Malware Analysis Report

2024-11-30 16:18

Sample ID 240220-dc69ksad58
Target 2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest
SHA256 36f221a344c54ab5b09545be748ea700153f347532ddeec888800407b226536a
Tags
evilquest backdoor
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

36f221a344c54ab5b09545be748ea700153f347532ddeec888800407b226536a

Threat Level: Known bad

The file 2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest was found to be: Known bad.

Malicious Activity Summary

evilquest backdoor

EvilQuest payload

Evilquest family

EvilQuest

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-20 02:52

Signatures

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A

Evilquest family

evilquest

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-20 02:52

Reported

2024-02-20 02:55

Platform

macos-20240214-en

Max time kernel

150s

Max time network

153s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest"]

Signatures

EvilQuest

backdoor evilquest

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest]

/bin/zsh

[/bin/zsh -c /Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest]

/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest

[/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/bin/sh

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/bash

[sh -c |��#j��ʊ֠ �6 �Fy���4(3]

/bin/sh

[sh -c |��#j��ʃF`�iC$���^�]

/bin/bash

[sh -c |��#j��ʃF`�iC$���^�]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/bin/sh

[sh -c �;^C����zH!�����d�[A����]

/bin/bash

[sh -c �;^C����zH!�����d�[A����]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 �O_7~YZ��� udp
US 8.8.8.8:53 �O_7~YZ���GET /%s HTTP/1.1 Host: %s udp
IN 159.65.147.28:8000 tcp
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
IN 159.65.147.28:8000 tcp
N/A 224.0.0.251:5353 udp
IN 159.65.147.28:8000 tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.44.233.108:443 help.apple.com tcp
GB 23.44.233.108:443 help.apple.com tcp

Files

/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml

MD5 76ebb0196d42a294b69ef118cbb301d5
SHA1 61e5ab752d351af1661716bc48c0520f66cd1d1b
SHA256 aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759
SHA512 8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 b53fde2cde5ec0fe7afbbc4d8114c3e6
SHA1 f0fb9f0de2b0b8747f60343c3609ee883c01fa8a
SHA256 e955e8a55928d7ac35c7d99c565076ce7f5d936803e8eb5665606d0977b72dba
SHA512 db8bf2e85a956052ad92aef361e87b629e74ebcd5c1eac061163429c71f7166f2cebe99dd1ed829a53b6ff99684f02ca8e5fd6e288b978ea2a1ad677914dcfd7

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 52ef57acdaa153c35594e46bde4fe42c
SHA1 c2a5b1748aa61c311b670ef319d92663e3f92b00
SHA256 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a
SHA512 defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209

/Users/run/2024-02-20_fa741f0dd3e40554ed128084c9bbe785_adload_evilquest

MD5 3aa97ac48b7b892a15058320fbe57d15
SHA1 233708567808bee99a2005a854956bff0e04366f
SHA256 1a46172dbc6d58ae38274408ab9b80891afccbad3cb77701f207ab169ba81312
SHA512 0cf3c4b4974100ed658c00266ec4547acbba3a7f459fcc7d984a6e7486fc52efa908e1dd675d7f6f372e742a2ed90e551cefcbfa184042dfb874f24e35706edd