Analysis Overview
SHA256
36f221a344c54ab5b09545be748ea700153f347532ddeec888800407b226536a
Threat Level: Known bad
The file 2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest was found to be: Known bad.
Malicious Activity Summary
EvilQuest payload
Evilquest family
EvilQuest
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-02-20 02:52
Signatures
EvilQuest payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Evilquest family
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-20 02:52
Reported
2024-02-20 02:55
Platform
macos-20240214-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
EvilQuest
EvilQuest payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest]
/bin/zsh
[/bin/zsh -c /Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest]
/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest
[/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c sysctl -n hw.ncpu]
/bin/bash
[sh -c sysctl -n hw.ncpu]
/usr/sbin/sysctl
[sysctl -n hw.ncpu]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/bin/sh
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/bash
[sh -c |��#j��ʊ֠ �6�Fy���4(3]
/bin/sh
[sh -c |��#j��ʃF`�iC$���^�]
/bin/bash
[sh -c |��#j��ʃF`�iC$���^�]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.bird]
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/bin/sh
[sh -c �;^C����zH!�����d�[A����]
/bin/bash
[sh -c �;^C����zH!�����d�[A����]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | �O_7~YZ��� | udp |
| US | 8.8.8.8:53 | �O_7~YZ���GET /%s HTTP/1.1 Host: %s | udp |
| IN | 159.65.147.28:8000 | tcp | |
| US | 52.182.143.208:443 | tcp | |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 17.137.170.10:443 | tcp | |
| US | 17.137.170.34:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 52.182.143.208:443 | tcp | |
| IN | 159.65.147.28:8000 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| IN | 159.65.147.28:8000 | tcp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.44.233.108:443 | help.apple.com | tcp |
| GB | 23.44.233.108:443 | help.apple.com | tcp |
Files
/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml
| MD5 | 76ebb0196d42a294b69ef118cbb301d5 |
| SHA1 | 61e5ab752d351af1661716bc48c0520f66cd1d1b |
| SHA256 | aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759 |
| SHA512 | 8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | b53fde2cde5ec0fe7afbbc4d8114c3e6 |
| SHA1 | f0fb9f0de2b0b8747f60343c3609ee883c01fa8a |
| SHA256 | e955e8a55928d7ac35c7d99c565076ce7f5d936803e8eb5665606d0977b72dba |
| SHA512 | db8bf2e85a956052ad92aef361e87b629e74ebcd5c1eac061163429c71f7166f2cebe99dd1ed829a53b6ff99684f02ca8e5fd6e288b978ea2a1ad677914dcfd7 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 52ef57acdaa153c35594e46bde4fe42c |
| SHA1 | c2a5b1748aa61c311b670ef319d92663e3f92b00 |
| SHA256 | 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a |
| SHA512 | defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209 |
/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest
| MD5 | 3aa97ac48b7b892a15058320fbe57d15 |
| SHA1 | 233708567808bee99a2005a854956bff0e04366f |
| SHA256 | 1a46172dbc6d58ae38274408ab9b80891afccbad3cb77701f207ab169ba81312 |
| SHA512 | 0cf3c4b4974100ed658c00266ec4547acbba3a7f459fcc7d984a6e7486fc52efa908e1dd675d7f6f372e742a2ed90e551cefcbfa184042dfb874f24e35706edd |