Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cccec5cdcdccd48fc4d9c4' = '%HOMEPATH%\llmu.exe'
- from <Full path to virus> to %HOMEPATH%\llmu.exe
- DNS ASK ap##.#insoft1.com
- DNS ASK p2.##nsoft1.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: ''