Analysis
-
max time kernel
149s -
max time network
123s -
platform
macos-10.15_amd64 -
resource
macos-20240711.1-en -
resource tags
arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
06-10-2024 18:35
Behavioral task
behavioral1
Sample
2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe
Resource
macos-20240711.1-en
General
-
Target
2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe
-
Size
190KB
-
MD5
60c0e2d9f14a67484b91d176bc2daa6d
-
SHA1
e612dfdf488c29ee5d750876770c37e85ca5d7e8
-
SHA256
c653791f990931bd6dfb712b8df116f0550ce8cfb059f8ec15eb1592de996c51
-
SHA512
0589f1146713455af77dde1a998e54e052fe6a777c0ee56dd9db8da2e5526be237cd471b7822a96e3878c5c72a00f0e515efe455aaa8fe31b1c626a16f9ca1c1
-
SSDEEP
3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9Uk0p2Dn5km:5SeOQdaZNxtk8cqhSxvHY9UV2Dn5km
Malware Config
Signatures
-
Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
-
Launch Daemon 1 TTPs
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
-
AppleScript 1 TTPs 42 IoCs
AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.
Processes:
ioc process osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" -
Resource Forking 1 TTPs 2 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes:
ioc process /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck -
Launchctl 1 TTPs 64 IoCs
Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.
Processes:
ioc process sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe\""1⤵PID:486
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe\""1⤵PID:486
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe1⤵PID:486
-
/bin/zsh/bin/zsh -c /Users/run/2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe2⤵PID:487
-
-
/Users/run/2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe/Users/run/2024-10-06_60c0e2d9f14a67484b91d176bc2daa6d_adload_evilquest_rekoobe2⤵PID:487
-
-
/usr/libexec/pkreporter/usr/libexec/pkreporter1⤵PID:474
-
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd1⤵PID:473
-
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer1⤵PID:475
-
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"1⤵PID:471
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck1⤵PID:476
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:488
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:488
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:488
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:514
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:514
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:514
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.authtrampoline1⤵PID:515
-
/System/Library/Frameworks/Security.framework/authtrampoline/System/Library/Frameworks/Security.framework/authtrampoline1⤵PID:515
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:516
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:516
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵PID:516
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:517
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:517
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:520
-
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:518
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:518
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:518
-
/bin/sh/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:519
-
/bin/bash/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:519
-
/bin/launchctllaunchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵PID:519
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:521
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:521
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:521
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:523
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:523
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:523
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:524
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:524
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:524
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:525
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:525
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:525
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:526
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:526
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:526
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:527
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:527
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:528
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:529
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:529
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:529
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:530
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:530
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:530
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:531
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:531
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:531
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:532
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:532
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:532
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:533
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:533
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:533
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:542
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:542
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:543
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:544
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:544
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:544
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:545
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:547
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:547
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:548
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:549
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:549
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:549
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:550
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:550
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:550
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:551
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:551
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:551
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:552
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:552
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:552
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:553
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:553
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:553
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:556
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:556
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:557
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:558
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:558
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:558
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:560
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:561
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:561
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:562
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:563
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:563
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:563
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:564
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:566
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:566
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:567
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:568
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:568
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:568
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:569
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:569
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:569
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:570
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:570
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:570
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:571
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:571
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:571
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:572
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:572
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:572
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:573
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:573
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:573
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:574
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:574
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵PID:574
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:575
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:575
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:575
-
/bin/sh/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:576
-
/bin/bash/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:576
-
/bin/launchctllaunchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵PID:576
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:577
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:577
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:578
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:579
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:579
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:579
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:580
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:580
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:581
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:582
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:582
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:582
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:583
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:583
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:583
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:584
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:584
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:584
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:585
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:585
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:585
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:586
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:586
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:586
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:589
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:589
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:590
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:594
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:594
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:594
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:595
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:596
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:596
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:597
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:598
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:598
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:598
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:599
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:599
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:599
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:600
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:600
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:600
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:601
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:601
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:601
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:603
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:603
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:603
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:604
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:604
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:605
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:606
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:606
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:606
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:607
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:607
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:607
-
/bin/sh/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:608
-
/bin/bash/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:608
-
/bin/launchctllaunchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:608
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:609
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:609
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:609
-
/bin/sh/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:610
-
/bin/bash/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:610
-
/bin/launchctllaunchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:610
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:611
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:611
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:612
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:613
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:613
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:613
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:614
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:615
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:615
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:616
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:617
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:617
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:617
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:618
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:619
-
/usr/bin/sudosudo /Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:619
-
/Library/osxmobiledata/com.apple.afsvcpd/Library/osxmobiledata/com.apple.afsvcpd --silent2⤵PID:620
-