URL:

https://www.machineheavy.com/posts/fejopydxhhwdna

Full analysis: https://app.any.run/tasks/e792d1e0-8fe2-4da7-9840-04f62eadef7a
Verdict: Malicious activity
Analysis date: March 27, 2026, 04:42:18
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
Indicators:
MD5:

5F384DD9971680D4DF1994030BA33A0E

SHA1:

D6AF0E5BAE961CAE43FDC39F6C2FE35284AFB89E

SHA256:

F7FCB38A5121A7D684E63BC284AAEB4E3D99BD8CBC820EBBCC663EF62E9A0985

SSDEEP:

3:N8DSLJLdEedQRKDxm/:2OLFdaRK4/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
8
Text files
18
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdtext
MD5:FF174FD2750BEFE420696822101E255A
SHA256:F28B5AC28313A52497546A40D6D7ED4DAA336C89F8C5E92BBEF36D8338A0F30F
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8binary
MD5:20D0514D290F5255F1494231871F21DC
SHA256:25EEA6DE2C2679A33E6D341F24E655B10CBE701B99F5EAF168CD36D3F87C601F
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000batext
MD5:FC9DFA10D571AB58881894CA70F34B3D
SHA256:26185F4D1B345DDB9D06EDC89441B0B5B28A74E6CEB36DD77FED5450B1257048
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6text
MD5:E762FE48F237433248062D4C1D1ACB8B
SHA256:6D10FFE4E339CD38A2BFD67C3AB03510CD768C7010934ECC17C1B0504588005A
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bctext
MD5:6F9C9D2FB0B347AC424336C975237BDF
SHA256:2F77884378193890CA7058D5A51A65D777CB552400EEC8F7FBC27A6478093A56
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9binary
MD5:E1AA8E55E9D63B601E85529CFD9E5080
SHA256:171B75DEC32CB6983513E69967FB19C8048E88F9C0450BE48FB54CFB6FAC11AA
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000betext
MD5:CE5DC7A85E83051289B0F6CF31E66E85
SHA256:A54CD3FCCD7E7AA8735612451A91ADBFEFA61D62CCE4F2579488226B5B2D8CCD
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bftext
MD5:76F59FA6CECBAEB5C107D0BFDAFF1E95
SHA256:DB6FD33FBD94F15B11A9BA9CA9CC8AB7A1A596BB0814BC965700DFA2B5E8D68A
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2text
MD5:AF41F1C6C7383A6A7E083BDFC1245BD2
SHA256:BD39500BF3321487FFEBEECF3E1B634148DBDFC58B8D4E067FFD69AC755167D9
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bbtext
MD5:10E46D086D42F32EB9AE02E98611B2A0
SHA256:9AB4336BA79A18338993110A91CA283B0D9D702A093353098595F381E96A2BBC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
102
TCP/UDP connections
77
DNS requests
40
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4868
RUXIMICS.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
104.102.63.189:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
6048
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
GET
302
188.114.96.3:443
https://www.machineheavy.com/posts/fejopydxhhwdna
US
text
1.13 Kb
unknown
7028
msedge.exe
GET
302
104.21.54.64:443
https://t4.velvethonors.su/aff_c?offer_id=759&aff_id=1938&aff_sub=us-harbp&aff_sub2=cmsiye
US
4868
RUXIMICS.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
4868
RUXIMICS.exe
GET
200
72.246.29.11:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
6048
svchost.exe
GET
200
72.246.29.11:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6048
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4868
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
224.0.0.251:5353
whitelisted
7028
msedge.exe
188.114.97.3:443
www.machineheavy.com
CLOUDFLARENET
US
whitelisted
6048
svchost.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
4868
RUXIMICS.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6048
svchost.exe
72.246.29.11:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
4868
RUXIMICS.exe
72.246.29.11:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.251.141.78
whitelisted
www.machineheavy.com
  • 188.114.97.3
  • 188.114.96.3
unknown
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 72.246.29.11
whitelisted
t4.velvethonors.su
  • 104.21.54.64
  • 172.67.136.9
malicious
login.live.com
  • 20.190.160.3
  • 20.190.160.131
  • 20.190.160.20
  • 40.126.32.68
  • 20.190.160.132
  • 20.190.160.22
  • 40.126.32.136
  • 20.190.160.66
whitelisted
fs.microsoft.com
  • 104.102.63.189
whitelisted
zumexa.panelquests.com
  • 104.21.47.76
  • 172.67.170.195
unknown
www.bing.com
  • 184.86.251.9
  • 184.86.251.13
  • 184.86.251.22
  • 184.86.251.27
  • 184.86.251.21
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Misc activity
INFO [ANY.RUN] .su TLD domain request
7028
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (velvethonors .su)
6048
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.machineheavy.com/posts/fejopydxhhwdna