Analysis Overview
SHA256
d7cfceec26756f14de6c4d01337597ab33ea130bb9269652d553e5d29efdc486
Threat Level: Known bad
The file 2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquest was found to be: Known bad.
Malicious Activity Summary
Evilquest family
EvilQuest payload
Launch Agent
Launch Daemon
AppleScript
Launchctl
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-05 21:30
Signatures
EvilQuest payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Evilquest family
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-05 21:30
Reported
2024-02-05 21:32
Platform
macos-20231201-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Launch Agent
Launch Daemon
AppleScript
| Description | Indicator | Process | Target |
| N/A | osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"sudo /Library/osxmobiledata/com.apple.afsvcpd\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"sudo /Library/osxmobiledata/com.apple.afsvcpd\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl start afsvcpd | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "launchctl start afsvcpd" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquest"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquest"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquest]
/bin/zsh
[/bin/zsh -c /Users/run/2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquest]
/Users/run/2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquest
[/Users/run/2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquest]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.authtrampoline]
/System/Library/Frameworks/Security.framework/authtrampoline
[/System/Library/Frameworks/Security.framework/authtrampoline]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"sudo /Library/osxmobiledata/com.apple.afsvcpd\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"sudo /Library/osxmobiledata/com.apple.afsvcpd\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "sudo /Library/osxmobiledata/com.apple.afsvcpd" with administrator privileges]
/bin/sh
[/bin/sh -c sudo /Library/osxmobiledata/com.apple.afsvcpd]
/bin/bash
[/bin/sh -c sudo /Library/osxmobiledata/com.apple.afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[/bin/sh -c launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c launchctl start afsvcpd]
/bin/bash
[sh -c launchctl start afsvcpd]
/bin/launchctl
[launchctl start afsvcpd]
/Users/run/.2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquestest
[/Users/run/.2024-02-05_51ad881b6ec43b1f95039b6b8e016ab6_adload_evilquestest]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
Network
| Country | Destination | Domain | Proto |
| US | 20.42.73.28:443 | tcp | |
| NL | 17.253.105.202:80 | tcp | |
| US | 8.8.8.8:53 | onedscolprdwus01.westus.cloudapp.azure.com | udp |
| US | 20.189.173.2:443 | onedscolprdwus01.westus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | certs.apple.com | udp |
| GB | 104.77.160.74:80 | certs.apple.com | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp |