Malware Analysis Report

2024-11-30 16:04

Sample ID 240308-syavtsbd4v
Target 2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest
SHA256 266933f1378c9c882efe272aba9b5e3f9a4b50a59feff3a9755f757527fc1e7b
Tags
evilquest backdoor execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

266933f1378c9c882efe272aba9b5e3f9a4b50a59feff3a9755f757527fc1e7b

Threat Level: Known bad

The file 2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest was found to be: Known bad.

Malicious Activity Summary

evilquest backdoor execution persistence

Evilquest family

EvilQuest

EvilQuest payload

Launch Agent

Launch Daemon

AppleScript

Launchctl

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-08 15:31

Signatures

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A

Evilquest family

evilquest

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-08 15:31

Reported

2024-03-08 15:34

Platform

macos-20240214-en

Max time kernel

149s

Max time network

148s

Command Line

[xpcproxy com.apple.pluginkit.pkd]

Signatures

EvilQuest

backdoor evilquest

EvilQuest payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Launch Agent

persistence

Launch Daemon

persistence

AppleScript

execution
Description Indicator Process Target
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A

Launchctl

execution
Description Indicator Process Target
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "launchctl start afsvcpd" N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl start afsvcpd N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist N/A N/A
N/A launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A
N/A launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist N/A N/A
N/A /bin/sh -c "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A /bin/sh -c "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" N/A N/A
N/A sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" N/A N/A

Processes

/usr/libexec/xpcproxy

[xpcproxy com.apple.pluginkit.pkd]

/usr/libexec/pkd

[/usr/libexec/pkd]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest]

/bin/zsh

[/bin/zsh -c /Users/run/2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest]

/Users/run/2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest

[/Users/run/2024-03-08_38272d7c7f9d1516f77464ee8fbc8f3e_adload_evilquest]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.authtrampoline]

/System/Library/Frameworks/Security.framework/authtrampoline

[/System/Library/Frameworks/Security.framework/authtrampoline]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater6BDB2703/OneDrive.app]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/sh

[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c launchctl start afsvcpd]

/bin/bash

[sh -c launchctl start afsvcpd]

/bin/launchctl

[launchctl start afsvcpd]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash.Root]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/bin/osascript

[osascript -e do shell script "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" with administrator privileges]

/bin/sh

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/bash

[/bin/sh -c launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/launchctl

[launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/bin/bash

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

/bin/sh

[sh -c osascript -e "do shell script \"launchctl load -w /var/root/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"]

/usr/libexec/xpcproxy

[xpcproxy afsvcpd]

/usr/bin/sudo

[sudo /Library/osxmobiledata/com.apple.afsvcpd --silent]

/Library/osxmobiledata/com.apple.afsvcpd

[/Library/osxmobiledata/com.apple.afsvcpd --silent]

/bin/sh

[sh -c sysctl -n hw.ncpu]

/bin/bash

[sh -c sysctl -n hw.ncpu]

/usr/sbin/sysctl

[sysctl -n hw.ncpu]

Network

Country Destination Domain Proto
GB 17.253.29.204:80 tcp
IE 17.57.146.88:5223 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
GB 17.253.37.197:80 valid.apple.com tcp
GB 17.253.37.197:80 valid.apple.com tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.44.233.108:443 help.apple.com tcp
GB 23.44.233.108:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/osxmobiledata/com.apple.afsvcpd

MD5 b28d2812353fa31fc44793caebe7ea39
SHA1 bfbfa61f3c2ecc4893b0de487af703a4df2686a4
SHA256 c58df13822ee68166a1f5f71b5b3ce258fbc3eea2f400ea8f3fd088024cccf90
SHA512 ca03a6897d4ee32d71aab2377fe20eb06c40f7cd262ee925c93bf7abe939e612781753d617112bafbaae3c215a2c183ac0c8f4de8cb911c0ac98818f7e372f33

/var/root/Library/osxmobiledata/com.apple.afsvcpd

MD5 09f23475926051f79c02234d4f766fd7
SHA1 8c70c6636396eb4ef9e90a726e4894ff04ec3067
SHA256 2314014febb911ea34ecab0b55536812cf2cd3a1c60937de569d52b56b24a5d7
SHA512 f8819507abe66c5c3b6702cc3b022c49a1159a85efcf774ae604c71abce158bbf8f38ab7a2f700f1cc2110f38d222d2af28da11086a7953b852d927909b0db28

/var/root/Library/LaunchAgents/com.apple.afsvcpd.plist

MD5 b29145cf94cd1ef0d81552c333c3603a
SHA1 4095a7b7b982b8875a6256919b7d80c50b0a2799
SHA256 2cac13ffabc18f7010fffce9f31aaacc06e0c5ae898c3faa79d747567ce1e2fc
SHA512 fd0ccb56cb0c5084950ad4d04363ae9919a0bfa76c45554df8a7fe0eb0f8a7ed2525af3b4f64982eedac0f9aaec28b7985b4ce5ec80434fc3cf426cb96b1def0

/Library/osxmobiledata/com.apple.afsvcpd

MD5 bdfb8a422b5282a2fcef519a1bbb5183
SHA1 64ce019b6b4250fd4e552bdb3d04b9d96868d1c4
SHA256 26fcab40b4145d20fd2d85d9152d97bdd3a09277531c164b2dbe4f2114fba1a6
SHA512 bea506e04e13c448bf356d68ad993f6cc632f2ed3fb1e6258e7c9aaacfa2754c26bc642ae61b3cbdbceefdf8ad6764cc9e982b74f93088feca7648db93f1b85f

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 3dc6c9004c0773214272817da0f3b2dc
SHA1 ff8a7a9e581509736740fab2c973366a72c7b4a6
SHA256 725a10384890357eba122cf2d06d9b91ecbf3c6c0bfefa126f48ab322faec507
SHA512 99502fcec9175f47c39b24733860a48e7f3f1296aa3962bb47d2c67db54cf10069558c0731a02cd9dc88b8c7edcb1ccd7e10e43f8b5aca420f45764a2007828c

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 b4f972f6bb2171c745f693be7ce4901e
SHA1 7ea0dc020de102821434a399be13db589e24ca43
SHA256 c6a1ce4fd9dd35705b8b07e5c8c83b547ea3d632d85b9958ae610eecdcfaac75
SHA512 2156fd9f1738a5ec037a170057d472d71bf0f30c04a83fef669616c7ce1a91f60b3a4a3ed4fbe140d1535811fc3009dbbdcf1e7ae0b13ee9ca8193a8e28b887a

/Library/osxmobiledata/com.apple.afsvcpd

MD5 a0ca3a98895dcbe0486f747c032e47b9
SHA1 00a64ea9658ee69b9994b0c75dbb0d931610eefa
SHA256 9f0a71d9c9f3ac77e0733459b92d2b655da4ac8468376d76762c29081d10ccfd
SHA512 ff5606111c1ca5d3cfd7e0b54d76bcb51d79409015512d0876bd97f346f9d9565f1a2429b12162859a78f678508b46472fd9ab5c5f149cbde01745009117296f

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 0f1b90e5eb695ab0bec66794a2f363cf
SHA1 067370c73dd95111cd4b8683b9f8f9e07f076538
SHA256 fb0504c31896772d759a0304ac19a11aaa9e7a406634c790ce3496263ff7585b
SHA512 4f590a12dc0cacb0fee20d07c3ea88d995d03d22b17f882f7ed57d96d6272315c14876ecad146d3bbefeb18034af474121eb342b75a0e67429793e12cd357cfa

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 53bf386f05702d81d474c5a8bec3d46d
SHA1 106926cfd9421fc5b07fe992cc475ff995313e11
SHA256 69a7084bb57b2e4eb7165d7102be2a2047e22d7dd37cf8b3b3adc25870aaa0ed
SHA512 e7a9d82e620cc8ddfde44ab21fd3adc6663e3567f608f058b8bd52970eda9e3353ef5aaaa63bb813f3af45a4c630a1f4443bc5270b87aac7e3cb02ebe5ceb165

/Library/osxmobiledata/com.apple.afsvcpd

MD5 1d2df6a7db8318aa4da62b1b0430cbc6
SHA1 81cc184a8fa79a3ef4df517f35457b10eca66745
SHA256 09dac77b80d0abceb2acf1495c7b241896e60bdb4419d8835b1de9c3e3e2950d
SHA512 9c940a64b0192b2cbfc402bd84a8e87e7d8e2360f44dc2b5d32ae1bdf80101fa8b861f3b731e8391245c592801637feacd179d6a103200b1c0b63b2f118600c5

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 6653aaf2bb9fe49d9e42a4f475fcb377
SHA1 4e85ca5cef799bc10ae0bf8b4cfaae9ee75e2546
SHA256 36b3655f43968d2d89235f56fedc039e66d7a4d4c1bb32c92c4c9f59d493d645
SHA512 d50526d0a3810d4ebab4a01c734279222842e9a5d2cf050d90360d979b35749997bc546121b4b3a53c03c4a269198729b4f2359f51487fb994585d53955a3a4b

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 f5341c752ff078b23763c800eda5300d
SHA1 2566fc0dc95ef7aa878134673584b5c29f047a25
SHA256 04add2f387effd9e3c96258e4b6357d724ee654650b410832b9460c41687eaf9
SHA512 84349eed39b41b930cc98df75e13f74535d4c9f10ad89da34c85d06a9817557c9aa2a5e6c1e2772f83a09ba897c2a55febeb5bc20fe1153f9ec279d4799f1550

/Library/osxmobiledata/com.apple.afsvcpd

MD5 79b108d4f5f66f8302590a93d1cd700b
SHA1 d1126db30d5cccb9e31e2e409b06b74acb36b8c4
SHA256 cd880d79dc3956749b0ca3c9bfa22f88e6db808a2d72e2cd908f898e769ebd87
SHA512 129af69df7b7d30884af5f4e28eb1ee487869cc9eeba9982da62638c88c0908c6d018b90cf647cb8a8ea2a1c857a8b04ba22f8c54ea5189e6a0fc9b02eb03867

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 e291bbe5f375675ddeaa80eb8a4f814c
SHA1 5338c4d856622eef1d5202687d8189db2ed03e28
SHA256 36602194db96228378d5420dbfba68b23413bc91dfa6b505a1b79eac4a448a6e
SHA512 83f0f9c2aa8a98fa145c90e30f806e4aa10fad24d9bb9ebe92f2624237c21eae4b6a3d61534316efcb0f65cef2c96f18278a5d90cb05debcec38eae2f482cf3d

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 e0701b7312fad4035702f96c1d7982dc
SHA1 463cbaaae487c007cebccc41dfbccf660e5b9f99
SHA256 c82721a4562251e64a82ac05db0c0b653a7b2d27c6e624131bcc120097aaec74
SHA512 31ade717b824f95e34ec335a07fd7e8cb6b653535c34122cb7d130a0f4bc9d1587093b018cd28f9b17587c23b274a2c5729f1e17b48269dd2df8eb3abbf0b875

/Library/osxmobiledata/com.apple.afsvcpd

MD5 618ba248a6f76ca85f5a251a2a15fb75
SHA1 bd961c12fb11329b4885f017d61bbf04b2980c56
SHA256 1434dc7a913320ff72c84ebbbb0edff32f252b780d0cb81a388858617cbeced6
SHA512 a4dc071cf4007599247298bcb0d25d6d416d1c87580a1e676484c731cb1ad21cc5d2e908533886b2d198c6b6dcc0aef3b6afad0064b7ba2b8ba00d22c348b785

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 923760c9bffb6eed4140a4b927f3b440
SHA1 2c4bdb8e1f8056ae722baf7b4336b22a2d1af3ad
SHA256 ae9206e97508bcb795f88763fb5051f15f1db402ed8aef3181c9f0ace0833aa5
SHA512 dd3f429e639cdee04e074a425d804d06f1b9d408b014c5c19ab62d987c63c7b7404412a57d8e0b11a0f7f6ffd857052ca1d8cde87919fa4ff06dab1df4a142d0

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 e77d3fde8fadda1ce550d11d5e6c95bf
SHA1 ad660129f2be830fb709db445a8511890cad472f
SHA256 892a3e17f93e5cad542818dc3e15664d749da11ac790e238245323956e9748e1
SHA512 b5b736f80d5f0440d6dc734feea297652bfcd382d274fcd9d4ccd753925e42ca45c59b97f53ac4d552a74149f811ccc2329f5708860047c2aab3712ca9acfb00

