Technical Information
- [<HKCU>\Software\Classes\paxera\shell\open\command] '' = '"%LOCALAPPDATA%\UltimaPlugin\UltimaPlugin.exe" "%1"'
- %LOCALAPPDATA%\ultimaplugin\ultimaplugin.exe
- %TEMP%\tmp7aad.tmp
- %TEMP%\tmp7acd.tmp
- %ALLUSERSPROFILE%\microsoft\crypto\rsa\machinekeys\ccde78e4c888784b4357a8ad33bbee1a_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %LOCALAPPDATA%\ultimaplugin\log\launcher_08062021.log
- %TEMP%\tmp7aad.tmp
- %TEMP%\tmp7acd.tmp
- 'microsoft.com':80
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\netsh.exe' http add urlacl https://127.0.0.1:37156/ user=Everyone
- '%WINDIR%\syswow64\netsh.exe' http add sslcert ipport=127.0.0.1:37156 certhash=06711CAB127422B96DFDC452ACD1CEA14423AB4C appid={ab619502-40f7-4b18-834a-643a026446ef}