Malware Analysis Report

2024-11-30 16:11

Sample ID 240205-1st1hsbbfl
Target 2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest
SHA256 d68f414850bee61ecd2d1e3121cedd8b1bdd5bf59dc425fe8a1673c7510423df
Tags
evilquest backdoor execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d68f414850bee61ecd2d1e3121cedd8b1bdd5bf59dc425fe8a1673c7510423df

Threat Level: Known bad

The file 2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest was found to be: Known bad.

Malicious Activity Summary

evilquest backdoor execution persistence

EvilQuest payload

Evilquest family

EvilQuest

Launch Agent

Launch Daemon

AppleScript

Launchctl

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-05 21:55

Signatures

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A

Evilquest family

evilquest

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-05 21:55

Reported

2024-02-05 21:58

Platform

macos-20231201-en

Max time kernel

149s

Max time network

137s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest"]

Signatures

EvilQuest

backdoor evilquest

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Launch Agent

persistence

Launch Daemon

persistence

AppleScript

execution
Description Indicator Process Target
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A

Launchctl

execution
Description Indicator Process Target
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "launchctl start afsvcpd" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest]

/bin/zsh

[/bin/zsh -c /Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest]

/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest

[/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.authtrampoline]

/System/Library/Frameworks/Security.framework/authtrampoline

[/System/Library/Frameworks/Security.framework/authtrampoline]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/bin/sh

[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c launchctl start afsvcpd]

/bin/bash

[sh -c launchctl start afsvcpd]

/bin/launchctl

[launchctl start afsvcpd]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash.Root]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PerfPowerServices]

/usr/libexec/PerfPowerServices

[/usr/libexec/PerfPowerServices]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

Network

Country Destination Domain Proto
US 20.189.173.16:443 tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 certs.apple.com udp
GB 17.253.77.201:80 certs.apple.com tcp
US 8.8.8.8:53 fp2e7a.wpc.2be4.phicdn.net udp
SE 192.229.221.95:80 fp2e7a.wpc.2be4.phicdn.net tcp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
NL 104.110.240.210:443 tcp
NL 17.248.236.65:443 tcp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 fp2e7a.wpc.2be4.phicdn.net udp
SE 192.229.221.95:80 fp2e7a.wpc.2be4.phicdn.net tcp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 fp2e7a.wpc.2be4.phicdn.net udp
SE 192.229.221.95:80 fp2e7a.wpc.2be4.phicdn.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.65.90:443 tcp

Files

/Library/osxmobiledata/com.apple.afsvcpd

MD5 861bcc977efb2677f11325aa4e48e6ab
SHA1 7094d27727924923cd5e7fc8e16cfc09ddb4f586
SHA256 a0f4e4d4b13e4938c8c0119dd44a3cd3bcb19c983a7f2b01ccedcd1aa36dd500
SHA512 952676e3832fb00d7cb94ebe4de2edb2228a55ab00be6c8565a9bda58b3f4bb3aef64060e9c65aec093b27d1e247112f2708cbf39afd683c9af473cf8b0539e6

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/osxmobiledata/com.apple.afsvcpd

MD5 da3970f6f58d12f440399824feebc0e1
SHA1 3adbe75cf2d041d3a80d166ada029cff40d01493
SHA256 8acf962d7cb3f3925cb56a7f04d0abcf15678d56a01c763697ece58ed778d58f
SHA512 1b0453d610fa04af6101f39d224237d38442e2ed8e96d7c54d98deb6ca75190703c7604ccdc89fc0885147da78b4b55d56904cd3b56014958a6a6128d1f74db0

/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml

MD5 76ebb0196d42a294b69ef118cbb301d5
SHA1 61e5ab752d351af1661716bc48c0520f66cd1d1b
SHA256 aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759
SHA512 8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

/Library/osxmobiledata/com.apple.afsvcpd

MD5 593f85b34a6b028f45766cc985ac747f
SHA1 6c7a70bdcc1a59b2e34008b61953751a9772660b
SHA256 3251adfbfcf7f5e0f56c4b2780b9cf4ff9fdcf05fb5b447f0d9bc4d5afe1d613
SHA512 e15b9a692e485d531b67ee1c1849331b5a4b9e3111fe818d1740ca716b0729f1af55aeac5e064f606e63fbecc658954a18cf59bcf81c9864f4efacfcdb70f9ed

/var/root/Library/LaunchAgents/com.apple.afsvcpd.plist

MD5 b29145cf94cd1ef0d81552c333c3603a
SHA1 4095a7b7b982b8875a6256919b7d80c50b0a2799
SHA256 2cac13ffabc18f7010fffce9f31aaacc06e0c5ae898c3faa79d747567ce1e2fc
SHA512 fd0ccb56cb0c5084950ad4d04363ae9919a0bfa76c45554df8a7fe0eb0f8a7ed2525af3b4f64982eedac0f9aaec28b7985b4ce5ec80434fc3cf426cb96b1def0

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 d3fb7e43c082715b0e9f55f4eec91282
SHA1 4538ecc0120dc2a91868075e8a7970c6b0b0f9d7
SHA256 51049a2ade3c742440081312cf96e97e71a15a7941e4b5d287259959c74b92b9
SHA512 9c3e9c86281dd47390b2c6c6dda7b0a2ebb4dba2656c5d50e0790a42034e885bccdaa8dff83a2ddc5b653f7c27dfe395550d4e6ae841a045db679dd924159b60

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 cff4a690abb1f607166450eda4eecabf
SHA1 e8fdef1461412150445c4abbc3239b11d1d5a629
SHA256 86dbdf0242e32ea076d8bce2db0b9e84644f8de682f3bff90e54b41c445ca7f9
SHA512 33e919b8895d145c6bfd38f873fbd08619809bb1d047088cb1314e4f31b27b52ad90e9e05eb99331873b1991833df4f557a97ed6ef4a51e556f3de16ef3fe24b

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 5bf52b58bf0507047d173a588ad8f631
SHA1 3f359a259fd8a3e2187a4d50854161573927b6fc
SHA256 e90c817d56c2e023f4ed615fb066441624b99bd172797bd2c572bcfe2c590d78
SHA512 e3effd23a4ff9355c4bf58f0b30ee138aada751140ae919d35c862d41e064f258bb7ec84bc272510e1b3ecc7374cc703d79d3ed3e8dad79104f41570ac80d607

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 8c2284a105e5be46263c32ed1e0c7758
SHA1 0c9297318140e4aae9fbaf24f1f1bc0e8dd3f944
SHA256 7c5fa493cd0f6dcb7c7fbf1e4dd05b413b4bce44c601c33f0f80bfb3692a99ee
SHA512 ff99fe1de62c168ba45812fc21a06706e49afff04d4736ecd09a385caad1050c2c01e56b995fa4d34b70246d9355bd6d41a52fe02876f1da05f516ed7e78a0b1

/Library/osxmobiledata/com.apple.afsvcpd

MD5 c1042091e83e3ceb77f26aa6a8ccd81c
SHA1 d86b56ea3941022f9f7b031ab1ea9f60ff23f932
SHA256 e511cb92f72110f24744613f3e86efe1f590fde93aeb84b85e9617a73072b59b
SHA512 57299d125c4af2a59596c55bf12634afd05bf6eafa12033ac94c4d29c134d4aa46e3b70c66452fb0f2d5eb48f69b24c46ee08ff85e9a257c0e94298ac2071a2b

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 93555fa1eef7eb22f97950bd102d65f8
SHA1 4306bb95e89e1c328bd5642fe3b21fc180cde661
SHA256 0642035717c0952c006c251c4cf0f357fc83c206fa31103292510989afa29fe3
SHA512 b702fe4282c4ee8dc14a3cae336fe060b8fe77ad07a02b748e6e5194b2ab96e0c0bba4fa1288e96218e7ae360c7bb66183ef76edb55a79684141956d14786420

/Library/osxmobiledata/com.apple.afsvcpd

MD5 a6ab164b5da3df99d5a266547cdef5dd
SHA1 9d21e64cdf90057c23a0d8f038828e92ea07a7f3
SHA256 dbea7b6af57d45078e4224e1d37c1088f17c8bb0138e6dfd5323698434ae608d
SHA512 4427b658507dbe76f9952944b4eba117509e8bcb6fbd716309d961aabde2deacc8cef2ac56b939a368c2de45dd81970d950ec8892834f03f49b3ae19fc41120b

/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-215637_tests-iMac.crash

MD5 fa1beee2e303c85f7058949697e4d86f
SHA1 0a56d33bcfdb5a53c3f9870606d75fbf561c2ff3
SHA256 88c543cbcde5700b95b8dad654c7b996f900299041ca1486b9d1eb21a5764b14
SHA512 59b4ee78e21cb16e847feef02d8fd8044fcb6a94500676a79bd4afa281c2e93a91648cb608f9a89645ae1f003bbc3802ff8f076d9d6d9b41f43e0c6c059cdb6d

/Library/osxmobiledata/com.apple.afsvcpd

MD5 8e3dcd0c26005d0fc2f5f9a412e884e7
SHA1 a095dc23c4f6325736fd863cff5bba5c68ae21f5
SHA256 ded6485cc8821bcf105a16311f27f46c7a5f3eca28bf443e796d179bed428a62
SHA512 cf48ea9c5225e19578d8777ee463eebba2fc720b0794848cca299c5da9c5234c5f350ba215135c1e168d2c1fd3ed652a6c91213d6bd7e162792902b4a6167504

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 15f6b4040facecfa6e426764c141a176
SHA1 0a3a2b62ea5c0cf847f7112bf4490619ff02d55e
SHA256 b9ba0d2ff65321dd13f60244aeb8914633b087053c93263fdcc96200b2abeccf
SHA512 fb080183b6aea1c4a9de9260f475745286993bfcfc085965f4aa9d53d9a902c5fa6f6d306d3773b5608a49ef20540b79e31f24a28dbdd9acd155f7f9e27f2ae5

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 cec13513c9f83adc9e98dda8793be258
SHA1 4b0cd09e1f738815ae6cbab7105d4338c9266f20
SHA256 3b7b47d1ca75cc826d6edfc195496c64f6f785449218705835e6067024557dda
SHA512 bd154ad1dba1cb7c91f22da71e4b2c6295479e68aea315234b4a086c5e2b596a69d57856f952959002010afb0bf022b2ffcad8888f79ef3728c0deda78be223c

/Library/Logs/DiagnosticReports/sudo_2024-02-05-215637_tests-iMac.crash

MD5 98daa560f5d3e246b2e4f7d5e7d49a57
SHA1 b0f8c8bc7bcb0eda86543d38ac41a872d647cd40
SHA256 e8ab9efb048584a7f21cd782e5e6366887d0c5414aa061d9c66cbad505584d39
SHA512 6d81b186a7feff5fd56c9b9b6818fc9e58cd864998589ba9d8271aafaf014718b2dbe296da95d393da779c0abdf195cdaafce7308b01e5f442f6c3b758db2aa0

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 f2bdbae106a2230403a2cc50c342679f
SHA1 fd820a808259ded70e1ea22c037e1902d0f44cc2
SHA256 0ae443b5f9412b78f71589f83cd14c990bac348902af036815df11275e4dd380
SHA512 8982d1c7c32d6de097118da7dfd35ea4d488b3d899ff64f5c33795825a4d910433e6f01c793dadac906b227378848283d8ba235f6f2d9a65913ef6c6f9112435

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 033671ccf087dc1563d983f56dfc3e89
SHA1 9890f2ebcfd8903902f3eab9fabb411b1fa0daea
SHA256 aa41e01bed7ec1849d933ade2a872f2189784ef78a2b9814121d7df59df92e21
SHA512 417a92e39869a0d0d9609475c73286f231554373451fa2cd08f3ee74401272134062d1d5f975e2410a54bc4dd79511b9b125550dde5f03eccf9c8a629ddb43bd

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 6f8ef76897a9a9b27a5e1982e5219c61
SHA1 8acddcb0f49009e04ac6422a4ebc917d42aba2a7
SHA256 b1c151aee964a61fb4ff5228bc69270fe0686a793a3bd650b8804957c0a18426
SHA512 b8fd2e2593b0aae59b58b5f6523c88288e061d97475b05cd5a638698730a8d5bf4b77dd1179eef074ee5f61d332e4195527ea46fe24c568db01629cf0dae4d70

/Library/osxmobiledata/com.apple.afsvcpd

MD5 67ec2cd851ebaa35dd4ef713c956fc28
SHA1 ad1a694df2d1f5de57f7fec6295b92ec5d264ee2
SHA256 f20ec6c17459e4ab5bb7329312cea6b4a09942eced65ad4b453baca17341b87f
SHA512 9b7cc2a08c4050d44de22b15355ccce8b923712d7d7689241236c106efe71956728e1646c0e7af1339fc6247aa69564aea93b94b4283b811bd6fd0d6977f1b52

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 cbd2c09ba349d6521612ed6608ed3e4b
SHA1 6d885a8f1d901489278a0ce771e0c34a2f9b63ae
SHA256 02e4b2dd13b7538aff5cf555485c2f7785cfa5a3cced71179f3d0816533fc971
SHA512 11634f0db337f28fc0922acc34dd6448472a4bcd66f9adb2f6a6acb257ffa505dc018a53bf3ac21d34d5e63d953b04a901e56ef016fe353dedc0faca8d40d480

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 bdc3f3deaf4ab2397f580ec174860735
SHA1 bd3cc456e74d1c48b4479521c2244fe1e7e19205
SHA256 4a742b664669b85ccb4b49fed1613d98645b037adf7b4456f661a990b0c869c1
SHA512 502da5812e67c065169b893ed950079f536e5e68cfd1fa8d60ea95f4e016eb14837fecc81b0afda9eea3173e4f164ea683768ac1dc9688f0a1638ed5e8393430

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 2b7ad9077b82cb15758d65100128fd14
SHA1 1342f69d7a4f280461a870f0302a51991187cb4f
SHA256 82a5fda3b17bd7a21b219d944b1922c3ea6ea2a4891290fb650f67d6d5ffb17f
SHA512 a701e83229c9fed4a4ccce112697e5eaff4c8f94342e64f224b291d9cfb131a0ca5ae60fb3858574cbd949dcde1975c9196f4fdccc4a3c30ef9eeb5e7dd6dd07

/Library/osxmobiledata/com.apple.afsvcpd

MD5 bf45df0cac85ec5ce941813a47a7f2f3
SHA1 ecf1d5753b2b3395a9500834f473c9abac70c321
SHA256 bfc09bad79c7d2141077e0e629a95fa8f2b2a8a0cd81b37dc7b0ddbc7e910ff4
SHA512 8bef458487167c26b030a11f88fdf4bda0b3914d7fa1967e20aa2d46bd78c4feed6d66a7268802f680f2c0d5450eeefe993757ed674cbe07ed216ee42f1fa385

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 2e0adce38c1a532fb2faea375bca34ba
SHA1 dc592a8330264422d9a2e9d8d99364a10a026004
SHA256 3669b7508f8c07ca56cd5b1a9c1542abebdb24886032e44ee6152e1ee13c59eb
SHA512 a4547a2e9f6813fa234874d59596e67a78f9147f6904f2a830bad89e24f646221f84e0537a2ca3c5706a4dcdf41ae8ee966f92cc286c0b5f444ec952ed3cc9c7

/Library/osxmobiledata/com.apple.afsvcpd

MD5 10c92996e67c1d566f9529db2df9fb59
SHA1 b2a64d378ee326db65cf8b13eec4fd52983a767e
SHA256 c436604975e84c3d4781f8965eab47f9784c7a893652b519fdd8854ab2809061
SHA512 6d23e4ca03fcdaff51919821d786cd22701715cad3ec43b46f7363c79a222859d54611d904892eb3e718d36a55309bb027b1e84aa610a7cbf7fcc4cf1a7dc531

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 001a9c393cf81eedd26fd4e24c1ac194
SHA1 e356fb0481004e360293bb58e3c79d74943ef964
SHA256 b4a76a20c4385e0a741f60c75dbe9e62c7f10d35d6bcde0ff8118079a8134d9c
SHA512 4f9f601cb8c58d794d5456efea9b7140ae7fe95ed64b0c963b5a4aaf9d51d0d4351a013e446d90cccfc79844da01aeee2d8a0774302dbb098714dbd6098c5305

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 9d84202b8f35c838b8a8b51011b42683
SHA1 3a0ba5581af69ad568c33a982af4e4db0050c08b
SHA256 e4344ad6f74b47f18d05c7df9e4949d1815735635107cc56fecd1fcc8d560b6d
SHA512 786f5bdca87915e0f1b9416d07d1e76e79b49c4fa80c94d7d6fa5c82a8a1d96125b468419d1b66054685503fc87eff66cad61f8c3ee08d0b20cd575286c6a048

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 50eb9a4a46f3682618a60fa8537ab9cc
SHA1 af9562c5bf64e2307e9b70fbcbc5a14e49211df0
SHA256 4309aa3482be7c94bd25a8ef6ac38285fe307893711f5d8b4826a890ba8829a0
SHA512 24528bd513ce3abb6904ac81999f03133a3689bf704babfb22e26cd5601c4e3e1025d3aba0a2ab14fb0f6ee7c3660a7bcae684c3e4d81a63fd1f106f46247781

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 354d93542da2af21e114c86a4d7df5ee
SHA1 98a0bec35332bc49d2d495773a111e71e0d6767a
SHA256 189c93d00b743aea7375f3d9c1b1d677efea5aa4552e1c3e0adaf8a1bb65b96e
SHA512 adae0db3eab5827ebb8525538912d661348251d0cad3e68f360b4d484fb77f7243562d0fdd677aa091fcb122d145593d25418235352e52777dd4f493b239c67e

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 93efbee8dc4581050074594a21847b12
SHA1 f8826b296b16687719e534227895e7a480fe8975
SHA256 beb59539986a5d6f811ce769dfa55366ec30d9dba1e7ede4112960549bd3450b
SHA512 4cf218f8f68bd1ad1f1d2a39cbe4f06011247e98de0b3c82133d19e6bafacfe3029010575d7f770198c75b5221bace5ff05c7599911424c90e815633e7c1e3c0

/Library/osxmobiledata/com.apple.afsvcpd

MD5 33cee0ba97f339a0c91b3377835e813b
SHA1 248cc25485f81fe9b65b8e9617ffa2a3729ef8a5
SHA256 209f94c55949291f0f60161142357d2907017ac12a96d7088740dc24c3de8ac0
SHA512 792e321303f51ecfb34fdea5a4c16a6c1490468ccf97b703029df4122c00ccf08aec9de1068d0bb1a0be686149a89fca457780b05671175e31238342c874946b

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 f738aaba377981f5ffdbee58e1a661df
SHA1 2681567c0d25344575f7f888bcaeef78e0c9e437
SHA256 cd874d1fb0fb93056b4a11836b3d5bfdf84537a952f23003f2b03f0b17685d57
SHA512 5b19826876ad1e70a98931b68bea71cf902fef9c1f86d06b9ffebe1654cec55e968fe6a1bfcebdc6f0cbfabb5ff395307277876a76662d470213c31fe5ca366a

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 764c9e83058d1cb08159c479d1a47e12
SHA1 a91bc5280f71508911bf4ff0ea8c2daafd584629
SHA256 ceeb9fa9cc647e04bd192dd260aef0fbc4334ffeace6c16997f9cb0fc73b2f39
SHA512 beaa4352358eca77fbc258946ff44db1bc39ba63f4bbc8d1173e58048bcb3d93278d464a76697f7c6658976207f4e121ab9a76888699356f0c93ed25c2dd8fc6