Technical Information
- %WINDIR%\tasks\uthht.job
- <SYSTEM32>\tasks\uthht
- %PROGRAMDATA%\rwdins\uthht.exe
- 'pz####dvert475.xyz':4044
- DNS ASK pz####dvert475.xyz
- '%PROGRAMDATA%\rwdins\uthht.exe' start
- '%PROGRAMDATA%\rwdins\uthht.exe' start' (with hidden window)