URL:

https://url.us.m.mimecastprotect.com/r/c_tnXav0tD7NOUHOF0-vPdGw308T5eOPr0jLFJuGIj06y4DWTuKW8g4p07_NLOb_Z2N5tSCvctX2tImJQWJhG7Hr0-5l2Gr9nTqtcgqs4Xk4BQibQdnlaFssuvCZ3s5sbbDsBxoi3l0bJZ9QHgQi-DEXXrrO1waIsklaLqYASClzORAWs667lifl1i439TKYJlYwit6tCUj8zK3GMzpSIFMJ99ASPRg0sukX-YSsUpPGktVO7h3kj7DeKUaebwzGY6G3XtaEtxydrdDXDgGXg1mQOlEaSKs2I8iI6QS2uNcIAK7nCHtIJ_hockZmjgPaeMPelgW-Dl2gwrqErhNTHa0hCDcIAn66lyYH-hM2bH5_B8MudJzaG_5AIYtm0eR5kxw-OwEvaZ6m1ESwGETb-B7uJB8GXvJ_TgnEX3I64RBlZNF4levh8bLIHs5_Xxh8pSQJdqpDAxPu_a9rIqNL1r2f8gI0X_WwAOa9T7ksrFzgt82xYCL1e66tJqLpIVhyNyAh-Y386ctSh7094NKtSgRefpwYMQAFdSgqRMzZY4-TmmyWM08fl_OmKRm0RTjIlyiio1IF1334S9HGC9U2AHjOeuttwye1Z23SsJQLOQLbVjPU0MQn2h1wCceW-1v04eX7KftppbGNaG1VxQmOk7BWRpvRbnl1BBAPcBrrPcFsxi6gkidnVozhCaQO46RtzrQwzb7ssjc8ZTmB2lAdPsoc7n624nYegGwGvfCZKL7EmHoWEWoY0I5T7eBUTUrDZHvSfi-Mpxj9MgLuA0xyStKw37zouhT0-mZSrG6Wsgy5PdIwuxRQ-BSnlFQWDHEBDLTRSpPF7bfdDoosNbnOQ4VMEHe4gQxmbXjTP1PSH_TkykETQFtuYbKgTiw1o5HZ0XRioqEEBrRq3R-MCG9o9NniyoVE8VPM0CN0T1DKklUGQxAX2_dkF9I1riVFTOjXCtHjRdgqM5-_dG6tuHKoTymbYVLBZZgTfFZ0XYZZ4bDVX7yviPU6Cf5jBsoGhdF_pLoXxbGRayk65DuyeoWbjjuN1a-UuKaZ2h14VipDW5T8Q0Tg4f5JTFSLkgW6oLZXjA8o2SJa-AIY_MA54DtUF9hfn0gbwtyKBYahN9sfq3Ns7NgV9696IkxHjvzVe8Pmqa_TjwQ4N53RoZDt3HkKeLx2tR7dsVhhHlEwzkp1n77IjeO1_z4pNijkQud3-Lrf1durYJnNdmztd32EeAVexlzQY9Bqhahr1sl8mWxelYIi66L-BoEFX62mXAcmj2BKijFHW3mF2nLE3BwE_kpQBpksC_6eixlstLcIltyaMaYjQowUlif7EQl-AApuvvRgZOIFmoJRo8f4xigJo40G71VyCXvRJIl930HwlmORbv9nY36j-viMb7r7S30qAM0XVl0-zqPjbHZ6U7MJeHEfKPmL-LANMhd-Z4FLovDWpV0uYogYEFrIHwtV9dUJiGD4cQfXmMqY37SmhBhoN90N_Vmrg2QZjM0t2fFG3hR-gJANYlWUzl9tPQCnK1dard7UZybHkHe2OswhfaO4HbdpxhyDKuni2MthKca7o9lHH3f48-OSvNjnKIdSdQu9hNH11mpRZBSA7IOWGKNog7na260jcdpxO0AtM85FPnunDSh_fSRk0ey-bnKYRikqG3QlJoM-5LLQMq_z5GuqZ8ytt6h7eb3K834-8EFmRf-5QiRstZksrTD0XRudr3KIHLTuuuWZFrx6I8WoA2fPCTevT0MrXevjx3xyYISpLxyeHi0f7OLg8AopqiChCHpRFL0Vtta9KYZxg5biiTg3onPdGAhYf7GZkmr_vQL3sKzBaekeD01lWu0TkrCtxC8nrwMS9FixHNBj--iasLo9iFy4bEzxb9jTvGq9Pi1aHW_VAO9pefvTV6n3Ktzf1eUkyCUSMdz0K2DnWQKPvonWn-CKOEMFqiasewZttZ-LOUDGRNkQKAK8GzBPzlJcxkGb4v_XOEtzq1BpDB0cKx0nKjNN0HeWume0mTgfS9fRIX_7rUzFk_NKEYOedVlWQ7ZHFxlAl0tTgC8GNbsGNn0Q3xUaZUpE6f_ksxdJ9Qj0T5kOjsDKAtoCMY2d_EEIz2O3GW23mkGf6mhj2d2efXPouJr6QuAyrGip5ZzQ-amAV56XuLcEQMmeYcrRg6m7OCmLYAi0MB-LxpvDnAmc8clqhBwWV8sm36R97nAy-GByE4XZ09a36noqLqkX1jYyq27A0cxEfWlgAt0mHnmt8vpUSx9QkfFpR3XCuGQmgr8SZowbGRlWfzXtUj22HQG4a6tkD3RunCE5Egu72CBanZT_5De6MC0H6Q945OgwyZHQaLcN0YpeyOnMTPgZEYxkGZu8qTbW

Full analysis: https://app.any.run/tasks/abc1cc74-7ebf-424d-89ca-b12c03f01701
Verdict: Malicious activity
Analysis date: April 15, 2025, 17:54:14
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
MD5:

F8690E0AB6F6971D64EE3D9868466B19

SHA1:

D9A8D64D3442724E3E8BEFBB894BA9DD5C8DD95F

SHA256:

E66513E103FFB7D8D062A4A22A6F5BC3CA789A519C770E308B2345E6070E7799

SSDEEP:

48:7Yryw/J7iR08zcXMOUAqPEZ8M3QoGZPJtmySeN5ZZpe9xMSPiqL6F:7Yryi7iR083PEL6rmySe/ZXSiAq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
0
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details

Process information

No data
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
129
DNS requests
102
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
307
13.107.246.45:443
https://url.us.m.mimecastprotect.com/r/c_tnXav0tD7NOUHOF0-vPdGw308T5eOPr0jLFJuGIj06y4DWTuKW8g4p07_NLOb_Z2N5tSCvctX2tImJQWJhG7Hr0-5l2Gr9nTqtcgqs4Xk4BQibQdnlaFssuvCZ3s5sbbDsBxoi3l0bJZ9QHgQi-DEXXrrO1waIsklaLqYASClzORAWs667lifl1i439TKYJlYwit6tCUj8zK3GMzpSIFMJ99ASPRg0sukX-YSsUpPGktVO7h3kj7DeKUaebwzGY6G3XtaEtxydrdDXDgGXg1mQOlEaSKs2I8iI6QS2uNcIAK7nCHtIJ_hockZmjgPaeMPelgW-Dl2gwrqErhNTHa0hCDcIAn66lyYH-hM2bH5_B8MudJzaG_5AIYtm0eR5kxw-OwEvaZ6m1ESwGETb-B7uJB8GXvJ_TgnEX3I64RBlZNF4levh8bLIHs5_Xxh8pSQJdqpDAxPu_a9rIqNL1r2f8gI0X_WwAOa9T7ksrFzgt82xYCL1e66tJqLpIVhyNyAh-Y386ctSh7094NKtSgRefpwYMQAFdSgqRMzZY4-TmmyWM08fl_OmKRm0RTjIlyiio1IF1334S9HGC9U2AHjOeuttwye1Z23SsJQLOQLbVjPU0MQn2h1wCceW-1v04eX7KftppbGNaG1VxQmOk7BWRpvRbnl1BBAPcBrrPcFsxi6gkidnVozhCaQO46RtzrQwzb7ssjc8ZTmB2lAdPsoc7n624nYegGwGvfCZKL7EmHoWEWoY0I5T7eBUTUrDZHvSfi-Mpxj9MgLuA0xyStKw37zouhT0-mZSrG6Wsgy5PdIwuxRQ-BSnlFQWDHEBDLTRSpPF7bfdDoosNbnOQ4VMEHe4gQxmbXjTP1PSH_TkykETQFtuYbKgTiw1o5HZ0XRioqEEBrRq3R-MCG9o9NniyoVE8VPM0CN0T1DKklUGQxAX2_dkF9I1riVFTOjXCtHjRdgqM5-_dG6tuHKoTymbYVLBZZgTfFZ0XYZZ4bDVX7yviPU6Cf5jBsoGhdF_pLoXxbGRayk65DuyeoWbjjuN1a-UuKaZ2h14VipDW5T8Q0Tg4f5JTFSLkgW6oLZXjA8o2SJa-AIY_MA54DtUF9hfn0gbwtyKBYahN9sfq3Ns7NgV9696IkxHjvzVe8Pmqa_TjwQ4N53RoZDt3HkKeLx2tR7dsVhhHlEwzkp1n77IjeO1_z4pNijkQud3-Lrf1durYJnNdmztd32EeAVexlzQY9Bqhahr1sl8mWxelYIi66L-BoEFX62mXAcmj2BKijFHW3mF2nLE3BwE_kpQBpksC_6eixlstLcIltyaMaYjQowUlif7EQl-AApuvvRgZOIFmoJRo8f4xigJo40G71VyCXvRJIl930HwlmORbv9nY36j-viMb7r7S30qAM0XVl0-zqPjbHZ6U7MJeHEfKPmL-LANMhd-Z4FLovDWpV0uYogYEFrIHwtV9dUJiGD4cQfXmMqY37SmhBhoN90N_Vmrg2QZjM0t2fFG3hR-gJANYlWUzl9tPQCnK1dard7UZybHkHe2OswhfaO4HbdpxhyDKuni2MthKca7o9lHH3f48-OSvNjnKIdSdQu9hNH11mpRZBSA7IOWGKNog7na260jcdpxO0AtM85FPnunDSh_fSRk0ey-bnKYRikqG3QlJoM-5LLQMq_z5GuqZ8ytt6h7eb3K834-8EFmRf-5QiRstZksrTD0XRudr3KIHLTuuuWZFrx6I8WoA2fPCTevT0MrXevjx3xyYISpLxyeHi0f7OLg8AopqiChCHpRFL0Vtta9KYZxg5biiTg3onPdGAhYf7GZkmr_vQL3sKzBaekeD01lWu0TkrCtxC8nrwMS9FixHNBj--iasLo9iFy4bEzxb9jTvGq9Pi1aHW_VAO9pefvTV6n3Ktzf1eUkyCUSMdz0K2DnWQKPvonWn-CKOEMFqiasewZttZ-LOUDGRNkQKAK8GzBPzlJcxkGb4v_XOEtzq1BpDB0cKx0nKjNN0HeWume0mTgfS9fRIX_7rUzFk_NKEYOedVlWQ7ZHFxlAl0tTgC8GNbsGNn0Q3xUaZUpE6f_ksxdJ9Qj0T5kOjsDKAtoCMY2d_EEIz2O3GW23mkGf6mhj2d2efXPouJr6QuAyrGip5ZzQ-amAV56XuLcEQMmeYcrRg6m7OCmLYAi0MB-LxpvDnAmc8clqhBwWV8sm36R97nAy-GByE4XZ09a36noqLqkX1jYyq27A0cxEfWlgAt0mHnmt8vpUSx9QkfFpR3XCuGQmgr8SZowbGRlWfzXtUj22HQG4a6tkD3RunCE5Egu72CBanZT_5De6MC0H6Q945OgwyZHQaLcN0YpeyOnMTPgZEYxkGZu8qTbW
unknown
GET
302
52.71.28.102:443
https://urldefense.proofpoint.com/v2/url?u=https-3A__4.timheinrichlaw.com&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=UVtpy5T_qzGlA-mv7CbieWWT8nFVdnAvi1yRDJVubnst7YjM842-7ZZ-5lAAVWEH&m=scY0sZH_RSez3JKlyp1GAiiaak_Ppk51ooSVqlbQjdn2kMnclUtp5kE4X2MA24kZ&s=b49Ysb-pxaDiHzYUyDws607SOmrJKo2LGJzEf7WDJwY&e=
unknown
GET
104.126.37.129:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
6364
RUXIMICS.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3080
MoUsoCoreWorker.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1880
svchost.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1880
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6364
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3080
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
whitelisted
6364
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3080
