Technical Information
- <SYSTEM32>\tasks\limerat-admin
- %APPDATA%\roaming\qq corporation\webkit\qqbrowser.exe
- <Full path to file>
- %APPDATA%\roaming\qq corporation\webkit\qqbrowser.exe
- '%APPDATA%\roaming\qq corporation\webkit\qqbrowser.exe'
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%APPDATA%\Roaming\QQ Corporation\WebKit\QQBrowser.exe'"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'%APPDATA%\Roaming\QQ Corporation\WebKit\QQBrowser.exe'"