URL:

https://sb.proview.io/prod/Talview-Secure-Browser-Upgraded.exe

Full analysis: https://app.any.run/tasks/8448487c-76b1-46a4-a970-4eb0890b342d
Verdict: Malicious activity
Analysis date: May 15, 2026, 07:28:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
Indicators:
MD5:

AAA2F04B28969737AB397D6D9FD276BA

SHA1:

08319ED4DFEBE7ADF09E97A6139B8B1E51F6300F

SHA256:

74E15B77A94C9EA45F46F43797338C617990B6089D1BC3C278743EA7B185F496

SSDEEP:

3:N8K8IBKCJAAyAGQla62+A:2KJJA7X+A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Changes powershell execution policy (Unrestricted)

      • Talview Secure Browser.exe (PID: 8860)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 8532)
      • cmd.exe (PID: 9000)
      • cmd.exe (PID: 9120)
      • cmd.exe (PID: 8396)
      • cmd.exe (PID: 9376)
      • cmd.exe (PID: 9972)
      • cmd.exe (PID: 9984)
      • cmd.exe (PID: 9992)
      • cmd.exe (PID: 7868)
      • cmd.exe (PID: 992)
      • cmd.exe (PID: 7960)
      • cmd.exe (PID: 10228)
      • cmd.exe (PID: 10188)
      • cmd.exe (PID: 8504)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 9128)
      • cmd.exe (PID: 6092)
      • cmd.exe (PID: 8328)
      • cmd.exe (PID: 9876)
      • cmd.exe (PID: 9700)
      • cmd.exe (PID: 10940)
      • cmd.exe (PID: 10616)
      • cmd.exe (PID: 9904)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 8036)
      • cmd.exe (PID: 8256)
      • cmd.exe (PID: 10548)
      • cmd.exe (PID: 9620)
      • cmd.exe (PID: 9952)
      • cmd.exe (PID: 8396)
      • cmd.exe (PID: 2040)
    • The process creates files with name similar to system file names

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
    • Malware-specific behavior (creating "System.dll" in Temp)

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
    • Drops 7-zip archiver for unpacking

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
    • Get information on the list of running processes

      • cmd.exe (PID: 8532)
      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
    • Application launched itself

      • Talview Secure Browser.exe (PID: 8860)
    • Starts CMD.EXE with special quote handling

      • cmd.exe (PID: 9000)
      • cmd.exe (PID: 9120)
      • cmd.exe (PID: 8396)
      • cmd.exe (PID: 9376)
      • cmd.exe (PID: 9984)
      • cmd.exe (PID: 9972)
      • cmd.exe (PID: 9992)
      • cmd.exe (PID: 7868)
      • cmd.exe (PID: 992)
      • cmd.exe (PID: 7960)
      • cmd.exe (PID: 10228)
      • cmd.exe (PID: 10188)
      • cmd.exe (PID: 8504)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 9128)
      • cmd.exe (PID: 8328)
      • cmd.exe (PID: 6092)
      • cmd.exe (PID: 10940)
      • cmd.exe (PID: 9700)
      • cmd.exe (PID: 10616)
      • cmd.exe (PID: 9876)
      • cmd.exe (PID: 9904)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 8036)
      • cmd.exe (PID: 8256)
      • cmd.exe (PID: 8396)
      • cmd.exe (PID: 9620)
      • cmd.exe (PID: 10548)
      • cmd.exe (PID: 9952)
      • cmd.exe (PID: 2040)
    • Starts CMD.EXE with AutoRun commands disabled

      • cmd.exe (PID: 9000)
      • cmd.exe (PID: 9120)
      • cmd.exe (PID: 8396)
      • cmd.exe (PID: 9972)
      • cmd.exe (PID: 9376)
      • cmd.exe (PID: 9984)
      • cmd.exe (PID: 9992)
      • cmd.exe (PID: 992)
      • cmd.exe (PID: 7868)
      • cmd.exe (PID: 10228)
      • cmd.exe (PID: 10188)
      • cmd.exe (PID: 8504)
      • cmd.exe (PID: 7960)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 9128)
      • cmd.exe (PID: 8328)
      • cmd.exe (PID: 6092)
      • cmd.exe (PID: 9876)
      • cmd.exe (PID: 10940)
      • cmd.exe (PID: 9700)
      • cmd.exe (PID: 10616)
      • cmd.exe (PID: 9904)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 8036)
      • cmd.exe (PID: 8256)
      • cmd.exe (PID: 8396)
      • cmd.exe (PID: 9620)
      • cmd.exe (PID: 10548)
      • cmd.exe (PID: 9952)
      • cmd.exe (PID: 2040)
    • Starts application with an unusual extension

      • cmd.exe (PID: 9000)
    • Starts POWERSHELL.EXE for commands execution

      • Talview Secure Browser.exe (PID: 8860)
    • The process bypasses the loading of PowerShell profile settings

      • Talview Secure Browser.exe (PID: 8860)
    • The process hides Powershell's copyright startup banner

      • Talview Secure Browser.exe (PID: 8860)
    • Uses NETSH.EXE to obtain data on the network

      • Talview Secure Browser.exe (PID: 8860)
    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 9984)
      • cmd.exe (PID: 9972)
      • cmd.exe (PID: 9992)
      • cmd.exe (PID: 10940)
      • cmd.exe (PID: 10616)
      • cmd.exe (PID: 9700)
      • cmd.exe (PID: 9904)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 8036)
      • cmd.exe (PID: 9620)
      • cmd.exe (PID: 8396)
      • cmd.exe (PID: 10548)
    • Bypass execution policy to execute commands

      • powershell.exe (PID: 5008)
    • Checks for a battery sensor (probably for evasion)

      • Talview Secure Browser.exe (PID: 10092)
    • Uses WMIC.EXE

      • Talview Secure Browser.exe (PID: 10092)
    • The executable file from the user directory is run by the CMD process

      • VirtualDesktop.exe (PID: 3380)
      • VirtualDesktop.exe (PID: 8592)
      • VirtualDesktop.exe (PID: 7128)
      • VirtualDesktop.exe (PID: 9196)
      • VirtualDesktop.exe (PID: 11072)
      • VirtualDesktop.exe (PID: 10596)
      • VirtualDesktop.exe (PID: 7316)
      • VirtualDesktop.exe (PID: 9528)
  • INFO

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7776)
    • The sample compiled with english language support

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
    • Application launched itself

      • msedge.exe (PID: 7776)
    • Checks supported languages

      • identity_helper.exe (PID: 7944)
      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
      • Talview Secure Browser.exe (PID: 8860)
      • Talview Secure Browser.exe (PID: 8952)
      • chcp.com (PID: 9052)
      • adjust_get_current_system_volume_vista_plus.exe (PID: 9080)
      • Talview Secure Browser.exe (PID: 9000)
      • Restrictions-DiableWinKey-WinFormsApp.exe (PID: 9356)
      • Talview Secure Browser.exe (PID: 9124)
      • Talview Secure Browser.exe (PID: 10092)
      • Talview Secure Browser.exe (PID: 10672)
      • VMDetect.exe (PID: 10592)
      • VirtualDesktop.exe (PID: 3380)
      • SessionMonitor.exe (PID: 10916)
      • VirtualDesktop.exe (PID: 8592)
      • VirtualDesktop.exe (PID: 7128)
      • VirtualDesktop.exe (PID: 11072)
      • VirtualDesktop.exe (PID: 9196)
      • VirtualDesktop.exe (PID: 10596)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8520)
      • fastlist-0.3.0-x64.exe (PID: 9668)
      • VirtualDesktop.exe (PID: 7316)
      • fastlist-0.3.0-x64.exe (PID: 8712)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8308)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 7504)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 9508)
      • VirtualDesktop.exe (PID: 9528)
    • Reads the computer name

      • identity_helper.exe (PID: 7944)
      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
      • Talview Secure Browser.exe (PID: 8860)
      • adjust_get_current_system_volume_vista_plus.exe (PID: 9080)
      • Talview Secure Browser.exe (PID: 9124)
      • VMDetect.exe (PID: 10592)
      • SessionMonitor.exe (PID: 10916)
      • VirtualDesktop.exe (PID: 8592)
      • VirtualDesktop.exe (PID: 3380)
      • VirtualDesktop.exe (PID: 7128)
      • VirtualDesktop.exe (PID: 11072)
      • VirtualDesktop.exe (PID: 9196)
      • VirtualDesktop.exe (PID: 10596)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8520)
      • VirtualDesktop.exe (PID: 7316)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8308)
      • VirtualDesktop.exe (PID: 9528)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 9508)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 7504)
    • Reads security settings of Internet Explorer

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
      • WMIC.exe (PID: 10660)
    • Reads Environment values

      • identity_helper.exe (PID: 7944)
      • Talview Secure Browser.exe (PID: 8860)
      • Talview Secure Browser.exe (PID: 10092)
    • Create files in a temporary directory

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
      • Talview Secure Browser.exe (PID: 8860)
    • Creates a software uninstall entry

      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
    • Manual execution by a user

      • Talview Secure Browser.exe (PID: 8860)
    • Reads product name

      • Talview Secure Browser.exe (PID: 8860)
      • Talview Secure Browser.exe (PID: 10092)
    • Creates files or folders in the user directory

      • Talview Secure Browser.exe (PID: 8952)
      • Talview Secure Browser.exe (PID: 8860)
      • Talview-Secure-Browser-Upgraded.exe (PID: 8412)
      • Talview Secure Browser.exe (PID: 9124)
    • Process checks computer location settings

      • Talview Secure Browser.exe (PID: 8860)
      • Talview Secure Browser.exe (PID: 10092)
      • Talview Secure Browser.exe (PID: 10672)
    • Changes the display of characters in the console

      • cmd.exe (PID: 9000)
    • Reads CPU info

      • Talview Secure Browser.exe (PID: 8860)
    • Search a value from a registry key

      • cmd.exe (PID: 8396)
      • reg.exe (PID: 8796)
      • cmd.exe (PID: 9376)
      • reg.exe (PID: 9912)
      • cmd.exe (PID: 992)
      • reg.exe (PID: 8592)
      • cmd.exe (PID: 7080)
      • reg.exe (PID: 9004)
      • cmd.exe (PID: 6092)
      • reg.exe (PID: 10164)
      • cmd.exe (PID: 2040)
      • reg.exe (PID: 9296)
    • Reads the machine GUID from the registry

      • Talview Secure Browser.exe (PID: 8860)
      • Restrictions-DiableWinKey-WinFormsApp.exe (PID: 9356)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8520)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 8308)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 9508)
      • DiableWinKey-WinFormsApp-DisableRestrictions.exe (PID: 7504)
    • Drops encrypted JS script (Microsoft Script Encoder)

      • Talview Secure Browser.exe (PID: 10092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
328
Monitored processes
190
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details

Process information

PID
CMD
Path
Indicators
Parent process
656\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
992C:\WINDOWS\system32\cmd.exe /d /s /c "reg query "HKCU\Software\Microsoft\Input\Settings" /v EnableHwkbTextPrediction"C:\Windows\System32\cmd.exeTalview Secure Browser.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1328\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6104,i,18307590409483491962,7611340520811097123,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x294,0x298,0x29c,0x28c,0x2a4,0x7ffe2392f208,0x7ffe2392f214,0x7ffe2392f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2040C:\WINDOWS\system32\cmd.exe /d /s /c "reg query "HKCU\Software\Microsoft\Input\Settings" /v EnableHwkbTextPrediction"C:\Windows\System32\cmd.exeTalview Secure Browser.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2088\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2216\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2328\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2724C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeTalview Secure Browser.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
59
Suspicious files
207
Text files
399
Unknown types
0

Dropped files

PID
Process
Filename
Type
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFdfd9a.TMP
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdfdaa.TMP
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFdfdb9.TMP
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdfdaa.TMP
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFdfdc9.TMP
MD5:
SHA256:
7776msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
55
DNS requests
58
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7176
msedge.exe
GET
200
150.171.109.193:443
https://sb.proview.io/prod/Talview-Secure-Browser-Upgraded.exe
US
unknown
7176
msedge.exe
GET
304
150.171.27.11:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
US
whitelisted
7176
msedge.exe
GET
200
150.171.109.193:443
https://edgeassetservice.azureedge.net/assets/domains_config_gz/3.0.12/asset?assetgroup=EntityExtractionDomainsConfig
US
text
147 Kb
whitelisted
7176
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
132 b
whitelisted
8800
SIHClient.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
US
binary
420 b
whitelisted
8800
SIHClient.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
US
binary
407 b
whitelisted
7176
msedge.exe
GET
200
150.171.109.193:443
https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.11.81/asset?assetgroup=Shoreline
US
text
989 Kb
whitelisted
7176
msedge.exe
GET
200
52.123.224.64:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeRuntime%2CEdgeRuntimeConfig%2CEdgeDomainActions&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1778830110&lafgdate=0
US
text
43.4 Kb
whitelisted
7176
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:5VbtpVpBsHX8rowoeC_pxVRjRZH6MFkYpgUcfc9uiT8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
7176
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5276
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
128.24.231.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2332
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7176
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7176
msedge.exe
52.123.224.64:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7176
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7176
msedge.exe
150.171.109.193:443
sb.proview.io
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7176
msedge.exe
142.250.154.132:443
clients2.googleusercontent.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 128.24.231.64
whitelisted
google.com
  • 142.250.154.100
  • 142.250.154.102
  • 142.250.154.139
  • 142.250.154.101
  • 142.250.154.138
  • 142.250.154.113
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.224.64
  • 52.123.243.222
  • 52.123.243.219
whitelisted
sb.proview.io
  • 150.171.109.193
unknown
api.edgeoffer.microsoft.com
  • 150.171.109.193
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
update.googleapis.com
  • 142.251.14.138
  • 142.251.14.102
  • 142.251.14.100
  • 142.251.14.139
  • 142.251.14.113
  • 142.251.14.101
whitelisted
www.bing.com
  • 92.123.104.32
  • 92.123.104.31
  • 92.123.104.24
  • 92.123.104.34
  • 92.123.104.27
  • 92.123.104.37
  • 92.123.104.29
  • 92.123.104.30
  • 92.123.104.41
  • 23.11.206.112
  • 95.100.158.113
  • 95.100.158.121
  • 23.11.206.115
  • 95.100.158.114
  • 23.11.206.107
  • 95.100.158.122
  • 95.100.158.112
  • 95.100.158.107
whitelisted
clients2.googleusercontent.com
  • 142.250.154.132
whitelisted

Threats

PID
Process
Class
Message
2232
svchost.exe
Misc activity
ET INFO Abused Hosting Domain in DNS Lookup (azurewebsites .net)
8860
Talview Secure Browser.exe
Misc activity
ET INFO Abused Hosting Domain (azurewebsites .net) in TLS SNI
9124
Talview Secure Browser.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
9124
Talview Secure Browser.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
No debug info