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1880
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1396
msedge.exe
205.139.111.113:443
url.us.m.mimecastprotect.com
MIMECAST
US
whitelisted
1396
msedge.exe
52.71.28.102:443
urldefense.proofpoint.com
AMAZON-AES
US
whitelisted
1652
svchost.exe
40.126.31.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1396
msedge.exe
172.233.49.32:443
4.timheinrichlaw.com
Akamai International B.V.
US
unknown
6364
RUXIMICS.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3080
MoUsoCoreWorker.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.174
whitelisted
url.us.m.mimecastprotect.com
  • 205.139.111.113
  • 207.211.31.113
  • 207.211.31.64
  • 207.211.31.106
  • 205.139.111.12
  • 205.139.111.117
whitelisted
urldefense.proofpoint.com
  • 52.71.28.102
  • 52.204.90.22
  • 52.6.56.188
whitelisted
login.live.com
  • 40.126.31.3
  • 20.190.159.68
  • 20.190.159.64
  • 20.190.159.73
  • 40.126.31.73
  • 40.126.31.67
  • 20.190.159.130
  • 40.126.31.130
whitelisted
4.timheinrichlaw.com
  • 172.233.49.32
unknown
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
www.bing.com
  • 104.126.37.129
  • 104.126.37.145
  • 104.126.37.186
  • 104.126.37.154
  • 104.126.37.137
  • 104.126.37.155
  • 104.126.37.144
  • 104.126.37.131
  • 104.126.37.136
  • 104.126.37.162
  • 104.126.37.153
  • 104.126.37.130
  • 104.126.37.171
  • 104.126.37.123
  • 104.126.37.128
  • 104.126.37.160
  • 104.126.37.179
  • 104.126.37.170
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
ET PHISHING Javascript Browser Fingerprinting POST Request
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://url.us.m.mimecastprotect.com/r/c_tnXav0tD7NOUHOF0-vPdGw308T5eOPr0jLFJuGIj06y4DWTuKW8g4p07_NLOb_Z2N5tSCvctX2tImJQWJhG7Hr0-5l2Gr9nTqtcgqs4Xk4BQibQdnlaFssuvCZ3s5sbbDsBxoi3l0bJZ9QHgQi-DEXXrrO1waIsklaLqYASClzORAWs667lifl1i439TKYJlYwit6tCUj8zK3GMzpSIFMJ99ASPRg0sukX-YSsUpPGktVO7h3kj7DeKUaebwzGY6G3XtaEtxydrdDXDgGXg1mQOlEaSKs2I8iI6QS2uNcIAK7nCHtIJ_hockZmjgPaeMPelgW-Dl2gwrqErhNTHa0hCDcIAn66lyYH-hM2bH5_B8MudJzaG_5AIYtm0eR5kxw-OwEvaZ6m1ESwGETb-B7uJB8GXvJ_TgnEX3I64RBlZNF4levh8bLIHs5_Xxh8pSQJdqpDAxPu_a9rIqNL1r2f8gI0X_WwAOa9T7ksrFzgt82xYCL1e66tJqLpIVhyNyAh-Y386ctSh7094NKtSgRefpwYMQAFdSgqRMzZY4-TmmyWM08fl_OmKRm0RTjIlyiio1IF1334S9HGC9U2AHjOeuttwye1Z23SsJQLOQLbVjPU0MQn2h1wCceW-1v04eX7KftppbGNaG1VxQmOk7BWRpvRbnl1BBAPcBrrPcFsxi6gkidnVozhCaQO46RtzrQwzb7ssjc8ZTmB2lAdPsoc7n624nYegGwGvfCZKL7EmHoWEWoY0I5T7eBUTUrDZHvSfi-Mpxj9MgLuA0xyStKw37zouhT0-mZSrG6Wsgy5PdIwuxRQ-BSnlFQWDHEBDLTRSpPF7bfdDoosNbnOQ4VMEHe4gQxmbXjTP1PSH_TkykETQFtuYbKgTiw1o5HZ0XRioqEEBrRq3R-MCG9o9NniyoVE8VPM0CN0T1DKklUGQxAX2_dkF9I1riVFTOjXCtHjRdgqM5-_dG6tuHKoTymbYVLBZZgTfFZ0XYZZ4bDVX7yviPU6Cf5jBsoGhdF_pLoXxbGRayk65DuyeoWbjjuN1a-UuKaZ2h14VipDW5T8Q0Tg4f5JTFSLkgW6oLZXjA8o2SJa-AIY_MA54DtUF9hfn0gbwtyKBYahN9sfq3Ns7NgV9696IkxHjvzVe8Pmqa_TjwQ4N53RoZDt3HkKeLx2tR7dsVhhHlEwzkp1n77IjeO1_z4pNijkQud3-Lrf1durYJnNdmztd32EeAVexlzQY9Bqhahr1sl8mWxelYIi66L-BoEFX62mXAcmj2BKijFHW3mF2nLE3BwE_kpQBpksC_6eixlstLcIltyaMaYjQowUlif7EQl-AApuvvRgZOIFmoJRo8f4xigJo40G71VyCXvRJIl930HwlmORbv9nY36j-viMb7r7S30qAM0XVl0-zqPjbHZ6U7MJeHEfKPmL-LANMhd-Z4FLovDWpV0uYogYEFrIHwtV9dUJiGD4cQfXmMqY37SmhBhoN90N_Vmrg2QZjM0t2fFG3hR-gJANYlWUzl9tPQCnK1dard7UZybHkHe2OswhfaO4HbdpxhyDKuni2MthKca7o9lHH3f48-OSvNjnKIdSdQu9hNH11mpRZBSA7IOWGKNog7na260jcdpxO0AtM85FPnunDSh_fSRk0ey-bnKYRikqG3QlJoM-5LLQMq_z5GuqZ8ytt6h7eb3K834-8EFmRf-5QiRstZksrTD0XRudr3KIHLTuuuWZFrx6I8WoA2fPCTevT0MrXevjx3xyYISpLxyeHi0f7OLg8AopqiChCHpRFL0Vtta9KYZxg5biiTg3onPdGAhYf7GZkmr_vQL3sKzBaekeD01lWu0TkrCtxC8nrwMS9FixHNBj--iasLo9iFy4bEzxb9jTvGq9Pi1aHW_VAO9pefvTV6n3Ktzf1eUkyCUSMdz0K2DnWQKPvonWn-CKOEMFqiasewZttZ-LOUDGRNkQKAK8GzBPzlJcxkGb4v_XOEtzq1BpDB0cKx0nKjNN0HeWume0mTgfS9fRIX_7rUzFk_NKEYOedVlWQ7ZHFxlAl0tTgC8GNbsGNn0Q3xUaZUpE6f_ksxdJ9Qj0T5kOjsDKAtoCMY2d_EEIz2O3GW23mkGf6mhj2d2efXPouJr6QuAyrGip5ZzQ-amAV56XuLcEQMmeYcrRg6m7OCmLYAi0MB-LxpvDnAmc8clqhBwWV8sm36R97nAy-GByE4XZ09a36noqLqkX1jYyq27A0cxEfWlgAt0mHnmt8vpUSx9QkfFpR3XCuGQmgr8SZowbGRlWfzXtUj22HQG4a6tkD3RunCE5Egu72CBanZT_5De6MC0H6Q945OgwyZHQaLcN0YpeyOnMTPgZEYxkGZu8qTbW