URL:

https://x90.im/XZEFHTHRpZDhEWWlXSmVxM2htT0xGVHNCSk9qOXUvNDY0Q1J4ZEFFZWFxbVZ5TmpFSEppWEdrRjFrREhtNlErNmw1SWNZR2ovMW5pMmt5U1NpS0hmM0pSQVkxUFZiL0hleE5zRjdKSmFnZVNXN0x1Uk50RStiVExjUThIeVlYWEtnbGtsSlNLaytjZGtJdEFOTVhHYnhOdUpHTTU3YVB5SmMxbTY0MzV6dExqRDlvVTZmZzdtOUZPRm5vRXFRU2EzNFpHWHA5TFdnMy9XbitZeFI0T2xySHZENVBGRUZWbFl2QT09LS10U2E5dXh1UWJhazdMdmQxLS1kMlRaeTU0Zk4xdHJKTGc1SUZQS09RPT0=?cid=436764726

Full analysis: https://app.any.run/tasks/f2d765e5-fec6-4c13-be70-491ef57aee1b
Verdict: Malicious activity
Analysis date: May 19, 2026, 23:33:42
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
sec-awareness
Indicators:
MD5:

B92F6606FAE8C524AF9C2BE289CB4525

SHA1:

97DCEA2FBFE1F7A332BA1B7C924E803FE811436A

SHA256:

C5A103FC5B85189E106B6B20683A621DB90950EF98347A6B9B5BAC0D8712AA81

SSDEEP:

12:2wUY7UvlBqDw2pPXsPYgxM+od4pzzsr+pWG:2wT72BqDDpPXsVxMXd4pzzI+UG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    • Security awareness attack simulation observed

      • msedge.exe (PID: 7028)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
5
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6html
MD5:219490209CA73C1948AB4D968F289D4E
SHA256:49F52E7A7E0B50F3BFF5FD058DB47C30AF16801505B2A1901B024A0AC47575F4
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8compressed
MD5:F1232635B40CBFAE664CA09BA03FC9C3
SHA256:55644838E3E24BB2ED95B03654F6BC0AB4B5725F73BD9E6656C50AB8441194FF
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bbimage
MD5:10588E251874BF5C9655289014073350
SHA256:DD0E13BE815F218ADC61EC7B7A04777C8AD03FE34AC1F402F51A7BABA71A87D4
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5text
MD5:21BF0329EAB2C858343AF22FF8B2E359
SHA256:F48B72D69A5ADCACB23D72D7BCF1C6CD1E0B81EDE76DD0794888CBDBFD72B69E
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdcompressed
MD5:0156E3EBB03EE72F982BD95577A20310
SHA256:AAF8A67CBD49BA6F9B8370ADE34B226CD73E2C412AD215F742C6E6F57764FB8C
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RFf1ee9.TMPtext
MD5:8CA6AC4CD0D4F8B2EA5A9FC6FD4311D7
SHA256:EE810A451AEA499C3D6F89EDB840ED025DF0937874485A211A3BB39F915F4EA0
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\b9efac69-42b3-4aed-b73b-5b1a32129ea0.tmptext
MD5:F054A7D6E382DF24018FE84986B710A2
SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statetext
MD5:F054A7D6E382DF24018FE84986B710A2
SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000becompressed
MD5:D034056264BCB7962F24C5991DCD1A3C
SHA256:6584F6CEECB154117E5FC5ACDA80EBE752B75B6C0149FBC8ACF7CD00C5CB7C5B
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bacompressed
MD5:F504F8114DC24E2F46BB031240102182
SHA256:266DA3069A00AE9193AC11AE63771F5AEEFA18B1862A441E03D319FDE7BC1680
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
86
TCP/UDP connections
75
DNS requests
62
Threats
18

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6500
RUXIMICS.exe
GET
304
48.209.138.168:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
48.209.138.168:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
GET
200
52.222.236.86:443
https://x90.im/XZEFHTHRpZDhEWWlXSmVxM2htT0xGVHNCSk9qOXUvNDY0Q1J4ZEFFZWFxbVZ5TmpFSEppWEdrRjFrREhtNlErNmw1SWNZR2ovMW5pMmt5U1NpS0hmM0pSQVkxUFZiL0hleE5zRjdKSmFnZVNXN0x1Uk50RStiVExjUThIeVlYWEtnbGtsSlNLaytjZGtJdEFOTVhHYnhOdUpHTTU3YVB5SmMxbTY0MzV6dExqRDlvVTZmZzdtOUZPRm5vRXFRU2EzNFpHWHA5TFdnMy9XbitZeFI0T2xySHZENVBGRUZWbFl2QT09LS10U2E5dXh1UWJhazdMdmQxLS1kMlRaeTU0Zk4xdHJKTGc1SUZQS09RPT0=?cid=436764726
US
html
546 b
unknown
6500
RUXIMICS.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7368
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7368
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7028
msedge.exe
GET
200
92.123.104.34:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
666 Kb
whitelisted
7028
msedge.exe
GET
200
52.222.236.86:443
https://secure.encryptedconnection.net/pages/d86795dc2da50b678276ee224bd49ae9/XZEFHTHRpZDhEWWlXSmVxM2htT0xGVHNCSk9qOXUvNDY0Q1J4ZEFFZWFxbVZ5TmpFSEppWEdrRjFrREhtNlErNmw1SWNZR2ovMW5pMmt5U1NpS0hmM0pSQVkxUFZiL0hleE5zRjdKSmFnZVNXN0x1Uk50RStiVExjUThIeVlYWEtnbGtsSlNLaytjZGtJdEFOTVhHYnhOdUpHTTU3YVB5SmMxbTY0MzV6dExqRDlvVTZmZzdtOUZPRm5vRXFRU2EzNFpHWHA5TFdnMy9XbitZeFI0T2xySHZENVBGRUZWbFl2QT09LS10U2E5dXh1UWJhazdMdmQxLS1kMlRaeTU0Zk4xdHJKTGc1SUZQS09RPT0=
US
html
73.9 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7368
svchost.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6500
RUXIMICS.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
224.0.0.251:5353
whitelisted
7028
msedge.exe
34.243.105.180:443
x90.im
AMAZON-02
US
whitelisted
7368
svchost.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6500
RUXIMICS.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7368
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
6500
RUXIMICS.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 48.209.138.168
  • 48.209.138.189
  • 48.209.6.48
whitelisted
google.com
  • 142.251.13.113
  • 142.251.13.100
  • 142.251.13.138
  • 142.251.13.102
  • 142.251.13.101
  • 142.251.13.139
whitelisted
x90.im
  • 34.243.105.180
  • 46.137.121.249
unknown
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
www.bing.com
  • 92.123.104.32
  • 92.123.104.34
  • 92.123.104.31
  • 92.123.104.38
whitelisted
secure.encryptedconnection.net
  • 46.137.121.249
  • 34.243.105.180
whitelisted
fs.microsoft.com
  • 23.197.142.186
whitelisted
helpimg.s3.amazonaws.com
  • 16.15.199.195
  • 52.217.69.76
  • 16.15.219.10
  • 16.182.36.217
  • 52.217.201.177
  • 52.216.90.20
  • 54.231.161.169
  • 16.15.183.170
shared
training.knowbe4.com
  • 18.173.205.111
  • 18.173.205.70
  • 18.173.205.114
  • 18.173.205.50
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Microsoft Phishing (secure .encryptedconnection .net)
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Microsoft Phishing (secure .encryptedconnection .net)
6500
RUXIMICS.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Successful Credential Theft Detected
ET INFO Observed KnowBe4/Popcorn Training Simulated Phish Landing Page M2
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Training domain ( .knowbe4 .)
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Training domain ( .knowbe4 .)
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] KnowBe4: Security Awareness Training (knowbe4 .com)
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] KnowBe4: Security Awareness Training (knowbe4 .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://x90.im/XZEFHTHRpZDhEWWlXSmVxM2htT0xGVHNCSk9qOXUvNDY0Q1J4ZEFFZWFxbVZ5TmpFSEppWEdrRjFrREhtNlErNmw1SWNZR2ovMW5pMmt5U1NpS0hmM0pSQVkxUFZiL0hleE5zRjdKSmFnZVNXN0x1Uk50RStiVExjUThIeVlYWEtnbGtsSlNLaytjZGtJdEFOTVhHYnhOdUpHTTU3YVB5SmMxbTY0MzV6dExqRDlvVTZmZzdtOUZPRm5vRXFRU2EzNFpHWHA5TFdnMy9XbitZeFI0T2xySHZENVBGRUZWbFl2QT09LS10U2E5dXh1UWJhazdMdmQxLS1kMlRaeTU0Zk4xdHJKTGc1SUZQS09RPT0=?cid=436764726