URL:

http://www.cykj.info

Full analysis: https://app.any.run/tasks/c71901ba-7a36-43fb-962c-846b10181e71
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: May 15, 2026, 09:59:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
miner
websocket
Indicators:
MD5:

34EAC5F3F4CBA91C1511A8A54785F0C2

SHA1:

6F0221CF48C5AFAF3310CE6B619681DFF81D3252

SHA256:

1E539DDA8452F62D2AB91FD0E85809943DAE66E7A32D627353A4667FB2D9CE04

SSDEEP:

3:N1KJS46ODKn:Cc46sK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
32
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8compressed
MD5:A95B5290D78A5A4608DC59E37B399BF4
SHA256:90DFD36D2DCCCC869A3726C13FB604328EC2F0D98A8726E85D383696A21AE9D9
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7compressed
MD5:7F89537EAF606BFF49F5CC1A7C24DBCA
SHA256:6D92DFC1700FD38CD130AD818E23BC8AEF697F815B2EA5FACE2B5DFAD22F2E11
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5compressed
MD5:D74252C8C6D827EEA95CB0FBF66E13EE
SHA256:3531911547F23CB0FF8EDE6876C319A7E9D4FCC31B07C7A2C8A970163BBDAE0F
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9compressed
MD5:A02F21C0ADFA902FFDF91FF8D0CA5E12
SHA256:D3243EE6EB213553069FEF4071F6BA93FF5D48EBCC53C08516267FD03A4A9547
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bbcompressed
MD5:257EAAA27D19E32FAAE924853FADC40C
SHA256:2CCA5C937DF6817BD84E6A9228F0569E5D0434F4F8E6868BF86931E1D83021D5
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bacompressed
MD5:5D1604A7AA043B4202208D189DB650CE
SHA256:C135AE9900771ECAF51FC9EB70DD3BFE65953ECC95A5722CB50B4184DDA298AD
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bccompressed
MD5:BEE0180694E89489302D9FEB65E82D27
SHA256:2BD426CAAC33475B68912C57A75A5D4C11D8E984E00D9EC5BCF920798D24EB8D
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdcompressed
MD5:F3AD19FDBD15A27B32A4D25E49CC266E
SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bfcompressed
MD5:257EAAA27D19E32FAAE924853FADC40C
SHA256:2CCA5C937DF6817BD84E6A9228F0569E5D0434F4F8E6868BF86931E1D83021D5
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c5compressed
MD5:D4FEBF89251695E596823C3FA3757EA0
SHA256:49128116EABC4A0C237512C059D5DC5F0C091883599AD4CC01E478E8213A4352
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
298
TCP/UDP connections
103
DNS requests
78
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3980
RUXIMICS.exe
GET
304
48.209.138.168:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
48.209.138.168:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
104.102.63.189:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
7028
msedge.exe
GET
302
134.122.169.72:443
https://www.cykj.info/
US
5336
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
4196
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
3980
RUXIMICS.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
4196
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7028
msedge.exe
GET
200
134.122.169.72:443
https://www.cykj.info/index/index/home
US
4196
svchost.exe
GET
200
48.209.138.168:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&OEMModel=DELL&UpdateOfferedDays=344&ProcessorManufacturer=AuthenticAMD&InstallDate=1662378835&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3593&TotalPhysicalRAM=4096&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=4&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=188&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=0&FirmwareVersion=A.40&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
text
5.84 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3980
RUXIMICS.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4196
svchost.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
224.0.0.251:5353
whitelisted
7028
msedge.exe
184.86.251.15:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
134.122.169.72:80
www.cykj.info
CTGSERVERLIMITED-AS-AP CTG Server Limited
HK
unknown
7028
msedge.exe
134.122.169.72:443
www.cykj.info
CTGSERVERLIMITED-AS-AP CTG Server Limited
HK
unknown
3980
RUXIMICS.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
4196
svchost.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 48.209.138.168
  • 48.209.133.15
whitelisted
google.com
  • 142.250.154.139
  • 142.250.154.100
  • 142.250.154.101
  • 142.250.154.113
  • 142.250.154.138
  • 142.250.154.102
whitelisted
www.bing.com
  • 184.86.251.15
  • 184.86.251.14
  • 184.86.251.30
  • 184.86.251.23
  • 184.86.251.13
  • 184.86.251.27
  • 184.86.251.12
  • 184.86.251.7
  • 184.86.251.4
  • 23.15.178.226
  • 23.15.178.200
  • 23.15.178.147
  • 2.19.122.65
  • 2.19.122.59
  • 2.19.122.66
  • 2.19.122.56
  • 2.19.122.60
  • 2.19.122.58
  • 2.19.122.62
  • 2.19.122.64
  • 2.19.122.63
  • 2.16.241.212
  • 2.16.241.222
  • 2.16.241.205
  • 2.16.241.206
  • 2.16.241.223
  • 2.16.241.219
  • 2.16.241.218
  • 2.16.241.200
  • 2.16.241.207
whitelisted
www.cykj.info
  • 134.122.169.72
unknown
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.22
  • 23.216.77.30
  • 23.216.77.6
  • 23.216.77.8
  • 23.216.77.43
  • 23.216.77.18
  • 23.216.77.33
  • 23.216.77.29
  • 23.216.77.21
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.52.181.212
whitelisted
fs.microsoft.com
  • 104.102.63.189
whitelisted
plugin-code.salesmartly.com
  • 18.245.31.61
  • 18.245.31.84
  • 18.245.31.81
  • 18.245.31.86
unknown
xpaywalletcdn.azureedge.net
  • 150.171.109.100
whitelisted
client.salesmartly.com
  • 108.138.7.49
  • 108.138.7.80
  • 108.138.7.56
  • 108.138.7.107
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Misc Attack
ET DROP Spamhaus DROP Listed Traffic Inbound group 26
3980
RUXIMICS.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Possible Social Engineering Attempted
ET PHISHING Generic Crypto Phish Landing Page M2 2026-02-05
Potential Corporate Privacy Violation
ET INFO Http Client Body contains pwd= in cleartext
Successful Credential Theft Detected
ET PHISHING Successful Generic Crypto Phish Exfil M1 2026-02-05
Potential Corporate Privacy Violation
ET INFO Http Client Body contains pwd= in cleartext
Successful Credential Theft Detected
ET PHISHING Successful Generic Crypto Phish Exfil M1 2026-02-05
Not Suspicious Traffic
INFO [ANY.RUN] Websocket Upgrade Request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.cykj.info