| File name: | MSDisplay_MultiDev_v1.0.0.18.0.exe |
| Full analysis: | https://app.any.run/tasks/cdb987e9-e646-4fcd-8aa7-9bcc341cce60 |
| Verdict: | Malicious activity |
| Analysis date: | July 06, 2025, 08:10:08 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections |
| MD5: | F505CBCAB0670A376C866DE177A5C097 |
| SHA1: | 18DED789BC554FDA5941AA2707DF9A78DE44C7C5 |
| SHA256: | 7BE04791DF7CC79FC8427098BF9E3C11206E54D2D613D470E4B4D5855451E816 |
| SSDEEP: | 49152:jNJb0uRDKiHjoapN8J827nsjoRf8HIjkpr6PbdVKeO3dFIyKc+Kq:joKDfD4827MoRf8HnUdyd+yKn |
MALICIOUS
Changes the autorun value in the registry
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
SUSPICIOUS
Executable content was dropped or overwritten
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2996)
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 1872)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- devcon.exe (PID: 320)
- devcon.exe (PID: 3112)
- drvinst.exe (PID: 5744)
- drvinst.exe (PID: 3836)
- drvinst.exe (PID: 1496)
- devcon.exe (PID: 3644)
- drvinst.exe (PID: 7092)
- drvinst.exe (PID: 2348)
- devcon.exe (PID: 4688)
- drvinst.exe (PID: 6868)
- devcon.exe (PID: 7108)
- drvinst.exe (PID: 4764)
- drvinst.exe (PID: 3960)
- drvinst.exe (PID: 4684)
Reads security settings of Internet Explorer
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3640)
- devcon.exe (PID: 3112)
- devcon.exe (PID: 3644)
- devcon.exe (PID: 4688)
- devcon.exe (PID: 7108)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Reads the Windows owner or organization settings
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Process drops legitimate windows executable
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
The process drops C-runtime libraries
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Drops a system driver (possible attempt to evade defenses)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- devcon.exe (PID: 320)
- drvinst.exe (PID: 5744)
- drvinst.exe (PID: 3836)
- devcon.exe (PID: 3112)
- drvinst.exe (PID: 1496)
Creates files in the driver directory
- drvinst.exe (PID: 5744)
- drvinst.exe (PID: 3836)
- drvinst.exe (PID: 7092)
- drvinst.exe (PID: 1496)
- drvinst.exe (PID: 2348)
- drvinst.exe (PID: 6868)
- drvinst.exe (PID: 4764)
- drvinst.exe (PID: 3960)
- drvinst.exe (PID: 4684)
Creates or modifies Windows services
- drvinst.exe (PID: 1496)
- drvinst.exe (PID: 2348)
- drvinst.exe (PID: 4764)
- drvinst.exe (PID: 4684)
Executes as Windows Service
- WUDFHost.exe (PID: 4512)
- WUDFHost.exe (PID: 5468)
- WUDFHost.exe (PID: 3732)
- WUDFHost.exe (PID: 644)
- WUDFHost.exe (PID: 3196)
- WUDFHost.exe (PID: 4984)
- WUDFHost.exe (PID: 6900)
- WUDFHost.exe (PID: 2128)
- WUDFHost.exe (PID: 6540)
INFO
Create files in a temporary directory
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2996)
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 1872)
- devcon.exe (PID: 320)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- devcon.exe (PID: 3112)
- devcon.exe (PID: 3644)
- devcon.exe (PID: 4688)
- devcon.exe (PID: 7108)
Checks supported languages
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2996)
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 1872)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3640)
- devcon.exe (PID: 320)
- devcon.exe (PID: 3112)
- drvinst.exe (PID: 5744)
- drvinst.exe (PID: 3836)
- drvinst.exe (PID: 1496)
- devcon.exe (PID: 3644)
- drvinst.exe (PID: 7092)
- drvinst.exe (PID: 2348)
- devcon.exe (PID: 4688)
- drvinst.exe (PID: 6868)
- devcon.exe (PID: 7108)
- drvinst.exe (PID: 4764)
- drvinst.exe (PID: 3960)
- drvinst.exe (PID: 4684)
- devcon.exe (PID: 2468)
- WinUsbDisplay.exe (PID: 3960)
The sample compiled with chinese language support
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2996)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
The sample compiled with english language support
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2996)
