evilquest | bcdb0ca7c51e9de4cf6c5c346fd28a4ed28e692319177c8a94c86dc676ee8e48

General

Target

089
Size

111KB
MD5

4cc38bfe7fa5515d34cfb832e99b642a
SHA1

31190bd9c8acb4bf014e0dfc76fd7ea20c6a4cbb
SHA256

bcdb0ca7c51e9de4cf6c5c346fd28a4ed28e692319177c8a94c86dc676ee8e48
SHA512

c9a0dad10c1d3dc8978f0f8679504a5577f46d0ecb15f9c184ae8aa50273a22aa9563eb225b7bfaf0c5eb0595266d52121f7ae444ae5177842fb6080fb08941b
SSDEEP

1536:hlf+osue27mi//J45HOWBovfiJ3765Z2wg:hlfvs72fZ4xO7HiJ37Xwg

Score

10^/10

evilquest backdoor execution persistence

Malware Config

Signatures

EvilQuest
EvilQuest family.
backdoor evilquest

EvilQuest payload 1 IoCs

Processes:

resource	yara_rule
/Library/osxmobiledata/com.apple.axsvcpd	family_evilquest

Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
persistence

Launch Agent
T1543.001
Launch Daemon 1 TTPs
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
persistence

Launch Daemon
T1543.004

AppleScript 1 TTPs 64 IoCs

AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.

execution

AppleScript

T1059.002

Processes:

ioc	process
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"

Launchctl 1 TTPs 64 IoCs

Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.

execution

Launchctl

T1569.001

Processes:

ioc	process
launchctl start axsvcpd
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
launchctl start axsvcpd
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
launchctl start axsvcpd
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
launchctl start axsvcpd
launchctl start axsvcpd
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
launchctl start axsvcpd
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
launchctl start axsvcpd
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
launchctl start axsvcpd
launchctl start axsvcpd
launchctl start axsvcpd
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
launchctl start axsvcpd
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
launchctl start axsvcpd
launchctl start axsvcpd
launchctl start axsvcpd
launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
launchctl start axsvcpd
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkd
1⤵
PID:569

/usr/libexec/pkd
/usr/libexec/pkd
1⤵
PID:569

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/089\""
1⤵
PID:572

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/089\""
1⤵
PID:572

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/089
1⤵
PID:572
- /bin/zsh
  /bin/zsh -c /Users/run/089
  2⤵
  PID:573
- /Users/run/089
  /Users/run/089
  2⤵
  PID:573

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:574

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:574

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:595

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:595

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:597

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:597

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:597

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authtrampoline
1⤵
PID:598

/System/Library/Frameworks/Security.framework/authtrampoline
/System/Library/Frameworks/Security.framework/authtrampoline
1⤵
PID:598

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:599

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:599
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:600
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:602

/usr/libexec/xpcproxy
xpcproxy axsvcpd
1⤵
PID:601

/Users/run/Library/osxmobiledata/com.apple.axsvcpd
/Users/run/Library/osxmobiledata/com.apple.axsvcpd --silent
1⤵
PID:601

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:603

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:603

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:603

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:604

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:604

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:604

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:605

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:605
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:606
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:607

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:608

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:608

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:608

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:609

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:609
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:610
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:611

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:612

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:612

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:612

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:613

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:613
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:614
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:615

/usr/libexec/xpcproxy
xpcproxy com.apple.icloud.findmydeviced
1⤵
PID:616

/usr/libexec/findmydeviced
/usr/libexec/findmydeviced
1⤵
PID:616

/usr/libexec/xpcproxy
xpcproxy com.apple.suggestd
1⤵
PID:624

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
1⤵
PID:624

/usr/bin/pluginkit
/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
1⤵
PID:625

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app
1⤵
PID:626

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:631

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:631

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:631

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:632

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:632
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:633
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:634

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:635

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:635

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:635

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:636

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:636
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:637
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:638

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:639

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:639

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:639

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:640

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:640
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:641
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:642

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:643

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:643

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:643

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:644

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:644
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:645
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:646

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:647

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:647

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:647

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:648

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:648
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:649
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:650

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:651

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:651

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:651

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:652

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:652
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:653
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:654

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:655

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:655

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:655

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:656

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:656
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:657
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:658

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:659

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:659

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:659

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:660

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:660
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:661
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:662

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:663

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:663

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:663

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:664

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:664
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:665
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:666

