URL:

https://canva.link/rufglby756w2m8r

Full analysis: https://app.any.run/tasks/bca7bfc9-d10a-4e72-8e9f-ac54c44ee0be
Verdict: Malicious activity
Threats:

EvilProxy is a phishing-as-a-service (PhaaS) platform that enables cybercriminals to bypass multi-factor authentication (MFA) and hijack user sessions. It leverages reverse proxy techniques to harvest credentials and session cookies, posing a serious threat to both individuals and enterprises.

Malware Trends Tracker     >>>
Analysis date: April 30, 2026, 17:07:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
evilproxy
Indicators:
MD5:

5C658C21FEFC85F76B2DC45AE2ACE323

SHA1:

38E7A0EC0ABBE73629EB783963A9100037A81FBC

SHA256:

7247A27C7280724EAE652B2083BA6D69A78813452DEC0D5B55BB7437A7144207

SSDEEP:

3:N8ZLTEOjtSn:26gS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
45
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6text
MD5:7103BC926CBF499750082FB939A751A2
SHA256:F5C490BF7E3E7657DE6D235A521024176C7F9A417B57FFB229F9CCEF64BA2C4C
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000babinary
MD5:6D2CD4B4DC3134744465CB5E71F6916C
SHA256:E182140603D804B2A40F276F5821AF3C993C17032DAA7B862C71F6906E90E287
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bfbinary
MD5:213C6FB6AA49A9B51736DDFBE5002849
SHA256:367F88874C4B768B646E5F2A604DFA6775366B6C19E14F7CFBC35C6E6BB1E8F0
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8binary
MD5:38A3A1676F5645BDC4442B71C519E769
SHA256:BBCB2F7C7E7B0E460B01B55144C5B3A3F4C9268F6B02F5D8C08B4217F827CA74
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bebinary
MD5:E2F40753ED58C2A9180BA6830A618208
SHA256:FEF63CBB438AB679BEE199AFABEBF0C2E46D0309FDF7C9C73E6BE81116C5D2BB
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c6binary
MD5:0276C1C8D171FE409BD82A8E6CA63767
SHA256:B4F65C8925D4D0EAF8A04978AA1E70DA563BBB8D0853FF64EEB3646665FE57C3
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5binary
MD5:B629F22AEF227F34AA08606711603721
SHA256:C2C9DA719D6103D7158FA597A921CCA3C781896C77BC210C8B857C815A466511
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2binary
MD5:A43CEC85372E4D91477B7C38966838DF
SHA256:6D610E2FE096280ADB23CDAD06078AC1F57E498E48F17FF157C5293F8F7A3C25
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1binary
MD5:0FDB30E377C2B83A8DCEB73F98181D26
SHA256:069F8A1B018E862429A278E86255366EB2020453ED7F62735744C301B5CE9C59
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9binary
MD5:70E60A89A8C7B7E2DF8AC0D003E48148
SHA256:2D301794E072C15720447E5CCF58B235531E5BB4798D3B358DD6B6CA8918AE1D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
282
TCP/UDP connections
167
DNS requests
126
Threats
43

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7456
RUXIMICS.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7028
msedge.exe
GET
301
104.16.102.112:443
https://canva.link/rufglby756w2m8r
US
7028
msedge.exe
GET
200
104.16.102.112:443
https://www.canva.com/design/DAHIJSk0PgE/0aXDi_VbxSHlo5ZFYQuRBw/view?utm_content=DAHIJSk0PgE&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h58a3816fc9
US
html
27.4 Kb
unknown
5188
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7760
svchost.exe
HEAD
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
7456
RUXIMICS.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5188
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7456
RUXIMICS.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5188
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7456
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7028
msedge.exe
224.0.0.251:5353
whitelisted
7028
msedge.exe
172.64.151.150:443
canva.link
CLOUDFLARENET
US
whitelisted
5188
svchost.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7456
RUXIMICS.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
104.16.102.112:443
www.canva.com
CLOUDFLARENET
US
whitelisted
5188
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.251.20.100
  • 142.251.20.139
  • 142.251.20.113
  • 142.251.20.102
  • 142.251.20.101
  • 142.251.20.138
whitelisted
canva.link
  • 172.64.151.150
  • 104.18.36.106
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
  • 2.16.164.72
whitelisted
www.canva.com
  • 104.16.102.112
  • 104.16.103.112
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
login.live.com
  • 40.126.31.129
  • 40.126.31.67
  • 20.190.159.71
  • 20.190.159.129
  • 20.190.159.2
  • 40.126.31.71
  • 40.126.31.69
  • 20.190.159.68
whitelisted
fs.microsoft.com
  • 23.197.142.186
whitelisted
static.canva.com
  • 104.16.102.112
  • 104.16.103.112
whitelisted
www.bing.com
  • 92.123.104.42
  • 92.123.104.38
  • 92.123.104.35
  • 92.123.104.41
  • 92.123.104.37
  • 92.123.104.50
  • 92.123.104.49
  • 92.123.104.51
  • 92.123.104.34
  • 92.123.104.19
  • 92.123.104.7
  • 92.123.104.17
  • 92.123.104.10
  • 92.123.104.14
  • 92.123.104.16
  • 92.123.104.13
  • 92.123.104.11
  • 92.123.104.8
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
5188
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://canva.link/rufglby756w2m8r