File name:

MSDisplay_MultiDev_v1.0.0.18.0.exe

Full analysis: https://app.any.run/tasks/74c42427-2c6c-44c4-8d47-4c83ca8f1475
Verdict: Malicious activity
Analysis date: April 24, 2024, 15:39:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F505CBCAB0670A376C866DE177A5C097

SHA1:

18DED789BC554FDA5941AA2707DF9A78DE44C7C5

SHA256:

7BE04791DF7CC79FC8427098BF9E3C11206E54D2D613D470E4B4D5855451E816

SSDEEP:

49152:jNJb0uRDKiHjoapN8J827nsjoRf8HIjkpr6PbdVKeO3dFIyKc+Kq:joKDfD4827MoRf8HnUdyd+yKn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 324)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2492)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)
      • devcon.exe (PID: 3244)
      • drvinst.exe (PID: 1428)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 2000)
      • drvinst.exe (PID: 1656)
      • devcon.exe (PID: 4012)
      • drvinst.exe (PID: 2096)

    • Changes the autorun value in the registry

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 1428)
      • drvinst.exe (PID: 1656)
      • drvinst.exe (PID: 2000)
      • drvinst.exe (PID: 2096)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 324)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2492)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)
      • devcon.exe (PID: 3244)
      • drvinst.exe (PID: 1428)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 1656)
      • drvinst.exe (PID: 2000)
      • devcon.exe (PID: 4012)
      • drvinst.exe (PID: 2096)

    • Reads the Windows owner or organization settings

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)

    • The process drops C-runtime libraries

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)

    • Process drops legitimate windows executable

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)

    • Drops a system driver (possible attempt to evade defenses)

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)
      • devcon.exe (PID: 3244)
      • drvinst.exe (PID: 1428)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 2000)
      • drvinst.exe (PID: 1656)
      • devcon.exe (PID: 4012)
      • drvinst.exe (PID: 2096)

    • Creates files in the driver directory

      • drvinst.exe (PID: 1428)
      • drvinst.exe (PID: 2000)
      • drvinst.exe (PID: 1656)
      • drvinst.exe (PID: 2096)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 1428)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 1656)
      • drvinst.exe (PID: 2000)
      • devcon.exe (PID: 4012)
      • drvinst.exe (PID: 2096)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 3604)
      • devcon.exe (PID: 2240)
      • devcon.exe (PID: 4012)
      • rundll32.exe (PID: 3120)

    • Reads security settings of Internet Explorer

      • devcon.exe (PID: 2240)
      • devcon.exe (PID: 4012)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3484)

  • INFO

    • Reads the computer name

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2032)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)
      • devcon.exe (PID: 3244)
      • drvinst.exe (PID: 1428)
      • drvinst.exe (PID: 2000)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 1656)
      • devcon.exe (PID: 4012)
      • drvinst.exe (PID: 2096)

    • Checks supported languages

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 324)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2032)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2492)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)
      • devcon.exe (PID: 3244)
      • drvinst.exe (PID: 1428)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 2000)
      • drvinst.exe (PID: 1656)
      • devcon.exe (PID: 4012)
      • drvinst.exe (PID: 2096)

    • Create files in a temporary directory

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 324)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2492)
      • devcon.exe (PID: 3244)
      • devcon.exe (PID: 2240)
      • devcon.exe (PID: 4012)

    • Creates files in the program directory

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)

    • Creates files or folders in the user directory

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)

    • Creates a software uninstall entry

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 2268)

    • Reads the software policy settings

      • rundll32.exe (PID: 3604)
      • drvinst.exe (PID: 1428)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 2000)
      • drvinst.exe (PID: 1656)
      • devcon.exe (PID: 4012)
      • drvinst.exe (PID: 2096)
      • rundll32.exe (PID: 3120)

    • Reads the machine GUID from the registry

      • devcon.exe (PID: 3244)
      • drvinst.exe (PID: 1428)
      • devcon.exe (PID: 2240)
      • drvinst.exe (PID: 2000)
      • drvinst.exe (PID: 1656)
      • drvinst.exe (PID: 2096)
      • devcon.exe (PID: 4012)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 3604)
      • rundll32.exe (PID: 3120)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 1428)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:04:30 03:47:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 679936
InitializedDataSize: 125952
UninitializedDataSize: -
EntryPoint: 0xa6ed0
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.18
ProductVersionNumber: 1.0.0.18
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: ASCII
Comments: ´Ë°²×°³ÌÐòÓÉ Inno Setup ¹¹½¨¡£
CompanyName: MS
FileDescription: MS USB Display Setup
FileVersion: 1.0.0.18.0
LegalCopyright: Copyright © MS 2020
OriginalFileName:
ProductName: MS USB Display
ProductVersion: 1.0.0.18.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
15
Malicious processes
13
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msdisplay_multidev_v1.0.0.18.0.exe msdisplay_multidev_v1.0.0.18.0.tmp no specs msdisplay_multidev_v1.0.0.18.0.exe msdisplay_multidev_v1.0.0.18.0.tmp devcon.exe drvinst.exe rundll32.exe no specs vssvc.exe no specs devcon.exe drvinst.exe rundll32.exe no specs drvinst.exe devcon.exe drvinst.exe rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
324"C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe" C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe
explorer.exe
User:
admin
Company:
MS
Integrity Level:
MEDIUM
Description:
MS USB Display Setup
Version:
1.0.0.18.0
Modules
Images
c:\users\admin\appdata\local\temp\msdisplay_multidev_v1.0.0.18.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1428DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{2d22362a-9f24-2705-4982-b27eb9737431}\MSUSBDisplay.inf" "0" "610771dbb" "000004B0" "WinSta0\Default" "00000550" "208" "C:\Program Files\MS USB Display\lib_usb"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1656DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "displayproxykmd.inf:MNF.NTx86:Display_Inst:15.47.24.217:root\ultrasemidisplayproxy" "62141fc7f" "000004B0" "000005EC" "000005F0"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2000DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{4b8f2f9f-1533-5557-b944-c118aba15565}\displayproxykmd.inf" "0" "62141fc7f" "000004B0" "WinSta0\Default" "000005B8" "208" "c:\program files\ms usb display\displayproxy"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2032"C:\Users\admin\AppData\Local\Temp\is-KLPN4.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmp" /SL5="$22016A,2556185,806912,C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe" C:\Users\admin\AppData\Local\Temp\is-KLPN4.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmpMSDisplay_MultiDev_v1.0.0.18.0.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-klpn4.tmp\msdisplay_multidev_v1.0.0.18.0.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2096DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{2e6df3a5-934e-0ced-979b-597d26019c03}\dfmirage.inf" "0" "670102fe7" "000005E0" "WinSta0\Default" "000004B0" "208" "c:\program files\ms usb display\video_driver"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2240"C:\Program Files\MS USB Display\tool\x86\devcon.exe" install "C:\Program Files\MS USB Display\displayproxy\DisplayProxyKmd.inf" Root\UltrasemiDisplayProxyC:\Program Files\MS USB Display\tool\x86\devcon.exe
MSDisplay_MultiDev_v1.0.0.18.0.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\ms usb display\tool\x86\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2268"C:\Users\admin\AppData\Local\Temp\is-ENKGD.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmp" /SL5="$2E01BA,2556185,806912,C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe" /SPAWNWND=$1D0176 /NOTIFYWND=$22016A C:\Users\admin\AppData\Local\Temp\is-ENKGD.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmp
MSDisplay_MultiDev_v1.0.0.18.0.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-enkgd.tmp\msdisplay_multidev_v1.0.0.18.0.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2492"C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe" /SPAWNWND=$1D0176 /NOTIFYWND=$22016A C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe
MSDisplay_MultiDev_v1.0.0.18.0.tmp
User:
admin
Company:
MS
Integrity Level:
HIGH
Description:
MS USB Display Setup
Version:
1.0.0.18.0
Modules
Images
c:\users\admin\appdata\local\temp\msdisplay_multidev_v1.0.0.18.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3120rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{2a833d29-e618-1ff4-888c-440648584c28} Global\{49e3f21e-9eb9-2b31-2b0a-8c7a87145b1f} C:\Windows\System32\DriverStore\Temp\{2f45ff27-6fb5-5c84-0506-d2530a28c31d}\dfmirage.inf C:\Windows\System32\DriverStore\Temp\{2f45ff27-6fb5-5c84-0506-d2530a28c31d}\dfmirage.catC:\Windows\System32\rundll32.exedrvinst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
39 930
Read events
39 448
Write events
469
Delete events
13

Modification events

(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
DC08000012BE07945D96DA01
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
4CA1449519B8925CB4851FEFC4A7AB4D912CF35F41F56B462C91CFE07FECEB0A
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\MS USB Display\WinUsbDisplay.exe
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
E59D39BB274CA12043C0B69CF86EFFC30DBB09B308DB766E7E33B0E916BC54B8
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Usb Display
Value:
C:\Program Files\MS USB Display\WinUsbDisplay.exe
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\dfmirage\DEVICE0
Operation:writeName:Attach.ToDesktop
Value:
0
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\Software\WinUsbDisplay\Server
Operation:writeName:LogLevel
Value:
1
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.2 (u)
(PID) Process:(2268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\MS USB Display
Executable files
95
Suspicious files
51
Text files
10
Unknown types
30

Dropped files

PID
Process
Filename
Type
2492MSDisplay_MultiDev_v1.0.0.18.0.exeC:\Users\admin\AppData\Local\Temp\is-ENKGD.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmpexecutable
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-9P9A5.tmpimage
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\Feedback Note.txttext
MD5:7F4207EA1304993E8533B7A58F3A51B0
SHA256:EE8078A7D68D5F9B702C1F5E322D67227A6512E75247D9E950D497E753C62565
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\libyuv.dllexecutable
MD5:1954CD248E65C7C5C2D3D93DD7F91604
SHA256:761EC2283460F3E641F9C815A015698B3EB77090808768A4BF3C17439CCD0018
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\msvcr120.dllexecutable
MD5:7FC50D24FBF0186FF7C1734511C640C1
SHA256:F5B3848E09E3C9AF9E764FCA6AB61E22D374707A964739373FE9692B58E9A1B4
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-4R0IH.tmpexecutable
MD5:7FC50D24FBF0186FF7C1734511C640C1
SHA256:F5B3848E09E3C9AF9E764FCA6AB61E22D374707A964739373FE9692B58E9A1B4
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-LN2UG.tmptext
MD5:7F4207EA1304993E8533B7A58F3A51B0
SHA256:EE8078A7D68D5F9B702C1F5E322D67227A6512E75247D9E950D497E753C62565
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\logo.icoimage
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
324MSDisplay_MultiDev_v1.0.0.18.0.exeC:\Users\admin\AppData\Local\Temp\is-KLPN4.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmpexecutable
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
2268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\unins000.exeexecutable
MD5:DEF2E0EFA04057381F04119980D6D4E4
SHA256:3E9EE9509BB992CFE08EF8605B2F10F0B633D8B26BF6D2DCC2C5D2C94F37A3D4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MSDisplay_MultiDev_v1.0.0.18.0.exe