Technical Information
- %WINDIR%\tasks\xjwla.job
- <SYSTEM32>\tasks\xjwla
- %PROGRAMDATA%\rlew\xjwla.exe
- 'bo#####swarfaces.com':4035
- DNS ASK bo#####swarfaces.com
- '%PROGRAMDATA%\rlew\xjwla.exe' start
- '%PROGRAMDATA%\rlew\xjwla.exe' start' (with hidden window)