Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7AD0407F.EXE' = '%WINDIR%\7AD0407F.EXE'
- '<SYSTEM32>\ipconfig.exe' /flushdns
- '<SYSTEM32>\cmd.exe' /c ipconfig/flushdns
- %WINDIR%\7AD0407F.EXE
- 'lo###.heihuo.net':1109
- DNS ASK lo###.heihuo.net