URL:

click-v4.junclikrmedi.com/click?i=mNtyuHA86SU_0

Full analysis: https://app.any.run/tasks/f5faaccf-b820-4ff4-95d5-095d4dc8ac51
Verdict: Malicious activity
Analysis date: May 07, 2026, 06:22:14
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
Indicators:
MD5:

6ECF24CDA73AC53210749B8F098135CC

SHA1:

1895D974B066AA5B8D2604BA8E75C63CE8E71A78

SHA256:

D91D223765ABDA6EA744C36027E57D379A93484B648008A3EE8B5BF08802D783

SSDEEP:

3:KmyFjMZILMkZWcpR2w+:KXFwwMi/2t

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5text
MD5:F4B5F54A2C2CC3DEE479C9C9695FFE86
SHA256:1D50584B2891A9C4D957195C80BD3DE548982E3B931912EC82E15EC64A48965F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
25
DNS requests
13
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7548
RUXIMICS.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
7028
msedge.exe
GET
200
139.177.177.24:443
https://click-v4.junclikrmedi.com/click?i=mNtyuHA86SU_0
US
5208
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7028
msedge.exe
GET
200
92.123.104.62:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
665 Kb
whitelisted
7548
RUXIMICS.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5208
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7548
RUXIMICS.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
5208
svchost.exe
GET
200
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4
US
text
3.41 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5208
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7548
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7028
msedge.exe
198.134.116.17:80
click-v4.junclikrmedi.com
WEBAIR-INTERNET
US
malicious
7028
msedge.exe
198.134.116.17:443
click-v4.junclikrmedi.com
WEBAIR-INTERNET
US
whitelisted
5208
svchost.exe
2.16.241.12:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7548
RUXIMICS.exe
2.16.241.12:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
92.123.104.58:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
2.16.241.12:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5208
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 192.178.183.138
  • 192.178.183.102
  • 192.178.183.101
  • 192.178.183.113
  • 192.178.183.100
  • 192.178.183.139
whitelisted
click-v4.junclikrmedi.com
  • 198.134.116.17
malicious
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.bing.com
  • 92.123.104.58
  • 92.123.104.4
  • 92.123.104.56
  • 92.123.104.5
  • 92.123.104.59
  • 92.123.104.63
  • 92.123.104.66
  • 92.123.104.62
  • 92.123.104.65
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.136
  • 40.126.32.76
  • 40.126.32.140
  • 20.190.160.22
  • 20.190.160.130
  • 40.126.32.74
  • 40.126.32.72
whitelisted
fs.microsoft.com
  • 23.197.142.186
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (.junclikrmedi .com)
5208
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
click-v4.junclikrmedi.com/click?i=mNtyuHA86SU_0