a3b3f2081f7b47261c11c046b56bd090b6c",
"name": "a5de1eccf414fc36_plarium_play_20191204211306.log",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\Plarium_Play_20191204211306.log",
"type": "ASCII text, with CRLF line terminators",
"sha256": "a5de1eccf414fc36af88e17fca0b4b43ef2a63f0e1485c0b268314b79dc06cc1",
"urls": [],
"crc32": "28A347C1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/a5de1eccf414fc36_plarium_play_20191204211306.log",
"ssdeep": null,
"size": 2161,
"sha512": "1ceff7114ff3d6f274d7ab3d9c4c4a6d447aa8440e19ab554cfa387a301d3d46705fd1ad386bf6a5e61587427a1ce7563ec3fe73b9fb275859405394a896ffda",
"pids": [
2872
],
"md5": "75f544bd26631f2879038d9763e24119"
},
{
"yara": [],
"sha1": "83b42f9d7307265a108fc339d0460d36b66a8b94",
"name": "b7d9528f29761c82_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1035\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "b7d9528f29761c82c3d926efe5e0d5036a0e0d83eb4cca7282846c86a9d6f9f3",
"urls": [],
"crc32": "52CA6338",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/b7d9528f29761c82_mbapreq.wxl",
"ssdeep": null,
"size": 2235,
"sha512": "f7be923dc2856e0941d0669e2de5a5c307c98dc7eba0a1b68728eb29c95b4625145c2ad3ac6f6b6d82f062887ea349e2187f1f91785dde5a5083bc1150e56326",
"pids": [
2872
],
"md5": "e338408f1101499eb22507a3451f7b06"
},
{
"yara": [],
"sha1": "0d223c72c2a4dc9907bb25b1ca37f4aa2a49eea7",
"name": "9e5463b62022f5c8_setupwpf.dll",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\SetupWPF.dll",
"type": "PE32 executable (DLL) (console) Intel 80386 Mono\/.Net assembly, for MS Windows",
"sha256": "9e5463b62022f5c89041cf4164ea0908ebf24dbfcc8aaf73ba8457e4921dde50",
"urls": [
"https:\/\/plarium.com\/desktop\/api\/entities\/gameSupportedPlatform",
"https:\/\/desktop.plarium.com",
"http:\/\/schemas.openxmlformats.org\/markup-compatibility\/2006",
"https:\/\/tracker.x-plarium.com\/tracker\/canvas.ashx",
"http:\/\/plarium.com\/desktop\/api\/entities\/game_server",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"https:\/\/plarium.com\/desktop\/api\/entities\/gamesContent",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "F8DF0D35",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/9e5463b62022f5c8_setupwpf.dll",
"ssdeep": null,
"size": 416768,
"sha512": "f2b1f365eabe661224095e74dc6d23f724c4e08e8868f427907a98e05991b6edfab65e1156ae9db32ecd62baf5fdd40ddf26df6772d1d1f723e592f1b4908b7a",
"pids": [
2872
],
"md5": "fff804c0ed12946c194019b02f6b284c"
},
{
"yara": [],
"sha1": "688b8a109688d3ea483548f29de2e57a8a56c868",
"name": "ecb5c22e6c2423ca_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1046\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "ecb5c22e6c2423caf07aebe69f4faf22450164eee9587b64ef45a2d7f658ca15",
"urls": [],
"crc32": "3537066D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/ecb5c22e6c2423ca_mbapreq.wxl",
"ssdeep": null,
"size": 2147,
"sha512": "f2826be203e767d09ff0d7677e1cf5b13113b773d529166dae02a1f5db2dc58e0856a34901df70011ebabb6e964fab7acf38590e650bd629d4e4dc4cb36c8d45",
"pids": [
2872
],
"md5": "bd39adb6b872163fd2d570028e9f3213"
},
{
"yara": [],
"sha1": "7365edf6e4f9e66b6cee47933b6c70ff0b9ecff8",
"name": "e2bfdb2cf3beae2e_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2070\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "e2bfdb2cf3beae2e988827c52c58006d7eead4aba5312b5eae1f6ccf3863c385",
"urls": [],
"crc32": "71AF17B8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/e2bfdb2cf3beae2e_mbapreq.wxl",
"ssdeep": null,
"size": 2211,
"sha512": "88275c1136ffb15ab04d315e8601be2de77387f3e00f17e9807e415a9dfc4a73e2cd3b5710e4ca58006f91e18180d7cfaeef4e8319c624e1b81397f9cb9eca92",
"pids": [
2872
],
"md5": "8a278e519ef81b2847490efb070219bc"
},
{
"yara": [],
"sha1": "3a71d13d4cca06116b111625c90dd1c451ea9228",
"name": "55cf62d54efb7980_mbapreq.wxl",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1038\\mbapreq.wxl",
"type": "XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators",
"sha256": "55cf62d54efb79801a9d94b24b3c9ba221c2465417a068950d40a67c52ba66ef",
"urls": [],
"crc32": "1C38A15D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/55cf62d54efb7980_mbapreq.wxl",
"ssdeep": null,
"size": 2392,
"sha512": "d05008d37143a1cc031f4b6268490a5a10fbb686c86984d20db94843bdc4624ef9651d158dcb5b660fc239c3c3e8d087eb5d23fffb8c4681910cbc376148f0f0",
"pids": [
2872
],
"md5": "17fb605a2f02da203df06f714d1cc6de"
},
{
"yara": [],
"sha1": "92f3a066161a68bcad18087d2cc6b7dc02fe290d",
"name": "3960d068ef2c05e3_plariumplaysetup.exe",
"filepath": "C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.be\\PlariumPlaySetup.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "3960d068ef2c05e3e67f4900176bac46595baf7868efc2f1d274baa48fceeb0f",
"urls": [
"http:\/\/ocsp.godaddy.com\/0",
"http:\/\/crl4.digicert.com\/sha2-assured-ts.crl0",
"http:\/\/certificates.godaddy.com\/repository\/gdig2.crt0",
"http:\/\/certificates.godaddy.com\/repository\/0",
"http:\/\/ocsp.godaddy.com\/05",
"http:\/\/ocsp.digicert.com0O",
"http:\/\/certs.godaddy.com\/repository\/1301",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDRootCA.crl0P",
"http:\/\/cacerts.digicert.com\/DigiCertSHA2AssuredIDTimestampingCA.crt0",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDRootCA.crl0:",
"http:\/\/crl.godaddy.com\/gdroot-g2.crl0F",
"http:\/\/crl.godaddy.com\/gdig2s5-4.crl0",
"http:\/\/cacerts.digicert.com\/DigiCertAssuredIDRootCA.crt0",
"http:\/\/ocsp.digicert.com0C",
"http:\/\/crl3.digicert.com\/sha2-assured-ts.crl02",
"https:\/\/certs.godaddy.com\/repository\/0",
"https:\/\/www.digicert.com\/CPS0"
],
"crc32": "10C1E828",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4042\/files\/3960d068ef2c05e3_plariumplaysetup.exe",
"ssdeep": null,
"size": 1286376,
"sha512": "ac54a568f29e397aab7f21c5dc25246eba96502d0578f3e9b33dc00a386de4d8b8e7d87c060a6a026bc23d56b6de8ce7e0d7db8b370de31b52545fda61af7f8f",
"pids": [
2872
],
"md5": "8b33872bf16201a883bfd8144742b736"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"process_name": "c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"pid": 2816,
"summary": {
"file_created": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin"
],
"directory_created": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\"
],
"dll_loaded": [
"feclient.dll",
"C:\\Windows\\system32\\wininet.dll",
"Cabinet.dll",
"C:\\Windows\\system32\\feclient.dll",
"kernel32.dll",
"C:\\Windows\\system32\\clbcatq.dll",
"kernel32",
"VERSION.dll",
"C:\\Windows\\system32\\AdvApi32.dll",
"api-ms-win-core-fibers-l1-1-1",
"api-ms-win-core-localization-l1-2-1",
"C:\\Windows\\system32\\comres.dll",
"C:\\Windows\\system32\\cabinet.dll",
"C:\\Windows\\system32\\crypt32.dll",
"C:\\Windows\\system32\\msasn1.dll",
"C:\\Windows\\system32\\msi.dll",
"C:\\Windows\\system32\\version.dll",
"C:\\Windows\\system32\\Msi.dll",
"CLBCatQ.DLL",
"api-ms-win-core-synch-l1-2-0"
],
"file_opened": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocServer32",
"HKEY_CURRENT_USER\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\Progid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\TreatAs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID",
"HKEY_CURRENT_USER\\Msxml2.DOMDocument"
],
"command_line": [
"\"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin\" -burn.clean.room=\"C:\\Users\\cuck\\AppData\\Local\\Temp\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin\" -burn.filehandle.attached=192 -burn.filehandle.self=200 "
],
"file_written": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin"
],
"file_exists": [
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\"
],
"guid": [
"{f6d90f11-9c73-11d3-b32e-00c04f990bb4}",
"{2933bf81-7b36-11d2-b20e-00c04f983e60}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only"
]
},
"first_seen": 1575517985.71875,
"ppid": 2016
},
{
"process_path": "C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"process_name": "c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"pid": 2872,
"summary": {
"file_created": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1053\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Plarium_Play_20191204211306.log",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.be\\PlariumPlaySetup.exe",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\Newtonsoft.Json.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\3082\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\PlariumPlayCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\ICSharpCode.SharpZipLib.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\SetupWPF.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\System.Windows.Interactivity.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1051\\mbapreq.wxl"
],
"directory_created": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1060\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1055\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1028\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1043\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1041\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1038\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1051\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1045\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1036\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1053\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1035\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1031\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\3082\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1049\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2052\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1042\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1029\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1040\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1046\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1044\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.be",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1032\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2070\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1030\\"
],
"dll_loaded": [
"kernel32",
"api-ms-win-core-localization-l1-2-1",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"api-ms-win-core-synch-l1-2-0",
"C:\\Windows\\system32\\uxtheme.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.dll",
"OLEAUT32.DLL",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\bafunctions.dll",
"WindowsCodecs.dll",
"CLBCatQ.DLL",
"comctl32.dll",
"feclient.dll",
"VERSION.dll",
"C:\\Windows\\system32\\AdvApi32.dll",
"api-ms-win-core-fibers-l1-1-1",
"msi.dll",
"C:\\Windows\\system32\\Msi.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbahost.dll",
"Cabinet.dll"
],
"file_opened": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{1C739C66-B81A-4C16-8BAE-2F0F0E91B0AC}\\.cr\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946.bin",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_CURRENT_USER\\Software\\Classes\\Installer\\Dependencies\\{C366F7F8-D15D-4763-A451-A3F34C7EAA13}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\8F7F663CD51D36744A153A3FC4E7AA31",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-21-699399860-4089948139-3198924279-1001\\Products\\8F7F663CD51D36744A153A3FC4E7AA31\\InstallProperties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\03E4682133BAFEC4EB5EB88954E0FA2E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\8F7F663CD51D36744A153A3FC4E7AA31",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_CURRENT_USER\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX",
"HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent",
"HKEY_CURRENT_USER\\Software\\Classes\\Installer\\Dependencies\\{2937dde6-33d4-412d-a45f-89538c3130f8}\\Dependents\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\03E4682133BAFEC4EB5EB88954E0FA2E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\03E4682133BAFEC4EB5EB88954E0FA2E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Msxml2.DOMDocument",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}.RebootRequired",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\TreatAs",
"HKEY_CURRENT_USER\\Software\\Classes\\Installer\\Dependencies\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData"
],
"file_written": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1055\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1053\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Plarium_Play_20191204211306.log",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1040\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1045\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2052\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.be\\PlariumPlaySetup.exe",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1030\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1041\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\Newtonsoft.Json.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1028\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1046\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\3082\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1042\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1044\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\PlariumPlayCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1049\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\ICSharpCode.SharpZipLib.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1043\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1031\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1029\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1060\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\SetupWPF.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\System.Windows.Interactivity.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\2070\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1036\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1038\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1032\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbahost.dll",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1035\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1051\\mbapreq.wxl"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Package Cache\\{C366F7F8-D15D-4763-A451-A3F34C7EAA13}v5.0.0\\",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\"
],
"guid": [
"{f6d90f11-9c73-11d3-b32e-00c04f990bb4}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{2933bf81-7b36-11d2-b20e-00c04f983e60}",
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}"
],
"file_read": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperCore.config",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\BootstrapperApplicationData.xml",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.png"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleUpgradeCode",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\Com+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Msxml2.DOMDocument\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundleAddonCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager\\BundlePatchCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleDetectCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX\\BundleUpgradeCode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC\\BundleUpgradeCode"
],
"directory_enumerated": [
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\mbapreq.wxl",
"C:\\Users\\cuck\\AppData\\Local\\Package Cache\\{2937dde6-33d4-412d-a45f-89538c3130f8}\\PlariumPlaySetup.exe",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1033\\mbapreq.thm",
"C:\\Windows\\Temp\\{E12936ED-C5E1-4F75-A5E7-7E4C2D9B4EF3}\\.ba\\1033\\mbapreq.wxl"
]
},
"first_seen": 1575517986.046875,
"ppid": 2816
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1575517985.4375,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1575517986.234875,
