Analysis
-
max time kernel
150s -
max time network
138s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
27-04-2024 13:26
Behavioral task
behavioral1
Sample
0357e11dd1b803758eeed5a7e70543ac_JaffaCakes118
Resource
macos-20240410-en
General
-
Target
0357e11dd1b803758eeed5a7e70543ac_JaffaCakes118
-
Size
168KB
-
MD5
0357e11dd1b803758eeed5a7e70543ac
-
SHA1
d049ca913035dab2a74fc55bf5ce2da6395cb363
-
SHA256
40997add87576eb71c90c70be76b613e1d529fe8c96b8c3e3c3ff70139fe5a71
-
SHA512
9063f2a3a51b5cf0c31be21590891663e38a8f895729f618dd31f13394870509ee431e9ca294deb0a3748933a7c2956ccde7c01178e5b8754d46a97b6d556069
-
SSDEEP
3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq9ji40:5SeOQdaZNxtk8cqhSxvHY9
Malware Config
Signatures
-
EvilQuest payload 16 IoCs
resource yara_rule behavioral1/files/0x000000030008ad9e-0.dat family_evilquest behavioral1/files/0x000000030008ae04-3.dat family_evilquest behavioral1/files/0x000000030008ae04-6.dat family_evilquest behavioral1/files/0x000000030008ae04-15.dat family_evilquest behavioral1/files/0x000000030008ae04-22.dat family_evilquest behavioral1/files/0x000000030008ae04-27.dat family_evilquest behavioral1/files/0x000000030008ae04-32.dat family_evilquest behavioral1/files/0x000000030008ae04-37.dat family_evilquest behavioral1/files/0x000000030008ae04-42.dat family_evilquest behavioral1/files/0x000000030008ae04-47.dat family_evilquest behavioral1/files/0x000000030008ae04-52.dat family_evilquest behavioral1/files/0x000000030008ae04-57.dat family_evilquest behavioral1/files/0x000000030008ae04-62.dat family_evilquest behavioral1/files/0x000000030008ae04-67.dat family_evilquest behavioral1/files/0x000000030008ae04-72.dat family_evilquest behavioral1/files/0x000000030008ae04-78.dat family_evilquest -
Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
-
Launch Daemon 1 TTPs
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
-
AppleScript 1 TTPs 8 IoCs
AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.
ioc Process osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found -
Resource Forking 1 TTPs 1 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
ioc Process /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy Process not Found -
Launchctl 1 TTPs 16 IoCs
Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.
ioc Process launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist Process not Found osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist Process not Found osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist Process not Found /bin/sh -c "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" Process not Found osascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist Process not Found /bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found /bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist" Process not Found /bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist" Process not Found osascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found sh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\"" Process not Found
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/0357e11dd1b803758eeed5a7e70543ac_JaffaCakes118\""1⤵PID:565
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/0357e11dd1b803758eeed5a7e70543ac_JaffaCakes118\""1⤵PID:565
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/0357e11dd1b803758eeed5a7e70543ac_JaffaCakes1181⤵PID:565
-
/bin/zsh/bin/zsh -c /Users/run/0357e11dd1b803758eeed5a7e70543ac_JaffaCakes1182⤵PID:566
-
-
/Users/run/0357e11dd1b803758eeed5a7e70543ac_JaffaCakes118/Users/run/0357e11dd1b803758eeed5a7e70543ac_JaffaCakes1182⤵PID:566
-
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:567
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:567
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:567
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵PID:571
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵PID:571
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:592
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:592
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:592
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.authtrampoline1⤵PID:593
-
/System/Library/Frameworks/Security.framework/authtrampoline/System/Library/Frameworks/Security.framework/authtrampoline1⤵PID:593
-
/bin/sh/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:594
-
/bin/bash/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:594
-
/bin/launchctllaunchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:594
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:595
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:595
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:596
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:596
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:596
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:597
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:597
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:597
-
/bin/sh/bin/sh -c "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:598
-
/bin/bash/bin/sh -c "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"1⤵PID:598
-
/bin/launchctllaunchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist1⤵PID:598
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:599
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:599
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:599
-
/bin/sh/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:600
-
/bin/bash/bin/sh -c "launchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:600
-
/bin/launchctllaunchctl load -w /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵PID:600
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:601
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\\\" with administrator privileges\""1⤵PID:601
-
/usr/bin/osascriptosascript -e "do shell script \"launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist\" with administrator privileges"1⤵PID:601
-
/bin/sh/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:602
-
/bin/bash/bin/sh -c "launchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist"1⤵PID:602
-
/bin/launchctllaunchctl start /Library/LaunchDaemons/com.apple.afsvcpd.plist1⤵PID:602
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash1⤵PID:603
-
/System/Library/CoreServices/ReportCrash/System/Library/CoreServices/ReportCrash agent1⤵PID:603
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.cloudkeychainproxy31⤵PID:605
-
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy1⤵PID:605
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash.Root1⤵PID:607
-
/System/Library/CoreServices/ReportCrash/System/Library/CoreServices/ReportCrash daemon1⤵PID:607
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:608
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:608
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:609
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:609
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:609
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵PID:617
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵PID:617
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵PID:618
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵PID:618
-
/usr/libexec/xpcproxyxpcproxy com.apple.secinitd1⤵PID:619
-
/usr/libexec/secinitd/usr/libexec/secinitd1⤵PID:619
-
/usr/libexec/xpcproxyxpcproxy com.apple.AddressBook.ContactsAccountsService1⤵PID:621
-
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService1⤵PID:621
-
