Analysis Overview
SHA256
d68f414850bee61ecd2d1e3121cedd8b1bdd5bf59dc425fe8a1673c7510423df
Threat Level: Known bad
The file 2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest was found to be: Known bad.
Malicious Activity Summary
EvilQuest payload
Evilquest family
EvilQuest
Launch Agent
Launch Daemon
AppleScript
Launchctl
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-05 21:55
Signatures
EvilQuest payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Evilquest family
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-05 21:55
Reported
2024-02-05 21:58
Platform
macos-20231201-en
Max time kernel
149s
Max time network
137s
Command Line
Signatures
EvilQuest
EvilQuest payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Launch Agent
Launch Daemon
AppleScript
| Description | Indicator | Process | Target |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "launchctl start afsvcpd" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest]
/bin/zsh
[/bin/zsh -c /Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest]
/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest
[/Users/run/2024-02-05_f1e4214c308b1e6522a89ce276298b79_adload_evilquest]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.authtrampoline]
/System/Library/Frameworks/Security.framework/authtrampoline
[/System/Library/Frameworks/Security.framework/authtrampoline]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/bin/sh
[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c launchctl start afsvcpd]
/bin/bash
[sh -c launchctl start afsvcpd]
/bin/launchctl
[launchctl start afsvcpd]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash.Root]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerfPowerServices]
/usr/libexec/PerfPowerServices
[/usr/libexec/PerfPowerServices]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.bird]
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.16:443 | tcp | |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | certs.apple.com | udp |
| GB | 17.253.77.201:80 | certs.apple.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.2be4.phicdn.net | udp |
| SE | 192.229.221.95:80 | fp2e7a.wpc.2be4.phicdn.net | tcp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| NL | 104.110.240.210:443 | tcp | |
| NL | 17.248.236.65:443 | tcp | |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.2be4.phicdn.net | udp |
| SE | 192.229.221.95:80 | fp2e7a.wpc.2be4.phicdn.net | tcp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | fp2e7a.wpc.2be4.phicdn.net | udp |
| SE | 192.229.221.95:80 | fp2e7a.wpc.2be4.phicdn.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.65.90:443 | tcp |
Files
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 861bcc977efb2677f11325aa4e48e6ab |
| SHA1 | 7094d27727924923cd5e7fc8e16cfc09ddb4f586 |
| SHA256 | a0f4e4d4b13e4938c8c0119dd44a3cd3bcb19c983a7f2b01ccedcd1aa36dd500 |
| SHA512 | 952676e3832fb00d7cb94ebe4de2edb2228a55ab00be6c8565a9bda58b3f4bb3aef64060e9c65aec093b27d1e247112f2708cbf39afd683c9af473cf8b0539e6 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | da3970f6f58d12f440399824feebc0e1 |
| SHA1 | 3adbe75cf2d041d3a80d166ada029cff40d01493 |
| SHA256 | 8acf962d7cb3f3925cb56a7f04d0abcf15678d56a01c763697ece58ed778d58f |
| SHA512 | 1b0453d610fa04af6101f39d224237d38442e2ed8e96d7c54d98deb6ca75190703c7604ccdc89fc0885147da78b4b55d56904cd3b56014958a6a6128d1f74db0 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml
| MD5 | 76ebb0196d42a294b69ef118cbb301d5 |
| SHA1 | 61e5ab752d351af1661716bc48c0520f66cd1d1b |
| SHA256 | aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759 |
| SHA512 | 8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 593f85b34a6b028f45766cc985ac747f |
| SHA1 | 6c7a70bdcc1a59b2e34008b61953751a9772660b |
| SHA256 | 3251adfbfcf7f5e0f56c4b2780b9cf4ff9fdcf05fb5b447f0d9bc4d5afe1d613 |
| SHA512 | e15b9a692e485d531b67ee1c1849331b5a4b9e3111fe818d1740ca716b0729f1af55aeac5e064f606e63fbecc658954a18cf59bcf81c9864f4efacfcdb70f9ed |
/var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
| MD5 | b29145cf94cd1ef0d81552c333c3603a |
| SHA1 | 4095a7b7b982b8875a6256919b7d80c50b0a2799 |
| SHA256 | 2cac13ffabc18f7010fffce9f31aaacc06e0c5ae898c3faa79d747567ce1e2fc |
| SHA512 | fd0ccb56cb0c5084950ad4d04363ae9919a0bfa76c45554df8a7fe0eb0f8a7ed2525af3b4f64982eedac0f9aaec28b7985b4ce5ec80434fc3cf426cb96b1def0 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | d3fb7e43c082715b0e9f55f4eec91282 |
| SHA1 | 4538ecc0120dc2a91868075e8a7970c6b0b0f9d7 |
| SHA256 | 51049a2ade3c742440081312cf96e97e71a15a7941e4b5d287259959c74b92b9 |
| SHA512 | 9c3e9c86281dd47390b2c6c6dda7b0a2ebb4dba2656c5d50e0790a42034e885bccdaa8dff83a2ddc5b653f7c27dfe395550d4e6ae841a045db679dd924159b60 |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | cff4a690abb1f607166450eda4eecabf |
| SHA1 | e8fdef1461412150445c4abbc3239b11d1d5a629 |
| SHA256 | 86dbdf0242e32ea076d8bce2db0b9e84644f8de682f3bff90e54b41c445ca7f9 |
| SHA512 | 33e919b8895d145c6bfd38f873fbd08619809bb1d047088cb1314e4f31b27b52ad90e9e05eb99331873b1991833df4f557a97ed6ef4a51e556f3de16ef3fe24b |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 5bf52b58bf0507047d173a588ad8f631 |
| SHA1 | 3f359a259fd8a3e2187a4d50854161573927b6fc |
| SHA256 | e90c817d56c2e023f4ed615fb066441624b99bd172797bd2c572bcfe2c590d78 |
| SHA512 | e3effd23a4ff9355c4bf58f0b30ee138aada751140ae919d35c862d41e064f258bb7ec84bc272510e1b3ecc7374cc703d79d3ed3e8dad79104f41570ac80d607 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 8c2284a105e5be46263c32ed1e0c7758 |
| SHA1 | 0c9297318140e4aae9fbaf24f1f1bc0e8dd3f944 |
| SHA256 | 7c5fa493cd0f6dcb7c7fbf1e4dd05b413b4bce44c601c33f0f80bfb3692a99ee |
| SHA512 | ff99fe1de62c168ba45812fc21a06706e49afff04d4736ecd09a385caad1050c2c01e56b995fa4d34b70246d9355bd6d41a52fe02876f1da05f516ed7e78a0b1 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | c1042091e83e3ceb77f26aa6a8ccd81c |
| SHA1 | d86b56ea3941022f9f7b031ab1ea9f60ff23f932 |
| SHA256 | e511cb92f72110f24744613f3e86efe1f590fde93aeb84b85e9617a73072b59b |
