ASPCarryLog

executablemacOS2.1 MBx86_64, arm64

System diagnostics collector — gathers hardware metrics and submits telemetry

Collects system diagnostic data including hardware metrics, exception reports, and performance statistics. Communicates with Apple's analytics infrastructure through multiple network endpoints to submit aggregated diagnostic information. Accesses IOKit user clients for direct hardware and driver communication, additional Mach services, and restricted file paths to gather comprehensive system state. Maintains multiple XPC services for inter-process communication with other system components that request diagnostic data.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 2.1 MB
UUID: ABD97A1E-E0DF-38E1-B981-383F1E95E7E7
Analyzed: 2026-04-09T09:37:29Z
CDHash: 5546a997379ac683eb6feda0b8d1319547c458b9f82721f86d3a8970fe90b2ff

Capabilities

StorageException: access additional file paths

com.apple.security.exception.files.absolute-path.read-write

/private/var/db/NANDTelemetryServices/

HardwareException: access additional IOKit user clients

com.apple.security.exception.iokit-user-client-class

AppleNVMeUpdateUC AppleNVMeEANUC ASPUserClient

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

IpcException: access additional Mach services

com.apple.security.exception.mach-lookup.global-name

com.apple.cache_delete com.apple.cache_delete.public

AnalyticsSubmit symptom diagnostic reports

com.apple.symptom_diagnostics.report [object Object]

AnalyticsApple unified analytics submission

/System/Library/PrivateFrameworks/CoreAnalytics.framework/Versions/A/CoreAnalytics

Entitlements16

allow-softwareupdatedtrue

com.apple.AppleNVMeEAN.allowtrue

com.apple.TapToRadarKit.service-accesstrue

com.apple.accounts.appleaccount.fullaccesstrue

com.apple.diagnosticpipeline.requesttrue

com.apple.diagnosticpipeline.tasking.com.apple.coreos.nandtrue

com.apple.nvmetunnel.allowtrue

com.apple.private.CacheDelete

CLIENT_ENTITLEMENT ITEMIZED_PURGEABLE_ENTITLEMENT

com.apple.private.MobileGestalt.AllowedProtectedKeys

com.apple.private.accounts.allaccountstrue

com.apple.private.amfi.version-restriction <integer>1</integer>

com.apple.security.exception.files.absolute-path.read-write

/private/var/db/NANDTelemetryServices/

com.apple.security.exception.iokit-user-client-class

AppleNVMeUpdateUC AppleNVMeEANUC ASPUserClient

com.apple.security.exception.mach-lookup.global-name

com.apple.cache_delete com.apple.cache_delete.public

com.apple.storage-datatrue

com.apple.symptom_diagnostics.reporttrue

Interesting Strings

Bundle IDs(80)

$com.apple.diagnosticpipeline.request $com.apple.symptom_diagnostics.report &com.apple.TapToRadarKit.service-access &com.apple.private.accounts.allaccounts *com.apple.accounts.appleaccount.fullaccess

File Paths(24)

&/private/var/db/NANDTelemetryServices/0j .plist /AppleInternal/Library/BuildRoots/4~B_wCugA-0Zx3Aj7V8-QsepQi1zFPSiYP-PuUGP4/Library/Caches/com.apple.xbs/Sources/EmbeddedStorageReporting_libs_macos/NANDInfo/NANDInfo_osx.m /AppleInternal/Library/Frameworks/TapToRadarKit.framework/Versions/A/TapToRadarKit /System/Library/Frameworks/Accounts.framework/Versions/A/Accounts

telemetry(41)

$com.apple.symptom_diagnostics.report %@: %@: FAILED in logging (%@) %@ using AnalyticsSendEventLazy %@: %@: FAILED to log %@ using AnalyticsSendEventLazy %@: %@: FAILED to log (%@) %@ using AnalyticsSendEventLazy %@: %@: SUCCESS in logging (%@) %@ using AnalyticsSendEventLazy

URLs & Endpoints(5)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><string>com.apple.compilers.llvm.clang.1_0</string>https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(8)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Hostnamemacosx26.1.internal

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

1

Hardware

2

IPC

1

Analytics

2

Security

0

System

0

Behavioral Profile

URL Endpoints

5

Telemetry Strings

41

File Paths

24

Bundle IDs

80

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code147c2c57cea5f42e69f94bfc21e1bfb48c74a8ef1ead0147d129e8b45cc42cdf

Imports7e9d3b5d57f62cc507ac832781052a4fb6c43f1a17fbdd1c8c55a6d9fbfabffa

Frameworksd2bec58f53afd2f15c160c5bea93213b280e2c6ebdcf7da62bba50702b0bcc81

Classes234ea6e7cd36c3e00ce4d6720210540ddf15ed32aa52e7372b5cff0bea196a18

Entitlementsa1d75c815b0ded379ce9957d37dbb5376a687ee4b2a661697d29825c2e2246ef

Symbols815921e502078636b70cd8d014f0dec5df67f0de6f033874ed377b000d3e874f

Static Libraries0 / 637 functions identified

Functions(637)

0x1000014f8sub_1000014f8

0x100001534sub_100001534

0x10000155csub_10000155c

0x100001758sub_100001758

0x1000017ac-[ASPCarryMainState registerIOLoggingXPCforInternalBuild:]

0x1000017b8sub_1000017b8

0x100001874-[ASPCarryMainState unregisterIOLoggingXPC]

0x100001880sub_100001880

0x100001cd0sub_100001cd0

0x100001d98sub_100001d98

0x1000020e4sub_1000020e4

0x1000021fcsub_1000021fc

0x100002274sub_100002274

0x1000023f0sub_1000023f0

0x100002578sub_100002578

0x1000025b8-[ASPCarryLog_ExtractUpload initWithNandDriver:UploadDriver:StateManager:workDirectory:internalBuild:]

0x100002a54-[ASPCarryLog_ExtractUpload _iologLba_current]

0x100002af4-[ASPCarryLog_ExtractUpload _iologLba_prevSubmission]

0x100002b68-[ASPCarryLog_ExtractUpload _isLastExtractionTooLongAgo]

0x100002c6c-[ASPCarryLog_ExtractUpload _updateLastExtractTime]

Imports261 symbols from 18 dylibs

libSystem.B.dylib109 CoreFoundation38 libobjc.A.dylib30 libarchive.2.dylib25 IOKit18

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

securityuploadd