Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Node32 Service Application' = '%APPDATA%\Microsoft\websocket\cow.exe'
- %APPDATA%\microsoft\websocket\cow.exe
- %APPDATA%\microsoft\websocket\watcher.exe
- %APPDATA%\microsoft\websocket\cow.exe
- http://de####.b3sunucu.com/veri.php
- http://21#.#38.167.175/Watcher.exe
- http://21#.#38.167.175/node32.exe
- DNS ASK de####.b3sunucu.com
- ClassName: 'OSKMainClass' WindowName: ''
- '%APPDATA%\microsoft\websocket\cow.exe'