File name:

applecleaner.exe

Full analysis: https://app.any.run/tasks/fc50726c-aa56-4618-9034-ca84f58d45f2
Verdict: Malicious activity
Analysis date: May 16, 2025, 15:22:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
discord
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (console) x86-64, for MS Windows, 12 sections
MD5:

F96EB2236970FB3EA97101B923AF4228

SHA1:

E0EED80F1054ACBF5389A7B8860A4503DD3E184A

SHA256:

46FE5192387D3F897A134D29C069EBF39C72094C892134D2F0E77B12B11A6172

SSDEEP:

98304:z7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6Ko:e+y4ihkl/Wo/afHPb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • applecleaner.exe (PID: 4024)

    • Changes the autorun value in the registry

      • applecleaner.exe (PID: 4024)
      • netsh.exe (PID: 8496)
      • netsh.exe (PID: 1096)

  • SUSPICIOUS

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 7252)
      • cmd.exe (PID: 7364)
      • cmd.exe (PID: 7420)

    • Reads the BIOS version

      • applecleaner.exe (PID: 4024)

    • Detected use of alternative data streams (AltDS)

      • applecleaner.exe (PID: 4024)

    • Hides command output

      • cmd.exe (PID: 7252)
      • cmd.exe (PID: 8480)
      • cmd.exe (PID: 8320)
      • cmd.exe (PID: 8600)
      • cmd.exe (PID: 8540)
      • cmd.exe (PID: 8780)
      • cmd.exe (PID: 8660)
      • cmd.exe (PID: 8720)
      • cmd.exe (PID: 8840)
      • cmd.exe (PID: 9036)
      • cmd.exe (PID: 8948)
      • cmd.exe (PID: 8992)
      • cmd.exe (PID: 9080)
      • cmd.exe (PID: 9212)
      • cmd.exe (PID: 8900)
      • cmd.exe (PID: 9168)
      • cmd.exe (PID: 9124)
      • cmd.exe (PID: 5744)
      • cmd.exe (PID: 8268)
      • cmd.exe (PID: 7364)
      • cmd.exe (PID: 7420)
      • cmd.exe (PID: 8484)
      • cmd.exe (PID: 8696)
      • cmd.exe (PID: 5360)
      • cmd.exe (PID: 1040)
      • cmd.exe (PID: 7908)
      • cmd.exe (PID: 6244)
      • cmd.exe (PID: 8540)
      • cmd.exe (PID: 8756)
      • cmd.exe (PID: 6208)
      • cmd.exe (PID: 2240)
      • cmd.exe (PID: 8436)
      • cmd.exe (PID: 2040)
      • cmd.exe (PID: 6108)
      • cmd.exe (PID: 8536)
      • cmd.exe (PID: 8320)
      • cmd.exe (PID: 8600)
      • cmd.exe (PID: 8584)
      • cmd.exe (PID: 8680)
      • cmd.exe (PID: 8732)

    • Reads the Windows owner or organization settings

      • applecleaner.exe (PID: 4024)

    • Reads security settings of Internet Explorer

      • applecleaner.exe (PID: 4024)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 8480)
      • cmd.exe (PID: 8540)
      • cmd.exe (PID: 8600)
      • cmd.exe (PID: 8780)
      • cmd.exe (PID: 8660)
      • cmd.exe (PID: 8720)
      • cmd.exe (PID: 8840)
      • cmd.exe (PID: 7908)
      • cmd.exe (PID: 1040)
      • cmd.exe (PID: 5360)
      • cmd.exe (PID: 6244)
      • cmd.exe (PID: 2040)
      • cmd.exe (PID: 2240)
      • cmd.exe (PID: 8436)

    • Process uses IPCONFIG to discard the IP address configuration

      • cmd.exe (PID: 8900)
      • cmd.exe (PID: 8948)
      • cmd.exe (PID: 6108)
      • cmd.exe (PID: 6208)

    • Process uses IPCONFIG to clear DNS cache

      • cmd.exe (PID: 8992)
      • cmd.exe (PID: 8320)

    • Process uses NBTSTAT to discover network configuration

      • cmd.exe (PID: 9036)
      • cmd.exe (PID: 8584)

    • Process uses ARP to discover network configuration

      • cmd.exe (PID: 9124)
      • cmd.exe (PID: 8600)

    • Uses WMIC.EXE

      • cmd.exe (PID: 9212)
      • cmd.exe (PID: 5744)
      • cmd.exe (PID: 8484)
      • cmd.exe (PID: 8540)
      • cmd.exe (PID: 8696)
      • cmd.exe (PID: 8732)
      • cmd.exe (PID: 8268)

    • Starts CMD.EXE for commands execution

      • applecleaner.exe (PID: 4024)

  • INFO

    • Process checks whether UAC notifications are on

      • applecleaner.exe (PID: 4024)

    • Reads Environment values

      • applecleaner.exe (PID: 4024)
      • identity_helper.exe (PID: 7972)

    • Reads the computer name

      • applecleaner.exe (PID: 4024)
      • identity_helper.exe (PID: 7972)

    • Reads Windows Product ID

      • applecleaner.exe (PID: 4024)

    • Checks supported languages

      • applecleaner.exe (PID: 4024)
      • identity_helper.exe (PID: 7972)

    • Application launched itself

      • msedge.exe (PID: 7572)
      • msedge.exe (PID: 7848)

    • Manual execution by a user

      • msedge.exe (PID: 7848)

    • Creates files or folders in the user directory

      • applecleaner.exe (PID: 4024)

    • Checks proxy server information

      • applecleaner.exe (PID: 4024)

    • Reads the software policy settings

      • applecleaner.exe (PID: 4024)

