Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- %TEMP%\<File name>.lnk
Modifies file system
Creates the following files
- %TEMP%\has us policy toward the palestinian cause changed .pdf
- %LOCALAPPDATA%low\adobe\acrobat\11.0\assets\assets-210812114537z-29910
- %LOCALAPPDATA%low\adobe\acrobat\11.0\assets\assets-210812114537z-29898
- %TEMP%\a9r50d7.tmp
- %LOCALAPPDATA%low\adobe\acrobat\11.0\assets\assets-210812114536z-29883
- %TEMP%\a9r50d6.tmp
- %LOCALAPPDATA%low\adobe\acrobat\11.0\assets\assets-210812114536z-29868
- %TEMP%\a9r50d5.tmp
- %LOCALAPPDATA%low\adobe\acrobat\11.0\assets\assets-210812114535z-29853
- %TEMP%\a9r50d4.tmp
- %LOCALAPPDATA%low\adobe\acrobat\11.0\assets\assets-210812114534z-29824
- %TEMP%\a9r50d3.tmp
- %LOCALAPPDATA%low\adobe\acrobat\11.0\assets\assets-210812114534z-29806
- %TEMP%\a9r50d2.tmp
- %TEMP%\a9r50d1.tmp
- %TEMP%\a9r50d0.tmp
- %APPDATA%\dsfjj45k.tmp
- %TEMP%\<File name>.lnk
Network activity
Connects to
- 'kr####nthomas.work':443
- 'kr####nthomas.work':80
TCP
HTTP POST requests
- http://kr####nthomas.work/hx3FByTR5o3zNZYD/sYkaiHz0Mse13C79dy1I/Bbf0VKK5GZjWAo2phPwe
Other
- 'kr####nthomas.work':443
UDP
- DNS ASK kr####nthomas.work
Miscellaneous
Executes the following
- '%ProgramFiles%\adobe\reader 11.0\reader\acrord32.exe' "%TEMP%\Has US policy toward the Palestinian cause changed .pdf"
