{"name":"es_process_events","hostIdentifier":"HackBook.local","calendarTime":"Tue Mar 29 13:03:51 2022 UTC","unixTime":1648559031,"epoch":0,"counter":82,"numerics":false,"columns":{"cdhash":"f63c5fbfcf1484b20aa4407a26e087fe3fe28146","child_pid":"","cmdline":"","cmdline_count":"0","cwd":"","egid":"20","env":"","env_count":"0","euid":"20","event_type":"exit","exit_code":"0","gid":"20","global_seq_num":"919","original_parent":"2971","parent":"2971","path":"/usr/bin/plutil","pid":"6677","platform_binary":"1","seq_num":"371","signing_id":"com.apple.Foundation.plutil","team_id":"","time":"1648558978","uid":"501","username":"patrick","version":"4"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"HackBook.local","calendarTime":"Tue Mar 29 13:03:51 2022 UTC","unixTime":1648559031,"epoch":0,"counter":82,"numerics":false,"columns":{"cdhash":"f63c5fbfcf1484b20aa4407a26e087fe3fe28146","child_pid":"","cmdline":"plutil -insert somekey -string somevalue net.battle.app.plist ","cmdline_count":"6","cwd":"/Users/patrick/Library/Preferences","egid":"20","env":"TERM_SESSION_ID=w0t1p0:93AA9D79-7028-49F1-A93D-4EAEFB7BA6E3 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.OOwoeuT9LF/Listeners LC_TERMINAL_VERSION=3.3.7 COLORFGBG=15;0 ITERM_PROFILE=Default XPC_FLAGS=0x0 LANG=de_DE.UTF-8 PWD=/Users/patrick/Library/Preferences SHELL=/bin/zsh __CFBundleIdentifier=com.googlecode.iterm2 TERM_PROGRAM_VERSION=3.3.7 TERM_PROGRAM=iTerm.app PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/Library/Apple/usr/bin LC_TERMINAL=iTerm2 COLORTERM=truecolor COMMAND_MODE=unix2003 TERM=xterm-256color HOME=/Users/patrick TMPDIR=/var/folders/tc/m9brp20d1mvfgssff70501m40000gn/T/ USER=patrick XPC_SERVICE_NAME=0 LOGNAME=patrick ITERM_SESSION_ID=w0t1p0:93AA9D79-7028-49F1-A93D-4EAEFB7BA6E3 __CF_USER_TEXT_ENCODING=0x0:0:3 SHLVL=1 OLDPWD=/Users/patrick HISTTIMEFORMAT=%F %T  ZSH=/Users/patrick/.oh-my-zsh PAGER=less LESS=-R LSCOLORS=Gxfxcxdxbxegedabagacad _=/usr/bin/plutil ","env_count":"32","euid":"20","event_type":"exec","exit_code":"","gid":"20","global_seq_num":"918","original_parent":"2971","parent":"2971","path":"/usr/bin/plutil","pid":"6677","platform_binary":"1","seq_num":"174","signing_id":"com.apple.Foundation.plutil","team_id":"","time":"1648558978","uid":"501","username":"patrick","version":"4"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"HackBook.local","calendarTime":"Tue Mar 29 13:03:51 2022 UTC","unixTime":1648559031,"epoch":0,"counter":82,"numerics":false,"columns":{"cdhash":"f63c5fbfcf1484b20aa4407a26e087fe3fe28146","child_pid":"","cmdline":"","cmdline_count":"0","cwd":"","egid":"20","env":"","env_count":"0","euid":"20","event_type":"exit","exit_code":"256","gid":"20","global_seq_num":"511","original_parent":"2971","parent":"2971","path":"/usr/bin/plutil","pid":"6481","platform_binary":"1","seq_num":"176","signing_id":"com.apple.Foundation.plutil","team_id":"","time":"1648558934","uid":"501","username":"patrick","version":"4"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"HackBook.local","calendarTime":"Tue Mar 29 13:03:51 2022 UTC","unixTime":1648559031,"epoch":0,"counter":82,"numerics":false,"columns":{"cdhash":"f63c5fbfcf1484b20aa4407a26e087fe3fe28146","child_pid":"","cmdline":"plutil ","cmdline_count":"1","cwd":"/Users/patrick","egid":"20","env":"TERM_SESSION_ID=w0t1p0:93AA9D79-7028-49F1-A93D-4EAEFB7BA6E3 