Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows Automated Update' = '<SYSTEM32>\BullMoose.exe'
- <SYSTEM32>\BullMoose.exe
- <SYSTEM32>\winkrnl.exe
- <SYSTEM32>\BullMoose.exe
- <SYSTEM32>\winkrnl.exe
- '61.##5.158.167':4444
- '79.##.209.100':4444
- '12#.#08.52.169':4444
- '45.##.191.165':4444
- '46.##4.200.108':4444
- '5.###.221.149':4444
- '12#.#4.170.201':4444
- '22#.#42.85.13':4444
- '93.##.165.84':4444
- ClassName: 'ConsoleWindowClass' WindowName: ''