File name:

MSDisplay_MultiDev_v1.0.0.18.0.exe

Full analysis: https://app.any.run/tasks/c374a54e-0009-45b4-a979-b00da69b645c
Verdict: Malicious activity
Analysis date: January 07, 2025, 11:11:37
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

F505CBCAB0670A376C866DE177A5C097

SHA1:

18DED789BC554FDA5941AA2707DF9A78DE44C7C5

SHA256:

7BE04791DF7CC79FC8427098BF9E3C11206E54D2D613D470E4B4D5855451E816

SSDEEP:

49152:jNJb0uRDKiHjoapN8J827nsjoRf8HIjkpr6PbdVKeO3dFIyKc+Kq:joKDfD4827MoRf8HnUdyd+yKn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 4804)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 6244)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)
      • devcon.exe (PID: 7156)
      • drvinst.exe (PID: 736)
      • devcon.exe (PID: 4816)
      • drvinst.exe (PID: 2804)
      • drvinst.exe (PID: 5032)
      • devcon.exe (PID: 6368)
      • drvinst.exe (PID: 6092)
      • drvinst.exe (PID: 6500)
      • drvinst.exe (PID: 4984)
      • devcon.exe (PID: 5300)
      • devcon.exe (PID: 1296)
      • drvinst.exe (PID: 5988)
      • drvinst.exe (PID: 308)
      • drvinst.exe (PID: 4908)

    • Reads the Windows owner or organization settings

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)

    • The process drops C-runtime libraries

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)

    • Process drops legitimate windows executable

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 736)
      • devcon.exe (PID: 4816)

    • Creates files in the driver directory

      • drvinst.exe (PID: 736)
      • drvinst.exe (PID: 2804)
      • drvinst.exe (PID: 6500)
      • drvinst.exe (PID: 6092)
      • drvinst.exe (PID: 4984)
      • drvinst.exe (PID: 5988)
      • drvinst.exe (PID: 308)
      • drvinst.exe (PID: 4908)

    • Drops a system driver (possible attempt to evade defenses)

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)
      • drvinst.exe (PID: 736)
      • devcon.exe (PID: 7156)
      • devcon.exe (PID: 4816)
      • drvinst.exe (PID: 2804)
      • drvinst.exe (PID: 5032)

    • Reads security settings of Internet Explorer

      • devcon.exe (PID: 4816)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)

    • Executes as Windows Service

      • WUDFHost.exe (PID: 6528)
      • WUDFHost.exe (PID: 1016)
      • WUDFHost.exe (PID: 6988)
      • WUDFHost.exe (PID: 6204)
      • WUDFHost.exe (PID: 512)
      • WUDFHost.exe (PID: 4840)
      • WUDFHost.exe (PID: 4816)
      • WUDFHost.exe (PID: 6440)
      • WUDFHost.exe (PID: 4984)

  • INFO

    • The sample compiled with chinese language support

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 4804)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)

    • Create files in a temporary directory

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 4804)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 6244)
      • devcon.exe (PID: 7156)
      • devcon.exe (PID: 4816)
      • devcon.exe (PID: 6368)
      • devcon.exe (PID: 5300)
      • devcon.exe (PID: 1296)

    • Reads the computer name

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3832)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)
      • drvinst.exe (PID: 736)
      • drvinst.exe (PID: 5032)
      • devcon.exe (PID: 6368)
      • drvinst.exe (PID: 4984)
      • WinUsbDisplay.exe (PID: 5936)

    • Checks supported languages

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3832)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 4804)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 6244)
      • drvinst.exe (PID: 736)
      • devcon.exe (PID: 4816)
      • devcon.exe (PID: 6368)
      • drvinst.exe (PID: 6092)
      • drvinst.exe (PID: 6500)
      • drvinst.exe (PID: 4984)
      • devcon.exe (PID: 1296)
      • drvinst.exe (PID: 4908)

    • The sample compiled with english language support

      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 4804)
      • MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 6244)
      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)
      • devcon.exe (PID: 7156)
      • drvinst.exe (PID: 736)
      • devcon.exe (PID: 4816)
      • drvinst.exe (PID: 2804)
      • drvinst.exe (PID: 5032)

