Analysis Overview
SHA256
fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b
Threat Level: Known bad
The file 2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest was found to be: Known bad.
Malicious Activity Summary
EvilQuest payload
Evilquest family
EvilQuest
Launch Agent
Launch Daemon
AppleScript
Launchctl
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-05 14:27
Signatures
EvilQuest payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Evilquest family
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-05 14:27
Reported
2024-02-05 14:29
Platform
macos-20231201-en
Max time kernel
149s
Max time network
145s
Command Line
Signatures
EvilQuest
EvilQuest payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Launch Agent
Launch Daemon
AppleScript
| Description | Indicator | Process | Target |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" | N/A | N/A |
| N/A | osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" | N/A | N/A |
| N/A | /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest]
/bin/zsh
[/bin/zsh -c /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest]
/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
[/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.authtrampoline]
/System/Library/Frameworks/Security.framework/authtrampoline
[/System/Library/Frameworks/Security.framework/authtrampoline]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash.Root]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash daemon]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerfPowerServices]
/usr/libexec/PerfPowerServices
[/usr/libexec/PerfPowerServices]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.bird]
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy afsvcpd]
/usr/bin/sudo
[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]
/Library/osxmobiledata/com.apple.afsvcpd
[/Library/osxmobiledata/com.apple.afsvcpd --silent]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sandboxd]
/usr/libexec/sandboxd
[/usr/libexec/sandboxd]
/bin/sh
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/sh
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/bin/bash
[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]
/usr/bin/osascript
[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]
/bin/sh
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/bash
[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/bin/launchctl
[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.16:443 | tcp | |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | certs.apple.com | udp |
| GB | 17.253.37.208:80 | certs.apple.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.2be4.phicdn.net | udp |
| SE | 192.229.221.95:80 | fp2e7a.wpc.2be4.phicdn.net | tcp |
| NL | 17.248.236.65:443 | tcp | |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| NL | 104.110.240.210:443 | tcp | |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.2be4.phicdn.net | udp |
| SE | 192.229.221.95:80 | fp2e7a.wpc.2be4.phicdn.net | tcp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | fp2e7a.wpc.2be4.phicdn.net | udp |
| SE | 192.229.221.95:80 | fp2e7a.wpc.2be4.phicdn.net | tcp |
| IN | 159.65.147.28:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.65.90:443 | tcp |
Files
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | ba9051075a76e3bf60e5cea815f3c6c5 |
| SHA1 | 1ce4d2a4f9bfe1d4b2796b63efb116f6154f1b00 |
| SHA256 | 0cbb612d50c434f4f9727d7e85cf4ea07381607354267f7cefdf33f7e06ac9cf |
| SHA512 | 4a6a2c5c8539bd5eb870b5753b05784ed262b91b43d63d24593e93a7d02712fe6f7ee64e4ea1b98546f0b43e74f81872600a9fadc1995204662797a4cf30e729 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml
| MD5 | 76ebb0196d42a294b69ef118cbb301d5 |
| SHA1 | 61e5ab752d351af1661716bc48c0520f66cd1d1b |
| SHA256 | aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759 |
| SHA512 | 8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663 |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 4b79832f825a130ba239bc6bbc66d51e |
| SHA1 | 95385c80095ab97ab9b238682bb55f6ed09dc757 |
| SHA256 | f2f72cc40fbbaa46e7405c8a9067448fb041be9613a512384cfbe8845ba503c0 |
| SHA512 | a09c77dcf4a52cd199f64994a0a997c44616c7b5bfde5c6d98beba954602cf2659fdb7c1c9631275f266865df63757f4a757b51c83257cf836f8248056d8cf09 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 629207fbc6bfa176c9a9246ff65754c7 |
| SHA1 | 7344be0867961aae1143db689ab1ceb12dab2579 |
| SHA256 | ac2bda3208768b27cc5584aaf000cf1989c862ace541648f7a772cb024f5daa1 |
| SHA512 | aa5108f8a596f34f60f9f88a5f4499ad2fbd61c93a709141836f90c81c2e8c78265c6592b1781b5cc93d76b904d27f74e8874ace0561c0f9452e4d2bbdc04d65 |
/Library/Logs/DiagnosticReports/sudo_2024-02-05-142825_tests-iMac.crash
| MD5 | 13bd39b1abb5d62b1602c4e4c9aa1cdd |
| SHA1 | 51d215a4ca68d7e2542b69993bd60436fde751b3 |
| SHA256 | 75714af938113473d31050d80dfc3e77719b96e22eb11ca13651391b353f53ba |
| SHA512 | 4c3cbfd46fc27e47c678b08857c75e597e4c2b8e582d2124db2993bdcd267317f08f8d4a1cf80fd8a079c1ff5a8f086b2241eb7dd8e701a9d1b8c635dac94b4c |
/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-142825_tests-iMac.crash
| MD5 | fad7f26465565e9933a0eaf57287e4de |
| SHA1 | 6253a032f0beb69869a727fcbe8bb73ab5f8fb60 |
| SHA256 | 97346a25e38a9e38719cddce15fa17bb2682d07b46f0a4f23c274484a384f04d |
| SHA512 | 779e6ddef4fc165637d29bc43f251885dac47eb3f7cdeb907047d1b837a2e401688843954e1a83f4521255240eb255b5079336b821c9bbc2dc9b4ac3dbcfd184 |
/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-142825-1_tests-iMac.crash
| MD5 | 66c17bcf2c4429612ecbed2afe4632c5 |
| SHA1 | 4c271ba2371cbc67a82d8cb8a1b24da364c79e5b |
| SHA256 | a1d75dc8c9911024b8d2d874f4c4e3e0f511c4b83dda96f20ff65423908638c5 |
| SHA512 | f3d64ccda53b8c5328af4ebe710541851c3bee8b1e5b065dd3777740d3fcc611ddf07dc6100a14902d24654fa6c6427cac98776c6012855acaa6dbdd9e399b6d |
/Library/osxmobiledata/com.apple.afsvcpd
| MD5 | 1b2af45f9bfd2c387b4e37be0526ce8e |
| SHA1 | f5eae0eab5fcd1390b37aa78cf8c53246a1a89c4 |
| SHA256 | 26f2fab891235a515ffc9d2fed43bc1d933536834fbb8703398667397c27ae7e |
| SHA512 | 6db89848c98f1c96e8127f88c2c5784a9669a307f55fc3dbeb9c186d70124d22e8949fcbd6c9b94d0cd890dc51945e55f4067ad4f2573dd70910f050d0c3a139 |
/var/root/Library/LaunchAgents/com.apple.afsvcpd.plist
| MD5 | b29145cf94cd1ef0d81552c333c3603a |
| SHA1 | 4095a7b7b982b8875a6256919b7d80c50b0a2799 |
| SHA256 | 2cac13ffabc18f7010fffce9f31aaacc06e0c5ae898c3faa79d747567ce1e2fc |
| SHA512 | fd0ccb56cb0c5084950ad4d04363ae9919a0bfa76c45554df8a7fe0eb0f8a7ed2525af3b4f64982eedac0f9aaec28b7985b4ce5ec80434fc3cf426cb96b1def0 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | af8d065dc1f124b3a365f2231b041a10 |
| SHA1 | abf8e5d42e3018b0a702dfa204edf6b85fdd7d7b |
| SHA256 | 658733dfadc980b7e8d15c2b217261a580e48002bf0181957f20935f242d34bd |
| SHA512 | 81eef30b7482be0f426b76995a202128d8377b3ac0d8f0f7c65b6dfaedbee96fa08418bf1134ef76622ce1dbfba1423e6d74fe7be18b8963c0375e8775fcba27 |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | f9ac7eed0bf7ead8163eed1b5e4d9869 |
| SHA1 | 264fa725b59f920dbef940843dc5cfe35ba5be90 |
| SHA256 | 30153c5d7647451ee705fd3411514c424181ca9bbcbecacb9e14c4b5cdbd360a |
| SHA512 | 709c8617526b967ac47cb3283bb8e36f677f507058639b543474445e613d8301c5c85b88b769122a3015fed5777f08896f8726d9c2d89cc2ad4bf37e3cc2cee2 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | f29a77c86b881979e7bf042cc7485feb |
| SHA1 | e2bbe3c712084b7db959177c8517e336d3932306 |
| SHA256 | f88ad3ead3efa0e59b6a3e1465c38dd35671bcc24eae577a86e1529b9b5108f5 |
| SHA512 | 063aef7a7fc8c6901ab028743c567cb2dac752d5c126c03c8441da09109f2f955900b1925d94add6cfc62ee8379bb4a602cc45b02a59b4ced94cc63621c88ca5 |
/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | 031c195a60299aa6938155c6f4f7e343 |
| SHA1 | b32e18eb9da9b8853cbfdb175a120147aaa70b42 |
| SHA256 | ffc5e013d88cad81564893b563caf6a2f5eec5abf76eaaa4f9204298b74a086c |
| SHA512 | 21548167a8a36097a9ff1d5a133f181648bb9e681047f3862cc579035139100c75feae4d0efb2d2ec7b039b1581394bcb5ac578985e2e509302b7c12c913af5a |
/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist
| MD5 | bc2f23f29a6c257299f838fc1c364146 |
| SHA1 | c5fc17986b315d2fa54c367b70be83df8cb7d38f |
| SHA256 | 101081354d7c23a8db54226569af5fd454f7558216adebf6c52a6ce6d7818fed |
| SHA512 | c8fc1b2101a6e0bc649c3ba8c2b1e707f4b43014dd65291d5b6ed6061227c81cc47d06ad60260f1d584d452599c1e94dd37fdd304ecc8a3f57edb8d8aa656919 |