evilquest | 5d01c20f4c3392dcd4612db7b6fac7f996e68d8bdf157cdd338ecf7df66ea372

Analysis

max time kernel
149s
max time network
135s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
29-04-2024 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118
Size

168KB
MD5

07dc858324146d6a7f233a8d7efb1e9a
SHA1

8a01e969eb96226df927537608e4e811ae43a69b
SHA256

5d01c20f4c3392dcd4612db7b6fac7f996e68d8bdf157cdd338ecf7df66ea372
SHA512

cf536c8c18111fedb273930a40a229aaed0f737110f70dd4dd08c17eaaa8c3a85be11e21ade076ed7e030c277e84ef548d62b11e57ead4f87b661ce7f8f985d5
SSDEEP

3072:cx6SZwEgOQtbap1jZNFnYo6w68cqhS2iJvHLzxq940:5SeOQdaZNxtk8cqhSxvHY9

Score

10^/10

evilquest backdoor evasion execution persistence

Malware Config

Signatures

EvilQuest
EvilQuest family.
backdoor evilquest

EvilQuest payload 15 IoCs

Processes:

resource	yara_rule
/Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest
/Users/run/Library/osxmobiledata/com.apple.afsvcpd	family_evilquest

Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
persistence

Launch Agent
T1543.001

AppleScript 1 TTPs 4 IoCs

AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.

execution

AppleScript

T1059.002

Processes:

ioc	process
osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
sh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""

Resource Forking 1 TTPs 3 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

Launchctl 1 TTPs 8 IoCs

Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.

execution

Launchctl

T1569.001

Processes:

ioc	process
sh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118\""
1⤵
PID:555

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118\""
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:556

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118
1⤵
PID:555
- /bin/zsh
  /bin/zsh -c /Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118
  2⤵
  PID:563
- /Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118
  /Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118
  2⤵
  PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.csrutil.report
1⤵
PID:560

/usr/libexec/xpcproxy
xpcproxy com.oracle.java.Java-Updater
1⤵
PID:561

/usr/bin/csrutil
/usr/bin/csrutil report
1⤵
PID:560

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:558

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:556

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:564

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:564

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:564

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:561

/usr/libexec/dmd
/usr/libexec/dmd
1⤵
PID:553

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:569

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:569

/usr/bin/osascript
osascript -e "do shell script \"launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authtrampoline
1⤵
PID:572

/System/Library/Frameworks/Security.framework/authtrampoline
/System/Library/Frameworks/Security.framework/authtrampoline
1⤵
PID:572

/bin/sh
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:576

/bin/bash
/bin/sh -c "launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:576

/bin/launchctl
launchctl load -w /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:577

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:577

/bin/sh
sh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:578

/bin/bash
sh -c "osascript -e \"do shell script \\\"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\\\" with administrator privileges\""
1⤵
PID:578

/usr/bin/osascript
osascript -e "do shell script \"launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist\" with administrator privileges"
1⤵
PID:578

/bin/sh
/bin/sh -c "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:579

/bin/bash
/bin/sh -c "launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist"
1⤵
PID:579

/bin/launchctl
launchctl start /Users/run/Library/LaunchAgents/com.apple.afsvcpd.plist
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash
1⤵
PID:584

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash agent
1⤵
PID:584

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:595

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:595

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:597

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:597

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:597

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:599

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:599

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:600

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:600

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:601

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:601

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:601

/usr/libexec/xpcproxy
xpcproxy com.apple.assistantd
1⤵
PID:606

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:607

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
1⤵
PID:606

/usr/libexec/xpcproxy
xpcproxy com.apple.security.cloudkeychainproxy3
1⤵
PID:610

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:612

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:612

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:613

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:613

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:613

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:619

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:619

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:620

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:620

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:621

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:621

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:622

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:624

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:624

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:625

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:625

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:625

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:629

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:629

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:630

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:630

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:631

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:631

/usr/libexec/xpcproxy
xpcproxy com.apple.suggestd
1⤵
PID:633

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
1⤵
PID:633

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:634

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:634

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:634

/usr/libexec/xpcproxy
xpcproxy com.apple.knowledge-agent
1⤵
PID:635

/usr/libexec/knowledge-agent
/usr/libexec/knowledge-agent
1⤵
PID:635

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:637

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:637

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:638

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:638

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:640

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:640

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:641

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:641

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:641

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:642

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:642

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:646

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:646

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:647

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:647

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:647

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:648

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:648

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:649

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:649

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:649

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:650

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:650

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:651

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:651

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:651

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:652

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:653

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:654

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:654

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:655

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:655

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:655

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:663

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:663

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:664

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:664

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:664

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:665

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:665

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:666

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:666

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:666

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:670

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:670

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:671

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:671

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:671

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:672

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:672

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:673

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:673

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:674

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:674

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:674

/usr/libexec/xpcproxy
xpcproxy afsvcpd
1⤵
PID:675

/Users/run/Library/osxmobiledata/com.apple.afsvcpd
/Users/run/Library/osxmobiledata/com.apple.afsvcpd --silent
1⤵
PID:675

/bin/sh
sh -c "sysctl -n hw.ncpu"
1⤵
PID:676

/bin/bash
sh -c "sysctl -n hw.ncpu"
1⤵
PID:676

/usr/sbin/sysctl
sysctl -n hw.ncpu
1⤵
PID:676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

AppleScript

T1059.002

System Services

T1569

Launchctl

T1569.001

Persistence

Create or Modify System Process

T1543

Launch Agent

T1543.001

Privilege Escalation

Create or Modify System Process

T1543

Launch Agent

T1543.001

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
0220cd664c7a3856c3245004522225e2

SHA1
6a17b7b2c2c319c9cef64fdaa18a5a96087105e0

SHA256
d586f624f80cce801917a21bef50e1dd45d7bec95871b7cccef201e75bfb820d

SHA512
d28647521e79d7ca758cbda4d656fee5c5b1c69d5320f02de292791c8d2edabf501bff49b5a0d3147d98e5d521d65af8fea4a39b5dca8757a17b205061dfd07a

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
3381ecfa080ffe0f814318c75aed1cc3

SHA1
0299a190079bc255bc134b141a7f8595c1b7ac1b

SHA256
eec7f6406e76a204d911b19a3187187452ce2dea84afdd0c0faa7fec3c3a9e17

SHA512
740b175a9943322165004a3439848bead2512ae250a40f026280699012d2ba984b95b719874c6298b5e097e2ccf889bb047931aa85a34d149f2fe10513f94eaf

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
e7d22238358633fccca8837f90f08d7c

SHA1
54eea97fa8601d425293c65e27e341229ce35bf3

SHA256
20ce427a93e9d197c49ffe014eb49206107de4f3c6165f22b2c5fd9e352d507b

SHA512
78e6a5d3ce1266c7e057f14be56fc6c0d1d072599e0b2268e1246b1bfc9cdc97a5084560b9fc89b347ef37d70c6c82de3271cde5c31d07b947d24580b7c77530

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
4649df05c77664699506d386bf2c7ded

SHA1
de17b4e489464002b9226a7d5bcf4da92a76fbde

SHA256
08c72b55f653223910133c037e4334a389e115bc001378281ef6990b645a3d3f

SHA512
de38e3f8fc4e2abfa0f63dcd8502d11f9741e2db7f2287ab8c1a1aa17f07da7e0a83193cf2e0f2bbc748653afdf906989fa4a2f9f6ea2f492d59451ce4c144d6

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
b4037b641f0efdf49fab441f53f5a37a

SHA1
ceda53aa1c5017767f3205b5cf9a84062c499fdf

SHA256
1939f7b91b68528c3f95571a13efeb74d8cf9775433bbec5997b8a2aef6612c5

SHA512
da6eeae8a7b0cab7b97204a8d625e30f6a56682844eef8e0c3450c051b0f98ef92c41c29e99caa517d76a7ce73972983e882ea53bd8543b165b30296fc5428c5

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
588bf4242c3450abddaefe560a34d82e

