{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Thu Feb 19 13:49:32 2026 UTC","unixTime":1771508972,"epoch":0,"counter":691,"numerics":false,"columns":{"cdhash":"10687c02a15e39d180ced1d60ea52e3ed649ac01","child_pid":"","cmdline":"defaults delete com.apple.loginwindow LoginHook ","cmdline_count":"4","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"TERM=xterm-256color SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities LANG=en_US.UTF-8 HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LC_TERMINAL=iTerm2 COLORTERM=truecolor LOGNAME=root USER=root SHELL=/bin/sh \"SUDO_COMMAND=/usr/bin/defaults delete com.apple.loginwindow LoginHook\" SUDO_USER=root SUDO_UID=0 SUDO_GID=0 ","env_count":"18","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"4911","original_parent":"44222","parent":"44222","parent_pidversion":"115996","path":"/usr/bin/defaults","pid":"44223","pidversion":"115998","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"2126","session_id":"38273","signing_id":"com.apple.defaults","team_id":"","time":"1771508968","uid":"0","username":"root","version":"8"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Thu Feb 19 13:49:32 2026 UTC","unixTime":1771508972,"epoch":0,"counter":691,"numerics":false,"columns":{"cdhash":"a1b9c4ceb3bf3dbe1c56c26146dc4ac8d930d1c9","child_pid":"","cmdline":"sudo defaults delete com.apple.loginwindow LoginHook ","cmdline_count":"5","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"SHELL=/bin/sh TERM=xterm-256color USER=root SUDO_USER=snap SUDO_UID=501 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities PWD=/Users/snap/Downloads LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/usr/bin/su HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LOGNAME=root SUDO_GID=20 LC_TERMINAL=iTerm2 COLORTERM=truecolor _=/usr/bin/sudo OLDPWD=/Users/snap ","env_count":"22","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"4909","original_parent":"40024","parent":"40024","parent_pidversion":"105354","path":"/usr/bin/sudo","pid":"44222","pidversion":"115996","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"2125","session_id":"38273","signing_id":"com.apple.sudo","team_id":"","time":"1771508968","uid":"0","username":"root","version":"8"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Thu Feb 19 13:49:23 2026 UTC","unixTime":1771508963,"epoch":0,"counter":690,"numerics":false,"columns":{"cdhash":"10687c02a15e39d180ced1d60ea52e3ed649ac01","child_pid":"","cmdline":"defaults write com.apple.loginwindow LoginHook /tmp/loginhook.sh ","cmdline_count":"5","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"TERM=xterm-256color SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities LANG=en_US.UTF-8 HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LC_TERMINAL=iTerm2 COLORTERM=truecolor LOGNAME=root USER=root SHELL=/bin/sh \"SUDO_COMMAND=/usr/bin/defaults write com.apple.loginwindow LoginHook /tmp/loginhook.sh\" SUDO_USER=root SUDO_UID=0 SUDO_GID=0 ","env_count":"18","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"4898","original_parent":"44218","parent":"44218","parent_pidversion":"115986","path":"/usr/bin/defaults","pid":"44219","pidversion":"115988","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"2120","session_id":"38273","signing_id":"com.apple.defaults","team_id":"","time":"1771508959","uid":"0","username":"root","version":"8"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Thu Feb 19 13:49:23 2026 UTC","unixTime":1771508963,"epoch":0,"counter":690,"numerics":false,"columns":{"cdhash":"a1b9c4ceb3bf3dbe1c56c26146dc4ac8d930d1c9","child_pid":"","cmdline":"sudo defaults write com.apple.loginwindow LoginHook /tmp/loginhook.sh ","cmdline_count":"6","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"SHELL=/bin/sh TERM=xterm-256color USER=root SUDO_USER=snap SUDO_UID=501 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities PWD=/Users/snap/Downloads LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/usr/bin/su HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LOGNAME=root SUDO_GID=20 LC_TERMINAL=iTerm2 COLORTERM=truecolor _=/usr/bin/sudo OLDPWD=/Users/snap ","env_count":"22","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"4896","original_parent":"40024","parent":"40024","parent_pidversion":"105354","path":"/usr/bin/sudo","pid":"44218","pidversion":"115986","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"2119","session_id":"38273","signing_id":"com.apple.sudo","team_id":"","time":"1771508959","uid":"0","username":"root","version":"8"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Thu Feb 19 13:49:13 2026 UTC","unixTime":1771508953,"epoch":0,"counter":689,"numerics":false,"columns":{"cdhash":"f5f90cda71281d811192440fb02f6c85436dc284","child_pid":"","cmdline":"touch /var/root/Library/Preferences/com.apple.loginwindow.plist ","cmdline_count":"2","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"TERM=xterm-256color SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities LANG=en_US.UTF-8 HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LC_TERMINAL=iTerm2 COLORTERM=truecolor LOGNAME=root USER=root SHELL=/bin/sh \"SUDO_COMMAND=/usr/bin/touch /var/root/Library/Preferences/com.apple.loginwindow.plist\" SUDO_USER=root SUDO_UID=0 SUDO_GID=0 ","env_count":"18","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"4888","original_parent":"44215","parent":"44215","parent_pidversion":"115979","path":"/usr/bin/touch","pid":"44216","pidversion":"115981","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"2116","session_id":"38273","signing_id":"com.apple.touch","team_id":"","time":"1771508950","uid":"0","username":"root","version":"8"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Thu Feb 19 13:49:13 2026 UTC","unixTime":1771508953,"epoch":0,"counter":689,"numerics":false,"columns":{"cdhash":"a1b9c4ceb3bf3dbe1c56c26146dc4ac8d930d1c9","child_pid":"","cmdline":"sudo touch /var/root/Library/Preferences/com.apple.loginwindow.plist ","cmdline_count":"3","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"SHELL=/bin/sh TERM=xterm-256color USER=root SUDO_USER=snap SUDO_UID=501 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities PWD=/Users/snap/Downloads LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/usr/bin/su HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LOGNAME=root SUDO_GID=20 LC_TERMINAL=iTerm2 COLORTERM=truecolor _=/usr/bin/sudo OLDPWD=/Users/snap ","env_count":"22","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"4886","original_parent":"40024","parent":"40024","parent_pidversion":"105354","path":"/usr/bin/sudo","pid":"44215","pidversion":"115979","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"2115","session_id":"38273","signing_id":"com.apple.sudo","team_id":"","time":"1771508950","uid":"0","username":"root","version":"8"},"action":"added"}
{"name":"launchd","hostIdentifier":"MacBookPro","calendarTime":"Fri Feb 13 14:24:39 2026 UTC","unixTime":1770992679,"epoch":0,"counter":0,"numerics":false,"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"","label":"com.apple.UserNotificationCenterAgent-LoginWindow","name":"com.apple.UserNotificationCenterAgent-LoginWindow.plist","on_demand":"","path":"/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent-LoginWindow.plist","process_type":"Interactive","program":"","program_arguments":"/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter -loginwindow","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"launchd","hostIdentifier":"MacBookPro","calendarTime":"Fri Feb 13 14:24:39 2026 UTC","unixTime":1770992679,"epoch":0,"counter":0,"numerics":false,"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"1","label":"com.apple.UserEventAgent-LoginWindow","name":"com.apple.UserEventAgent-LoginWindow.plist","on_demand":"","path":"/System/Library/LaunchAgents/com.apple.UserEventAgent-LoginWindow.plist","process_type":"","program":"","program_arguments":"/usr/libexec/UserEventAgent (LoginWindow)","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"launchd","hostIdentifier":"MacBookPro","calendarTime":"Fri Feb 13 14:24:39 2026 UTC","unixTime":1770992679,"epoch":0,"counter":0,"numerics":false,"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"","label":"com.apple.loginwindow","name":"com.apple.loginwindow.plist","on_demand":"","path":"/System/Library/LaunchDaemons/com.apple.loginwindow.plist","process_type":"","program":"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow","program_arguments":"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"pack_incident-response_launchd","hostIdentifier":"snaps-Virtual-Machine.local","calendarTime":"Thu