/Library/osxmobiledata/com.apple.afsvcpd

MD5 30dd1664da90d3b8d594fb952f09e2a4
SHA1 2d22633ef0b3d84e77b24969913cf338aff146be
SHA256 5dfb95cc4b4a9310196a5b1c270c90f9a2db22fd4fd3b3f8dd10d708a5d9dc6d
SHA512 62a09b976b720fbe59cecc79b0ed024260c998724248eaa91bfc5fe579628e0cfc8c4cf30a5b114151e074e0525e0a4139c118e799352308b7c8d0f5e7992a53

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 0c792fb6bfdff4f2284fd9ff7a840199
SHA1 62952010676d445207016c1efd46a52619be604d
SHA256 e996858fbe0f35996dd5579514ce4fb0fc48f453c4083868834ce347dbb90997
SHA512 1de7d9c61da2e8449df814618445735ef6359b6170bcb6874a53f3fa7e72765b95097780c0c500b2c19f861268c3e2deaaa755d7665ff58dd234f4b681a6f172

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 1939ccdc610dbcd4a050f5725a921a96
SHA1 a3f0c4e638661b5abc3e1c8aa31a4f6c8ea230aa
SHA256 672d99c8d101d448247bbe178d02e95421bd8097453a2af09190f024144fa0e3
SHA512 9772934117fd0aba11f1badd31f5059ab83100b9d0bc7c414fc44d76034791c7b4fb1d81a016f6c96929c075cc6c61e2df8d7b328effd20d2c413d7e271bbd3a

/Library/osxmobiledata/com.apple.afsvcpd

MD5 8d5899d28c52a60102901e55c5abc292
SHA1 798fdeee44d545dca9806180f2e8acd62eaa554a
SHA256 17180a5b74ddde5d46290fe267181cfe325139402af2bb7e4648c22ce496f882
SHA512 0b5b73094a210a53145f646d9ac5628c39b05202cafc879aeb16416b7ad768ac8f05295937cdcd84e202179955c28e411137751d2f9ca2c4cd8c2a12d90ac7cb

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 ef0da07a9e48ae998aa596a45055975a
SHA1 cdac4f5d41a95dcca09596c20dd5376d5042b758
SHA256 abbbf712fb56a590f6104327d842cef45d1f7961ac82781f6d0a94da1b107216
SHA512 3ef073c59e45b0b58a290ee99cbc4b510239f5f6b9d8730527f783fa761c2fb0f74f2c4f5ba9c3a3fd39fce43e37af058de3fbfb3e4f9d34c1a7e97c7ef26785

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 92a3ffcd63727dde0416bc0ff70a0d7d
SHA1 73a792513bc5ada207a3eea31091a05c30421120
SHA256 25246aa029611c5f3267d907dc315993749c02bd6f584b1f531d955c73efd5be
SHA512 9754532c478a5854e3f55344904bcc6bb67ebc2ddda074707f77eea1b1f8a31c3f8ff4fd54a9c909cf40d8dbd9c35d0677f453c2056b42f9e5dedfff78013fc9

/Library/osxmobiledata/com.apple.afsvcpd

MD5 00559011a83101bf7ce0cd640c96a4a0
SHA1 9dd3ac3901262a767a4e0b9a8c9792f7aac70c7b
SHA256 86193872a9516648798a3ed64a55967028deadbc9b95848c64b671c9608fa654
SHA512 d3e2b9515dde959981304c1860d97e6e93f63fc8c5f1b587d8549c75c6bea730ad8a7e5917849953e2122ca9b5abcdfcd7c2164552c7eafbb3dc1eab9afa1c8d

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 b7d5ca7f033a3af86a17fb5387206d33
SHA1 de64c76dd93b39af392591308792f870c2215f06
SHA256 496188e477db95f7cd63c91c2239ffcb8e086461072480385d32525c6078590b
SHA512 e64e24155fde4f447477c762a05e9eb0f1022824b71bfd43ea36778f1e77935cb926f7b786e35b30bd3810bf38a0255d63e23fe4bdb083d1c715f10ab285dfde

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 f04477eb6fe8a83f940c51acdb356892
SHA1 194050f388ab1dca49baff3aba40703c989c22ca
SHA256 b983843a45daf2bfb854853337674b567134bd5c29ef0ff9399c83ab8977ea77
SHA512 12cf88dd564684ddceae861dbb2de1bdbe4b893c1c0e08276080599cd26a32819d4b76bd41a5c0810e283d18da32ba54953d3954fb79dda2f33ae32ae638798f

/Library/osxmobiledata/com.apple.afsvcpd

MD5 ea44cc0616fb417ec7cb9a27d6cb4a39
SHA1 3ac84b131d05f586184d3df475fe502bca36ed96
SHA256 07cb88eba0760ac1104ea23b486898479dd0cc410b6eb0b29a6518e0e89e3759
SHA512 f1354b6f95561e4950acf838b0aed4ec9ccef1bae2bf88e693376fb77ecf5b5641a439c8b682bb098f9c9872fb1c3de2c0a9d0f59f81b8f9f03dc6d7655d2989

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 a8ee98ac6f8947da52276cb9b27aa0e0
SHA1 cf1f7805438922428ff0cf047a5fe2fabfc4a3f7
SHA256 bdfa44e47d773f4a510f2b68ff1218b3e54194e77ebab1b74252588b3a5556c2
SHA512 cdecc144ab9f6ea7d7998ef04d866a09a9f512fae3af611768313bcc9ef277e66fd45a5cd7f50c2785ce51c8a867567bd0a610ea3b982a39c5398c1fad4540a4

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 5a7e792b5a31a0fd41fb591fb8978018
SHA1 a0966004e2a7723df81a5fc89f8ab6f553bb5ac7
SHA256 e89236a9769a0509fdf2ece252141c4fe8a40ebcacc413c15a5880cc9757271b
SHA512 467f041792369e8446a0bcc9a25a13068ec421cf86ac2c6952cc3a3d22066519691d2ea3de7afa6c89cf07ba73a4304e14776025fc42cc20c4986fb610a04232

/Library/osxmobiledata/com.apple.afsvcpd

MD5 16e23309212da066cb8a05980865d9f0
SHA1 aa561384ce88a0c997df07ce944979672f51dd57
SHA256 b791c05ecc86aa731f707375db3b2542e949245fe24e9deec4916d25ca26a48e
SHA512 6d132828bd45989615f0a9c566db803c6784c5d431a46b1286767d1d86e85b62e680fd8a76d7c27dd058399165da7e6a715f3fb44061d45cc1274f3e1436cec3

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 c27ee92c8bdfc0c0b9381441fb9a1a03
SHA1 75fcbf13fd1ee7644ec725233317454137d46d15
SHA256 39afc227c634040ec6420fe8c1c88603c388af373b706a60937075ea6643a9a9
SHA512 7577a279429d587eb830591387bcbbc74b2359e70f427496bbf9b177cee24b2d5fe801ff9a63a22b07ef860fa3d7536262d95619b829a31ea5734c6ddd242d2f

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 45bb8675d395b50dc531c00fe4f6c26d
SHA1 fa3e9efef4f86a33d87d71604bfd2b11ad9a27bc
SHA256 ca87b5950e7f88a1fa9132ffba95ebfad60c7677cb00a8592633f6907d10d232
SHA512 d31a176953589d6308ec192190f26988be84a87300b3b89f4e00d19fe8fb6189be16740863b511c63d06c94c8e8d4a693bba1a52ae3c0f85a995a840b84ea120

/Library/osxmobiledata/com.apple.afsvcpd

MD5 4205826585e9d85f9cd4e722a4e828f4
SHA1 781c21058af7471ce06b8dcb7479447f21248c71
SHA256 c34cda14b1f0356f55c4fae08ce5741678f1e60c04579b0cba45c6a347fb59df
SHA512 d9c44b039c04ae88e6908fd128437b8678ab64aa9f68915136e9117c5b677b90aa903c24c522017ef24b44e7cda06707e5c948854a52cd014c3348de7427e85d