SHA1
c2adada4b520c4028427a0e08d7fff1c98682974

SHA256
032d762dd90c33b19506901f6a97c57af8a9bf4a0b09f91abfe082cf90ea553b

SHA512
f9f63324066c98d028977eda3190ac65ea30b82b07daf4c79f33b4d0f8cf8a5283abe74ea58647518d27db6b470374a8fe62b37385a790f9feb5a1cba4e24f74

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
836bda5b09c9de61c0ea173a2c6d985f

SHA1
0596e5f5864dba5f0e22024c31a5af0b872fbb38

SHA256
fc5c88c47a492e69b2ba5b98add4d3df184251f78bcd302c59273873706bf970

SHA512
be1d47411c65b654858de901c4ab604b6bd9af87a6a0bd75aa67e9a5619176b299bfb765f0263992c876ae82b28505c25f13cc3df9ed6fe08525db60243b9ef9

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
406f95f575810d59e3fb1058201c6682

SHA1
35a741cfea51da485f5d994163b1d181f6dc07ce

SHA256
6fdac198a67a43c24d4db7c00812f78c760eed64cb3d966def5ffa97e437e06a

SHA512
c8632bc41be093c5ac58fd47e097e93ef48422026892c5096cd76f92854fc7cf65b2ef03c83808cb4b689ebebb627e3981b1d9de7f9d6aaf7fee0d016a46b93b

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
99d075e682b0eab4e52a30b940aa915b

SHA1
0b36ce89faf2d63d94806fc64b5f14818bbf96ec

SHA256
d655b5572fbf709d9421acf8b00a0bcd7f2c287973deec6def1d5cfcfff47c5a

SHA512
e916f09bb8b234554a3a82b395c0cfc2708a601309353fdc733d4cc017ee754acf67092ef7dd7e2f4ffbd2987988c7e95f90343c15481cd89ba29b52fa4bdb25

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
e1820897fc88dc0001d06e3daf5bb5e8

SHA1
3754a24a169a94099b5142fcc399f5b34016b9b4

SHA256
ab65286978aed5b5dd45a9d80b2911f1960c7e62652ef654184aa566d41b1318

SHA512
55181815cab3acafd3311897e4d768495149e92403b0832b9a81bc5b360f7dbdd32d2f7e73ac8822866e9d3f83daef15165ed797450d86923f1be72c0bba887b

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
4dea1d7fc812108efa69bd279e0961a5

SHA1
f1a90002e7dd4e09e63b611ee815dbed6cc1cd7f

SHA256
a28500e46533e0621212244194156f2a91ea2a1580097d8949ee29b6afb175a5

SHA512
156a3798dd62ead32ca92110a39b28bbe85099061e2685bcaf0321672145548787b90fc894da8fbc502d28087edac1a3b2c665aa61c1721355b6cae0ba6b1f0b

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
33dc1a0f21ad294f5ceb4322b765dfc8

SHA1
479db34f700d48f2494fd0ae9db357213751df72

SHA256
d13406cc8cb4102db44527b4c6273aa8e13b1f55b7aebbbc56a17214ccd2ca83

SHA512
ee1f192aa989a5fd9f2f56dfd176beadfd180aafff7701f6d98e07b06ceef1e3aeec90f8a76417e69a0f5553890400737583f69e6e1356498ba607ed2fd57594

Download Submit
/Library/Application Support/CrashReporter/com.apple.afsvcpd_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

Filesize
156B

MD5
96c769590ab7845144c55978114086e2

SHA1
3622698182027cda530949df701531666f5b3397

SHA256
cad6047ee44e3d44bd13e076256c6fa4f4d10398ad2f8841d09be51e3720fc40

SHA512
a1054ecc47fe51d49d76b721959bcc55d4dab5dde62d5691d62c2ead2e903b60761c2f0f76264567b5efb6ac03da9f77ff61206c5c899d03afc89ffe0129f72d

Download Submit
/Users/run/07dc858324146d6a7f233a8d7efb1e9a_JaffaCakes118

Filesize
168KB

MD5
5279c54b8796011cf3e30ac9ccf4c2f8

SHA1
156ee6c788deb6be0aba3df513d658b8d4ae7fa6

SHA256
102eba3e8dcb0025d7022868cf0d8b5c604691fbed17c2c60f2c964749f7d176

SHA512
61d5d60be44fc3da5be1136ad1d3819654d9e0b380ece3dbef07743636465728076bdc340a8b68cc55ae8ae7e312f952ae5e0ca69aa7171d34679c2574b20af6

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

Filesize
124KB

MD5
e440f8ce61c9d42f18ae9a8b84a34a98

SHA1
555118e8777addde2ceca5a00d1d7883d626bad6

SHA256
49844d258f33951d7855467f2526589cf142053273bbd61996b19b87ec10ee88

SHA512
db572e643fad0666af506c7e4f282c7a1d3c90a447aa44ef04dd6845884f120277eadd213794e5c6a048a4082ac604fc383af35177a4a1e70deaf3874b3f5399

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
3ce99026e82387ff03aa681323ed0b25

SHA1
2a80085ed6eb94d2d99b8bcbe352d1500b5a5ce7

SHA256
f99d82761221f65e5192e4e09954211dcd415f290c64d7b343cc4c935196ac3d

SHA512
c5da6942f807595065caa480db4c0bbf127dff14d24062c6c24373b5e0caaa590e8fe11bfbe9061e82780034a58daa454346c7482b6d82afdc8c5f3bb5028562

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
405421bfe1737c52ceac1f79173d8d45

SHA1
ad9742242f54285f68e4d9bfa605378184df9460

SHA256
93e52413f0481bc63d0f2dccebc62ba9ae9537f8cdd82cb3573ebf993ba2ddad

SHA512
ad0903b029e4f12588c3a6f5492233d7d91c0fc8eafab52c8161a8356b788ee53b6618f94107728edc37a6d1a3cc4c90dd05e686d882c3d6299ac70c42bebbd9

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
3d03f3ebbcae222abec15fd8bb6352fb

SHA1
defe202b0ddb4b27b35a8cc92639d41119af9f2e

SHA256
86ca472b6453f92b4f4168c98374354da5a9773f23222cbc83c57046c1e6c7ac

SHA512
523d374632b18b50aa167b5797ac64cf42cbb578e648fdacef2d29bd112b4e6825eb8c15dc99dbac5bda751d0896612f9804d6fb7e764c161b65113a0209c8a9

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
545aa1c4212e1414e4022b1ed1b72fcf

SHA1
3869cf56091f0e8829fb5e12dcc1b695e2bdf0c4

SHA256
f1f9fb4b11271eb021351310e51cdf4096f351e057b5c795a1d6631ffc04994b

SHA512
00ac1cc5ab8b734b5a9a8f6aac7fca9b9af6cfc92ed84f1ee02c90e1d510a365b6ad48e7841753c7cccef747a35778aeee6ffcd94d2f5fa2607df927e2e29eb8

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
532f634c4a4539141d3d04eff24d1f3d

SHA1
372cce7da34ee0e686f2fde3bdbe8f865a783d86

SHA256
c17933ad71b050d111aa3b660e4183e8959a4c86985412f39b93327e05080e4b

SHA512
fe2ce7a326af6d5706437a8e46c70089f9ccc6b52f1e3bcc02af59f287eef1f5455cf5d5ced4f1fe47d05bd9fdf5cd847966bc9890d3e634d5df4f6bd83eb938

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
d7f6731090437b906fbd03caa8a163fe

SHA1
ff378ae93a3cbe25a22e89818fb4552afdb10878

SHA256
b33cd85bd7b53aa58d020446cd348987415637491880aa6b95a0a579a0296215

SHA512
790c7eac071e482817e97b9c66acb3d0298b06911bf005c671efda3be05948a59ecab4e1e0038137da2501f2b562bdfb02d17df21b0ae88fa392364cf6821910

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
2aa153c120286cc7db52b45186572fc4

SHA1
b2c859b10276f79b387bd4fdf5a11095c7d02f4b

SHA256
96cb0de68779d4e8dc3df36b26484a3ca74098826f36a7af7d0e578093f65d62

SHA512
5f280003231870fbb0f39a082db351ee80a44e29d897cdd7437778ee10baa0808f78c204daa76c14d31b4f84665ec315b8ddba294bf8b03e9dd5940368923a24

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
c74f4bb417e3fe1dae20859a42412519

SHA1
d124277cc182c07903a01bd6a4000e335b187319

SHA256
a284034bd85623d2ad63fb5bfcc0386bd17c107c44ea0e3523b29e7f74d0f48d

SHA512
57965e9b64ffe578fe7dc93dce65fb2dc463ccce75ebe1193321968cad812331110e58a46635eec8e34235fab4a8f32152bd1d1c775a808eb186eef69dd9a9b5

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
1328afbc2a188434f2bb3be49ad0dede

SHA1
bc61c32ce3366d4df22dc5eb0b57a6a3ab462687

SHA256
87778942087fed4484ab5673cc005f80940ac0a82fb5dd98e002251e9036a858

SHA512
aa400c681a9461d8f665e0339e92e8487cc64188c842cca48c23c7c6208d0d8193ab51bc349501727d8bfcff689dce699e07cfca4ca5fe03d624d84927462b4c

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
2e3ac9ea6a4c87f8bb16007873352ca6

SHA1
d3ebbde9dc8e47e5950fbbb5b57a22117ccf85aa

SHA256
924ade14cd97b21c5030601b7191542685ebba94fe867bc77db3cb7caa171272

SHA512
0919f29f42db42512ee6e41327c16aead99eeb7e9ee712b3572d8c28d08287e28feac162c1996584f5f0e918fa312c2e7a81060d5bf61651a76e31e851c6bfec

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
d2213fde99171b6b25207250ff273f07

SHA1
ec06bea41148252a8b8aa1c8c26af44382cdd011

SHA256
2b67a6e650d40548f9208da547e3032123a6ae25556de76d1676f92d3b6e3f29

SHA512
11651b60368cd873a2ac09c8a633dfbfe92b96f8fa6de846e8f009513f59bb7a793166409694824e70be1cbe68d71b08640054d5c20bc728d9ebaae6c86b1340

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
e83249221a482146df6ac1dc0bce8a5d

SHA1
5d320a13c397bb0e923876e0a8e8beca5c46730b

SHA256
1cfd491ed01f516e1a1abc5c836cd0a4abc8cb576b826800612a6f380eafd2b8

SHA512
77db9edbab86aa2c830f7cbf82f6e0b8151679871035e161421e5a6aa1629a8c75a3fc8b97d4f82daf4d1deb5d9de3e587d73035f2bbb45b511129311ef9e8c8

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
55aa3c08bf824e94dabf514669741699

SHA1
a6776a8c1e191da134003b3eed777ab173f191bd

SHA256
3d47c1730b4c0a2ac34a0b1a1212563366cd3343787618d665eea64fc1e37c60

SHA512
9ebf9e5d1271715f453e91dfac767ab2973adb825e9da69cbcc66c69f0e644865f7ac74636cbe97d3e38fdd14506e0ff5d519e307edb9bab1eca19f1f0c77725

Download Submit
/Users/run/Library/osxmobiledata/com.apple.afsvcpd

Filesize
168KB

MD5
e4e160545cbb29de27dec342e4be4650

SHA1
d549b4ace410cd85f2046dcb1c73f45de8034568

SHA256
b235707b2d3dd82dea401414ad0c7cde3bc02f3cecafc08b5dd16d5c672ac380

SHA512
a9a2e274080b86e3994dd65ae0d9cf4481e6d4e67320c41738fbef9439d6aec36aa8ed3460875ec4990f66ea0d9ecdaf619e38f6036d2407171f89fc2e6f9c43

Download Submit
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1271.xml

Filesize
171KB

MD5
fc82f60979c70408eead10c3a17cb8a1

SHA1
733136626039ac73ef4033453d53d8ca250cca75

SHA256
780e932d83cdee33ab7c0dd34b329b32653e40222967bf32756bcbdb83d03f3e

SHA512
62a17f74e47b3e76323f86e4cc17ef7c40dc5bf6bb7b5d0062a5bca5c3677bf9f68e3d1717e328cb99a88c4a879ec9861d2a3869f7c4fd8157496e522c3fc4e2

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit