Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'atiupdate' = '<SYSTEM32>\msshed32.exe'
- <SYSTEM32>\msshed32.exe
- 'ma###.cafreedom.com':80
- ma###.cafreedom.com/money/askcb2.php?us#####################################
- DNS ASK ma###.cafreedom.com
- ClassName: 'Indicator' WindowName: '(null)'