File name:

MSDisplay_MultiDev_v1.0.1.60.exe

Full analysis: https://app.any.run/tasks/9e8669c8-33c3-49d6-b684-3f40f5d9584f
Verdict: Malicious activity
Analysis date: March 11, 2024, 10:06:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

3DCE81A37ADC36622DCF5EB2F869C1EB

SHA1:

D4B220E0A5E4EB0DA64FAB8C9F982DAF65118DD3

SHA256:

F22255C6D52F89E94CAD7AE5E303E52A38209F2D536902DA6F9F532E7CBACE24

SSDEEP:

98304:dXfEuCQYdT8FCIuqpTd4DER3tD3L1WCCSCJAR2C4uiDLPg8CvZ1/cwWYoHwZgVtb:q3hF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 2964)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)
      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 3672)
      • devcon.exe (PID: 1040)
      • drvinst.exe (PID: 2340)

    • Changes the autorun value in the registry

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 2340)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Executable content was dropped or overwritten

      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 3672)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)
      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 2964)
      • drvinst.exe (PID: 2340)
      • devcon.exe (PID: 1040)

    • The process drops C-runtime libraries

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Drops a system driver (possible attempt to evade defenses)

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)
      • devcon.exe (PID: 1040)
      • drvinst.exe (PID: 2340)

    • Reads the Windows owner or organization settings

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 2340)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2340)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 4008)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2572)

    • Reads security settings of Internet Explorer

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Reads the Internet Settings

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Non-standard symbols in registry

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

  • INFO

    • Create files in a temporary directory

      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 3672)
      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 2964)
      • devcon.exe (PID: 1040)

    • Reads the computer name

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 4052)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)
      • devcon.exe (PID: 1040)
      • drvinst.exe (PID: 2340)
      • devcon.exe (PID: 2904)
      • WinUsbDisplay.exe (PID: 1900)

    • Checks supported languages

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 4052)
      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 3672)
      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 2964)
      • devcon.exe (PID: 1040)
      • drvinst.exe (PID: 2340)
      • devcon.exe (PID: 2904)
      • WinUsbDisplay.exe (PID: 1900)

    • Creates a software uninstall entry

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Creates files in the program directory

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)

    • Creates files or folders in the user directory

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 2752)
      • WinUsbDisplay.exe (PID: 1900)

    • Reads the machine GUID from the registry

      • devcon.exe (PID: 1040)
      • drvinst.exe (PID: 2340)

    • Reads the software policy settings

      • drvinst.exe (PID: 2340)
      • rundll32.exe (PID: 4008)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 2340)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 4008)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:04:30 03:47:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 679936
InitializedDataSize: 125952
UninitializedDataSize: -
EntryPoint: 0xa6ed0
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.1.60
ProductVersionNumber: 1.0.1.60
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: ASCII
Comments: ´Ë°²×°³ÌÐòÓÉ Inno Setup ¹¹½¨¡£
CompanyName: MS
FileDescription: MS USB Display Setup
FileVersion: 1.0.1.60
LegalCopyright: Copyright © MS 2020
OriginalFileName:
ProductName: MS USB Display
ProductVersion: 1.0.1.60
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
10
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msdisplay_multidev_v1.0.1.60.exe msdisplay_multidev_v1.0.1.60.tmp no specs msdisplay_multidev_v1.0.1.60.exe msdisplay_multidev_v1.0.1.60.tmp devcon.exe drvinst.exe rundll32.exe no specs vssvc.exe no specs devcon.exe no specs winusbdisplay.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1040"C:\Program Files\MS USB Display\tool\x86\devcon.exe" dp_add "C:\Program Files\MS USB Display\lib_usb\MSUSBDisplay.inf" USB\VID_534D&PID_6021&MI_03C:\Program Files\MS USB Display\tool\x86\devcon.exe
MSDisplay_MultiDev_v1.0.1.60.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\ms usb display\tool\x86\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1900"C:\Program Files\MS USB Display\WinUsbDisplay.exe" firstinstallC:\Program Files\MS USB Display\WinUsbDisplay.exeMSDisplay_MultiDev_v1.0.1.60.tmp
User:
admin
Company:
MS
Integrity Level:
HIGH
Description:
Windows USB Display
Exit code:
0
Version:
1.0.1.6
Modules
Images
c:\program files\ms usb display\winusbdisplay.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
2340DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{340e795f-f1b1-7ed3-1bd0-8e5ae69ff361}\MSUSBDisplay.inf" "0" "610771dbb" "000003F8" "WinSta0\Default" "00000550" "208" "C:\Program Files\MS USB Display\lib_usb"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2572C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2752"C:\Users\admin\AppData\Local\Temp\is-OK871.tmp\MSDisplay_MultiDev_v1.0.1.60.tmp" /SL5="$100130,2288616,806912,C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.1.60.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-OK871.tmp\MSDisplay_MultiDev_v1.0.1.60.tmp
MSDisplay_MultiDev_v1.0.1.60.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ok871.tmp\msdisplay_multidev_v1.0.1.60.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2904"C:\Program Files\MS USB Display\tool\x86\devcon.exe" restart =display C:\Program Files\MS USB Display\tool\x86\devcon.exeMSDisplay_MultiDev_v1.0.1.60.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
1
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\ms usb display\tool\x86\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2964"C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.1.60.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.1.60.exe
MSDisplay_MultiDev_v1.0.1.60.tmp
User:
admin
Company:
MS
Integrity Level:
HIGH
Description:
MS USB Display Setup
Exit code:
0
Version:
1.0.1.60
Modules
Images
c:\users\admin\appdata\local\temp\msdisplay_multidev_v1.0.1.60.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3672"C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.1.60.exe" C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.1.60.exe
explorer.exe
User:
admin
Company:
MS
Integrity Level:
MEDIUM
Description:
MS USB Display Setup
Exit code:
0
Version:
1.0.1.60
Modules
Images
c:\users\admin\appdata\local\temp\msdisplay_multidev_v1.0.1.60.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
4008rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{17465105-6b69-38e0-f978-0454ca171166} Global\{74fe671a-a4dd-6080-988b-2827e67bf371} C:\Windows\System32\DriverStore\Temp\{41315687-1ef7-0bbb-a4ac-d0228fc01b7a}\MSUSBDisplay.inf C:\Windows\System32\DriverStore\Temp\{41315687-1ef7-0bbb-a4ac-d0228fc01b7a}\MSUSBDisplay.catC:\Windows\System32\rundll32.exedrvinst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
4052"C:\Users\admin\AppData\Local\Temp\is-75POS.tmp\MSDisplay_MultiDev_v1.0.1.60.tmp" /SL5="$E0170,2288616,806912,C:\Users\admin\AppData\Local\Temp\MSDisplay_MultiDev_v1.0.1.60.exe" C:\Users\admin\AppData\Local\Temp\is-75POS.tmp\MSDisplay_MultiDev_v1.0.1.60.tmpMSDisplay_MultiDev_v1.0.1.60.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-75pos.tmp\msdisplay_multidev_v1.0.1.60.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
15 403
Read events
15 157
Write events
232
Delete events
14

