Malware Analysis Report

2024-11-30 16:06

Sample ID 240205-rskbmsbghn
Target 2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest
SHA256 fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b
Tags
evilquest backdoor execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fd6e98b1d42f49670f3a2e2b91fbc69269785b865cb18c833fe078ce9abb7d2b

Threat Level: Known bad

The file 2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest was found to be: Known bad.

Malicious Activity Summary

evilquest backdoor execution persistence

EvilQuest payload

Evilquest family

EvilQuest

Launch Agent

Launch Daemon

AppleScript

Launchctl

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-05 14:27

Signatures

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A

Evilquest family

evilquest

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-05 14:27

Reported

2024-02-05 14:29

Platform

macos-20231201-en

Max time kernel

149s

Max time network

145s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest"]

Signatures

EvilQuest

backdoor evilquest

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Launch Agent

persistence

Launch Daemon

persistence

AppleScript

execution
Description Indicator Process Target
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A

Launchctl

execution
Description Indicator Process Target
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest]

/bin/zsh

[/bin/zsh -c /Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest]

/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest

[/Users/run/2024-02-05_20bc27c3a1892679f741ac52331a434f_adload_evilquest]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.authtrampoline]

/System/Library/Frameworks/Security.framework/authtrampoline

[/System/Library/Frameworks/Security.framework/authtrampoline]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash.Root]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash daemon]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PerfPowerServices]

/usr/libexec/PerfPowerServices

[/usr/libexec/PerfPowerServices]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sandboxd]

/usr/libexec/sandboxd

[/usr/libexec/sandboxd]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 20.189.173.16:443 tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 certs.apple.com udp
GB 17.253.37.208:80 certs.apple.com tcp
US 8.8.8.8:53 fp2e7a.wpc.2be4.phicdn.net udp
SE 192.229.221.95:80 fp2e7a.wpc.2be4.phicdn.net tcp
NL 17.248.236.65:443 tcp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
NL 104.110.240.210:443 tcp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 fp2e7a.wpc.2be4.phicdn.net udp
SE 192.229.221.95:80 fp2e7a.wpc.2be4.phicdn.net tcp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 fp2e7a.wpc.2be4.phicdn.net udp
SE 192.229.221.95:80 fp2e7a.wpc.2be4.phicdn.net tcp
IN 159.65.147.28:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.65.90:443 tcp

Files

/Library/osxmobiledata/com.apple.afsvcpd

MD5 ba9051075a76e3bf60e5cea815f3c6c5
SHA1 1ce4d2a4f9bfe1d4b2796b63efb116f6154f1b00
SHA256 0cbb612d50c434f4f9727d7e85cf4ea07381607354267f7cefdf33f7e06ac9cf
SHA512 4a6a2c5c8539bd5eb870b5753b05784ed262b91b43d63d24593e93a7d02712fe6f7ee64e4ea1b98546f0b43e74f81872600a9fadc1995204662797a4cf30e729

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml

MD5 76ebb0196d42a294b69ef118cbb301d5
SHA1 61e5ab752d351af1661716bc48c0520f66cd1d1b
SHA256 aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759
SHA512 8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

/Library/osxmobiledata/com.apple.afsvcpd

MD5 4b79832f825a130ba239bc6bbc66d51e
SHA1 95385c80095ab97ab9b238682bb55f6ed09dc757
SHA256 f2f72cc40fbbaa46e7405c8a9067448fb041be9613a512384cfbe8845ba503c0
SHA512 a09c77dcf4a52cd199f64994a0a997c44616c7b5bfde5c6d98beba954602cf2659fdb7c1c9631275f266865df63757f4a757b51c83257cf836f8248056d8cf09

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 629207fbc6bfa176c9a9246ff65754c7
SHA1 7344be0867961aae1143db689ab1ceb12dab2579
SHA256 ac2bda3208768b27cc5584aaf000cf1989c862ace541648f7a772cb024f5daa1
SHA512 aa5108f8a596f34f60f9f88a5f4499ad2fbd61c93a709141836f90c81c2e8c78265c6592b1781b5cc93d76b904d27f74e8874ace0561c0f9452e4d2bbdc04d65

/Library/Logs/DiagnosticReports/sudo_2024-02-05-142825_tests-iMac.crash

MD5 13bd39b1abb5d62b1602c4e4c9aa1cdd
SHA1 51d215a4ca68d7e2542b69993bd60436fde751b3
SHA256 75714af938113473d31050d80dfc3e77719b96e22eb11ca13651391b353f53ba
SHA512 4c3cbfd46fc27e47c678b08857c75e597e4c2b8e582d2124db2993bdcd267317f08f8d4a1cf80fd8a079c1ff5a8f086b2241eb7dd8e701a9d1b8c635dac94b4c

/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-142825_tests-iMac.crash

MD5 fad7f26465565e9933a0eaf57287e4de
SHA1 6253a032f0beb69869a727fcbe8bb73ab5f8fb60
SHA256 97346a25e38a9e38719cddce15fa17bb2682d07b46f0a4f23c274484a384f04d
SHA512 779e6ddef4fc165637d29bc43f251885dac47eb3f7cdeb907047d1b837a2e401688843954e1a83f4521255240eb255b5079336b821c9bbc2dc9b4ac3dbcfd184

/Library/Logs/DiagnosticReports/com.apple.afsvcpd_2024-02-05-142825-1_tests-iMac.crash

MD5 66c17bcf2c4429612ecbed2afe4632c5
SHA1 4c271ba2371cbc67a82d8cb8a1b24da364c79e5b
SHA256 a1d75dc8c9911024b8d2d874f4c4e3e0f511c4b83dda96f20ff65423908638c5
SHA512 f3d64ccda53b8c5328af4ebe710541851c3bee8b1e5b065dd3777740d3fcc611ddf07dc6100a14902d24654fa6c6427cac98776c6012855acaa6dbdd9e399b6d

/Library/osxmobiledata/com.apple.afsvcpd

MD5 1b2af45f9bfd2c387b4e37be0526ce8e
SHA1 f5eae0eab5fcd1390b37aa78cf8c53246a1a89c4
SHA256 26f2fab891235a515ffc9d2fed43bc1d933536834fbb8703398667397c27ae7e
SHA512 6db89848c98f1c96e8127f88c2c5784a9669a307f55fc3dbeb9c186d70124d22e8949fcbd6c9b94d0cd890dc51945e55f4067ad4f2573dd70910f050d0c3a139

/var/root/Library/LaunchAgents/com.apple.afsvcpd.plist

MD5 b29145cf94cd1ef0d81552c333c3603a
SHA1 4095a7b7b982b8875a6256919b7d80c50b0a2799
SHA256 2cac13ffabc18f7010fffce9f31aaacc06e0c5ae898c3faa79d747567ce1e2fc
SHA512 fd0ccb56cb0c5084950ad4d04363ae9919a0bfa76c45554df8a7fe0eb0f8a7ed2525af3b4f64982eedac0f9aaec28b7985b4ce5ec80434fc3cf426cb96b1def0

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 af8d065dc1f124b3a365f2231b041a10
SHA1 abf8e5d42e3018b0a702dfa204edf6b85fdd7d7b
SHA256 658733dfadc980b7e8d15c2b217261a580e48002bf0181957f20935f242d34bd
SHA512 81eef30b7482be0f426b76995a202128d8377b3ac0d8f0f7c65b6dfaedbee96fa08418bf1134ef76622ce1dbfba1423e6d74fe7be18b8963c0375e8775fcba27

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 f9ac7eed0bf7ead8163eed1b5e4d9869
SHA1 264fa725b59f920dbef940843dc5cfe35ba5be90
SHA256 30153c5d7647451ee705fd3411514c424181ca9bbcbecacb9e14c4b5cdbd360a
SHA512 709c8617526b967ac47cb3283bb8e36f677f507058639b543474445e613d8301c5c85b88b769122a3015fed5777f08896f8726d9c2d89cc2ad4bf37e3cc2cee2

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 f29a77c86b881979e7bf042cc7485feb
SHA1 e2bbe3c712084b7db959177c8517e336d3932306
SHA256 f88ad3ead3efa0e59b6a3e1465c38dd35671bcc24eae577a86e1529b9b5108f5
SHA512 063aef7a7fc8c6901ab028743c567cb2dac752d5c126c03c8441da09109f2f955900b1925d94add6cfc62ee8379bb4a602cc45b02a59b4ced94cc63621c88ca5

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 031c195a60299aa6938155c6f4f7e343
SHA1 b32e18eb9da9b8853cbfdb175a120147aaa70b42
SHA256 ffc5e013d88cad81564893b563caf6a2f5eec5abf76eaaa4f9204298b74a086c
SHA512 21548167a8a36097a9ff1d5a133f181648bb9e681047f3862cc579035139100c75feae4d0efb2d2ec7b039b1581394bcb5ac578985e2e509302b7c12c913af5a

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 bc2f23f29a6c257299f838fc1c364146
SHA1 c5fc17986b315d2fa54c367b70be83df8cb7d38f
SHA256 101081354d7c23a8db54226569af5fd454f7558216adebf6c52a6ce6d7818fed
SHA512 c8fc1b2101a6e0bc649c3ba8c2b1e707f4b43014dd65291d5b6ed6061227c81cc47d06ad60260f1d584d452599c1e94dd37fdd304ecc8a3f57edb8d8aa656919