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 14ddb00e659eabb6edd4a81b140acb23
SHA1 7bcc99479e3948e76178f9e0f8c5f2eb92e5b3d6
SHA256 9270ffd08fc815f1e9be96fd14aa94b5eb1d83af3c398e87118174b69d5489a1
SHA512 890713a21dbd0b93028669240fb5777a7ba577edba4148dbc33378cb19c50d1415a30ae277a830e92460034adff84622a035bb167e162992836f7d7862c22294

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 177954c1a3d3bd710ade31a22d0b7e9f
SHA1 b92d5ea6a4b7cbfa1531e915258a9c78fbe8a359
SHA256 89db685ddea9584a720cab3b689ee8e226bdbdc3c9d6c11feba8f34e6d388116
SHA512 1e5504c406ae20e14fa4489050dbb3c42147425b21b0c95f5899243e51ecf6a44dd352e0a5f5323cc1ded1e0cd04b4dbfd1821b7c929eae3ccf60549cfdd8d58

/Library/osxmobiledata/com.apple.afsvcpd

MD5 5433de1a56de5b9c5592ba53e02400d9
SHA1 aa5b3f9c02c4788ec4bd6cbae5eadb08befc19d3
SHA256 b1609ab7aa4f47aab38f8bcfd971bdd5a30d204ef91827edf4f2310e2495f5b2
SHA512 c346a6281f759325585bca50394606e5f15dc1187a94c25dcf6c58cd771134b88a3ffce9ee69ba9dd340bee21c31a3d04e275e5fcc40255167c70ef8c43323d6

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 bef262891e06ca200de9ec49eb4fd076
SHA1 00ac41ff66316d8a38b0c3182edc2647b4990fec
SHA256 3185a6a7a7356906d695f652d8c9981492cae2205265a501a7473755e10e83b1
SHA512 5b232f3958db420b5e27918b4c67655e6c076df0aa3c2a2e4731541bf85c7ef33ed8528627b300e7bbfde3b8817ed4d71a40b99c58c911db499f4273ee8d4ff5

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 a6522c5e57802541ef638c083241a07c
SHA1 4d2a4994b5af847289c53d4131529b15a7aff11e
SHA256 1253b8b8887223f6a8ec9103c7524a81aa2f89a15383358c16ef61a8b45e17cb
SHA512 1e2c2791815e69804581b9a2d8f5f549c3297342d48a6ec3f4bbe1b51c2ff17f32492223ef63911b44e5b16b8a4d62f715a0de8acadb7f404721b80282827704

/Library/osxmobiledata/com.apple.afsvcpd

MD5 9baf4d9250a0a61bfb1edb6ff03d457e
SHA1 17aafacfb45c3fa6b3dae9b174bf30ff06826399
SHA256 686c13d25d6a46b89934f20890f88df72cb4319e8192e81f3cfb314921d1841f
SHA512 becb233ecb67f118e93d0dd14b7f82936676236f7bf5e0808f6e97a40bfa084e740e1c91201a747862ee9447de9022521c8eb543f51ef264ea0c96d584fe8f74

/Library/Application Support/CrashReporter/com.apple.afsvcpd_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 1c599fa7bdbe9b0fa8c277fc907788fe
SHA1 5d5125cdc108a75c4ec52cb532d16639cb72e12e
SHA256 9d34eb1965cdb420b2f088c08a3be178a02054139a2fa972f9b091dfe5f02f0d
SHA512 8e3da63486208d4487d14bc010597c4151e593007cf03c4ed8ea9184f3c54b15c2db5680ba8564d24a396233e1407fdaeb5e79f2744e097f6491e3c8e55750ac

/Library/Application Support/CrashReporter/sudo_C589348B-0863-5695-96A0-3DAE1B1C0B90.plist

MD5 49cae714bee684bd6a5d4f38da75e5ef
SHA1 6c59baab44ff7f7a96878f9b8d607d026e9aab7f
SHA256 3241a0ac1c00dda05137569d79ebcb3a54f92989cfff35fd0723a82e2168f3ff
SHA512 cc71221d015e069e4b3badfdc79e6f31292b815a5ec00861632fccac146de64ac55139d60ce1159f053f833b712ddd72948055c316ed228923efadb0c08ab11b