Technical Information
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\cmd.exe' /C start %WINDIR%\inacfh.exe Wndgfkujpqzogq
- '%WINDIR%\inacfh.exe' Wndgfkujpqzogq
- %WINDIR%\inacfh.exe
- <SYSTEM32>\cmd.exe
- 'sc.##woshou.com':8090
- 'ap#.##woshou.com':80
- DNS ASK sc.##woshou.com
- DNS ASK ap#.##woshou.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Wndgfkujpqzogq' WindowName: ''