File name:

WinUSBDisplay_Windows_V4.1.9.18.exe

Full analysis: https://app.any.run/tasks/74d56236-bed7-45cd-bc41-036dcb9ab4a4
Verdict: Malicious activity
Analysis date: January 27, 2025, 07:41:12
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
delphi
inno
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

055CF6E2CDD208AAAF8CD956914AE17B

SHA1:

4DC7ECABA318AA675978DB4135DF5F03C1936712

SHA256:

46C32740250768B2DB7C6B30808C1AB9FA6D91F11E1DDC43E97122AFA3B992FF

SSDEEP:

98304:l+cD4dnnVQQFSAD10yFBoJU/CIv1jY92El1XKP1pIsjwEDNWY5Vua4f0kH1M4ysN:QEzUiqWShnZI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 6172)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • devcon.exe (PID: 6456)
      • drvinst.exe (PID: 6612)

    • Reads security settings of Internet Explorer

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)

    • Reads the Windows owner or organization settings

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • The process drops C-runtime libraries

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Process drops legitimate windows executable

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Creates files in the driver directory

      • drvinst.exe (PID: 6612)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 6612)

  • INFO

    • Create files in a temporary directory

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 6172)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • devcon.exe (PID: 6456)

    • Checks supported languages

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 6172)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)
      • devcon.exe (PID: 6456)
      • drvinst.exe (PID: 6612)

    • Reads the computer name

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • drvinst.exe (PID: 6612)
      • devcon.exe (PID: 6456)

    • Process checks computer location settings

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)

    • Creates files in the program directory

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • The sample compiled with english language support

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • The sample compiled with chinese language support

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • devcon.exe (PID: 6456)
      • drvinst.exe (PID: 6612)

    • Creates files or folders in the user directory

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Creates a software uninstall entry

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 6612)

    • Reads the software policy settings

      • drvinst.exe (PID: 6612)

    • Compiled with Borland Delphi (YARA)

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)

    • Detects InnoSetup installer (YARA)

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 126464
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 4.1.9.18
ProductVersionNumber: 4.1.9.18
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: MacroSilicon
FileDescription: Win USB Display Setup
FileVersion: 4.1.9.18
LegalCopyright: Copyright © MacroSilicon 2022
OriginalFileName:
ProductName: Win USB Display
ProductVersion: 4.1.9.18
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
138
Monitored processes
7
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winusbdisplay_windows_v4.1.9.18.exe winusbdisplay_windows_v4.1.9.18.tmp no specs winusbdisplay_windows_v4.1.9.18.exe winusbdisplay_windows_v4.1.9.18.tmp devcon.exe conhost.exe no specs drvinst.exe

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Users\admin\AppData\Local\Temp\is-IF4RB.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmp" /SL5="$7035C,3629410,869376,C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" C:\Users\admin\AppData\Local\Temp\is-IF4RB.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmpWinUSBDisplay_Windows_V4.1.9.18.exe
User:
admin
Company:
MacroSilicon
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-if4rb.tmp\winusbdisplay_windows_v4.1.9.18.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1704"C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe
explorer.exe
User:
admin
Company:
MacroSilicon
Integrity Level:
MEDIUM
Description:
Win USB Display Setup
Exit code:
0
Version:
4.1.9.18
Modules
Images
c:\users\admin\appdata\local\temp\winusbdisplay_windows_v4.1.9.18.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6172"C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" /SPAWNWND=$50310 /NOTIFYWND=$7035C C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe
WinUSBDisplay_Windows_V4.1.9.18.tmp
User:
admin
Company:
MacroSilicon
Integrity Level:
HIGH
Description:
Win USB Display Setup
Exit code:
0
Version:
4.1.9.18
Modules
Images
c:\users\admin\appdata\local\temp\winusbdisplay_windows_v4.1.9.18.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6196"C:\Users\admin\AppData\Local\Temp\is-S0HQF.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmp" /SL5="$6028C,3629410,869376,C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" /SPAWNWND=$50310 /NOTIFYWND=$7035C C:\Users\admin\AppData\Local\Temp\is-S0HQF.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmp
WinUSBDisplay_Windows_V4.1.9.18.exe
User:
admin
Company:
MacroSilicon
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-s0hqf.tmp\winusbdisplay_windows_v4.1.9.18.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
6456"C:\Program Files\Win USB Display\tool\x64\devcon.exe" dp_add "C:\Program Files\Win USB Display\msUsbDisplayDriver\msUsbDisplayDriver.inf" USB\VID_345F&PID_9133&MI_03C:\Program Files\Win USB Display\tool\x64\devcon.exe
WinUSBDisplay_Windows_V4.1.9.18.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\win usb display\tool\x64\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6464\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedevcon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6612DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{82f3fe6e-0cb4-7949-81a3-f5e8bbc6050d}\msUsbDisplayDriver.inf" "9" "446989a17" "00000000000001C0" "WinSta0\Default" "00000000000001DC" "208" "C:\Program Files\Win USB Display\msUsbDisplayDriver"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
Total events
3 601
Read events
3 581
Write events
20
Delete events
0

Modification events

(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.1
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Win USB Display
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Win USB Display\
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Win USB Display
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:DisplayName
Value:
Win USB Display
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files\Win USB Display\unins000.exe"
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\Win USB Display\unins000.exe" /SILENT
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:DisplayVersion
Value:
4.1.9.18
Executable files
28
Suspicious files
18
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
6172WinUSBDisplay_Windows_V4.1.9.18.exeC:\Users\admin\AppData\Local\Temp\is-S0HQF.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmpexecutable
MD5:C1DC46E2B84182A56555224DE3A4C9E0
SHA256:4F2D4E91DB6E00EFC475AEFE7A25E850B710ACAF55D0449DB00561BA527132DB
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\is-C4LM4.tmpexecutable
MD5:12AD3CDC3640FA0B37AC42C6D828A99A
SHA256:85FC6773505DC1BAB690462E774AC3FBBE22CA4924ED543F488BDF4AA8F68F84
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\x86\devcon.exeexecutable
MD5:B14F9FFBEAAAB08167E6223CAC933B22
SHA256:21DCF559210ECD2ED8DD8DF704A9248D52E9EABE33059F448E0E044B0153CE73
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\x64\devcon.exeexecutable
MD5:79C8395D54FA2E32425A56807240523B
SHA256:8181EB7DF558D3A42A0C55BE96A19D1BD88B77E0228B8E69BD4704821CA88510
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\arm64\devcon.exeexecutable
MD5:5BC8CC5B5FCA6BF36851AEEF14C6E519
SHA256:5F5639115B3CB0DE363D1DE3044405142DA6C1A83522970CF14CC80EC5AC5B21
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\x86\is-645CN.tmpexecutable
MD5:B14F9FFBEAAAB08167E6223CAC933B22
SHA256:21DCF559210ECD2ED8DD8DF704A9248D52E9EABE33059F448E0E044B0153CE73
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\x64\is-O88FG.tmpexecutable
MD5:79C8395D54FA2E32425A56807240523B
SHA256:8181EB7DF558D3A42A0C55BE96A19D1BD88B77E0228B8E69BD4704821CA88510
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\x86\is-E2E42.tmpexecutable
MD5:A81030B8E50D5B7734DEE9D04B574A08
SHA256:EF840924981165D07DA8EA1F94002C168E20CECF17D044D3AC079E92F689A82F
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\x86\undriver.exeexecutable
MD5:A81030B8E50D5B7734DEE9D04B574A08
SHA256:EF840924981165D07DA8EA1F94002C168E20CECF17D044D3AC079E92F689A82F
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\msUsbDisplayDriver\is-K4QIV.tmpbinary
MD5:98712EBFE9EF4797C3B45954431E1837
SHA256:49C938392B2AAE745B73AA6E0EB31E590D19CDAB8E2692DAC2B2CF1AC0FF368A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
29
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1176
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6700
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3436
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3436
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
524
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5064
SearchApp.exe
104.126.37.171:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
5064
SearchApp.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
3436
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 104.126.37.171
  • 104.126.37.184
  • 104.126.37.169
  • 104.126.37.179
  • 104.126.37.185
  • 104.126.37.170
  • 104.126.37.186
  • 104.126.37.178
  • 104.126.37.177
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.138
  • 40.126.32.134
  • 40.126.32.68
  • 20.190.160.22
  • 40.126.32.76
  • 20.190.160.20
  • 40.126.32.72
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
arc.msn.com
  • 20.74.47.205
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.13
whitelisted
self.events.data.microsoft.com
  • 52.168.117.168
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
WinUSBDisplay_Windows_V4.1.9.18.exe