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 1872)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- devcon.exe (PID: 320)
- drvinst.exe (PID: 5744)
- devcon.exe (PID: 3112)
- drvinst.exe (PID: 3836)
- drvinst.exe (PID: 1496)
Process checks computer location settings
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3640)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Reads the computer name
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3640)
- devcon.exe (PID: 320)
- drvinst.exe (PID: 5744)
- devcon.exe (PID: 3112)
- drvinst.exe (PID: 1496)
- drvinst.exe (PID: 3836)
- devcon.exe (PID: 3644)
- drvinst.exe (PID: 2348)
- drvinst.exe (PID: 7092)
- devcon.exe (PID: 4688)
- drvinst.exe (PID: 6868)
- drvinst.exe (PID: 4764)
- devcon.exe (PID: 7108)
- drvinst.exe (PID: 3960)
- drvinst.exe (PID: 4684)
- WinUsbDisplay.exe (PID: 3960)
Detects InnoSetup installer (YARA)
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 2996)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3640)
- MSDisplay_MultiDev_v1.0.0.18.0.exe (PID: 1872)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Compiled with Borland Delphi (YARA)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 3640)
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Creates a software uninstall entry
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Creates files in the program directory
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- WinUsbDisplay.exe (PID: 3960)
Creates files or folders in the user directory
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
- WinUsbDisplay.exe (PID: 3960)
Launching a file from a Registry key
- MSDisplay_MultiDev_v1.0.0.18.0.tmp (PID: 6980)
Reads the machine GUID from the registry
- drvinst.exe (PID: 5744)
- devcon.exe (PID: 3112)
- drvinst.exe (PID: 3836)
- devcon.exe (PID: 3644)
- drvinst.exe (PID: 7092)
- devcon.exe (PID: 4688)
- drvinst.exe (PID: 6868)
- devcon.exe (PID: 7108)
- drvinst.exe (PID: 3960)
Adds/modifies Windows certificates
- drvinst.exe (PID: 5744)
Reads security settings of Internet Explorer
- rundll32.exe (PID: 4832)
Reads the software policy settings
- devcon.exe (PID: 3112)
- rundll32.exe (PID: 4832)
- drvinst.exe (PID: 3836)
- drvinst.exe (PID: 5744)
- devcon.exe (PID: 3644)
- drvinst.exe (PID: 7092)
- devcon.exe (PID: 4688)
- drvinst.exe (PID: 6868)
- devcon.exe (PID: 7108)
- drvinst.exe (PID: 3960)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Inno Setup installer (53.5) |
|---|---|---|
| .exe | | | InstallShield setup (21) |
| .exe | | | Win32 EXE PECompact compressed (generic) (20.2) |
| .exe | | | Win32 Executable (generic) (2.1) |
| .exe | | | Win16/32 Executable Delphi generic (1) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:04:30 03:47:23+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 2.25 |
| CodeSize: | 679936 |
| InitializedDataSize: | 125952 |
| UninitializedDataSize: | - |
| EntryPoint: | 0xa6ed0 |
| OSVersion: | 6 |
| ImageVersion: | 6 |
| SubsystemVersion: | 6 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.18 |
| ProductVersionNumber: | 1.0.0.18 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | ASCII |
| Comments: | ´Ë°²×°³ÌÐòÓÉ Inno Setup ¹¹½¨¡£ |
| CompanyName: | MS |
| FileDescription: | MS USB Display Setup |
| FileVersion: | 1.0.0.18.0 |
| LegalCopyright: | Copyright © MS 2020 |
| OriginalFileName: | |
| ProductName: | MS USB Display |
| ProductVersion: | 1.0.0.18.0 |
Total processes
173
Monitored processes
36
Malicious processes
12
Suspicious processes
2
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 320 | "C:\Program Files\MS USB Display\tool\x64\devcon.exe" dp_add "C:\Program Files\MS USB Display\lib_usb\MSUSBDisplay.inf" USB\VID_534D&PID_6021&MI_03 | C:\Program Files\MS USB Display\tool\x64\devcon.exe | MSDisplay_MultiDev_v1.0.0.18.0.tmp | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Setup API Exit code: 0 Version: 10.0.10586.0 (th2_release.151029-1700) Modules
| |||||||||||||||
| 644 | "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5776d5f7-98f0-4de8-984e-21726aa46fad -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-db3f1460-15c5-49ca-92d8-9ac963d9f705 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b93f2518-1465-46f9-888d-e1034b5e2240 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-0029edb7-597d-4646-8961-a14e19f037bb -LifetimeId:ec6d169d-9119-49d4-9591-57842684daf6 -DeviceGroupId:IddSampleDriverGroup2 -HostArg:0 | C:\Windows\System32\WUDFHost.exe | — | services.exe | |||||||||||
User: LOCAL SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows Driver Foundation - User-mode Driver Framework Host Process Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1352 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | devcon.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1496 | DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\WINDOWS\INF\oem6.inf" "oem6.inf:c14ce884432a57a1:IndirectDisplayBus_Device:10.49.31.666:root\indirectdisplaybus," "45a813563" "00000000000001F0" | C:\Windows\System32\drvinst.exe | svchost.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1872 | "C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe" /SPAWNWND=$502DE /NOTIFYWND=$50346 | C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe | MSDisplay_MultiDev_v1.0.0.18.0.tmp | ||||||||||||
User: admin Company: MS Integrity Level: HIGH Description: MS USB Display Setup Exit code: 0 Version: 1.0.0.18.0 Modules
| |||||||||||||||
| 2128 | "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f94a00c6-f62c-47d9-9b35-e728ae5b089d -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-570c3126-5d47-4393-bfa5-480bf4b4bba2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-a375b005-95d6-4a5c-933c-77cffa3dbe09 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5ab664bf-b807-4e59-8f06-17d6d2d1e6e5 -LifetimeId:be30b96f-8d11-4c9e-9835-bbc366168308 -DeviceGroupId:IddSampleDriverGroup1 -HostArg:0 | C:\Windows\System32\WUDFHost.exe | — | services.exe | |||||||||||
User: LOCAL SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows Driver Foundation - User-mode Driver Framework Host Process Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2324 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | devcon.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2348 | DrvInst.exe "2" "211" "MS\IDDBUS\1&79F5D87&0&01" "C:\WINDOWS\INF\oem7.inf" "oem7.inf:c14ce8840c48fa1f:MyDevice_Install:10.50.47.889:ms\iddbus," "439309a7f" "0000000000000208" | C:\Windows\System32\drvinst.exe | svchost.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2468 | "C:\Program Files\MS USB Display\tool\x64\devcon.exe" restart =display | C:\Program Files\MS USB Display\tool\x64\devcon.exe | — | MSDisplay_MultiDev_v1.0.0.18.0.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Setup API Exit code: 0 Version: 10.0.10586.0 (th2_release.151029-1700) Modules
| |||||||||||||||
| 2996 | "C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe" | C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.0.18.0.exe | explorer.exe | ||||||||||||
User: admin Company: MS Integrity Level: MEDIUM Description: MS USB Display Setup Exit code: 0 Version: 1.0.0.18.0 Modules
| |||||||||||||||
Total events
34 757
Read events
34 598
Write events
128
Delete events
31
Modification events
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| Operation: | write | Name: | Windows Usb Display |
Value: C:\Program Files\MS USB Display\WinUsbDisplay.exe | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\dfmirage\DEVICE0 |
| Operation: | write | Name: | Attach.ToDesktop |
Value: 0 | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\WinUsbDisplay\Server |
| Operation: | write | Name: | LogLevel |
Value: 1 | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1 |
| Operation: | write | Name: | Inno Setup: Setup Version |
Value: 6.0.2 (u) | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1 |
| Operation: | write | Name: | Inno Setup: App Path |
Value: C:\Program Files\MS USB Display | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1 |
| Operation: | write | Name: | InstallLocation |
Value: C:\Program Files\MS USB Display\ | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1 |
| Operation: | write | Name: | Inno Setup: Icon Group |
Value: MS USB Display | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1 |
| Operation: | write | Name: | Inno Setup: User |
Value: admin | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1 |
| Operation: | write | Name: | Inno Setup: Language |
Value: english | |||
| (PID) Process: | (6980) MSDisplay_MultiDev_v1.0.0.18.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1 |
| Operation: | write | Name: | DisplayName |
Value: Uninstall MS USB Display | |||
Executable files
104
Suspicious files
81
Text files
9
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\is-D993M.tmp | executable | |
MD5:7EC9CFAB450831249D70152183B3E844 | SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77 | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\is-2D3L9.tmp | executable | |
MD5:10BB929E9FD8B028738B46F4D3EA741E | SHA256:8817EAF691058E091E3A240547B74C3E396DAFF1312F66971274C1D30C55BDE1 | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\libVMonitor.dll | executable | |
MD5:10BB929E9FD8B028738B46F4D3EA741E | SHA256:8817EAF691058E091E3A240547B74C3E396DAFF1312F66971274C1D30C55BDE1 | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\is-UC8BK.tmp | executable | |
MD5:1954CD248E65C7C5C2D3D93DD7F91604 | SHA256:761EC2283460F3E641F9C815A015698B3EB77090808768A4BF3C17439CCD0018 | |||
| 1872 | MSDisplay_MultiDev_v1.0.0.18.0.exe | C:\Users\admin\AppData\Local\Temp\is-TEJ0V.tmp\MSDisplay_MultiDev_v1.0.0.18.0.tmp | executable | |
MD5:7EC9CFAB450831249D70152183B3E844 | SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77 | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Users\admin\AppData\Local\Temp\is-BCFDU.tmp\_isetup\_setup64.tmp | executable | |
MD5:E4211D6D009757C078A9FAC7FF4F03D4 | SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\is-32TGL.tmp | executable | |
MD5:4AAB73E5792E49227E5843C0207E7BFD | SHA256:85AF24188A2040F61F008C50620835B9DDCEA0F4C1707447EC11002D55ED134E | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\is-VS48K.tmp | executable | |
MD5:7FC50D24FBF0186FF7C1734511C640C1 | SHA256:F5B3848E09E3C9AF9E764FCA6AB61E22D374707A964739373FE9692B58E9A1B4 | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\WinUsbDisplay.exe | executable | |
MD5:4AAB73E5792E49227E5843C0207E7BFD | SHA256:85AF24188A2040F61F008C50620835B9DDCEA0F4C1707447EC11002D55ED134E | |||
| 6980 | MSDisplay_MultiDev_v1.0.0.18.0.tmp | C:\Program Files\MS USB Display\unins000.exe | executable | |
MD5:DEF2E0EFA04057381F04119980D6D4E4 | SHA256:3E9EE9509BB992CFE08EF8605B2F10F0B633D8B26BF6D2DCC2C5D2C94F37A3D4 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
29
DNS requests
14
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1268 | svchost.exe | GET | 200 | 2.20.245.137:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1268 | svchost.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4168 | SIHClient.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
4168 | SIHClient.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
2464 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
5944 | MoUsoCoreWorker.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1268 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4804 | RUXIMICS.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1268 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
1268 | svchost.exe | 2.20.245.137:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
1268 | svchost.exe | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
5944 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
1712 | svchost.exe | 95.100.186.9:443 | go.microsoft.com | AKAMAI-AS | FR | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |