{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Tue Feb 17 16:23:27 2026 UTC","unixTime":1771345407,"epoch":0,"counter":493,"numerics":false,"columns":{"cdhash":"e97159f6754d6fb971bd64968a3593a3779dff2d","child_pid":"","cmdline":"xattr -d UTM.dmg UniversalMac_26.1_25B78_Restore.ipsw osquery-5.21.0.pkg com.apple.quarantine ","cmdline_count":"6","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"SHELL=/bin/sh TERM=xterm-256color USER=root SUDO_USER=snap SUDO_UID=501 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities PWD=/Users/snap/Downloads LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/usr/bin/su HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LOGNAME=root SUDO_GID=20 LC_TERMINAL=iTerm2 COLORTERM=truecolor _=/usr/bin/xattr OLDPWD=/Users/snap ","env_count":"22","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"44","original_parent":"40024","parent":"40024","parent_pidversion":"105354","path":"/usr/bin/xattr","pid":"42843","pidversion":"112508","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"16","session_id":"38273","signing_id":"com.apple.xattr","team_id":"","time":"1771345403","uid":"0","username":"root","version":"8"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"MacBookPro","calendarTime":"Fri Feb 13 15:12:35 2026 UTC","unixTime":1770995555,"epoch":0,"counter":181,"numerics":false,"columns":{"cdhash":"42d2f3cc1351e6fc915d0411cdb4b625f5bceb18","child_pid":"","cmdline":"spctl --master-disable ","cmdline_count":"2","codesigning_flags":"","cwd":"/Users/snap/Downloads","egid":"0","env":"SHELL=/bin/sh TERM=xterm-256color USER=root SUDO_USER=snap SUDO_UID=501 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.614sLX07yb/Listeners __CF_USER_TEXT_ENCODING=0x0:0:0 MAIL=/var/mail/root PATH=/Users/snap/.local/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/homebrew/bin:/Applications/iTerm.app/Contents/Resources/utilities PWD=/Users/snap/Downloads LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/usr/bin/su HOME=/var/root COLORFGBG=15;0 LC_TERMINAL_VERSION=3.6.6 LOGNAME=root SUDO_GID=20 LC_TERMINAL=iTerm2 COLORTERM=truecolor _=/usr/sbin/spctl OLDPWD=/Users/snap ","env_count":"22","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"5094","original_parent":"40024","parent":"40024","parent_pidversion":"105354","path":"/usr/sbin/spctl","pid":"40194","pidversion":"105808","platform_binary":"1","responsible_pid":"29792","responsible_pidversion":"83076","seq_num":"2015","session_id":"38273","signing_id":"com.apple.spctl","team_id":"","time":"1770995550","uid":"0","username":"root","version":"8"},"action":"added"}