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:667

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:667

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:667

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:668

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:668
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:669
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:670

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:671

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:671

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:671

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:672

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:672
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:673
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:674

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:675

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:675

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:675

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:676

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:676
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:677
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:678

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:679

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:679

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:679

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:680

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:680
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:681
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:682

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:683

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:683

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:683

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:684

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:684
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:685
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:686

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:687

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:687

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:687

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:688

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:688
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:689
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:690

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:691

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:691

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:691

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:692

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:692
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:693
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:694

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:695

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:695

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:695

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:696

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:696
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:697
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:698

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:699

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:699

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:699

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:700

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:700
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:701
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:702

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:703

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:703

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:703

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:704

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:704
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:705
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:706

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:707

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:707

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:707

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:708

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:708
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:709
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:710

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:711

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:711

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:711

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:712

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:712
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:713
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:714

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:715

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:715

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:715

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:716

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:716
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:717
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:718

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:719

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:719

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:719

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:720

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:720
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:721
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:722

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:723

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:723

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:723

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:724

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:724
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:725
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:726

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:727

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:727

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:727

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:728

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:728
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:729
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:730

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:731

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:731

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:731

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:732

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:732
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:733
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:734

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:735

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:735

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:735

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:736

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:736
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:737
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:738

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:739

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:739

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:739

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:740

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:740
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:741
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:742

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:743

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:743

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:743

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:744

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:744
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:745
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:746

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:747

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:747

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:747

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:748

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:748
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:749
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:750

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:751

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:751

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:751

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:752

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:752
- /bin/launchctl
  launchctl load -w /Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist
  2⤵
  PID:753
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:754

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:755

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:755

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:755

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:756

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:756
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:757
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:758

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:759

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\\\" with administrator privileges\""
1⤵
PID:759

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd\" with administrator privileges"
1⤵
PID:759

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:760

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist;launchctl start axsvcpd"
1⤵
PID:760
- /bin/launchctl
  launchctl load -w /Library/LaunchDaemons/com.apple.axsvcpd.plist
  2⤵
  PID:761
- /bin/launchctl
  launchctl start axsvcpd
  2⤵
  PID:762

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

AppleScript

1

T1059.002

System Services

1

T1569

Launchctl

1

T1569.001

Persistence

Create or Modify System Process

2

T1543

Launch Agent

1

T1543.001

Launch Daemon

1

T1543.004

Privilege Escalation

Create or Modify System Process

2

T1543

Launch Agent

1

T1543.001

Launch Daemon

1

T1543.004

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/LaunchDaemons/com.apple.axsvcpd.plist

Filesize
442B

MD5
4ee1c8dfba0a4448a77b50c7df5ecfaf

SHA1
bce492e35c191a9814d8619af3c502b4d10c84a0

SHA256
718a98714954ca1560f7c06fe2e76bdd4e0750a7663c7a79a09aadc0f7d1516e

SHA512
d8b93b7b9c5524d324341abd05e31792ea8e1c9a7bdf53bfa1192cb0f4e439b961cb3e2871e82182746580602964785ec64ec6de1ea982dcea536d84e97000dc

Download Submit
/Library/osxmobiledata/com.apple.axsvcpd

Filesize
111KB

MD5
4cc38bfe7fa5515d34cfb832e99b642a

SHA1
31190bd9c8acb4bf014e0dfc76fd7ea20c6a4cbb

SHA256
bcdb0ca7c51e9de4cf6c5c346fd28a4ed28e692319177c8a94c86dc676ee8e48

SHA512
c9a0dad10c1d3dc8978f0f8679504a5577f46d0ecb15f9c184ae8aa50273a22aa9563eb225b7bfaf0c5eb0595266d52121f7ae444ae5177842fb6080fb08941b

Download Submit
/Users/run/Library/LaunchAgents/com.apple.axsvcpd.plist

Filesize
430B

MD5
280eff8c8adf614e074b6178fbad6077

SHA1
38ca4eed6e9c6401ed23c2e05d6fbb31ba19f1d7

SHA256
ca17f51a72d077cfd1becc0afd5ad887be203d145cf3d626c7679f3fa8d7438f

SHA512
2f06ba794dc21bbfef6e6cce8e0fa4e3efd74f18a67dc4e6894f8a1c24c496c10acccebd6708dc7d169657d95c7e08ca9a67db7ae41be8de7eaad81cd227c9c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads