evilquest | fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b

Analysis

max time kernel
149s
max time network
145s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
05-02-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
Size

177KB
MD5

20bc27c3a1892679f741ac52331a434f
SHA1

cfc8ebe1319e9a021c209d59735d7e45731a2f5b
SHA256

fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b
SHA512

9b87765fbf51affe2663dd0cd1c972cb8bdd5871d82925187b97a961fd6907915484abd8dcba94a4b821c245d6c7831668d51bb7cadf6de3669f3ec5cb9a4a0a
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9F0k:5SeOQdaZNxtk8cqhSxvHY9D

Score

10^/10

evilquest backdoor execution persistence

Malware Config

Signatures

EvilQuest
EvilQuest family.
backdoor evilquest

EvilQuest payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/files/0x000000030008b1b9-0.dat	family_evilquest
behavioral1/files/0x000000030008b1b9-7.dat	family_evilquest
behavioral1/files/0x000000030008b1b9-25.dat	family_evilquest

Launch Agent 1 TTPs
persistence

Launch Agent
T1543.001
Launch Daemon 1 TTPs
persistence

Launch Daemon
T1543.004

AppleScript 1 TTPs 38 IoCs

execution

AppleScript

T1059.002

Processes:

ioc	Process
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"

Launchctl 1 TTPs 64 IoCs

execution

Launchctl

T1569.001

Processes:

ioc	Process
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest\""
1⤵
PID:576

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest\""
1⤵
PID:576

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
1⤵
PID:576
- /bin/zsh
  /bin/zsh -c /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
  2⤵
  PID:577
- /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
  /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
  2⤵
  PID:577

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:578

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:578

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:578

/usr/libexec/dmd
/usr/libexec/dmd
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:600

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:600

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:601

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:601

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:601

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authtrampoline
1⤵
PID:602

/System/Library/Frameworks/Security.framework/authtrampoline
/System/Library/Frameworks/Security.framework/authtrampoline
1⤵
PID:602

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:603

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:603

/bin/launchctl
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:603

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:604

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:604
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:607

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:605

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:605

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:605

/bin/sh
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:606

/bin/bash
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:606

/bin/launchctl
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:606

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:608

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:608

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:608

/usr/libexec/xpcproxy
xpcproxy com.apple.suggestd
1⤵
PID:612

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
1⤵
PID:612

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:614

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:614

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:614

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:615

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:615

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:615

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:616

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:616

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:616

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:618

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:618

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:618

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:619

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:619

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:623

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:623
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:624

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:625

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:625

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:625

/usr/libexec/xpcproxy
xpcproxy com.apple.knowledge-agent
1⤵
PID:626

/usr/libexec/knowledge-agent
/usr/libexec/knowledge-agent
1⤵
PID:626

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:629

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:631

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:631

/usr/libexec/xpcproxy
xpcproxy com.apple.icloud.findmydeviced
1⤵
PID:632

/usr/libexec/findmydeviced
/usr/libexec/findmydeviced
1⤵
PID:632

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:633

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:633

/usr/libexec/xpcproxy
xpcproxy com.apple.PerfPowerServices
1⤵
PID:634

/usr/libexec/PerfPowerServices
/usr/libexec/PerfPowerServices
1⤵
PID:634

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:638

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:638
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:639

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:641

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:641

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:641

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:643

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:643

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:644

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:644

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:646

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:646

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:646

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:647

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:647

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:647

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:648

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:648

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:648

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:649

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:649

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:649

/usr/libexec/xpcproxy
xpcproxy com.apple.cfprefsd.xpc.agent
1⤵
PID:650

/usr/sbin/cfprefsd
/usr/sbin/cfprefsd agent
1⤵
PID:650

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:652

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:652
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:654

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:655

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:655

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:655

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:656

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:657

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:657

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:657

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:656

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:659

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:659

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:659

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:660

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:660

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:660

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:661

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:661

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:661

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:663

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:663

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:664

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:664

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:665

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:665
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:666

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:667

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:667

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:667

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:671

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:671

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:675

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:675
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:676

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:677

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:677

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:677

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:679

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:679

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:679

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:680

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:680

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:680

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:681

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:681

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:681

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:682

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:682

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:682

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:686

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:686
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:687

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:688

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:688

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:688

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:689

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:690

/usr/libexec/xpcproxy
xpcproxy com.apple.assistantd
1⤵
PID:693

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:694

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:694

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
1⤵
PID:693

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:700

/usr/bin/sudo
sudo /Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:700
- /Library/osxmobiledata/com.apple.afsvcpd
  /Library/osxmobiledata/com.apple.afsvcpd --silent
  2⤵
  PID:701

