1b1a5e7c4eb79c5cd1cf12d8423414d0c4976990e1e66478eb4fdf7889e013b0

Analysis

max time kernel
148s
max time network
102s
platform
macos-10.15_amd64
resource
macos-20241106-en
resource tags

arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
30-12-2024 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_06c7a4b1902ab8a65cd64e9cf671c292_adload_evilquest_rekoobe
Size

177KB
MD5

06c7a4b1902ab8a65cd64e9cf671c292
SHA1

8efeb70c652323c067014f30a7e3a9653abc9ea3
SHA256

1b1a5e7c4eb79c5cd1cf12d8423414d0c4976990e1e66478eb4fdf7889e013b0
SHA512

fca40988b077b106320604e09e0e652b55ca5d1e7742de47b118b34626896be985c7aab30d9246c1028033ade05338a9dabea5642b4920a2aa149554ef49f4f2
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9M60k:5SeOQdaZNxtk8cqhSxvHY9P

Score

5^/10

execution persistence

Malware Config

Signatures

Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
persistence

Launch Agent
T1543.001
Launch Daemon 1 TTPs
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
persistence

Launch Daemon
T1543.004

AppleScript 1 TTPs 37 IoCs

AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.

execution

AppleScript

T1059.002

ioc	Process
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found

Launchctl 1 TTPs 64 IoCs

Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.

execution

Launchctl

T1569.001

ioc	Process
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist	Process not Found
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"	Process not Found
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist	Process not Found
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"	Process not Found
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"	Process not Found
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist	Process not Found
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""	Process not Found
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/2024-12-30_06c7a4b1902ab8a65cd64e9cf671c292_adload_evilquest_rekoobe\""
1⤵
PID:476

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2024-12-30_06c7a4b1902ab8a65cd64e9cf671c292_adload_evilquest_rekoobe\""
1⤵
PID:476

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2024-12-30_06c7a4b1902ab8a65cd64e9cf671c292_adload_evilquest_rekoobe
1⤵
PID:476
- /bin/zsh
  /bin/zsh -c /Users/run/2024-12-30_06c7a4b1902ab8a65cd64e9cf671c292_adload_evilquest_rekoobe
  2⤵
  PID:478
- /Users/run/2024-12-30_06c7a4b1902ab8a65cd64e9cf671c292_adload_evilquest_rekoobe
  /Users/run/2024-12-30_06c7a4b1902ab8a65cd64e9cf671c292_adload_evilquest_rekoobe
  2⤵
  PID:478

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:480

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:480

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:480

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:502

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:502

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:502

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authtrampoline
1⤵
PID:503

/System/Library/Frameworks/Security.framework/authtrampoline
/System/Library/Frameworks/Security.framework/authtrampoline
1⤵
PID:503

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:504

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:504

/bin/launchctl
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:504

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:505

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:505
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:508

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:506

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:506

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:506

/bin/sh
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:507

/bin/bash
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:507

/bin/launchctl
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:507

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:510

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:510

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:510

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:512

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:512
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:513

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:514

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:514

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:514

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:515

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:515

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:515

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:516

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:516

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:516

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:517

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:517

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:517

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:518

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:518

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:518

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:519

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:519
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:520

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:521

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:521

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:521

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:523

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:523
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:524

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:525

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:525

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:525

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:526

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:526

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:526

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:527

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:527

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:527

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:528

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:528

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:528

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:529

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:529

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:529

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:530

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:530

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:530

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:531

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:531

/bin/launchctl
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:531

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:532

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:532

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:532

/bin/sh
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:533

/bin/bash
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:533

/bin/launchctl
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:534

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:534
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:535

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:536

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:536

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:536

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:538

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:538
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:539

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:540

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:540

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:540

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:542

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:542
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:543

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:544

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:544

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:544

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:546

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:546
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:547

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:548

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:548

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:548

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:549

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:549

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:549

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:550

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:550

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:550

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:551

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:551

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:551

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:552

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:552

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:553

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:553
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:554

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:555

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:555

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:555

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:556

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:556

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:556

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:557

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:557

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:557

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:558

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:558

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:558

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:559

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:559

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:560

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:560
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:561

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:562

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:562

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:562

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:563

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:563

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:563

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:564

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:564

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:564

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:565

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:565

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:565

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:566

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:566

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:567

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:567
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:568

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:569

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:569

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:569

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:571

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:571
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:572

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:573

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:573

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:573

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:574

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:574
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:575

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:576

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:576

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:577

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:577
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:578

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:579

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:579

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:579

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:580

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:580

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:580

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:581

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:581

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:581

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:582

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:582

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:582

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:583

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:583

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:584

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:584
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:585