Malware analysis https://colorado.gov-clsf.com/pay Malicious activity

Add for printing

URL:	https://colorado.gov-clsf.com/pay
Full analysis:	https://app.any.run/tasks/197e1413-56d5-4f84-941e-61d1a5aa93bf
Verdict:	Malicious activity
Analysis date:	April 10, 2026, 23:16:47
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	phishing
MD5:	02BA60111931EAA4F658166701D65EC1
SHA1:	DD4B0E41D617A7FE6A4B6D2257D7C326A1AA6331
SHA256:	0E878FA9625F45C92AED737A2EF74633A02B4728766CD33F6ABE446F67D7A440
SSDEEP:	3:N8XEUak3ucn:20L8uc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

146

Monitored processes

0

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

No data

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

0

Text files

0

Unknown types

0

Dropped files

No data

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

30

TCP/UDP connections

35

DNS requests

24

Threats

7

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
7596	RUXIMICS.exe	GET	304	20.73.194.208:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop	US	—	—	whitelisted
5336	MoUsoCoreWorker.exe	GET	304	20.73.194.208:443	https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30	US	—	—	whitelisted
7760	svchost.exe	HEAD	200	23.197.142.186:443	https://fs.microsoft.com/fs/windows/config.json	US	—	—	whitelisted
7028	msedge.exe	GET	403	172.67.207.179:443	https://colorado.gov-clsf.com/pay	US	binary	4.96 Kb	unknown
488	svchost.exe	GET	200	23.48.23.156:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	NL	binary	825 b	whitelisted
7028	msedge.exe	GET	200	172.67.207.179:443	https://colorado.gov-clsf.com/cdn-cgi/styles/cf.errors.css	US	binary	23.4 Kb	unknown
7028	msedge.exe	OPTIONS	200	35.190.80.1:443	https://a.nel.cloudflare.com/report/v4?s=daP7e3S5V77yxwQB7Urc7hPGUvtT9QVtHndmkOd97h1gRwZ0Sc6AQOdLKR49XzvDQREgfxRceK%2B6wiYyjdX5dScjKI3OxjB9mHnezldA57F%2BEczFfieJeRAXak201%2BWiVB0SDxwvr%2Fg%3D	US	—	—	—
7028	msedge.exe	GET	302	104.18.94.41:443	https://challenges.cloudflare.com/turnstile/v0/api.js	US	—	—	—
7028	msedge.exe	GET	200	2.16.204.141:443	https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json	unknown	text	665 Kb	whitelisted
7028	msedge.exe	GET	200	172.67.207.179:443	https://colorado.gov-clsf.com/cdn-cgi/images/icon-exclamation.png?1376755637	US	text	452 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
488	svchost.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
7596	RUXIMICS.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
5336	MoUsoCoreWorker.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
7028	msedge.exe	224.0.0.251:5353	—	—	—	whitelisted
7028	msedge.exe	172.67.207.179:443	colorado.gov-clsf.com	CLOUDFLARENET	US	whitelisted
488	svchost.exe	23.48.23.156:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
7596	RUXIMICS.exe	23.48.23.156:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
5336	MoUsoCoreWorker.exe	23.48.23.156:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
7028	msedge.exe	35.190.80.1:443	a.nel.cloudflare.com	GOOGLE-CLOUD-PLATFORM	US	whitelisted
7028	msedge.exe	104.18.95.41:443	challenges.cloudflare.com	CLOUDFLARENET	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	20.73.194.208 51.124.78.146	whitelisted
google.com	142.251.110.139 142.251.110.101 142.251.110.138 142.251.110.100 142.251.110.102 142.251.110.113	whitelisted
colorado.gov-clsf.com	172.67.207.179 104.21.61.84	unknown
crl.microsoft.com	23.48.23.156 23.48.23.176 23.48.23.143	whitelisted
a.nel.cloudflare.com	35.190.80.1	whitelisted
www.bing.com	2.16.204.141 2.16.204.161	whitelisted
challenges.cloudflare.com	104.18.95.41 104.18.94.41	whitelisted
www.microsoft.com	23.59.18.102	whitelisted
fs.microsoft.com	23.197.142.186	whitelisted
stun.cloudflare.com	162.159.207.0 2606:4700:49::	whitelisted

Threats

PID	Process	Class	Message
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Domain by Cloudflare Turnstile warning
488	svchost.exe	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge

Add for printing

No debug info

General Info

https://colorado.gov-clsf.com/pay

02BA60111931EAA4F658166701D65EC1

DD4B0E41D617A7FE6A4B6D2257D7C326A1AA6331

0E878FA9625F45C92AED737A2EF74633A02B4728766CD33F6ABE446F67D7A440

3:N8XEUak3ucn:20L8uc

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings