URL:

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

Full analysis: https://app.any.run/tasks/d8f5930f-c221-464b-b865-7ea293b6f8c2
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: April 08, 2026, 13:25:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
sinkhole
ransomware
wannacry
Indicators:
MD5:

418834241B2B9D3FF44678995CD455FA

SHA1:

78EB3CFA4ABA8060340C0486765160E99E4FA69F

SHA256:

74CCF347E7298C9677AC48EF1B0FD94C7F4BCCAFBE0499F6AD4F3D60599AD2E1

SSDEEP:

3:EdtiCP8NBBC3ADyKI:iyBBeT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • WANNACRY has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
154
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#WANNACRY msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6compressed
MD5:F3AD19FDBD15A27B32A4D25E49CC266E
SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5text
MD5:F63D8A43AA8DD92395C754C06976C222
SHA256:171072793E233BA728FFB6875FD3465C82A01B7B4DFC80C683D73531AD1BB1A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
75
TCP/UDP connections
61
DNS requests
42
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6888
RUXIMICS.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
104.102.63.189:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
7028
msedge.exe
GET
200
2.21.22.144:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
DE
text
665 Kb
whitelisted
7720
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6888
RUXIMICS.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7720
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7028
msedge.exe
GET
302
207.241.237.3:443
https://web.archive.org/web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans
US
6888
RUXIMICS.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7720
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6888
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
224.0.0.251:5353
whitelisted
7028
msedge.exe
2.16.241.218:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
104.16.166.228:443
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
CLOUDFLARENET
US
whitelisted
7028
msedge.exe
104.21.77.90:443
static.kryptoslogicsinkhole.com
CLOUDFLARENET
US
whitelisted
7720
svchost.exe
2.16.241.19:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6888
RUXIMICS.exe
2.16.241.19:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.251.20.100
  • 142.251.20.138
  • 142.251.20.139
  • 142.251.20.113
  • 142.251.20.102
  • 142.251.20.101
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.204
  • 2.16.241.208
  • 2.16.241.206
  • 2.16.241.209
  • 2.16.241.207
  • 2.16.241.205
  • 2.16.241.203
  • 2.16.241.212
  • 92.123.104.62
  • 92.123.104.52
  • 92.123.104.50
  • 92.123.104.61
  • 92.123.104.58
  • 92.123.104.56
  • 92.123.104.59
  • 92.123.104.47
  • 92.123.104.63
whitelisted
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
  • 104.16.166.228
  • 104.16.167.228
malicious
static.kryptoslogicsinkhole.com
  • 104.21.77.90
  • 172.67.205.251
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
  • 23.216.77.36
  • 23.216.77.6
  • 23.216.77.37
  • 23.216.77.38
  • 23.216.77.21
  • 23.216.77.41
  • 23.216.77.8
  • 23.216.77.20
  • 23.216.77.35
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 95.100.102.101
whitelisted
web.archive.org
  • 207.241.237.3
whitelisted
login.live.com
  • 40.126.32.72
  • 40.126.32.133
  • 20.190.160.66
  • 20.190.160.130
  • 40.126.32.68
  • 40.126.32.138
  • 20.190.160.20
  • 40.126.32.76
whitelisted
fs.microsoft.com
  • 104.102.63.189
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
A Network Trojan was detected
ET MALWARE Possible WannaCry DNS Lookup 1
7028
msedge.exe
A Network Trojan was detected
ET MALWARE Possible WannaCry DNS Lookup 1
7028
msedge.exe
A Network Trojan was detected
ET MALWARE Possible WannaCry DNS Lookup 1
7028
msedge.exe
A Network Trojan was detected
ET MALWARE Possible WannaCry DNS Lookup 1
A Network Trojan was detected
AV TROJAN Domain Sinkholed by Kryptos Logic (HTML Response)
Misc activity
ET MALWARE Known Sinkhole Response Kryptos Logic
A Network Trojan was detected
ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
7720
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
A Network Trojan was detected
AV TROJAN Domain Sinkholed by Kryptos Logic (HTML Response)
Misc activity
ET MALWARE Known Sinkhole Response Kryptos Logic
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com