evilquest | 092681010fbf6c1e9de789b513ea8194c18b5017de49f1fe62a4e3109c62f03a

Analysis

max time kernel
148s
max time network
152s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
26-04-2024 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

004f32f06ebfcfee51eeefb49a659c87_JaffaCakes118
Size

168KB
MD5

004f32f06ebfcfee51eeefb49a659c87
SHA1

8a89f63e9749eacec648753e9fa9f789bccdb6be
SHA256

092681010fbf6c1e9de789b513ea8194c18b5017de49f1fe62a4e3109c62f03a
SHA512

31cfb4bee2a352c74fa16b116bd2218e40e27ef3416494b7b2fa49db54035987c998e40ea8271c6b69cdcd096d3b62b92ea791a8646a4aedbdfcddddca50118c
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9BY0:5SeOQdaZNxtk8cqhSxvHY9B

Score

10^/10

evilquest backdoor evasion execution persistence

Malware Config

Signatures

EvilQuest
EvilQuest family.
backdoor evilquest

EvilQuest payload 14 IoCs

Processes:

resource	yara_rule
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest

Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
persistence

Launch Agent
T1543.001

AppleScript 1 TTPs 2 IoCs

AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.

execution

AppleScript

T1059.002

Processes:

ioc	process
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"

Resource Forking 1 TTPs 1 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
evasion

Resource Forking
T1564.009

Processes:

ioc process

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

ioc	process
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

Launchctl 1 TTPs 4 IoCs

Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.

execution

Launchctl

T1569.001

Processes:

ioc	process
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/004f32f06ebfcfee51eeefb49a659c87_JaffaCakes118\""
1⤵
PID:518

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/004f32f06ebfcfee51eeefb49a659c87_JaffaCakes118\""
1⤵
PID:518

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/004f32f06ebfcfee51eeefb49a659c87_JaffaCakes118
1⤵
PID:518

/bin/zsh
/bin/zsh -c /Users/run/004f32f06ebfcfee51eeefb49a659c87_JaffaCakes118
2⤵
PID:521

/Users/run/004f32f06ebfcfee51eeefb49a659c87_JaffaCakes118
/Users/run/004f32f06ebfcfee51eeefb49a659c87_JaffaCakes118
2⤵
PID:521

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:522

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:522

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:522

/usr/libexec/dmd
/usr/libexec/dmd
1⤵
PID:499

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:541

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:541

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:547

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:547

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authtrampoline
1⤵
PID:548

/System/Library/Frameworks/Security.framework/authtrampoline
/System/Library/Frameworks/Security.framework/authtrampoline
1⤵
PID:548

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:549

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:549

/bin/launchctl
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:550

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:550

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:551

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:551

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.security.cloudkeychainproxy3
1⤵
PID:554

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:556

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:561

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:561

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:562

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:562

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:563

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:564

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:566

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:569

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:569

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:570

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:570

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:570

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.assistantd
1⤵
PID:573

/usr/libexec/xpcproxy
xpcproxy com.apple.nehelper
1⤵
PID:574

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
1⤵
PID:573

/usr/libexec/nehelper
/usr/libexec/nehelper
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:575

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:579

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:582

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:584

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:584

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:585

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:588

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:588

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:590

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:590

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:592

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:592

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:593

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:593

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:593

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:597

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:597

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:598

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:598

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:598

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:599

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:599

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:600

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:600

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:600

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:601

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:601

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:602

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:602

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:602

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:603

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:604

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:605

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:605

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:606

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:606

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:606

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:607

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:607

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:608

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:608

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:608

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:617

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:617

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:618

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:618

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:618

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:619

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:619

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:620

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:620

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:620

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:621

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:621

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:622

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:622

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:623

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:623

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:624

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:624

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:625

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:625

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:625

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:628

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:628

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:629

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:629

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:629

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

AppleScript

T1059.002

System Services

T1569

Launchctl

T1569.001

Persistence

Create or Modify System Process

T1543

Launch Agent

T1543.001

Privilege Escalation

Create or Modify System Process

T1543

Launch Agent

T1543.001

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
b22e60ee2ed9fbb7e946412f31e6c045

SHA1
f5d1be0ede4a0795d7479e7cd6cfc84b939bfaf5

SHA256
a40b20d10a483e78bfe8ff0ff9b4d57ca88a779b338bbfa586eed05716854cae

SHA512
c0e70a9f4a357a02f5d416027b46b8692babf315e5ba26520d991339964aa70f84485167d12af017e7512d4578f79785dfacacf4a0da73514e665e9785eb9568

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
33fd247d362082176b3923d399eda37b

SHA1
d7be215daedce557e9a9678ae3080c1b874c625e

SHA256
24261aede1c04eecbec5766cdeb3d46689c8df711a3ab7d043612d04b98d52f5

SHA512
81652aaae57031c33de7d97b72cb0be82ba0e14c113fc9d7d8d5906ece6238165595113c3dccb21d9d1831783c597421f41307292e178bd34e2e2bfa90c37e08

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
d4a33f01e4200d85232b1a694e508880

SHA1
0ce0a3a927dcf8812733af9b1ae9a252eb6de071

SHA256
abe5eff9fa1a9c72448f0a48d6e23d5f193129fd29f8bd281931181d49007a0d

SHA512
0a7896c06551cd34dfcf40c7d877a0b9c7e53ef1a33e3578ef75b86c379ead5ebe2d262038af4e5cba13f625be96bd336dd85889cea1c42acecee0b03e996791

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
06bcbaaa71299930f1a31550bf2cce64

SHA1
80f9c3d21589df5eab65381eb4d7543bbafe697f

SHA256
03de404f2549f4d5209aed05f375bc364954c20f2855e0a9f011d9dcd5e6102b

SHA512
2ab2deaa604e37346089aa9d42f96338c9b217b11bb260236e21e40e16091a85f5aae13a0d6ed0ba928f437ce4f5039208723d5a4c4918c6d7458c6102d4c2fa

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
35deb7e68c122b362a6ee50ace07ff9e

SHA1
336134746ba6b542ade57a54bbc33481def35290

SHA256
7c4c8a5ada33090fa039ffba536d110531bba97097170a658a5d245b885eb3db

SHA512
e304deb4cb7e1271653c78ef10b031f361717ef30cc30746fb071a4591257d5ca0771b6169561fce5516e6829fbeddc1073d99a9eb6a6d80fa220dd00af784b6

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
613c54281e2284106b368a2774901fe3

SHA1
038c934ac76e24fbda83352795b26b8eb999446c

SHA256
54368562587aa73a3fe8875c0cfa9badda40d79d91e54239eceb1d85cdb72a40

SHA512
6f6a7a484bd3bffb6ebdd7d4e15eefec2111cfbee35d9b7535d407b85b34550300679696893b7626223f8e1dc3bdaab9d46718df3cc1a741e74add247a1dec1f

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
fc4c82fdec9c58fe223b2538c0032505

SHA1
015148298ca2d23569adec8ef807a3a6d7aa988a

SHA256
f28a7ea586450065c734a7d77164b5145cd3656dcf4f08762fc34484db9af899

SHA512
7d4227ab36b14036e88f775f39ea408cd977cb36dc54b5310c3ca5cf5d555d8fc71f19e8a7ed6a3005a5929f2cd2f12348dac1c37548bc03d93f52265a0259c1

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
c13e98cf9dfcb98c4a7cd9d693c18296

SHA1
e56714167b8f83d61e88781e48cd462cde37a5bb

SHA256
2a93e3112cf2fd108dae4ec4fdc061a7118b8b9b27a591e207f9429e26d13995

SHA512
753bba58af2bec46f68e41972e3b83a0d76d5214ab28c64258e9a9fa18d2ef2f5ce0da93b49c4ad921ef7cc4310daa7ee4f94926268b73b5c2c21cbc0e05943f

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
9574126fd347d75c26b1da60d79377b2

SHA1
bbe73373347452c294c02373d03998380594d2bf

SHA256
e77445144fbed96beb4fcedd2dc332ae69dc0643e62b06724767c2686d6e16d9

SHA512
0e357816aa15eb0191d901fae3a835f5c96cfe0412616475bfe22caf29c5991a93961a9947a0f68dfb5f6c33f1dc3449a6c625ecc31cec5109098ed0261e3857

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
70ff6b55069965a1d38d19899eadcfc0

SHA1
b1f8e567b27efc321ae9d40d573740d20a49c6ac

SHA256
fc75c2dc6337ca39982fbb7f72b34490f6a2550c85452ea8b5c49d1c92f23a8e

SHA512
ff9bfd1bd11057ebd80b057e9f295ffea73b7bce933b95d5a6782fd7d91411ffb9dc730f495631d1d3fe50e2d7317ff13bcbd30ca76186b6ec61f78a328179dc

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
48954ba83ac0683593c6210df99bba59

SHA1
f59f94d82c6131442f2a11229e8b3c1520a9ccf9

SHA256
d67cc4bfc5a05404272c32b6a0f9d1ae7e08e583b9e130199a70b3df8159f558

SHA512
597d3e733ffef0e65daadb8c638b531b0209ed1aa361cc071ed3aea6721bf02294a9dac3bc1a6a7001eb768c22776067b3fa25957477007273bbec0492c566a2

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
149343f2587839d961dea84e52fed1c9

SHA1
6703e62171d93f37a0c446e328e3a30b98c63dac

SHA256
aaa88ae82b6ec69361d01071e8d666f97c98f6416f337f8feacca63442bf3e41

SHA512
4e5a7e2d1d987892d1cde46332d93224837f30256af6f17d1fc5b444cdaac9c458ebc3ebca4ad85082fcac9122c88d8f30172005ceb8c6d54b756633b9b88624

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize
156B

MD5
e28ac6443c22f46c3138b304a930ce71

SHA1
a4dd80ec4706e8cb16abe4d9c6ac4e881cd6f50e

SHA256
808aad1b25ff3fa61371c2deae94c713f79dd2f8a2126e9a59cf476c0c8392c8

SHA512
83f1deaa6887ff459d888eff118516de1ef6295326e6f2822080ae5118385d394e88c63fbb77f4f9104997e755da3dbdfc85f238c0a07118bce23584346676a6

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist
Filesize
42B

MD5
ce7f5b3d4bfc7b4b0da6a06dccc515f2

SHA1
ce657a52a052a3aaf534ecfbf7cbdde4ee334c10

SHA256
9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1

SHA512
db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist
Filesize
106B

MD5
a60a7bcfc47eacaa66e5e3d701d3ba80

SHA1
7093ffc5beca33187c18461c7ff3259a1781ae35

SHA256
17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468

SHA512
58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist
Filesize
147B

MD5
a6ed424e1135465fac072dc8c30be6a0

SHA1
8cb5811cfe6611074f7e01b8b9a533aa7bed4432

SHA256
c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc

SHA512
d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist
Filesize
167B

MD5
54ac2dfc3277cc71d095814696c9d295

SHA1
8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893

SHA256
c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da

SHA512
9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
Filesize
124KB

MD5
e4ca34864b40a6ac56e21d94b0568166

SHA1
728ff304513dd7922c38d297b4ab407db4516c73

SHA256
70df047f6083da166369d3325af362c14dcf4ec6597e2908b56c4432dbf219a8

SHA512
02147cc9468dd429fc31c060ad550369b9027602a0287f57a2f2b0f91c8c750204470c0241880c5b4f1ffae0c1ae4841544b27c4c02dc7014cc9f5dc766daf05

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
feb2dc7a0c9d6dfc133451e970adf96a

SHA1
823216f8f13cbffdaefe116779dbf432ec4cf602

SHA256
fba7bcffcbf29f0d2d65e54c7d91e3232b92818459f195ac0c2d119f720c7acc

SHA512
e2d593d93edff2a84d68164abe8dd1aa3dcbb47660a9c23f1fd425f9793e6457da83392f2a5e53ab362dca76af8cce737c1cd2d33af6be6f189e133be62223c1

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
a46d79501fff14e7c869566845b5d0f0

SHA1
88711ab807e47a5a7c7b6017199a89993ee2e34b

SHA256
36953efbd1303b9d6c2b8b900be99dd08991e39f551c8a21e3907ce74769fc79

SHA512
3edd8559a756e3cb0cdc34e54bff07f99323ad564d36481dd0a9d6ff0c8790c1cda120566cae521641a211d923ecc34e292ebcf362836182030cb3894596f89f

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
4e96e721188f233aaad56438ac2cf1a1

SHA1
b965ef190218455e45f5864cb9e84fb2383bf4b1

SHA256
3cbf626fd8200c7c7ee072c971113b90ce833590ebf3ad5ac2246a4c47a9db7d

SHA512
a9e3b11ff4493cd8d7436d7e3601efdaed9f2d6a69cab1918fc106c2328aa1d85cdb6ada9b77e3fddf10d773441e1de8b88fe02188e5ded1e89627fcbe712bd4

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
e7182bae04d2e273308f5e4925cc571f

SHA1
3055299af3aa22146823b9dba5bf199653c2c264

SHA256
14d4d5a45a5ca0f278b64ddb6f05a2d449c0b7f81de3a489610ccf89317e166e

SHA512
52ce3065840246d7d7b6ee716c386230d6db85ce71f0d91ed3ff65a87d000d72b16da85719b7eadaf4b9cf2cb87e56b04f53643a54797baaa80f49a7870f2648

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
2a943d8fefc951f8ea4a790b3138d4f2

SHA1
b7a2f046c5904510ce2061a7347e5460748b7513

SHA256
e53bb39f22b16171a17e7895c7b67a4465d6c8640e8f2ece927e63205cbb2611

SHA512
7ad0b05939213bde53865a1783e7c39ca6a800e450858df18ccf35fbe539dc9f33c3a36871053bbf8dbedb9656554bb36b45147e0a6145403518a374b0ed00ba

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
e21f2b8c7cf7ceddb77324c639f3b638

