Technical Information
- [<HKLM>\Software\Classes\paxera\shell\open\command] '' = '"%ALLUSERSPROFILE%\UltimaPlugin\UltimaPlugin.exe" "%1"'
- %ALLUSERSPROFILE%\ultimaplugin\ultimaplugin.exe.config
- %ALLUSERSPROFILE%\ultimaplugin\ultimaplugin.exe
- %TEMP%\tmpaae1.tmp
- %TEMP%\tmpab01.tmp
- %ALLUSERSPROFILE%\microsoft\crypto\rsa\machinekeys\ccde78e4c888784b4357a8ad33bbee1a_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\ultimaplugin\log\_http_05112020.log
- %APPDATA%\ultimaplugin\log\_https_05112020.log
- %TEMP%\tmpaae1.tmp
- %TEMP%\tmpab01.tmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK microsoft.com
- DNS ASK oc##.thawte.com
- DNS ASK st####.rapidssl.com
- '%WINDIR%\syswow64\netsh.exe' http add urlacl https://127.0.0.1:37156/ user=Everyone
- '%WINDIR%\syswow64\netsh.exe' http add sslcert ipport=127.0.0.1:37156 certhash=06711CAB127422B96DFDC452ACD1CEA14423AB4C appid={ab619502-40f7-4b18-834a-643a026446ef}