| URL: | https://sb.proview.io/prod/Talview-Secure-Browser-Upgraded.exe |
| Full analysis: | https://app.any.run/tasks/8448487c-76b1-46a4-a970-4eb0890b342d |
| Verdict: | Malicious activity |
| Analysis date: | May 15, 2026, 07:28:24 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | AAA2F04B28969737AB397D6D9FD276BA |
| SHA1: | 08319ED4DFEBE7ADF09E97A6139B8B1E51F6300F |
| SHA256: | 74E15B77A94C9EA45F46F43797338C617990B6089D1BC3C278743EA7B185F496 |
| SSDEEP: | 3:N8K8IBKCJAAyAGQla62+A:2KJJA7X+A |
MALICIOUS
Changes powershell execution policy (Unrestricted)
- Talview Secure Browser.exe (PID: 8860)
SUSPICIOUS
Malware-specific behavior (creating "System.dll" in Temp)
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
The process creates files with name similar to system file names
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
Executable content was dropped or overwritten
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
Starts CMD.EXE for commands execution
- cmd.exe (PID: 8532)
- cmd.exe (PID: 9000)
- cmd.exe (PID: 9120)
- cmd.exe (PID: 9376)
- cmd.exe (PID: 8396)
- cmd.exe (PID: 9992)
- cmd.exe (PID: 9972)
- cmd.exe (PID: 9984)
- cmd.exe (PID: 7868)
- cmd.exe (PID: 992)
- cmd.exe (PID: 8504)
- cmd.exe (PID: 10188)
- cmd.exe (PID: 10228)
- cmd.exe (PID: 7960)
- cmd.exe (PID: 7080)
- cmd.exe (PID: 9128)
- cmd.exe (PID: 8328)
- cmd.exe (PID: 10940)
- cmd.exe (PID: 6092)
- cmd.exe (PID: 9876)
- cmd.exe (PID: 10616)
- cmd.exe (PID: 9904)
- cmd.exe (PID: 10128)
- cmd.exe (PID: 9700)
- cmd.exe (PID: 8036)
- cmd.exe (PID: 8256)
- cmd.exe (PID: 8396)
- cmd.exe (PID: 9620)
- cmd.exe (PID: 10548)
- cmd.exe (PID: 9952)
- cmd.exe (PID: 2040)
Get information on the list of running processes
- cmd.exe (PID: 8532)
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
Drops 7-zip archiver for unpacking
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
Application launched itself
- Talview Secure Browser.exe (PID: 8860)
Starts application with an unusual extension
- cmd.exe (PID: 9000)
Starts CMD.EXE with AutoRun commands disabled
- cmd.exe (PID: 9000)
- cmd.exe (PID: 9120)
- cmd.exe (PID: 8396)
- cmd.exe (PID: 9376)
- cmd.exe (PID: 9984)
- cmd.exe (PID: 9992)
- cmd.exe (PID: 9972)
- cmd.exe (PID: 7868)
- cmd.exe (PID: 992)
- cmd.exe (PID: 8504)
- cmd.exe (PID: 10228)
- cmd.exe (PID: 10188)
- cmd.exe (PID: 7960)
- cmd.exe (PID: 9128)
- cmd.exe (PID: 8328)
- cmd.exe (PID: 7080)
- cmd.exe (PID: 9876)
- cmd.exe (PID: 10940)
- cmd.exe (PID: 6092)
- cmd.exe (PID: 10616)
- cmd.exe (PID: 9904)
- cmd.exe (PID: 10128)
- cmd.exe (PID: 8036)
- cmd.exe (PID: 9700)
- cmd.exe (PID: 8256)
- cmd.exe (PID: 8396)
- cmd.exe (PID: 9620)
- cmd.exe (PID: 10548)
- cmd.exe (PID: 9952)
- cmd.exe (PID: 2040)
Starts CMD.EXE with special quote handling
- cmd.exe (PID: 9000)
- cmd.exe (PID: 9120)
- cmd.exe (PID: 8396)
- cmd.exe (PID: 9376)
- cmd.exe (PID: 9984)
- cmd.exe (PID: 9992)
- cmd.exe (PID: 9972)
- cmd.exe (PID: 7868)
- cmd.exe (PID: 992)
- cmd.exe (PID: 10188)
- cmd.exe (PID: 8504)
- cmd.exe (PID: 10228)
- cmd.exe (PID: 7960)
- cmd.exe (PID: 7080)
- cmd.exe (PID: 9128)
- cmd.exe (PID: 8328)
- cmd.exe (PID: 9700)
- cmd.exe (PID: 10940)
- cmd.exe (PID: 6092)
- cmd.exe (PID: 9876)
- cmd.exe (PID: 10616)
- cmd.exe (PID: 9904)
- cmd.exe (PID: 10128)
- cmd.exe (PID: 8036)
- cmd.exe (PID: 9620)
- cmd.exe (PID: 8396)
- cmd.exe (PID: 10548)
- cmd.exe (PID: 8256)
- cmd.exe (PID: 9952)
- cmd.exe (PID: 2040)
The process bypasses the loading of PowerShell profile settings
- Talview Secure Browser.exe (PID: 8860)
The process hides Powershell's copyright startup banner
- Talview Secure Browser.exe (PID: 8860)
Starts POWERSHELL.EXE for commands execution
- Talview Secure Browser.exe (PID: 8860)
Uses TASKKILL.EXE to kill process
- cmd.exe (PID: 9972)
- cmd.exe (PID: 9984)
- cmd.exe (PID: 9992)
- cmd.exe (PID: 9700)
- cmd.exe (PID: 10940)
- cmd.exe (PID: 9904)
- cmd.exe (PID: 10616)
- cmd.exe (PID: 10128)
- cmd.exe (PID: 8036)
- cmd.exe (PID: 10548)
- cmd.exe (PID: 9620)
- cmd.exe (PID: 8396)
Bypass execution policy to execute commands
- powershell.exe (PID: 5008)
Uses WMIC.EXE
- Talview Secure Browser.exe (PID: 10092)
Uses NETSH.EXE to obtain data on the network
- Talview Secure Browser.exe (PID: 8860)
The executable file from the user directory is run by the CMD process
- VirtualDesktop.exe (PID: 3380)
- VirtualDesktop.exe (PID: 7128)
- VirtualDesktop.exe (PID: 8592)
- VirtualDesktop.exe (PID: 11072)
- VirtualDesktop.exe (PID: 9196)
- VirtualDesktop.exe (PID: 10596)
- VirtualDesktop.exe (PID: 7316)
- VirtualDesktop.exe (PID: 9528)
Checks for a battery sensor (probably for evasion)
- Talview Secure Browser.exe (PID: 10092)
INFO
Executable content was dropped or overwritten
- msedge.exe (PID: 7776)
Reads the computer name
- identity_helper.exe (PID: 7944)
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
- Talview Secure Browser.exe (PID: 8860)
- adjust_get_current_system_volume_vista_plus.exe (PID: 9080)
- Talview Secure Browser.exe (PID: 9124)
- VMDetect.exe (PID: 10592)
- SessionMonitor.exe (PID: 10916)
- VirtualDesktop.exe (PID: 3380)
- VirtualDesktop.exe (PID: 7128)
- VirtualDesktop.exe (PID: 8592)
- VirtualDesktop.exe (PID: 9196)
- VirtualDesktop.exe (PID: 11072)
- VirtualDesktop.exe (PID: 10596)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8520)
- VirtualDesktop.exe (PID: 7316)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8308)
- VirtualDesktop.exe (PID: 9528)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 7504)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 9508)
Reads Environment values
- identity_helper.exe (PID: 7944)
- Talview Secure Browser.exe (PID: 8860)
- Talview Secure Browser.exe (PID: 10092)
Application launched itself
- msedge.exe (PID: 7776)
Checks supported languages
- identity_helper.exe (PID: 7944)
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
- Talview Secure Browser.exe (PID: 8860)
- Talview Secure Browser.exe (PID: 8952)
- chcp.com (PID: 9052)
- adjust_get_current_system_volume_vista_plus.exe (PID: 9080)
- Talview Secure Browser.exe (PID: 9000)
- Talview Secure Browser.exe (PID: 9124)
- Restrictions-DiableWinKey-WinFormsApp.exe (PID: 9356)
- Talview Secure Browser.exe (PID: 10092)
- Talview Secure Browser.exe (PID: 10672)
- VMDetect.exe (PID: 10592)
- SessionMonitor.exe (PID: 10916)
- VirtualDesktop.exe (PID: 3380)
- VirtualDesktop.exe (PID: 7128)
- VirtualDesktop.exe (PID: 8592)
- VirtualDesktop.exe (PID: 9196)
- VirtualDesktop.exe (PID: 11072)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8520)
- VirtualDesktop.exe (PID: 10596)
- fastlist-0.3.0-x64.exe (PID: 9668)
- fastlist-0.3.0-x64.exe (PID: 8712)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8308)
- VirtualDesktop.exe (PID: 7316)
- VirtualDesktop.exe (PID: 9528)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 9508)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 7504)
The sample compiled with english language support
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
Create files in a temporary directory
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
- Talview Secure Browser.exe (PID: 8860)
Creates files or folders in the user directory
- Talview Secure Browser.exe (PID: 8952)
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
- Talview Secure Browser.exe (PID: 8860)
- Talview Secure Browser.exe (PID: 9124)
Reads security settings of Internet Explorer
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
- WMIC.exe (PID: 10660)
Creates a software uninstall entry
- Talview-Secure-Browser-Upgraded.exe (PID: 8412)
Manual execution by a user
- Talview Secure Browser.exe (PID: 8860)
Process checks computer location settings
- Talview Secure Browser.exe (PID: 8860)
- Talview Secure Browser.exe (PID: 10092)
- Talview Secure Browser.exe (PID: 10672)
Reads product name
- Talview Secure Browser.exe (PID: 8860)
- Talview Secure Browser.exe (PID: 10092)
Changes the display of characters in the console
- cmd.exe (PID: 9000)
Reads CPU info
- Talview Secure Browser.exe (PID: 8860)
Search a value from a registry key
- cmd.exe (PID: 8396)
- reg.exe (PID: 8796)
- cmd.exe (PID: 9376)
- reg.exe (PID: 9912)
- cmd.exe (PID: 992)
- reg.exe (PID: 8592)
- cmd.exe (PID: 7080)
- reg.exe (PID: 9004)
- reg.exe (PID: 10164)
- cmd.exe (PID: 6092)
- cmd.exe (PID: 2040)
- reg.exe (PID: 9296)
Reads the machine GUID from the registry
- Talview Secure Browser.exe (PID: 8860)
- Restrictions-DiableWinKey-WinFormsApp.exe (PID: 9356)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8520)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8308)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 7504)
- DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 9508)
Drops encrypted JS script (Microsoft Script Encoder)
- Talview Secure Browser.exe (PID: 10092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
328
Monitored processes
190
Malicious processes
1
Suspicious processes
2
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 656 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 992 | C:\WINDOWS\system32\cmd.exe /d /s /c "reg query "HKCU\Software\Microsoft\Input\Settings" /v EnableHwkbTextPrediction" | C:\Windows\System32\cmd.exe | — | Talview Secure Browser.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1328 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1652 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6104,i,18307590409483491962,7611340520811097123,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1904 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x294,0x298,0x29c,0x28c,0x2a4,0x7ffe2392f208,0x7ffe2392f214,0x7ffe2392f220 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2040 | C:\WINDOWS\system32\cmd.exe /d /s /c "reg query "HKCU\Software\Microsoft\Input\Settings" /v EnableHwkbTextPrediction" | C:\Windows\System32\cmd.exe | — | Talview Secure Browser.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2088 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | powershell.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2216 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | powershell.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2328 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2724 | C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | Talview Secure Browser.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
103 635
Read events
103 602
Write events
15
Delete events
18
Modification events
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | InstallLocation |
Value: C:\Users\admin\AppData\Local\Programs\securebrowser | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | KeepShortcuts |
Value: true | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | ShortcutName |
Value: Talview Secure Browser | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | DisplayName |
Value: Talview Secure Browser 2.0.34 | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | UninstallString |
Value: "C:\Users\admin\AppData\Local\Programs\securebrowser\Uninstall Talview Secure Browser.exe" /currentuser | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | QuietUninstallString |
Value: "C:\Users\admin\AppData\Local\Programs\securebrowser\Uninstall Talview Secure Browser.exe" /currentuser /S | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | DisplayVersion |
Value: 2.0.34 | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | DisplayIcon |
Value: C:\Users\admin\AppData\Local\Programs\securebrowser\Talview Secure Browser.exe,0 | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | Publisher |
Value: AIWF Technologies Private Limited | |||
| (PID) Process: | (8412) Talview-Secure-Browser-Upgraded.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6a2b1d3-e5b8-5cb8-9dfa-b5719aa9e383 |
| Operation: | write | Name: | NoModify |
Value: 1 | |||
Executable files
59
Suspicious files
207
Text files
399
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFdfd9a.TMP | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdfdaa.TMP | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFdfdb9.TMP | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdfdaa.TMP | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFdfdc9.TMP | — | |
MD5:— | SHA256:— | |||
| 7776 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
55
DNS requests
58
Threats
4
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
7176 | msedge.exe | GET | 200 | 150.171.109.193:443 | https://sb.proview.io/prod/Talview-Secure-Browser-Upgraded.exe | US | — | — | unknown |
7176 | msedge.exe | GET | 304 | 150.171.27.11:443 | https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist | US | — | — | whitelisted |
7176 | msedge.exe | GET | 200 | 150.171.109.193:443 | https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US | US | binary | 82 b | whitelisted |
7176 | msedge.exe | GET | 200 | 150.171.28.11:443 | https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 | US | text | 132 b | whitelisted |
7176 | msedge.exe | GET | 200 | 104.18.23.222:443 | https://copilot.microsoft.com/c/api/user/eligibility | US | text | 25 b | whitelisted |
7176 | msedge.exe | GET | 200 | 92.123.104.32:443 | https://www.bing.com/api/shopping/v1/user/shoppingsettings | NL | text | 1.11 Kb | whitelisted |
7176 | msedge.exe | POST | 200 | 142.251.14.138:443 | https://update.googleapis.com/service/update2/json?cup2key=14:UApLc9nc-nRP55jRmr5WvmscANITffv9lb67lOkp8Y4&cup2hreq=5b57791ddb2b817fe86fa4eef38b07f4600116a94a5b9f5dc0a82260d9c04e6d | US | text | 890 b | whitelisted |
7176 | msedge.exe | GET | 200 | 142.250.154.132:443 | https://clients2.googleusercontent.com/crx/blobs/AXJDbcB3bcsV6gp8gPeje3RcGNJ3eqIJK3ZArzrmZgm66KMI_kiXwkouPJ_H1mUKEwkz3sgH3WqX91P8sppzYc4bmn9MHbflNecjUeea0PpDyi6PGAvEm-AFGgz7Z7D2-5EAxlKa5ZzBahtzgxEuNigzgslrK_1YzGwG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_104_1_0.crx | US | binary | 147 Kb | unknown |
5316 | svchost.exe | GET | 200 | 23.11.40.157:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D | NL | binary | 471 b | whitelisted |
2332 | svchost.exe | GET | 200 | 23.52.181.212:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | US | binary | 814 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
5276 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
— | — | 128.24.231.64:443 | activation-v2.sls.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2332 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
7176 | msedge.exe | 150.171.28.11:80 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7176 | msedge.exe | 52.123.224.64:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7176 | msedge.exe | 150.171.28.11:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7176 | msedge.exe | 150.171.109.193:443 | sb.proview.io | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7176 | msedge.exe | 142.250.154.132:443 | clients2.googleusercontent.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
activation-v2.sls.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
sb.proview.io |
| unknown |
api.edgeoffer.microsoft.com |
| whitelisted |
copilot.microsoft.com |
| whitelisted |
update.googleapis.com |
| whitelisted |
www.bing.com |
| whitelisted |
clients2.googleusercontent.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
2232 | svchost.exe | Misc activity | ET INFO Abused Hosting Domain in DNS Lookup (azurewebsites .net) |
8860 | Talview Secure Browser.exe | Misc activity | ET INFO Abused Hosting Domain (azurewebsites .net) in TLS SNI |
9124 | Talview Secure Browser.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
9124 | Talview Secure Browser.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |