Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUPD64' = '%APPDATA%\hsuched.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSUPD64' = '<Full path to file>'
- '%APPDATA%\hsuched.exe'
- %TEMP%\2.tmp
- %APPDATA%\hsuched.exe
- %TEMP%\1.tmp
- %APPDATA%\hsuched.exe
- %APPDATA%\hsuched.exe
- %TEMP%\2.tmp
- %TEMP%\1.tmp
- 'ss#.##afablack.com':443
- 'ss#.##afablack.com':80
- http://ss#.##afablack.com/0000/a149312.asp
- DNS ASK ss#.##afablack.com