Technical Information
- <SYSTEM32>\dllcache\midimap.dll with <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll with <SYSTEM32>\midimap.dll
- '<SYSTEM32>\sc.exe' delete cryptsvc
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- <SYSTEM32>\ksuser.dll
- <SYSTEM32>\dllcache\ksuser.dll
- <SYSTEM32>\sysapp2.dll
- <SYSTEM32>\chinasougou.ime
- <SYSTEM32>\yumidimap.dll
- <SYSTEM32>\dllcache\midimap.dll
- <SYSTEM32>\midimap.dll
- from <Full path to virus> to C:\RECYCLER\198078.tmp
- ClassName: 'CicLoaderWndClass' WindowName: '(null)'