| SHA512 | 57299d125c4af2a59596c55bf12634afd05bf6eafa12033ac94c4d29c134d4aa46e3b70c66452fb0f2d5eb48f69b24c46ee08ff85e9a257c0e94298ac2071a2b |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 93555fa1eef7eb22f97950bd102d65f8 |
| SHA1 | 4306bb95e89e1c328bd5642fe3b21fc180cde661 |
| SHA256 | 0642035717c0952c006c251c4cf0f357fc83c206fa31103292510989afa29fe3 |
| SHA512 | b702fe4282c4ee8dc14a3cae336fe060b8fe77ad07a02b748e6e5194b2ab96e0c0bba4fa1288e96218e7ae360c7bb66183ef76edb55a79684141956d14786420 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | a6ab164b5da3df99d5a266547cdef5dd |
| SHA1 | 9d21e64cdf90057c23a0d8f038828e92ea07a7f3 |
| SHA256 | dbea7b6af57d45078e4224e1d37c1088f17c8bb0138e6dfd5323698434ae608d |
| SHA512 | 4427b658507dbe76f9952944b4eba117509e8bcb6fbd716309d961aabde2deacc8cef2ac56b939a368c2de45dd81970d950ec8892834f03f49b3ae19fc41120b |
/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-215637_tests-iMac.crash
| MD5 | fa1beee2e303c85f7058949697e4d86f |
| SHA1 | 0a56d33bcfdb5a53c3f9870606d75fbf561c2ff3 |
| SHA256 | 88c543cbcde5700b95b8dad654c7b996f900299041ca1486b9d1eb21a5764b14 |
| SHA512 | 59b4ee78e21cb16e847feef02d8fd8044fcb6a94500676a79bd4afa281c2e93a91648cb608f9a89645ae1f003bbc3802ff8f076d9d6d9b41f43e0c6c059cdb6d |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 8e3dcd0c26005d0fc2f5f9a412e884e7 |
| SHA1 | a095dc23c4f6325736fd863cff5bba5c68ae21f5 |
| SHA256 | ded6485cc8821bcf105a16311f27f46c7a5f3eca28bf443e796d179bed428a62 |
| SHA512 | cf48ea9c5225e19578d8777ee463eebba2fc720b0794848cca299c5da9c5234c5f350ba215135c1e168d2c1fd3ed652a6c91213d6bd7e162792902b4a6167504 |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 15f6b4040facecfa6e426764c141a176 |
| SHA1 | 0a3a2b62ea5c0cf847f7112bf4490619ff02d55e |
| SHA256 | b9ba0d2ff65321dd13f60244aeb8914633b087053c93263fdcc96200b2abeccf |
| SHA512 | fb080183b6aea1c4a9de9260f475745286993bfcfc085965f4aa9d53d9a902c5fa6f6d306d3773b5608a49ef20540b79e31f24a28dbdd9acd155f7f9e27f2ae5 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | cec13513c9f83adc9e98dda8793be258 |
| SHA1 | 4b0cd09e1f738815ae6cbab7105d4338c9266f20 |
| SHA256 | 3b7b47d1ca75cc826d6edfc195496c64f6f785449218705835e6067024557dda |
| SHA512 | bd154ad1dba1cb7c91f22da71e4b2c6295479e68aea315234b4a086c5e2b596a69d57856f952959002010afb0bf022b2ffcad8888f79ef3728c0deda78be223c |
/Library/Logs/DiagnosticReports/sudo_2024-02-05-215637_tests-iMac.crash
| MD5 | 98daa560f5d3e246b2e4f7d5e7d49a57 |
| SHA1 | b0f8c8bc7bcb0eda86543d38ac41a872d647cd40 |
| SHA256 | e8ab9efb048584a7f21cd782e5e6366887d0c5414aa061d9c66cbad505584d39 |
| SHA512 | 6d81b186a7feff5fd56c9b9b6818fc9e58cd864998589ba9d8271aafaf014718b2dbe296da95d393da779c0abdf195cdaafce7308b01e5f442f6c3b758db2aa0 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | f2bdbae106a2230403a2cc50c342679f |
| SHA1 | fd820a808259ded70e1ea22c037e1902d0f44cc2 |
| SHA256 | 0ae443b5f9412b78f71589f83cd14c990bac348902af036815df11275e4dd380 |
| SHA512 | 8982d1c7c32d6de097118da7dfd35ea4d488b3d899ff64f5c33795825a4d910433e6f01c793dadac906b227378848283d8ba235f6f2d9a65913ef6c6f9112435 |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 033671ccf087dc1563d983f56dfc3e89 |
| SHA1 | 9890f2ebcfd8903902f3eab9fabb411b1fa0daea |
| SHA256 | aa41e01bed7ec1849d933ade2a872f2189784ef78a2b9814121d7df59df92e21 |
| SHA512 | 417a92e39869a0d0d9609475c73286f231554373451fa2cd08f3ee74401272134062d1d5f975e2410a54bc4dd79511b9b125550dde5f03eccf9c8a629ddb43bd |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 6f8ef76897a9a9b27a5e1982e5219c61 |
| SHA1 | 8acddcb0f49009e04ac6422a4ebc917d42aba2a7 |
| SHA256 | b1c151aee964a61fb4ff5228bc69270fe0686a793a3bd650b8804957c0a18426 |
| SHA512 | b8fd2e2593b0aae59b58b5f6523c88288e061d97475b05cd5a638698730a8d5bf4b77dd1179eef074ee5f61d332e4195527ea46fe24c568db01629cf0dae4d70 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 67ec2cd851ebaa35dd4ef713c956fc28 |
| SHA1 | ad1a694df2d1f5de57f7fec6295b92ec5d264ee2 |
| SHA256 | f20ec6c17459e4ab5bb7329312cea6b4a09942eced65ad4b453baca17341b87f |
| SHA512 | 9b7cc2a08c4050d44de22b15355ccce8b923712d7d7689241236c106efe71956728e1646c0e7af1339fc6247aa69564aea93b94b4283b811bd6fd0d6977f1b52 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | cbd2c09ba349d6521612ed6608ed3e4b |
| SHA1 | 6d885a8f1d901489278a0ce771e0c34a2f9b63ae |
| SHA256 | 02e4b2dd13b7538aff5cf555485c2f7785cfa5a3cced71179f3d0816533fc971 |
| SHA512 | 11634f0db337f28fc0922acc34dd6448472a4bcd66f9adb2f6a6acb257ffa505dc018a53bf3ac21d34d5e63d953b04a901e56ef016fe353dedc0faca8d40d480 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | bdc3f3deaf4ab2397f580ec174860735 |
| SHA1 | bd3cc456e74d1c48b4479521c2244fe1e7e19205 |
| SHA256 | 4a742b664669b85ccb4b49fed1613d98645b037adf7b4456f661a990b0c869c1 |
| SHA512 | 502da5812e67c065169b893ed950079f536e5e68cfd1fa8d60ea95f4e016eb14837fecc81b0afda9eea3173e4f164ea683768ac1dc9688f0a1638ed5e8393430 |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 2b7ad9077b82cb15758d65100128fd14 |
| SHA1 | 1342f69d7a4f280461a870f0302a51991187cb4f |
| SHA256 | 82a5fda3b17bd7a21b219d944b1922c3ea6ea2a4891290fb650f67d6d5ffb17f |
| SHA512 | a701e83229c9fed4a4ccce112697e5eaff4c8f94342e64f224b291d9cfb131a0ca5ae60fb3858574cbd949dcde1975c9196f4fdccc4a3c30ef9eeb5e7dd6dd07 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | bf45df0cac85ec5ce941813a47a7f2f3 |
| SHA1 | ecf1d5753b2b3395a9500834f473c9abac70c321 |
| SHA256 | bfc09bad79c7d2141077e0e629a95fa8f2b2a8a0cd81b37dc7b0ddbc7e910ff4 |
| SHA512 | 8bef458487167c26b030a11f88fdf4bda0b3914d7fa1967e20aa2d46bd78c4feed6d66a7268802f680f2c0d5450eeefe993757ed674cbe07ed216ee42f1fa385 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 2e0adce38c1a532fb2faea375bca34ba |
| SHA1 | dc592a8330264422d9a2e9d8d99364a10a026004 |
| SHA256 | 3669b7508f8c07ca56cd5b1a9c1542abebdb24886032e44ee6152e1ee13c59eb |
| SHA512 | a4547a2e9f6813fa234874d59596e67a78f9147f6904f2a830bad89e24f646221f84e0537a2ca3c5706a4dcdf41ae8ee966f92cc286c0b5f444ec952ed3cc9c7 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 10c92996e67c1d566f9529db2df9fb59 |
| SHA1 | b2a64d378ee326db65cf8b13eec4fd52983a767e |
| SHA256 | c436604975e84c3d4781f8965eab47f9784c7a893652b519fdd8854ab2809061 |
| SHA512 | 6d23e4ca03fcdaff51919821d786cd22701715cad3ec43b46f7363c79a222859d54611d904892eb3e718d36a55309bb027b1e84aa610a7cbf7fcc4cf1a7dc531 |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 001a9c393cf81eedd26fd4e24c1ac194 |
| SHA1 | e356fb0481004e360293bb58e3c79d74943ef964 |
| SHA256 | b4a76a20c4385e0a741f60c75dbe9e62c7f10d35d6bcde0ff8118079a8134d9c |
| SHA512 | 4f9f601cb8c58d794d5456efea9b7140ae7fe95ed64b0c963b5a4aaf9d51d0d4351a013e446d90cccfc79844da01aeee2d8a0774302dbb098714dbd6098c5305 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 9d84202b8f35c838b8a8b51011b42683 |
| SHA1 | 3a0ba5581af69ad568c33a982af4e4db0050c08b |
| SHA256 | e4344ad6f74b47f18d05c7df9e4949d1815735635107cc56fecd1fcc8d560b6d |
| SHA512 | 786f5bdca87915e0f1b9416d07d1e76e79b49c4fa80c94d7d6fa5c82a8a1d96125b468419d1b66054685503fc87eff66cad61f8c3ee08d0b20cd575286c6a048 |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 50eb9a4a46f3682618a60fa8537ab9cc |
| SHA1 | af9562c5bf64e2307e9b70fbcbc5a14e49211df0 |
| SHA256 | 4309aa3482be7c94bd25a8ef6ac38285fe307893711f5d8b4826a890ba8829a0 |
| SHA512 | 24528bd513ce3abb6904ac81999f03133a3689bf704babfb22e26cd5601c4e3e1025d3aba0a2ab14fb0f6ee7c3660a7bcae684c3e4d81a63fd1f106f46247781 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 354d93542da2af21e114c86a4d7df5ee |
| SHA1 | 98a0bec35332bc49d2d495773a111e71e0d6767a |
| SHA256 | 189c93d00b743aea7375f3d9c1b1d677efea5aa4552e1c3e0adaf8a1bb65b96e |
| SHA512 | adae0db3eab5827ebb8525538912d661348251d0cad3e68f360b4d484fb77f7243562d0fdd677aa091fcb122d145593d25418235352e52777dd4f493b239c67e |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 93efbee8dc4581050074594a21847b12 |
| SHA1 | f8826b296b16687719e534227895e7a480fe8975 |
| SHA256 | beb59539986a5d6f811ce769dfa55366ec30d9dba1e7ede4112960549bd3450b |
| SHA512 | 4cf218f8f68bd1ad1f1d2a39cbe4f06011247e98de0b3c82133d19e6bafacfe3029010575d7f770198c75b5221bace5ff05c7599911424c90e815633e7c1e3c0 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 33cee0ba97f339a0c91b3377835e813b |
| SHA1 | 248cc25485f81fe9b65b8e9617ffa2a3729ef8a5 |
| SHA256 | 209f94c55949291f0f60161142357d2907017ac12a96d7088740dc24c3de8ac0 |
| SHA512 | 792e321303f51ecfb34fdea5a4c16a6c1490468ccf97b703029df4122c00ccf08aec9de1068d0bb1a0be686149a89fca457780b05671175e31238342c874946b |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | f738aaba377981f5ffdbee58e1a661df |
| SHA1 | 2681567c0d25344575f7f888bcaeef78e0c9e437 |
| SHA256 | cd874d1fb0fb93056b4a11836b3d5bfdf84537a952f23003f2b03f0b17685d57 |
| SHA512 | 5b19826876ad1e70a98931b68bea71cf902fef9c1f86d06b9ffebe1654cec55e968fe6a1bfcebdc6f0cbfabb5ff395307277876a76662d470213c31fe5ca366a |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 764c9e83058d1cb08159c479d1a47e12 |
| SHA1 | a91bc5280f71508911bf4ff0ea8c2daafd584629 |
| SHA256 | ceeb9fa9cc647e04bd192dd260aef0fbc4334ffeace6c16997f9cb0fc73b2f39 |
| SHA512 | beaa4352358eca77fbc258946ff44db1bc39ba63f4bbc8d1173e58048bcb3d93278d464a76697f7c6658976207f4e121ab9a76888699356f0c93ed25c2dd8fc6 |