URL:

https://canva.link/e6dnf3u4qlqww1l

Full analysis: https://app.any.run/tasks/5ce45101-434f-4884-9f5c-40ad36a454bf
Verdict: Malicious activity
Analysis date: May 15, 2026, 18:38:53
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
websocket
phishing
Indicators:
MD5:

0AC88EE2B10F76A6CE0BF68B39C3B7F5

SHA1:

07E79B8826D37268227CCFF03FDF34D298C8CD13

SHA256:

ACEC695E06FEC98B9449A7AA1272D0E811AE7F4EA812CF7A36AE7216A082CEF5

SSDEEP:

3:N8ZLTERWEUD:26RB8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
95
Text files
10
Unknown types
5

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7binary
MD5:309B6F333FA5DCFF020513A9ED19829D
SHA256:881EF527E6FC46C931DE2FD25C89B6D12611861A2F6106B4A5050D5BFC29CBF8
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0binary
MD5:7AA0E0BFE6F02DA5D9361DC690259D0E
SHA256:B9344724E0612CC7D21E78360EBC44C23759ED3FD87067A49D6B9BEC4089A3E3
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7binary
MD5:4971EDF7A4A0359F252D44D4647AA2C2
SHA256:66C862243067D2ED17D8881A57F8593E0DD35A7488BABB3B3335111A5D1E3591
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6binary
MD5:6296EB5D91F388B821449EA73C9E4998
SHA256:482A69315EBDACB6555B324D8E9C249815637C7643865CFE8170CF97D2EFBBD7
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8binary
MD5:5D7113DB93AB9484E891D313BFB172FC
SHA256:4B76AE5BE6BCF30EB6DE10AB6408BF4C7FC60EABC579955A45CB5FBE055FBEB1
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5binary
MD5:69F2AAAF5BCC635A53D5F62EE9D1F660
SHA256:C842AEDA552D8359C178C5AB7957D68C757C4DBC4DE0D9B949B8F416E10C3708
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9binary
MD5:8B315D4406B1C2FA78117B808CF17F34
SHA256:1D68CBD3BB4E61F95417A211547626E7E55B0B101FC2A963E66CDFF01DBF527B
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdbinary
MD5:C20F8DC9CEE7003A8D4D4E3F87D7B6A8
SHA256:1B571075D652B966721318898CF83E0306B784E68F0558D2539CED78F560E388
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bbbinary
MD5:338EAFAAC093042065369C8345FE538B
SHA256:8A48336FEC5BD156D6C6E93CDBA28206EDBDC531D3EDFA3C7BEF1CE7DE20996E
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bebinary
MD5:C484D2BCED3B20DD756F688FF09F677F
SHA256:6800875E6D4B4261CA9379B3CC0AAD49CF2FA1DEE62F92B135E546EB1A6CF45D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
346
TCP/UDP connections
165
DNS requests
120
Threats
50

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7760
svchost.exe
HEAD
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
5208
svchost.exe
GET
200
23.48.23.11:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
23.48.23.11:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
3040
RUXIMICS.exe
GET
200
23.48.23.11:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5208
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
3040
RUXIMICS.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7028
msedge.exe
GET
200
104.16.103.112:443
https://www.canva.com/design/DAHJwbxUVvA/yzMp1MhHdDCBJZIOhXXctw/edit?utm_content=DAHJwbxUVvA&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton
US
html
220 Kb
unknown
7028
msedge.exe
GET
200
104.16.103.112:443
https://static.canva.com/web/fd86a8b533eb6fee.runtime.js
US
text
668 Kb
unknown
7028
msedge.exe
GET
200
104.16.102.112:443
https://static.canva.com/web/ca078c64f2be0a6e.ltr.css
US
text
209 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5208
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3040
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7028
msedge.exe
224.0.0.251:5353
whitelisted
5208
svchost.exe
23.48.23.11:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
23.48.23.11:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
3040
RUXIMICS.exe
23.48.23.11:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5208
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
3040
RUXIMICS.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5336
MoUsoCoreWorker.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.11
  • 23.48.23.35
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
google.com
  • 142.250.154.100
  • 142.250.154.113
  • 142.250.154.139
  • 142.250.154.101
  • 142.250.154.138
  • 142.250.154.102
whitelisted
canva.link
  • 172.64.151.150
  • 104.18.36.106
whitelisted
www.canva.com
  • 104.16.102.112
  • 104.16.103.112
whitelisted
static.canva.com
  • 104.16.102.112
  • 104.16.103.112
whitelisted
www.bing.com
  • 2.21.245.63
  • 2.21.245.58
  • 2.21.245.53
  • 2.21.245.40
  • 2.21.245.52
  • 2.21.245.62
  • 2.21.245.41
  • 2.21.245.47
  • 2.21.245.61
  • 92.123.104.26
  • 92.123.104.24
  • 92.123.104.30
  • 92.123.104.22
  • 92.123.104.21
  • 92.123.104.31
  • 92.123.104.25
  • 92.123.104.27
  • 92.123.104.23
  • 92.123.104.53
  • 92.123.104.52
  • 92.123.104.56
  • 92.123.104.49
  • 92.123.104.36
  • 92.123.104.45
  • 92.123.104.61
  • 92.123.104.57
  • 92.123.104.41
whitelisted
media-public.canva.com
  • 104.16.102.112
  • 104.16.103.112
whitelisted
media.canva.com
  • 104.16.102.112
  • 104.16.103.112
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Canva designs and to share platform (static .canva .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://canva.link/e6dnf3u4qlqww1l