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.OOwoeuT9LF/Listeners LC_TERMINAL_VERSION=3.3.7 COLORFGBG=15;0 ITERM_PROFILE=Default XPC_FLAGS=0x0 LANG=de_DE.UTF-8 PWD=/Users/patrick SHELL=/bin/zsh __CFBundleIdentifier=com.googlecode.iterm2 TERM_PROGRAM_VERSION=3.3.7 TERM_PROGRAM=iTerm.app PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/Library/Apple/usr/bin LC_TERMINAL=iTerm2 COLORTERM=truecolor COMMAND_MODE=unix2003 TERM=xterm-256color HOME=/Users/patrick TMPDIR=/var/folders/tc/m9brp20d1mvfgssff70501m40000gn/T/ USER=patrick XPC_SERVICE_NAME=0 LOGNAME=patrick ITERM_SESSION_ID=w0t1p0:93AA9D79-7028-49F1-A93D-4EAEFB7BA6E3 __CF_USER_TEXT_ENCODING=0x0:0:3 SHLVL=1 OLDPWD=/Users/patrick HISTTIMEFORMAT=%F %T  ZSH=/Users/patrick/.oh-my-zsh PAGER=less LESS=-R LSCOLORS=Gxfxcxdxbxegedabagacad _=/usr/bin/plutil ","env_count":"32","euid":"20","event_type":"exec","exit_code":"","gid":"20","global_seq_num":"510","original_parent":"2971","parent":"2971","path":"/usr/bin/plutil","pid":"6481","platform_binary":"1","seq_num":"157","signing_id":"com.apple.Foundation.plutil","team_id":"","time":"1648558934","uid":"501","username":"patrick","version":"4"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"HackBook.local","calendarTime":"Tue Mar 29 13:03:51 2022 UTC","unixTime":1648559031,"epoch":0,"counter":82,"numerics":false,"columns":{"cdhash":"f63c5fbfcf1484b20aa4407a26e087fe3fe28146","child_pid":"","cmdline":"","cmdline_count":"0","cwd":"","egid":"20","env":"","env_count":"0","euid":"20","event_type":"exit","exit_code":"256","gid":"20","global_seq_num":"441","original_parent":"2971","parent":"2971","path":"/usr/bin/plutil","pid":"6449","platform_binary":"1","seq_num":"141","signing_id":"com.apple.Foundation.plutil","team_id":"","time":"1648558927","uid":"501","username":"patrick","version":"4"},"action":"added"}
{"name":"es_process_events","hostIdentifier":"HackBook.local","calendarTime":"Tue Mar 29 13:03:51 2022 UTC","unixTime":1648559031,"epoch":0,"counter":82,"numerics":false,"columns":{"cdhash":"f63c5fbfcf1484b20aa4407a26e087fe3fe28146","child_pid":"","cmdline":"plutil --help ","cmdline_count":"2","cwd":"/Users/patrick","egid":"20","env":"TERM_SESSION_ID=w0t1p0:93AA9D79-7028-49F1-A93D-4EAEFB7BA6E3 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.OOwoeuT9LF/Listeners LC_TERMINAL_VERSION=3.3.7 COLORFGBG=15;0 ITERM_PROFILE=Default XPC_FLAGS=0x0 LANG=de_DE.UTF-8 PWD=/Users/patrick SHELL=/bin/zsh __CFBundleIdentifier=com.googlecode.iterm2 TERM_PROGRAM_VERSION=3.3.7 TERM_PROGRAM=iTerm.app PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/Library/Apple/usr/bin LC_TERMINAL=iTerm2 COLORTERM=truecolor COMMAND_MODE=unix2003 TERM=xterm-256color HOME=/Users/patrick TMPDIR=/var/folders/tc/m9brp20d1mvfgssff70501m40000gn/T/ USER=patrick XPC_SERVICE_NAME=0 LOGNAME=patrick ITERM_SESSION_ID=w0t1p0:93AA9D79-7028-49F1-A93D-4EAEFB7BA6E3 __CF_USER_TEXT_ENCODING=0x0:0:3 SHLVL=1 OLDPWD=/Users/patrick HISTTIMEFORMAT=%F %T  ZSH=/Users/patrick/.oh-my-zsh PAGER=less LESS=-R LSCOLORS=Gxfxcxdxbxegedabagacad _=/usr/bin/plutil ","env_count":"32","euid":"20","event_type":"exec","exit_code":"","gid":"20","global_seq_num":"440","original_parent":"2971","parent":"2971","path":"/usr/bin/plutil","pid":"6449","platform_binary":"1","seq_num":"154","signing_id":"com.apple.Foundation.plutil","team_id":"","time":"1648558927","uid":"501","username":"patrick","version":"4"},"action":"added"}