File name:

WinUSBDisplay_Windows_V4.1.9.18.exe

Full analysis: https://app.any.run/tasks/74d56236-bed7-45cd-bc41-036dcb9ab4a4
Verdict: Malicious activity
Analysis date: January 27, 2025, 07:41:12
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
delphi
inno
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

055CF6E2CDD208AAAF8CD956914AE17B

SHA1:

4DC7ECABA318AA675978DB4135DF5F03C1936712

SHA256:

46C32740250768B2DB7C6B30808C1AB9FA6D91F11E1DDC43E97122AFA3B992FF

SSDEEP:

98304:l+cD4dnnVQQFSAD10yFBoJU/CIv1jY92El1XKP1pIsjwEDNWY5Vua4f0kH1M4ysN:QEzUiqWShnZI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 6172)
      • devcon.exe (PID: 6456)
      • drvinst.exe (PID: 6612)

    • Reads security settings of Internet Explorer

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)

    • Reads the Windows owner or organization settings

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • The process drops C-runtime libraries

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Process drops legitimate windows executable

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Creates files in the driver directory

      • drvinst.exe (PID: 6612)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 6612)

  • INFO

    • Create files in a temporary directory

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 6172)
      • devcon.exe (PID: 6456)

    • Checks supported languages

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 6172)
      • drvinst.exe (PID: 6612)
      • devcon.exe (PID: 6456)

    • Reads the computer name

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • drvinst.exe (PID: 6612)
      • devcon.exe (PID: 6456)

    • Process checks computer location settings

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)

    • Creates files in the program directory

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • The sample compiled with english language support

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • The sample compiled with chinese language support

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)
      • devcon.exe (PID: 6456)
      • drvinst.exe (PID: 6612)

    • Creates files or folders in the user directory

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Creates a software uninstall entry

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 6196)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 6612)

    • Compiled with Borland Delphi (YARA)

      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)
      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)

    • Detects InnoSetup installer (YARA)

      • WinUSBDisplay_Windows_V4.1.9.18.tmp (PID: 540)
      • WinUSBDisplay_Windows_V4.1.9.18.exe (PID: 1704)

    • Reads the software policy settings

      • drvinst.exe (PID: 6612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 126464
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 4.1.9.18
ProductVersionNumber: 4.1.9.18
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: MacroSilicon
FileDescription: Win USB Display Setup
FileVersion: 4.1.9.18
LegalCopyright: Copyright © MacroSilicon 2022
OriginalFileName:
ProductName: Win USB Display
ProductVersion: 4.1.9.18
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
138
Monitored processes
7
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winusbdisplay_windows_v4.1.9.18.exe winusbdisplay_windows_v4.1.9.18.tmp no specs winusbdisplay_windows_v4.1.9.18.exe winusbdisplay_windows_v4.1.9.18.tmp devcon.exe conhost.exe no specs drvinst.exe

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Users\admin\AppData\Local\Temp\is-IF4RB.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmp" /SL5="$7035C,3629410,869376,C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" C:\Users\admin\AppData\Local\Temp\is-IF4RB.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmpWinUSBDisplay_Windows_V4.1.9.18.exe
User:
admin
Company:
MacroSilicon
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-if4rb.tmp\winusbdisplay_windows_v4.1.9.18.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1704"C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe
explorer.exe
User:
admin
Company:
MacroSilicon
Integrity Level:
MEDIUM
Description:
Win USB Display Setup
Exit code:
0
Version:
4.1.9.18
Modules
Images
c:\users\admin\appdata\local\temp\winusbdisplay_windows_v4.1.9.18.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6172"C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" /SPAWNWND=$50310 /NOTIFYWND=$7035C C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe
WinUSBDisplay_Windows_V4.1.9.18.tmp
User:
admin
Company:
MacroSilicon
Integrity Level:
HIGH
Description:
Win USB Display Setup
Exit code:
0
Version:
4.1.9.18
Modules
Images
c:\users\admin\appdata\local\temp\winusbdisplay_windows_v4.1.9.18.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6196"C:\Users\admin\AppData\Local\Temp\is-S0HQF.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmp" /SL5="$6028C,3629410,869376,C:\Users\admin\AppData\Local\Temp\WinUSBDisplay_Windows_V4.1.9.18.exe" /SPAWNWND=$50310 /NOTIFYWND=$7035C C:\Users\admin\AppData\Local\Temp\is-S0HQF.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmp
WinUSBDisplay_Windows_V4.1.9.18.exe
User:
admin
Company:
MacroSilicon
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-s0hqf.tmp\winusbdisplay_windows_v4.1.9.18.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
6456"C:\Program Files\Win USB Display\tool\x64\devcon.exe" dp_add "C:\Program Files\Win USB Display\msUsbDisplayDriver\msUsbDisplayDriver.inf" USB\VID_345F&PID_9133&MI_03C:\Program Files\Win USB Display\tool\x64\devcon.exe
WinUSBDisplay_Windows_V4.1.9.18.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\win usb display\tool\x64\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6464\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedevcon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6612DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{82f3fe6e-0cb4-7949-81a3-f5e8bbc6050d}\msUsbDisplayDriver.inf" "9" "446989a17" "00000000000001C0" "WinSta0\Default" "00000000000001DC" "208" "C:\Program Files\Win USB Display\msUsbDisplayDriver"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
Total events
3 601
Read events
3 581
Write events
20
Delete events
0

Modification events

(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.1
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Win USB Display
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Win USB Display\
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Win USB Display
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:DisplayName
Value:
Win USB Display
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files\Win USB Display\unins000.exe"
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\Win USB Display\unins000.exe" /SILENT
(PID) Process:(6196) WinUSBDisplay_Windows_V4.1.9.18.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:DisplayVersion
Value:
4.1.9.18
Executable files
28
Suspicious files
18
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Users\admin\AppData\Local\Temp\is-GNCK4.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\is-V01BJ.tmpimage
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
1704WinUSBDisplay_Windows_V4.1.9.18.exeC:\Users\admin\AppData\Local\Temp\is-IF4RB.tmp\WinUSBDisplay_Windows_V4.1.9.18.tmpexecutable
MD5:C1DC46E2B84182A56555224DE3A4C9E0
SHA256:4F2D4E91DB6E00EFC475AEFE7A25E850B710ACAF55D0449DB00561BA527132DB
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\is-OSET8.tmpexecutable
MD5:87FB9105641FE8DCBF45C8E84C7C454B
SHA256:3F17ED9B05F2956C306EB3C755D3C18D485A6B25A622BAD140FFD904A7866BBA
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\is-RB8AR.tmpexecutable
MD5:034CCADC1C073E4216E9466B720F9849
SHA256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\is-C4LM4.tmpexecutable
MD5:12AD3CDC3640FA0B37AC42C6D828A99A
SHA256:85FC6773505DC1BAB690462E774AC3FBBE22CA4924ED543F488BDF4AA8F68F84
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\msUsbDisplayManager.exeexecutable
MD5:12AD3CDC3640FA0B37AC42C6D828A99A
SHA256:85FC6773505DC1BAB690462E774AC3FBBE22CA4924ED543F488BDF4AA8F68F84
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\logo.icoimage
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\arm64\is-GCHDN.tmpexecutable
MD5:5BC8CC5B5FCA6BF36851AEEF14C6E519
SHA256:5F5639115B3CB0DE363D1DE3044405142DA6C1A83522970CF14CC80EC5AC5B21
6196WinUSBDisplay_Windows_V4.1.9.18.tmpC:\Program Files\Win USB Display\tool\x64\devcon.exeexecutable
MD5:79C8395D54FA2E32425A56807240523B
SHA256:8181EB7DF558D3A42A0C55BE96A19D1BD88B77E0228B8E69BD4704821CA88510
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
29
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3436
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3436
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6700
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1176
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
524
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5064
SearchApp.exe
104.126.37.171:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
5064
SearchApp.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
3436
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 104.126.37.171
  • 104.126.37.184
  • 104.126.37.169
  • 104.126.37.179
  • 104.126.37.185
  • 104.126.37.170
  • 104.126.37.186
  • 104.126.37.178
  • 104.126.37.177
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.138
  • 40.126.32.134
  • 40.126.32.68
  • 20.190.160.22
  • 40.126.32.76
  • 20.190.160.20
  • 40.126.32.72
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
arc.msn.com
  • 20.74.47.205
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.13
whitelisted
self.events.data.microsoft.com
  • 52.168.117.168
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinUSBDisplay_Windows_V4.1.9.18.exe