Technical Information
- %WINDIR%\tasks\bnalwi.job
- <SYSTEM32>\tasks\bnalwi
- %ALLUSERSPROFILE%\swnsjo\bnalwi.exe
- 'as###d08.com':4039
- DNS ASK as###d08.com
- '%ALLUSERSPROFILE%\swnsjo\bnalwi.exe' start
- '%ALLUSERSPROFILE%\swnsjo\bnalwi.exe' start' (with hidden window)