Technical Information
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\Cleaner" /XML "%TEMP%\1559959749.xml"
- '<SYSTEM32>\schtasks.exe' /Delete /TN "Update\Cleaner" /F
- %TEMP%\1559959749.xml
- %TEMP%\1559959749.xml
- from <Full path to file> to %APPDATA%\Cleaner\mobilizer.exe
- 'ja######erver.duckdns.org':15001
- DNS ASK ja######erver.duckdns.org