    • Disables trace logs

      • netsh.exe (PID: 8556)
      • netsh.exe (PID: 8676)
      • netsh.exe (PID: 8736)
      • netsh.exe (PID: 8796)
      • netsh.exe (PID: 8856)
      • netsh.exe (PID: 1128)
      • netsh.exe (PID: 7444)
      • netsh.exe (PID: 7364)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6760)
      • WMIC.exe (PID: 8196)
      • WMIC.exe (PID: 8684)
      • WMIC.exe (PID: 8576)
      • WMIC.exe (PID: 8292)

    • Reads the machine GUID from the registry

      • applecleaner.exe (PID: 4024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:04:13 04:07:30+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.31
CodeSize: 146432
InitializedDataSize: 101376
UninitializedDataSize: -
EntryPoint: 0x62c058
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
280
Monitored processes
142
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start applecleaner.exe conhost.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs nbtstat.exe no specs cmd.exe no specs nbtstat.exe no specs cmd.exe no specs arp.exe no specs cmd.exe no specs arp.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs slui.exe no specs cmd.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs arp.exe no specs cmd.exe no specs slui.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs slui.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs nbtstat.exe no specs cmd.exe no specs nbtstat.exe no specs cmd.exe no specs arp.exe no specs cmd.exe no specs arp.exe no specs cmd.exe no specs wmic.exe no specs applecleaner.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6200 --field-trial-handle=2428,i,8793537783953505167,8663555654445918313,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040C:\WINDOWS\system32\cmd.exe /c NETSH WINSOCK RESET >nul 2>&1C:\Windows\System32\cmd.exeapplecleaner.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1096NETSH WINSOCK RESET C:\Windows\System32\netsh.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1128NETSH INTERFACE TCP RESET C:\Windows\System32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5960 --field-trial-handle=2428,i,8793537783953505167,8663555654445918313,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2040C:\WINDOWS\system32\cmd.exe /c NETSH INTERFACE IPV6 RESET >nul 2>&1C:\Windows\System32\cmd.exeapplecleaner.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4192 --field-trial-handle=2428,i,8793537783953505167,8663555654445918313,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2240C:\WINDOWS\system32\cmd.exe /c NETSH INTERFACE TCP RESET >nul 2>&1C:\Windows\System32\cmd.exeapplecleaner.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2268C:\WINDOWS\system32\cmd.exe /c clsC:\Windows\System32\cmd.exeapplecleaner.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2332IPCONFIG /RELEASE C:\Windows\System32\ipconfig.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
IP Configuration Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ipconfig.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
Total events
16 741
Read events
15 742
Write events
723
Delete events
276

Modification events

(PID) Process:(7524) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7524) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
Operation:writeName:MachineGuid
Value:
4bf9fffa-cc43-aad0-eea5-3e9cad330ebb
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Operation:writeName:InstallTime
Value:
04790000C8290000
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Operation:writeName:InstallDate
Value:
FF6E0000C4130000
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Operation:writeName:BuildLabEx
Value:
1c992.a.d118d0d2.e7_93ea971.419cd2-323f
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0001
Operation:writeName:HwProfileGuid
Value:
{e7dffb0e-c8bc-d243-e0db-b58845831de5}
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName
Operation:writeName:ComputerName
Value:
DESKTOP-ONGQKDE
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName
Operation:writeName:ComputerName
Value:
DESKTOP-MQLGDBA
(PID) Process:(4024) applecleaner.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Operation:writeName:Hostname
Value:
DESKTOP-AKFFJGB
Executable files
10
Suspicious files
228
Text files
37
Unknown types
2

Dropped files

PID
Process
Filename
Type
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF110bf3.TMP
MD5:
SHA256:
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF110bf3.TMP
MD5:
SHA256:
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF110bd4.TMPtext
MD5:C5C8E14929BCE261B2B5B899CB479AF7
SHA256:73DBFF8A366CFF6972A38C091782EF62C89E28FDA1423A47448A60343F921754
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF110bf3.TMP
MD5:
SHA256:
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7572msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\7080924e-9de2-4ec4-bfd4-297d90498f1b.tmpbinary
MD5:EFB3E148B7E38E0A821674F5EC40F0E4
SHA256:52F430D162F45B6F98AF07B9FB3940FD35776A83C7633EA1BBE571B21DDABAB6
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\bf65ebf1-2348-4fb8-a058-e04fd868d44a.tmpbinary
MD5:6D28737ACA2EB5A330EE52B9FB510CF6
SHA256:D1D41A3D9679F18AD310E904A94DCFA5F5E1230E636E416707572612AD1D4122
7848msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local Statebinary
MD5:6D28737ACA2EB5A330EE52B9FB510CF6
SHA256:D1D41A3D9679F18AD310E904A94DCFA5F5E1230E636E416707572612AD1D4122
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
52
DNS requests
45
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.32:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4024
applecleaner.exe
GET
200
142.250.186.35:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
8380
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4024
applecleaner.exe
GET
200
142.250.186.35:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
8380
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3768
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.32:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.32
  • 23.216.77.36
  • 23.216.77.26
  • 23.216.77.34
  • 23.216.77.30
  • 23.216.77.29
  • 23.216.77.31
  • 23.216.77.35
  • 23.216.77.33
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.65
  • 20.190.160.17
  • 20.190.160.66
  • 40.126.32.140
  • 20.190.160.22
  • 20.190.160.128
  • 40.126.32.68
  • 20.190.160.132
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
applecheats.cc
  • 104.21.112.1
  • 104.21.64.1
  • 104.21.48.1
  • 104.21.16.1
  • 104.21.32.1
  • 104.21.96.1
  • 104.21.80.1
unknown
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted

Threats

PID
Process
Class
Message
8164
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
8164
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
8164
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
8164
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
8164
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
2196
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
4024
applecleaner.exe
Misc activity
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
applecleaner.exe