Feb 12 17:45:51 2026 UTC","unixTime":1770918351,"epoch":0,"counter":0,"numerics":false,"decorations":{"host_uuid":"2A1650D4-9C87-5FCD-95BE-104035DDB271","username":""},"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"","label":"com.apple.UserNotificationCenterAgent-LoginWindow","name":"com.apple.UserNotificationCenterAgent-LoginWindow.plist","on_demand":"","path":"/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent-LoginWindow.plist","process_type":"Interactive","program":"","program_arguments":"/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter -loginwindow","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"pack_incident-response_launchd","hostIdentifier":"snaps-Virtual-Machine.local","calendarTime":"Thu Feb 12 17:45:51 2026 UTC","unixTime":1770918351,"epoch":0,"counter":0,"numerics":false,"decorations":{"host_uuid":"2A1650D4-9C87-5FCD-95BE-104035DDB271","username":""},"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"1","label":"com.apple.UserEventAgent-LoginWindow","name":"com.apple.UserEventAgent-LoginWindow.plist","on_demand":"","path":"/System/Library/LaunchAgents/com.apple.UserEventAgent-LoginWindow.plist","process_type":"","program":"","program_arguments":"/usr/libexec/UserEventAgent (LoginWindow)","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"pack_incident-response_launchd","hostIdentifier":"snaps-Virtual-Machine.local","calendarTime":"Thu Feb 12 17:45:51 2026 UTC","unixTime":1770918351,"epoch":0,"counter":0,"numerics":false,"decorations":{"host_uuid":"2A1650D4-9C87-5FCD-95BE-104035DDB271","username":""},"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"","label":"com.apple.loginwindow","name":"com.apple.loginwindow.plist","on_demand":"","path":"/System/Library/LaunchDaemons/com.apple.loginwindow.plist","process_type":"","program":"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow","program_arguments":"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"launchd","hostIdentifier":"snaps-Virtual-Machine.local","calendarTime":"Thu Feb 12 17:45:51 2026 UTC","unixTime":1770918351,"epoch":0,"counter":0,"numerics":false,"decorations":{"host_uuid":"2A1650D4-9C87-5FCD-95BE-104035DDB271","username":""},"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"","label":"com.apple.UserNotificationCenterAgent-LoginWindow","name":"com.apple.UserNotificationCenterAgent-LoginWindow.plist","on_demand":"","path":"/System/Library/LaunchAgents/com.apple.UserNotificationCenterAgent-LoginWindow.plist","process_type":"Interactive","program":"","program_arguments":"/System/Library/CoreServices/UserNotificationCenter.app/Contents/MacOS/UserNotificationCenter -loginwindow","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"launchd","hostIdentifier":"snaps-Virtual-Machine.local","calendarTime":"Thu Feb 12 17:45:51 2026 UTC","unixTime":1770918351,"epoch":0,"counter":0,"numerics":false,"decorations":{"host_uuid":"2A1650D4-9C87-5FCD-95BE-104035DDB271","username":""},"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"1","label":"com.apple.UserEventAgent-LoginWindow","name":"com.apple.UserEventAgent-LoginWindow.plist","on_demand":"","path":"/System/Library/LaunchAgents/com.apple.UserEventAgent-LoginWindow.plist","process_type":"","program":"","program_arguments":"/usr/libexec/UserEventAgent (LoginWindow)","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}
{"name":"launchd","hostIdentifier":"snaps-Virtual-Machine.local","calendarTime":"Thu Feb 12 17:45:51 2026 UTC","unixTime":1770918351,"epoch":0,"counter":0,"numerics":false,"decorations":{"host_uuid":"2A1650D4-9C87-5FCD-95BE-104035DDB271","username":""},"columns":{"disabled":"","groupname":"","inetd_compatibility":"","keep_alive":"","label":"com.apple.loginwindow","name":"com.apple.loginwindow.plist","on_demand":"","path":"/System/Library/LaunchDaemons/com.apple.loginwindow.plist","process_type":"","program":"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow","program_arguments":"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console","queue_directories":"","root_directory":"","run_at_load":"","start_interval":"","start_on_mount":"","stderr_path":"","stdout_path":"","username":"","watch_paths":"","working_directory":""},"action":"added"}