Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\utcsvc.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\utcsvc.exe' = '%TEMP%\utcsvc.exe:*:Enabled:utcsvc.exe'
- '%TEMP%\is-U4U30.tmp\SHAREit-KCWEB.tmp' /SL5="$40092,5991718,384512,%TEMP%\SHAREit-KCWEB.exe"
- '%TEMP%\SHAREit-KCWEB.exe'
- '%TEMP%\utcsvc.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\utcsvc.exe" "utcsvc.exe" ENABLE
- %TEMP%\SHAREit-KCWEB.exe
- %TEMP%\Setup Log 2017-08-16 #001.txt
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\utcsvc.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'an######xhacker.ddns.net':5552
- DNS ASK an######xhacker.ddns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''