/usr/libexec/xpcproxyxpcproxy com.apple.suggestd1⤵PID:622
-
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd1⤵PID:622
-
/usr/libexec/xpcproxyxpcproxy com.apple.knowledge-agent1⤵PID:623
-
/usr/libexec/knowledge-agent/usr/libexec/knowledge-agent1⤵PID:623
-
/usr/libexec/xpcproxyxpcproxy com.apple.routined1⤵PID:624
-
/usr/libexec/routined/usr/libexec/routined LAUNCHED_BY_LAUNCHD1⤵PID:624
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:625
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:625
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.mapspushd1⤵PID:627
-
/System/Library/CoreServices/mapspushd/System/Library/CoreServices/mapspushd1⤵PID:627
-
/usr/libexec/xpcproxyxpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A1⤵PID:628
-
/usr/libexec/neagent/usr/libexec/neagent1⤵PID:628
-
/usr/libexec/xpcproxyxpcproxy com.apple.siri.context.service1⤵PID:629
-
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService1⤵PID:629
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:630
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:630
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:630
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:632
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:632
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:633
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:633
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:633
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:639
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:639
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:641
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:641
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:641
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:642
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:642
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:643
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:643
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:643
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:645
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:645
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:646
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:646
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:646
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:647
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:647
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:648
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:648
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:648
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵PID:649
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵PID:649
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:650
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:650
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:651
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:651
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:651
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:652
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:652
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:653
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:653
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:653
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:662
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:662
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:663
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:663
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:663
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:664
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:664
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:665
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:665
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:665
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:666
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:666
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:667
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:667
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:667
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:668
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:668
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:669
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:669
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:669
-
/usr/libexec/xpcproxyxpcproxy afsvcpd1⤵PID:670
-
/Users/run/Library/osxmobiledata/com.apple.afsvcpd/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent1⤵PID:670
-
/bin/shsh -c "sysctl -n hw.ncpu"1⤵PID:671
-
/bin/bashsh -c "sysctl -n hw.ncpu"1⤵PID:671
-
/usr/sbin/sysctlsysctl -n hw.ncpu1⤵PID:671
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD577eecb5d1bdde1d8a01e6dd78fb5fb94
SHA1197ee8306513d2b1dcb8ad91d529579813847c92
SHA256196025c779f53abfc6cec5134d95af59f7ec8fc651795f217b7f07f7d787a6d4
SHA51292dc9298d233c6ea4971e1858312bfc706953e0a52f37e230d3871920e3a66e052892262d1b085845a126148e7c7812bb20c8e9870695a0b1f4cc4bde5f382d6
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD55ab8e03f07fe01385679639134def00b
SHA196905b6ea53ee99a462c4b880beb2e69ddac1037
SHA256d5634edfb08b4fc5fb3e3ac51c5d78b8156e289edb57e572eec2634363438f16
SHA512930d9df78142a955d35009ab96ec59bc84897e265c39e4ee6bceeeab764e6552b80e2d3cd6e62f0cd0c1eb3d9f1e5fca6410cf2f497620d451832ae6c26475f9
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD538b107a5f1312f2a657acea405de0068
SHA1aedc047fd5c29d7b8d2868303617c57da0d0d3b8
SHA256617be24614d384b54c937f4c823379733cdb16f0830b0bd8d13c046f0f854550
SHA512b489438b10588f8c238650e7a622a3fe5e9ee0b06d5b0589884b35733146c57ce910c8f582602c16737ad4d9ca0ad000e14d2bb9f31f90d22c0b40b7d9a0d77d
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD535f9137feb7e50f5297f82419fd8ff8c
SHA1ffaa031517f072661e828f0c5fae4cfb189736f3
SHA256d375891e627c1682680d63bd3b87c1097fc7021da4d324c783c6bee72d5b1047
SHA512926072e8fdcafcef3cc12c5e6cf70ad66c0d61a94c2d43ded599a1769754f10e6bc61557c87153c10824b14c49e52d714a4c2fe44d5e424428c489ac01c835a2
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD522f5db365e39566cb965fb29a7e5c4ab
SHA1e153f7f0037c9a0641194745cd3e37b61f1322b2
SHA256fbdbe0223772635267c847c6ec0ada8fecba2b3a241d70e149a0a289e799e45a
SHA5122700493fa3add6fafa298d9bd412fc8810e65e8699bd12c79b41adff53f27bf0fd0668a476e5b5465d55edeb0fb9074717d144bc70667ed976a9dd36de65de39
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD5e2689dff5aee45fa693b832e30f37047
SHA151709a93532414433bdeaea710df62d1de3b26f2
SHA2565f9d33d1ab9c55a7b847d7a24c2a1266168e80375ebbeda3a037b48e1e704899
SHA512fab494375e42bfe8b9a650e7de610df7a4350856f176ec327da5d90349e62e01d14fd2cb12228f5f606fc115fc65200b6e814a76aca90ab37646009f9150ca13
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD557ff323114544ece7b142ac0e3724c17
SHA1f8f361bbab253c8022d8e20beff3baddc41806eb
SHA256704c1fa3526262de31d28a7393d62f04608e9344689bc5daf42902241a210319
SHA51235f9624117dd75c28b3da16708ecb3a229670b32c4491fc7654f9cb4f6fa326d45807136c87c5028cd717d2c4a1e1b75e26c32edd44aa7c5afeeaa5f009569e3
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD5a7538b5d61929ea484094292ea21a505
SHA105582984af418346be6f5cac45ec3c5ee089939f
SHA256f120f5b405064e5a762682729b478459756b240042c19ed98bdd23af66d0d487
SHA5121f71c197521c07b610a98b5ff88bb812afef17529e3f81da6c15e997f8f6346ed821e193f0263ffd6973b4d45bedced861e69f62938bd5879c3ccfe862451d27
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD5dd47649af622c7b6316431059704d30f
SHA18afbc838d80a78278d43c920f1066096d9ead5c3
SHA2565ebce3a1e1397fed2cb56d4a7c0899919334391ff1fc1954ecd54e217c7964b3
SHA5129c64e4ce214ce92255c8dd042e5128e341469a9d2bcc07da41ad1ad64a9d9f7f5897fb0d02a1ea537f636032f3ce49419aa9b369a21cb043a67722422bae91bb
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD58265d680ab3a06ce80a639df1b36badf
SHA157334621b29f6d2ad889bfe8826e576f581433d5
SHA256401807cafdcbed9727e5a3b404be320a65df96d00602fd28ced220709717a727
SHA5126225c33833fa4e1377ba08ceab73096674629027608f34b8511997f63671dfc26b8eaa734111828a28bce1e3de61e5dfecde3c0d7b822f6082bedfb0fc4dc500
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD59b14469b2b0a57f34abd4cf7c940f233
SHA1db077c2cd2644c03d23f7b8fa1d31b12c2bf8c5f
SHA2564edf0b784b8142c5b5481167664dd47f327a237ff725c5e97acf2e821082b035
SHA51268fc229ef3948b21b9412e333fe1ce3211dac3bd9e4700cf2ee1a05d609c0947b58473bad2801d8cb4dc872c3afe56e657b7fd75c5c6777afc56616b76067478
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD5e68d8176aad7676ca3a0680e36258a00
SHA11d319fb3de89f6b0a87fb120ce311f7f67767a29
SHA256d44f83eeecfb14d9c14c72c8dad03c57ddf413d798537c2dea1d80be8921b587
SHA512977d0a1aa782d27456581adfadc5784f53e654e02a783b377b6b3c830512848adc699d8498e4fb96b9e3d16d037703e9e4f4d05a20c101b5eb4dd5a4db7aeafa
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD5b33595862f9943ca7eef37c6f56aaf9d
SHA1170bfa70f37f9f78e63e2d8cbd25165ba0df6c5e
SHA2565295ca732844e6f0fbb72e7b016a9973b11a5b666966cd542e323195d81a1db0
SHA5122b4671b4a3ee6361699bd7f18e998a4a1d8eed16eabeb102ef7606e37d77c9d6a6a721e55712c3f993dbc5f231f166301832c27365f7fdf297294f8c9220db10
-
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist
Filesize156B
MD5c42df81a50b70b8959d84072a661b9be
SHA1b357f9926fbac4dcf25e93e668fc647257314237
SHA256925b8ad47021518381bac1920f645e56f325783f12db947cff5bd16042d4bf4d
SHA512a6aa8930a00412b5491ae2a6ba7273b1e5b2b7af3d56b65d1f4965c61e179620963bf6c8bd76da294d3ff08bbd4033bfe57583cceb8b7066d92cfe136083c23b
-
Filesize
168KB
MD5fa391643c145e1054db8b05a09b24b7f
SHA1b6361f457b5e11e3b167b9d57a90ae6ee710ae6e
SHA2567dfc326b712e490ce0537da26916044aabb4102d0fd3ce433b4b1ed21347c7a8
SHA512d9bb6b348e5dea329a09404d05b547cd9b8dd605fc14e5dac8b6e64b5d68cec0ca653860e497ee9ac2a19f973d936451bfcfcd90523bb6892553add0923ccc8b
-
Filesize
124KB
MD5727dd875fda82ccf3745f11d50aaa457
SHA1a3f56fd41b1c7c62247651ac793a8e95d1e65700
SHA2566e5f7aa636c9e5005127f62eb9d7acff35db74927ee7fde87894989be94f2436
SHA51242e23d282e4ce7663996c65013bce6c9ad6aeca76c31316c06187e7d45820a14861b23f24ba77a45934cff100fce746622eee99782aa050d2dbbbfc4ac36de64
-
Filesize
168KB
MD5c021b14adba45a86ee5b34a5d8ea045b
SHA1db9565acdacf538bf2bfcf7a5789f709489a8dbc
SHA2560dfb38a5a5b81725a0d0bff5640166df841942f1b62b8703475ed72c209e3b77
SHA5123471bf5f55495e36c817d3ce0a84c824707c32428bc2514be853f86e2496449db7c9ed346679aa5f916c35a1fea646bb604e25bf3e34fb98fbf86044b834773a
-
Filesize
168KB
MD545956c66ab3b4fac3edfda051c4fd583
SHA1e1a3193f4a1d46a0a75fb7ec2a1d5d47aa489bde
SHA2569c1a4822c0bd2dd8c4dc13dbd1f6f8745c5d7c2aa14edc6a953e3381091129fd
SHA512b416d304e38f8d3f1e7f878d11772a39363952e4d6ee189b885dc547b483263b75535d34e9469dada021ea18b971d2cfb40551f60762cb57f6040caf945387b9
-
Filesize
168KB
MD5fff7c0147582c1dd46d895d0bca471ac
SHA1b28c6ff76d21aec8fce6e491b18940c2afc55384
SHA2562dcc026fa8aefde795943ff68fcc5fde66710468a6d6f20c39f520941c4c6862
SHA512fe3b140c42d02ec0d7597dfbad5fb0d412a2e4e190a5fc076d3026d11aef067255e101c99b30986a554a327e374eede966fdbcba22ef92e47e16584d56f263e7
-
Filesize
168KB
MD584503d4bdd200cf28ed95a023de14056
SHA1f18da4687bcc0309a4997e1ade2cfd36981b373f
SHA256d37bb06c1a240f3e9bfe0e0019c8189932242d34f8133faf5c5beea6f3f2eb7f
SHA51289985752491076f234c0c624ca443d10d42c8e25426af5b76b48cf7a93e2252f855d18fbb987f9295a05f41af400d909840e8ce47ad6ed29cad0b479929db292