    • Creates files in the program directory

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)
      • WinUsbDisplay.exe (PID: 5936)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 736)

    • Reads the software policy settings

      • rundll32.exe (PID: 4400)
      • drvinst.exe (PID: 736)
      • devcon.exe (PID: 6368)
      • devcon.exe (PID: 1296)
      • drvinst.exe (PID: 308)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 736)
      • devcon.exe (PID: 4816)
      • drvinst.exe (PID: 2804)
      • drvinst.exe (PID: 6092)
      • devcon.exe (PID: 6368)
      • drvinst.exe (PID: 4984)
      • devcon.exe (PID: 1296)
      • drvinst.exe (PID: 308)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 4400)

    • The process uses the downloaded file

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)

    • Process checks computer location settings

      • MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6268)

    • Manual execution by a user

      • WinUsbDisplay.exe (PID: 2076)

    • Creates files or folders in the user directory

      • WinUsbDisplay.exe (PID: 5936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:04:30 03:47:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 679936
InitializedDataSize: 125952
UninitializedDataSize: -
EntryPoint: 0xa6ed0
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.18
ProductVersionNumber: 1.0.0.18
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: ASCII
Comments: ´Ë°²×°³ÌÐòÓÉ Inno Setup ¹¹½¨¡£
CompanyName: MS
FileDescription: MS USB Display Setup
FileVersion: 1.0.0.18.0
LegalCopyright: Copyright © MS 2020
OriginalFileName:
ProductName: MS USB Display
ProductVersion: 1.0.0.18.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
166
Monitored processes
37
Malicious processes
9
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msdisplay_multidev_v1.0.0.18.0.exe msdisplay_multidev_v1.0.0.18.0.tmp no specs msdisplay_multidev_v1.0.0.18.0.exe msdisplay_multidev_v1.0.0.18.0.tmp devcon.exe conhost.exe no specs drvinst.exe rundll32.exe no specs devcon.exe conhost.exe no specs drvinst.exe drvinst.exe devcon.exe conhost.exe no specs drvinst.exe drvinst.exe wudfhost.exe no specs devcon.exe conhost.exe no specs drvinst.exe drvinst.exe wudfhost.exe no specs wudfhost.exe no specs devcon.exe conhost.exe no specs drvinst.exe drvinst.exe wudfhost.exe no specs wudfhost.exe no specs wudfhost.exe no specs devcon.exe no specs conhost.exe no specs wudfhost.exe no specs wudfhost.exe no specs wudfhost.exe no specs winusbdisplay.exe no specs winusbdisplay.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{b41dcc2a-f2bd-e341-a6e4-716196314dff}\indirectdisplaydriver2.inf" "9" "47de959af" "00000000000001C0" "WinSta0\Default" "00000000000001F4" "208" "c:\program files\ms usb display\idd\indirectdisplaydriver2"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
512"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-61cbbc8f-51ab-41be-a847-9f86d2c4df32 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-75586bbe-721f-43b7-9d2a-fe83a4de1148 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-be001d73-01bc-4065-9d7b-6905b48ad4c4 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-71baf916-c2c0-4dae-994c-d23c5a5fd42a -LifetimeId:638a0d56-a006-4802-bdbd-eebe92f5f138 -DeviceGroupId:IddSampleDriverGroup1 -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wudfplatform.dll
624\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedevcon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
736DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{f9514b9e-ab16-bb4c-960f-b4724ac77e91}\MSUSBDisplay.inf" "9" "410771dbb" "00000000000001D8" "WinSta0\Default" "00000000000001F0" "208" "C:\Program Files\MS USB Display\lib_usb"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1016"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ea9273eb-27ac-4e6d-863c-42f14a26d272 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c6a3d48b-c6cf-44ad-8513-ded5d247f901 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-57722898-86c1-497c-a0a8-eff2225aaa84 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f221cea7-763d-4455-8fd7-bc1c324adfb5 -LifetimeId:00e0ad26-46d5-4645-86a1-386b87cf6297 -DeviceGroupId:IddSampleDriverGroup1 -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\devobj.dll
1144\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedevcon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Program Files\MS USB Display\tool\x64\devcon.exe" update "C:\Program Files\MS USB Display\idd\indirectdisplaydriver2\indirectdisplaydriver2.inf" MS\IddBus2C:\Program Files\MS USB Display\tool\x64\devcon.exe
MSDisplay_MultiDev_v1.0.0.18.0.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\ms usb display\tool\x64\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2076\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedevcon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2076"C:\Program Files\MS USB Display\WinUsbDisplay.exe" C:\Program Files\MS USB Display\WinUsbDisplay.exeexplorer.exe
User:
admin
Company:
MS
Integrity Level:
MEDIUM
Description:
Windows USB Display
Exit code:
4294967295
Version:
1.0.0.7
Modules
Images
c:\program files\ms usb display\winusbdisplay.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2132"C:\Program Files\MS USB Display\tool\x64\devcon.exe" restart =display C:\Program Files\MS USB Display\tool\x64\devcon.exeMSDisplay_MultiDev_v1.0.0.18.0.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\ms usb display\tool\x64\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
34 799
Read events
34 640
Write events
128
Delete events
31

Modification events

(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Usb Display
Value:
C:\Program Files\MS USB Display\WinUsbDisplay.exe
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\dfmirage\DEVICE0
Operation:writeName:Attach.ToDesktop
Value:
0
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_CURRENT_USER\SOFTWARE\WinUsbDisplay\Server
Operation:writeName:LogLevel
Value:
1
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.2 (u)
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\MS USB Display
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\MS USB Display\
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
MS USB Display
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(6268) MSDisplay_MultiDev_v1.0.0.18.0.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:DisplayName
Value:
Uninstall MS USB Display
Executable files
104
Suspicious files
63
Text files
9
Unknown types
18

Dropped files

PID
Process
Filename
Type
6244MSDisplay_MultiDev_v1.0.0.18.0.exeC:\Users\admin\AppData\Local\Temp\is-FCQS6.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmpexecutable
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
4804MSDisplay_MultiDev_v1.0.0.18.0.exeC:\Users\admin\AppData\Local\Temp\is-PPL36.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmpexecutable
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-I4Q7A.tmpexecutable
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\libVMonitor.dllexecutable
MD5:10BB929E9FD8B028738B46F4D3EA741E
SHA256:8817EAF691058E091E3A240547B74C3E396DAFF1312F66971274C1D30C55BDE1
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-0STLD.tmpexecutable
MD5:A969E398CC9319DD9BD9EEDCAE288DA7
SHA256:3165D5E9212E9C4F009A594F67BD9E6D899B026CE1E3B0D6EBB994F423D6B1D1
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-L76R1.tmptext
MD5:7F4207EA1304993E8533B7A58F3A51B0
SHA256:EE8078A7D68D5F9B702C1F5E322D67227A6512E75247D9E950D497E753C62565
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Users\admin\AppData\Local\Temp\is-SAG2U.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-3SLN9.tmpexecutable
MD5:7FC50D24FBF0186FF7C1734511C640C1
SHA256:F5B3848E09E3C9AF9E764FCA6AB61E22D374707A964739373FE9692B58E9A1B4
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\WinUsbDisplay.exeexecutable
MD5:4AAB73E5792E49227E5843C0207E7BFD
SHA256:85AF24188A2040F61F008C50620835B9DDCEA0F4C1707447EC11002D55ED134E
6268MSDisplay_MultiDev_v1.0.0.18.0.tmpC:\Program Files\MS USB Display\is-6PHOS.tmpimage
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
48
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.230.103:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.230.103:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6968
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6968
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6608
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5004
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
184.30.230.103:80
www.microsoft.com
AKAMAI-AS
US
unknown
184.30.230.103:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5064
SearchApp.exe
2.23.227.198:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
3976
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5004
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.227.208:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 184.30.230.103
  • 23.209.214.100
whitelisted
google.com
  • 142.250.184.206
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.160.20
  • 40.126.32.74
  • 40.126.32.138
  • 40.126.32.72
  • 40.126.32.140
  • 20.190.160.22
  • 40.126.32.76
  • 40.126.32.134
  • 20.190.160.17
  • 40.126.32.136
  • 40.126.32.68
whitelisted
go.microsoft.com
  • 23.56.254.14
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
arc.msn.com
  • 20.223.35.26
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MSDisplay_MultiDev_v1.0.0.18.0.exe