Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'ctfmon' = 'RUNDLL32.EXE <SYSTEM32>\fgjk4wvb.dll,w'
- %WINDIR%\syswow64\1126842.system
- <Current directory>\1130898.bat
- from %WINDIR%\syswow64\1126842.system to %WINDIR%\syswow64\fgjk4wvb.dll
- ClassName: 'GxWindowClassD3d' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\1130898.BAT" "' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' <SYSTEM32>\fgjk4wvb.dll,w
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\1130898.BAT" "