-
Filesize
168KB
MD545b0b48cd3fdda8d810e4bd638d24744
SHA1176c1e258e34c43633c3d7cdab5cdda8102f98b5
SHA256d6eb94308bb4c9c960ac57ca88775d21d4c76f5e11312fc33f6ecabdbf8af9ef
SHA512b73533d9c7630c86ba5a9f2abeb7a7084117a882c07e0edcca822e51883ac1031839b52d071006086b1d13f8539475c164c92171d4b447732b0f179e3a118c82
-
Filesize
168KB
MD5bab778dd6b085c88a4972f1250664cb3
SHA15f9cd22a40f804a113600cec07911a636efeb089
SHA25640b7520f78f22db28504ccbeb629d730828cbb6cd6e56d51f433a418bb5d75b4
SHA512dac070fa1486ae32b382adefd572de59b607ce8a1c0e116135911f8a093b8fda2b75a5010dcccb75e19acc00923ed0669b823b607bba04939996bcdb8806ca89
-
Filesize
168KB
MD55c6ef635a2f6fe15ab630800b3ba98e8
SHA102d6ad612e1fe64b5be6bdd0577c8ef702f4342a
SHA256bfeee2ad5ab1b33ba731cbd2c97fea513ae35ad7939add519a07af0ac012d339
SHA512b77849c5416d61f7d32f9616df8260c927e159d96f81ee126dbe3b444de45e7f1465e4ad4d30fe8d6cb6031e7483db222d4a4e64e85d5b50dc5ee4f8038725b6
-
Filesize
168KB
MD5236a468565fdf5649b2988933ff76822
SHA1a7d0f4001ef1fccaf4040f8b584a5888412014d5
SHA2562e484cceb64f27a62148cd77a1cb0a42e2424dab38a602e4e63abeb9317a63fb
SHA5126d4a46e025a5391dc3696230f6559b038868681248e3652e274a0597ddb33bc353c1aa196712a1579d2a90e68be68ffb9d5f9603ddd63e3017dbda7b35966da0
-
Filesize
168KB
MD54170e3804f0bce0fcaf0c7e8959713a7
SHA181231422808885ba93fec03f469b5e80cf64d206
SHA2567d9608821b8f740b50345611d6a3956f08dfe5f75a65dd4f898d8a788546d145
SHA512b407d5e703f5d597723e6e485d78b5f8b8c129bc242de9d9d0c9fcf25b9279de747ec19d37cfd192bdf312977248320c2049e25395819f3c8f1f89df6d4368ea
-
Filesize
168KB
MD5ebda788d2623e30a6acd8a442863066c
SHA1d2977c80a28dfc2d95fad41bd78715f5996ad535
SHA2569a8fc0cfa3a9a5d88e16d95ec2e7e2e94b9d0c8b0f8eae84d0e70d486bf3bee8
SHA5128c9c9589ec6af828b380a1b1733e3c2a330e7bc5331b1f78d16c69ccc79ad7a91cf93f52129b848bde14f89600497e3ccce36781cb0921086f5f074083b14338
-
Filesize
168KB
MD51bc94e75f7a322cea814959be5036c7c
SHA1286ab0520d345f5f355427780938c483fe4fb001
SHA256d5e7f3610e50bfe48158a45bb18e03608fcd2bc2d63405a4cabb916996e0e14c
SHA512f9af9040d5a13297bce33301b867b4256ca960c8d4739c5e4adc801375a7e11e3c83810f58dba3c95e9649e4c916dfec4f299b783762aae46624782787ff920a
-
Filesize
168KB
MD56c56be395c4811f0d86ebd0cd640bcb7
SHA16e541006924e0989e95d996f7f3d750937f38d3f
SHA2566ca9752e52b52642413ca5b7e975b15e2424db544abe44c6a10612997587b65e
SHA512c0834d6365c88282c5d3ad64baebaa645b6e17714e839f62d94b44486f88249c4f9c9d712a66cf1bab20f97eb9978251a75f1ea925e68e5cb92fcc943aaca0f4
-
Filesize
168KB
MD5c996b8d121605217b4d797ee4c41ea0c
SHA1eb6d752dcc9636f14915b2563f1239d1741b53e5
SHA256f0bf0fe18f32ebf34fd0373d96b0f93cca43555844710f13141b9df07323defd
SHA512f9fa0a603c485764f0793be38ad6c03b031d35186784fca4181ee717086348bcbab48e615cd5331c93211bd18adb224a6e8437318446acc62180685f1f408b9d
-
Filesize
168KB
MD5766f7baa752df3e3e712766d0e505599
SHA13e8f75f0fe4df6adab11d1bfc4b8439b1ea916f4
SHA256d017fb19a4bca1cdd38c4d5d9992d1f4b28b847b2ab98d76e6603376ae29e1ef
SHA512c64ab2bce2b72aff49d0860de66f8d66e9a30130d1d9c3145e3ba58916dbf28ff31358953066df40d22d2dcb3fdc2e240477d5dd6bf1819f916c3f00cea5cf9f
-
Filesize
168KB
MD511bf7e159a91c790ac23d9694e3fee53
SHA158bb4644cb69f667d3e7e5194875731225ed6477
SHA25630a793a8dd7ab0383ec6b9f11aa54752a64e6013c4efd6a5226c840a45c57bc0
SHA51243c05f65c347c9838fb0083e879fa8c9172908200015b3c3d0fb989d2c509396327f079c868740fe38c45e79fab75baeee37d0101d88660af31a945d6811d3d6
-
Filesize
167KB
MD5a645869f7bf432953f0292ca5fd17ad8
SHA19063c8541f8d4d81d301df8b359a30071d42b119
SHA25604daf260c11cd34cd84f42fb5a47f1d5717d0b2f62b236826d7c3a6f0a1c9db9
SHA5126449c45cd990750cf88cbf75b3320e6d972ba1b10dd8bb23835e1d298efb0b5d50399ad2c4be9d3d068619d645e544afc3245c66630da1878c8688811e76fca4
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818