Technical Information
- <SYSTEM32>\tasks\service8
- %APPDATA%\system8\system8.exe
- %APPDATA%\system8\id
- http://ip.##ysrc.net/plain/clientip
- http://92.##2.40.129/5/73394e865938e2ba39f65b87cce70af0/10000/neohex/95.211.190.199
- http://92.##2.40.129/4/73394e865938e2ba39f65b87cce70af0/2/neohex
- http://92.##2.40.129/1/73394e865938e2ba39f65b87cce70af0/neohex
- DNS ASK ip.##ysrc.net
- '%APPDATA%\system8\system8.exe' "<Full path to file>"
- '%APPDATA%\system8\system8.exe'
- '%APPDATA%\system8\system8.exe' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {A994E418-4685-4947-BE64-7A0D2116D8B8} S-1-5-21-1960123792-2022915161-3775307078-1001:hrokdozwmw\user:Interactive:[1]