Modification events

(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
C00A0000666B78D99B73DA01
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
21B6EC3C63A2D43F72EC356126B4658FE1C8EE5E8739718542FF54139D1B3195
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\MS USB Display\WinUsbDisplay.exe
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
110DD1FA98514240272F711E9916E2A73955EE24EF6D1D4F72B732FF3C02AC8C
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Usb Display
Value:
C:\Program Files\MS USB Display\WinUsbDisplay.exe
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\dfmirage\DEVICE0
Operation:writeName:Attach.ToDesktop
Value:
0
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Operation:writeName:C:\Program Files\MS USB Display\WinUsbDisplay.exe
Value:
HIGHDPIAWARE
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\Software\WinUsbDisplay\Server
Operation:writeName:LogLevel
Value:
1
(PID) Process:(2752) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.2 (u)
Executable files
63
Suspicious files
10
Text files
10
Unknown types
33

Dropped files

PID
Process
Filename
Type
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-7TRMO.tmpexecutable
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\unins000.exeexecutable
MD5:DEF2E0EFA04057381F04119980D6D4E4
SHA256:3E9EE9509BB992CFE08EF8605B2F10F0B633D8B26BF6D2DCC2C5D2C94F37A3D4
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-MHFJP.tmptext
MD5:7F4207EA1304993E8533B7A58F3A51B0
SHA256:EE8078A7D68D5F9B702C1F5E322D67227A6512E75247D9E950D497E753C62565
3672MSDisplay_MultiDev_v1.0.1.60.exeC:\Users\admin\AppData\Local\Temp\is-75POS.tmp\MSDisplay_MultiDev_v1.0.1.60.tmpexecutable
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-Q2CD4.tmpimage
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\logo.icoimage
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-L1Q5G.tmpexecutable
MD5:17D0F91A0F4FDC3DED309B9BE6EECE62
SHA256:B4A4F9105A5975A7BBB6D3B03742605D82132083209E11E403226B294D753F4D
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\WinUsbDisplay.exeexecutable
MD5:17D0F91A0F4FDC3DED309B9BE6EECE62
SHA256:B4A4F9105A5975A7BBB6D3B03742605D82132083209E11E403226B294D753F4D
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\libusb0.dllexecutable
MD5:6C12D8B1AA5E44AF62EFAC5A5B25C6DA
SHA256:FA16629B7C112C2A22FAD27C2D5E5867866FD49E534F4A5161F97467C09698C3
2752MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-LVPV8.tmpexecutable
MD5:6C12D8B1AA5E44AF62EFAC5A5B25C6DA
SHA256:FA16629B7C112C2A22FAD27C2D5E5867866FD49E534F4A5161F97467C09698C3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MSDisplay_MultiDev_v1.0.1.60.exe