This detection rule targets the execution of UltraViewer, a remote access tool developed by DucFabulous Co, Ltd. Adversaries often exploit legitimate remote access applications like UltraViewer to establish control over target systems, as these tools can bypass security restrictions under the guise of legitimate technical support usage. This rule aims to identify unauthorized or suspicious instances of UltraViewer being executed in a Windows environment by monitoring process creation events. The selection criteria focus on the specific product name and original file name to filter out legitimate uses versus potential malicious activity. Users and administrators should be cognizant of this rule since successful detection can help prevent unauthorized access and manipulation of systems through established remote access. It's crucial to monitor such tools as they can easily blend with normal operations, thereby leading to undetected exploitation.