"tid": 2384,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 952
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "C:\\agent\\_work\\8\\s\\build\\ship\\x86\\burn.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".wixburn",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 17,
"families": [],
"description": "Queries for potentially installed applications",
"severity": 2,
"marks": [
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"options": 0
},
"time": 1575517986.250875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1075
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}.RebootRequired",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}.RebootRequired",
"options": 0
},
"time": 1575517986.250875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1076
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2937dde6-33d4-412d-a45f-89538c3130f8}",
"options": 0
},
"time": 1575517986.250875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1077
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000002",
"key_handle": "0x00000194",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1479
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook",
"regkey_r": "AddressBook",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1483
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager",
"regkey_r": "Connection Manager",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1490
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx",
"regkey_r": "DirectDrawEx",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1497
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore",
"regkey_r": "Fontcore",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1504
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40",
"regkey_r": "IE40",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1511
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data",
"regkey_r": "IE4Data",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1518
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX",
"regkey_r": "IE5BAKEX",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1525
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData",
"regkey_r": "IEData",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1532
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack",
"regkey_r": "MobileOptionPack",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1539
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"regkey_r": "Mozilla Firefox 60.0.2 (x86 sv-SE)",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1546
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent",
"regkey_r": "SchedulingAgent",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1553
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x00000194",
"key_handle": "0x0000019c",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC",
"regkey_r": "WIC",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1560
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"regkey_r": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"options": 0
},
"time": 1575517986.312875,
"tid": 1480,
"flags": {}
},
"pid": 2872,
"type": "call",
"cid": 1568
}
],
"references": [],
"name": "queries_programs"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.07817006111145,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5226,
"time": 9.062757015228271,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7070,
"time": 3.0366151332855225,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7398,
"time": 1.0170390605926514,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7726,
"time": 3.0472500324249268,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8054,
"time": 1.6434919834136963,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8382,
"time": -0.09720993041992188,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8710,
"time": 1.5794999599456787,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28120,
"time": 1.0469739437103271,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36504,
"time": 3.1246140003204346,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "4162aa60477bdd3a049455ea3d3242caec5c750d53df09f469922b2ffe1b1a80",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "efbf1214a1334d7086739a17eddcece7bdcdb5b11eec70b3261fd000eeb5f29c",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | cb8f71e251fbcfae933d25236cd8ab42 |
| SHA256 | c88ee0de2fe2b293a7761bd57561b31fff79c7795aa2f51844a45fac4c77c946 |
Error Messages
These are some of the error messages that can appear related to plariumplaysetup.exe:
plariumplaysetup.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
plariumplaysetup.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
Plarium Play has stopped working.
End Program - plariumplaysetup.exe. This program is not responding.
plariumplaysetup.exe is not a valid Win32 application.
plariumplaysetup.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
What did other users do?
The poll result listed below shows what users chose to do with the file. 67% have voted for removal. Based on votes from 3 users.
NOTE: Please do not use this poll as the only source of input to determine what you will do with the file. Only 3 users has voted so far so it does not offer a high degree of confidence.
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.