SHA1
14e967b54dd721e7ed9f7ff61cfa1c120d5c9855

SHA256
26574b63ec764fe05a1a003a4229413e61f5807791af718bee4b74cae0f5b270

SHA512
e3ecc6fdd2d6b90539a224fe9f83f8ca5e41415da2962921dabb96e2e4321b0ccbb035ffe41398de262eceb6acdd9355b7ab126c1d16756494940c4bded2bea3

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
4ef6018850a9d1020846a6acc83bcb75

SHA1
25fc1c9d75c5370556a016470a1c31d35c3c3746

SHA256
393bdb00615f92167fc53a0688dba004492148544d4304621cd3134dd2b93e2d

SHA512
a4e727b4904e4fdd629ba489061c15d1a8b60cd4eb5167f75eecd1a6d8f83cb95929ec85ca15f9c84f6ec21c6ec5d39a6e21067a8401cbba94936ac5569c30db

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
bff7988b53f75435638fe599eed9a9c6

SHA1
c162eccc1f35bd4165732c77ff2dcb908df080b1

SHA256
a52ebc8e45519e1bef06f7a9b40e52b3da24ddb0a7558b6dada9c0948aa7c614

SHA512
84739e3494fed2d34cfbd7219ea8d386f6bc2eb59122889a3dee2c5d251184c8cc81bf3d4339f20ccdabd896c5896c5b6cf199ef710620f4de411e2be203acf5

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
d08dac437cd936a6546bfc9d55e95abb

SHA1
c8a8f5d515cf07f5b49d15120b8e2cb8032851bb

SHA256
ba12afcd6f09fdf84aedbc9f2475b70ba70175fffa664968be8e724fcd68ae5f

SHA512
7098f49d1c56400322e1930fd890a84532e0c711f6cb980a2a87df94e0ea7a388a0ebfd1fc0aa0918e806dc8162f80adcd8aac9914e988f366bf3a3346c1e49d

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
2dea6e076be799bdd2b59e3a7dd3fc7d

SHA1
77d9557249a7e374250ca1914a89064313cf89ab

SHA256
22a983efac8977e2e3a7d7b969abe2d9a367e89b79df8ab6e36a0fab3a9f968c

SHA512
038d5013a93a4c555fcf1ab06953bdb8bb889bcf16dde544c9ce291c4e51bdf61bceed4c27d7a03e36305b6f18be6d98c27c9498f239eec50acd6177b9e915ac

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
bce2a2f99d6f6b46c0d428fdba5b50cf

SHA1
00d29fb8cc8a5e2dcfeebcb9cf1a060605acef82

SHA256
6e6c46dc108ccd9f0168ad72cd1509cc28fe22717639e97e8c0a8215be0236ea

SHA512
c09a73a5980628f9e00efcc243330b35f82aab1fdc4c0fa2065e437b5909be59ad9f036e3bf545ae7479d37f06d5c7bdd2645fd53d8a41b7b9a293bbdbf9ae9b

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
514408254ad1d0aa14ee277d52ef700b

SHA1
e833fe8c8a85d10668ac59bafd0aab6252b2a53c

SHA256
c59c978fca1de9e6bcd0d6d09c62ace0f3bb32526d8866b38b5cd95b5681efe0

SHA512
ec0ed65509f25f30a69553b1b8817aea845c622afdca23b7f2c778efc6b7ae69fdd1d0ffa3b932afff28158e86ac42261c14477da79ed9de6bd79a7b14867579

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
6d71fc9e598b8f77b178956fcc0b9b99

SHA1
e3ff77b998596fe1d953069c2695a776cc529da1

SHA256
16499da8eec19e317709ed864fbc0cc904ead175e96e533f7dc0bedd46097216

SHA512
ef5584fe0437e4475c94ea5255f544bb84192a8e0ce8b5ce9252acd903579cd4799a52967172855055c0035309ff90c648842e7063d3d01569f4cd48d23a6085

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd
Filesize
168KB

MD5
a0b193dbba402de305676f6da69997ea

SHA1
c83dcdea7f2aaa71a1b797bde76eaa44a63f56be

SHA256
182c1742c730f3c9917dd8b571e59a8f5f16c856e297d03cc8db72887bf4460e

SHA512
3e4236a25ebcbb6e1e90d8cda3e7add730c9558733475499324a61bb032418f4e17b0952525185dda2b506ca518e3a92097e3b9fd2d66f00c69381d6c6113892

Download Submit
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1269.xml
Filesize
167KB

MD5
a645869f7bf432953f0292ca5fd17ad8

SHA1
9063c8541f8d4d81d301df8b359a30071d42b119

SHA256
04daf260c11cd34cd84f42fb5a47f1d5717d0b2f62b236826d7c3a6f0a1c9db9

SHA512
6449c45cd990750cf88cbf75b3320e6d972ba1b10dd8bb23835e1d298efb0b5d50399ad2c4be9d3d068619d645e544afc3245c66630da1878c8688811e76fca4

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit