File name:

MSDisplay_MultiDev_v1.0.1.60.exe

Full analysis: https://app.any.run/tasks/d001eb5b-a8b7-4a20-8691-3733f84b890e
Verdict: Malicious activity
Analysis date: February 19, 2026, 13:56:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

3DCE81A37ADC36622DCF5EB2F869C1EB

SHA1:

D4B220E0A5E4EB0DA64FAB8C9F982DAF65118DD3

SHA256:

F22255C6D52F89E94CAD7AE5E303E52A38209F2D536902DA6F9F532E7CBACE24

SSDEEP:

98304:dXfEuCQYdT8FCIuqpTd4DER3tD3L1WCCSCJAR2C4uiDLPg8CvZ1/cwWYoHwZgVtb:q3hF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

    • Drops a system driver (possible attempt to evade defenses)

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)
      • devcon.exe (PID: 7664)
      • drvinst.exe (PID: 7776)
      • drvinst.exe (PID: 1176)
      • devcon.exe (PID: 1916)
      • drvinst.exe (PID: 5108)

    • Executes as Windows Service

      • WUDFHost.exe (PID: 4508)
      • WUDFHost.exe (PID: 4684)
      • WUDFHost.exe (PID: 2620)
      • WUDFHost.exe (PID: 2256)
      • WUDFHost.exe (PID: 7920)
      • WUDFHost.exe (PID: 7496)
      • WUDFHost.exe (PID: 468)
      • WUDFHost.exe (PID: 9148)
      • WUDFHost.exe (PID: 9004)

  • INFO

    • Reads security settings of Internet Explorer

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 8456)
      • rundll32.exe (PID: 8048)
      • devcon.exe (PID: 1916)
      • devcon.exe (PID: 9136)
      • devcon.exe (PID: 7104)
      • devcon.exe (PID: 4996)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

    • Checks supported languages

      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 7376)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 8456)
      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 6544)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)
      • drvinst.exe (PID: 7776)
      • devcon.exe (PID: 1916)
      • devcon.exe (PID: 7664)
      • devcon.exe (PID: 9136)
      • drvinst.exe (PID: 1176)
      • drvinst.exe (PID: 7308)
      • drvinst.exe (PID: 6280)
      • drvinst.exe (PID: 5108)
      • drvinst.exe (PID: 5780)
      • devcon.exe (PID: 7104)
      • drvinst.exe (PID: 8844)
      • devcon.exe (PID: 4996)
      • WinUsbDisplay.exe (PID: 4796)
      • drvinst.exe (PID: 1824)
      • devcon.exe (PID: 6568)
      • drvinst.exe (PID: 3552)
      • WinUsbDisplay.exe (PID: 8996)

    • The sample compiled with chinese language support

      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 7376)

    • Create files in a temporary directory

      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 7376)
      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 6544)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)
      • devcon.exe (PID: 7664)
      • devcon.exe (PID: 1916)
      • devcon.exe (PID: 9136)
      • devcon.exe (PID: 4996)
      • devcon.exe (PID: 7104)

    • Process checks computer location settings

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 8456)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

    • Reads the computer name

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 8456)
      • devcon.exe (PID: 7664)
      • devcon.exe (PID: 1916)
      • drvinst.exe (PID: 7776)
      • drvinst.exe (PID: 5108)
      • drvinst.exe (PID: 1176)
      • devcon.exe (PID: 9136)
      • drvinst.exe (PID: 7308)
      • drvinst.exe (PID: 6280)
      • devcon.exe (PID: 4996)
      • drvinst.exe (PID: 5780)
      • drvinst.exe (PID: 8844)
      • devcon.exe (PID: 7104)
      • drvinst.exe (PID: 3552)
      • WinUsbDisplay.exe (PID: 4796)
      • drvinst.exe (PID: 1824)
      • WinUsbDisplay.exe (PID: 8996)

    • Creates files in the program directory

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

    • Drops script file

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

    • Creates files or folders in the user directory

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)
      • WinUsbDisplay.exe (PID: 4796)

    • Creates a software uninstall entry

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

    • Launching a file from a Registry key

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 6336)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 7776)
      • devcon.exe (PID: 1916)
      • drvinst.exe (PID: 5108)
      • drvinst.exe (PID: 7308)
      • devcon.exe (PID: 9136)
      • devcon.exe (PID: 4996)
      • drvinst.exe (PID: 5780)
      • devcon.exe (PID: 7104)
      • drvinst.exe (PID: 3552)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 7776)

    • Changes settings of System certificates

      • drvinst.exe (PID: 7776)

    • Detects InnoSetup installer (YARA)

      • MSDisplay_MultiDev_v1.0.1.60.exe (PID: 7376)
      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 8456)

    • Manual execution by a user

      • WinUsbDisplay.exe (PID: 4796)

    • Compiled with Borland Delphi (YARA)

