Technical Information
- <SYSTEM32>\tasks\windowshelp
- %ALLUSERSPROFILE%\usos\iexplorer.exe
- %ALLUSERSPROFILE%\usos\iexplorer.exe
- 'ba##u.com':80
- '47.##8.224.151':443
- http://www.ba##u.com/
- DNS ASK ba##u.com
- '%ALLUSERSPROFILE%\usos\iexplorer.exe'
- '%ALLUSERSPROFILE%\usos\iexplorer.exe' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {B32CA6C4-A6B3-4C20-AE0D-46FC5A7B5F7C} S-1-5-21-1960123792-2022915161-3775307078-1001:iknytwsc\user:Interactive:[1]