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:702

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:702

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:702

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:704

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:704

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:704

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:705

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:705

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:705

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:706

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:706

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:706

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:707

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:707

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:707

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:708

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:708

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:708

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:709

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:710

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:710

/bin/launchctl
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:710

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:711

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:711

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:711

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:709

/bin/sh
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:712

/bin/bash
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:712

/bin/launchctl
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:712

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:713

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:713

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:713

/bin/sh
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:714

/bin/bash
/bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:714

/bin/launchctl
launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:714

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:715

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:715

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:715

/usr/libexec/xpcproxy
xpcproxy com.apple.sandboxd
1⤵
PID:716

/usr/libexec/sandboxd
/usr/libexec/sandboxd
1⤵
PID:716

/bin/sh
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:717

/bin/bash
/bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:717

/bin/launchctl
launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:717

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:718

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:718

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:718

/bin/sh
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:719

/bin/bash
/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:719

/bin/launchctl
launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:719

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:720

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:720

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:720

/bin/sh
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:722

/bin/bash
/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"
1⤵
PID:722

/bin/launchctl
launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist
1⤵
PID:722

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:723

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:723

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:725

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:726

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

AppleScript

T1059.002

System Services

T1569

Launchctl

T1569.001

Persistence

Create or Modify System Process

T1543

Launch Agent

T1543.001

Launch Daemon

T1543.004

Privilege Escalation

Create or Modify System Process

T1543

Launch Agent

T1543.001

Launch Daemon

T1543.004

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

Filesize
156B

MD5
af8d065dc1f124b3a365f2231b041a10

SHA1
abf8e5d42e3018b0a702dfa204edf6b85fdd7d7b

SHA256
658733dfadc980b7e8d15c2b217261a580e48002bf0181957f20935f242d34bd

SHA512
81eef30b7482be0f426b76995a202128d8377b3ac0d8f0f7c65b6dfaedbee96fa08418bf1134ef76622ce1dbfba1423e6d74fe7be18b8963c0375e8775fcba27

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

Filesize
158B

MD5
f29a77c86b881979e7bf042cc7485feb

SHA1
e2bbe3c712084b7db959177c8517e336d3932306

SHA256
f88ad3ead3efa0e59b6a3e1465c38dd35671bcc24eae577a86e1529b9b5108f5

SHA512
063aef7a7fc8c6901ab028743c567cb2dac752d5c126c03c8441da09109f2f955900b1925d94add6cfc62ee8379bb4a602cc45b02a59b4ced94cc63621c88ca5

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

Filesize
156B

MD5
031c195a60299aa6938155c6f4f7e343

SHA1
b32e18eb9da9b8853cbfdb175a120147aaa70b42

SHA256
ffc5e013d88cad81564893b563caf6a2f5eec5abf76eaaa4f9204298b74a086c

SHA512
21548167a8a36097a9ff1d5a133f181648bb9e681047f3862cc579035139100c75feae4d0efb2d2ec7b039b1581394bcb5ac578985e2e509302b7c12c913af5a

Download Submit
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

Filesize
143B

MD5
f9ac7eed0bf7ead8163eed1b5e4d9869

SHA1
264fa725b59f920dbef940843dc5cfe35ba5be90

SHA256
30153c5d7647451ee705fd3411514c424181ca9bbcbecacb9e14c4b5cdbd360a

SHA512
709c8617526b967ac47cb3283bb8e36f677f507058639b543474445e613d8301c5c85b88b769122a3015fed5777f08896f8726d9c2d89cc2ad4bf37e3cc2cee2

Download Submit
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

Filesize
143B

MD5
bc2f23f29a6c257299f838fc1c364146

SHA1
c5fc17986b315d2fa54c367b70be83df8cb7d38f

SHA256
101081354d7c23a8db54226569af5fd454f7558216adebf6c52a6ce6d7818fed

SHA512
c8fc1b2101a6e0bc649c3ba8c2b1e707f4b43014dd65291d5b6ed6061227c81cc47d06ad60260f1d584d452599c1e94dd37fdd304ecc8a3f57edb8d8aa656919

Download Submit
/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-142825-1_tests-iMac.crash

Filesize
40KB

MD5
66c17bcf2c4429612ecbed2afe4632c5

SHA1
4c271ba2371cbc67a82d8cb8a1b24da364c79e5b

SHA256
a1d75dc8c9911024b8d2d874f4c4e3e0f511c4b83dda96f20ff65423908638c5

SHA512
f3d64ccda53b8c5328af4ebe710541851c3bee8b1e5b065dd3777740d3fcc611ddf07dc6100a14902d24654fa6c6427cac98776c6012855acaa6dbdd9e399b6d

Download Submit
/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-142825_tests-iMac.crash

Filesize
28KB

MD5
fad7f26465565e9933a0eaf57287e4de

SHA1
6253a032f0beb69869a727fcbe8bb73ab5f8fb60

SHA256
97346a25e38a9e38719cddce15fa17bb2682d07b46f0a4f23c274484a384f04d

SHA512
779e6ddef4fc165637d29bc43f251885dac47eb3f7cdeb907047d1b837a2e401688843954e1a83f4521255240eb255b5079336b821c9bbc2dc9b4ac3dbcfd184

Download Submit
/Library/Logs/DiagnosticReports/sudo_2024-02-05-142825_tests-iMac.crash

Filesize
40KB

MD5
13bd39b1abb5d62b1602c4e4c9aa1cdd

SHA1
51d215a4ca68d7e2542b69993bd60436fde751b3

SHA256
75714af938113473d31050d80dfc3e77719b96e22eb11ca13651391b353f53ba

SHA512
4c3cbfd46fc27e47c678b08857c75e597e4c2b8e582d2124db2993bdcd267317f08f8d4a1cf80fd8a079c1ff5a8f086b2241eb7dd8e701a9d1b8c635dac94b4c

Download Submit
/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
ba9051075a76e3bf60e5cea815f3c6c5

SHA1
1ce4d2a4f9bfe1d4b2796b63efb116f6154f1b00

SHA256
0cbb612d50c434f4f9727d7e85cf4ea07381607354267f7cefdf33f7e06ac9cf

SHA512
4a6a2c5c8539bd5eb870b5753b05784ed262b91b43d63d24593e93a7d02712fe6f7ee64e4ea1b98546f0b43e74f81872600a9fadc1995204662797a4cf30e729

Download Submit
/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
1b2af45f9bfd2c387b4e37be0526ce8e

SHA1
f5eae0eab5fcd1390b37aa78cf8c53246a1a89c4

SHA256
26f2fab891235a515ffc9d2fed43bc1d933536834fbb8703398667397c27ae7e

SHA512
6db89848c98f1c96e8127f88c2c5784a9669a307f55fc3dbeb9c186d70124d22e8949fcbd6c9b94d0cd890dc51945e55f4067ad4f2573dd70910f050d0c3a139

Download Submit
/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
4b79832f825a130ba239bc6bbc66d51e

SHA1
95385c80095ab97ab9b238682bb55f6ed09dc757

SHA256
f2f72cc40fbbaa46e7405c8a9067448fb041be9613a512384cfbe8845ba503c0

SHA512
a09c77dcf4a52cd199f64994a0a997c44616c7b5bfde5c6d98beba954602cf2659fdb7c1c9631275f266865df63757f4a757b51c83257cf836f8248056d8cf09

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

Filesize
124KB

MD5
629207fbc6bfa176c9a9246ff65754c7

SHA1
7344be0867961aae1143db689ab1ceb12dab2579

SHA256
ac2bda3208768b27cc5584aaf000cf1989c862ace541648f7a772cb024f5daa1

SHA512
aa5108f8a596f34f60f9f88a5f4499ad2fbd61c93a709141836f90c81c2e8c78265c6592b1781b5cc93d76b904d27f74e8874ace0561c0f9452e4d2bbdc04d65

Download Submit
/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml

Filesize
150KB

MD5
76ebb0196d42a294b69ef118cbb301d5

SHA1
61e5ab752d351af1661716bc48c0520f66cd1d1b

SHA256
aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759

SHA512
8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/root/Library/LaunchAgents/com.apple.afsvcpd.plist

Filesize
429B

MD5
b29145cf94cd1ef0d81552c333c3603a

SHA1
4095a7b7b982b8875a6256919b7d80c50b0a2799

SHA256
2cac13ffabc18f7010fffce9f31aaacc06e0c5ae898c3faa79d747567ce1e2fc

SHA512
fd0ccb56cb0c5084950ad4d04363ae9919a0bfa76c45554df8a7fe0eb0f8a7ed2525af3b4f64982eedac0f9aaec28b7985b4ce5ec80434fc3cf426cb96b1def0

Download Submit