      • MSDisplay_MultiDev_v1.0.1.60.tmp (PID: 8456)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:04:30 03:47:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 679936
InitializedDataSize: 125952
UninitializedDataSize: -
EntryPoint: 0xa6ed0
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.1.60
ProductVersionNumber: 1.0.1.60
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: ASCII
Comments: ´Ë°²×°³ÌÐòÓÉ Inno Setup ¹¹½¨¡£
CompanyName: MS
FileDescription: MS USB Display Setup
FileVersion: 1.0.1.60
LegalCopyright: Copyright © MS 2020
OriginalFileName:
ProductName: MS USB Display
ProductVersion: 1.0.1.60
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
190
Monitored processes
37
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msdisplay_multidev_v1.0.1.60.exe no specs msdisplay_multidev_v1.0.1.60.tmp no specs msdisplay_multidev_v1.0.1.60.exe msdisplay_multidev_v1.0.1.60.tmp devcon.exe no specs conhost.exe no specs drvinst.exe no specs rundll32.exe no specs devcon.exe no specs conhost.exe no specs drvinst.exe no specs drvinst.exe no specs devcon.exe no specs conhost.exe no specs drvinst.exe no specs drvinst.exe no specs wudfhost.exe no specs devcon.exe no specs conhost.exe no specs drvinst.exe no specs drvinst.exe no specs wudfhost.exe no specs wudfhost.exe no specs devcon.exe no specs conhost.exe no specs drvinst.exe no specs winusbdisplay.exe no specs drvinst.exe no specs wudfhost.exe no specs wudfhost.exe no specs wudfhost.exe no specs devcon.exe no specs conhost.exe no specs wudfhost.exe no specs wudfhost.exe no specs wudfhost.exe no specs winusbdisplay.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
468"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2c0c4421-a7ae-4977-91b9-db7be2bd779b -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b31cf447-f22b-4d6d-a1cd-ed3beeac079a -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5bc10ac0-e6f3-4c56-9b1a-36511e8cb107 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-49768c3d-6970-494a-8798-608583816de4 -LifetimeId:61a02027-0089-4030-be42-cd83bba59822 -DeviceGroupId:IddSampleDriverGroup -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wudfplatform.dll
1000\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedevcon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1176DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\WINDOWS\INF\oem10.inf" "oem10.inf:c14ce884432a57a1:IndirectDisplayBus_Device:11.48.12.282:root\indirectdisplaybus," "45a813563" "00000000000001D8"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1824DrvInst.exe "2" "211" "MS\IDDBUS2\1&79F5D87&0&03" "C:\WINDOWS\INF\oem13.inf" "oem13.inf:c14ce8840c48fa1f:MyDevice_Install:11.33.54.338:ms\iddbus2," "47de959af" "0000000000000234"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1916"C:\Program Files\MS USB Display\tool\x64\devcon.exe" install "C:\Program Files\MS USB Display\idd\indirectdisplaybus\indirectdisplaybus.inf" root\IndirectDisplayBusC:\Program Files\MS USB Display\tool\x64\devcon.exeMSDisplay_MultiDev_v1.0.1.60.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10586.0 (th2_release.151029-1700)
Modules
Images
c:\program files\ms usb display\tool\x64\devcon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2256"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-a380526c-9fd4-400f-b714-fb75b44a3f57 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-300411b4-8241-4570-8e33-74a7ac3b6b43 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5b441310-e9c1-45fa-9aa6-128eb305e2cd -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-241f99bd-8451-481e-8533-26e8fcc77331 -LifetimeId:b15db870-acf2-4b60-aaa4-c379d12892c1 -DeviceGroupId:IddSampleDriverGroup2 -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wudfplatform.dll
2620"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-972578a0-4c93-49be-b2a0-14e3019c2a74 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c92593a6-4d21-4db2-b479-eca6685b66b4 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d05e0f00-ab72-461f-b245-dd4f0f29442f -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3c0ce703-4683-402e-9e1e-696d7844b052 -LifetimeId:b10282f9-c4a0-4b9c-8c63-158314c0ea66 -DeviceGroupId:IddSampleDriverGroup -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wudfplatform.dll
3164\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exedevcon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3552DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{eadd0aac-6bcf-0f4e-831a-7105ea301f9f}\indirectdisplaydriver2.inf" "9" "47de959af" "000000000000021C" "WinSta0\Default" "0000000000000228" "208" "c:\program files\ms usb display\idd\indirectdisplaydriver2"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
4508"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2e64a2c4-5775-4c3c-891d-d4aa3fa89608 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-00bee6b2-5791-4f26-9d3b-1c6396c92fd7 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cefe7104-b104-4220-9eec-f08ed830f0f7 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ff2f8fc5-09bf-40fa-a1df-f52c7185bb83 -LifetimeId:ad8cb65c-800e-4b10-b10b-5c0776446cf5 -DeviceGroupId:IddSampleDriverGroup -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\devobj.dll
Total events
34 892
Read events
34 732
Write events
129
Delete events
31

Modification events

(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Usb Display
Value:
C:\Program Files\MS USB Display\WinUsbDisplay.exe
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\dfmirage\DEVICE0
Operation:writeName:Attach.ToDesktop
Value:
0
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Operation:writeName:C:\Program Files\MS USB Display\WinUsbDisplay.exe
Value:
HIGHDPIAWARE
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_CURRENT_USER\SOFTWARE\WinUsbDisplay\Server
Operation:writeName:LogLevel
Value:
1
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.2 (u)
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\MS USB Display
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\MS USB Display\
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
MS USB Display
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(6336) MSDisplay_MultiDev_v1.0.1.60.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{509DC88F-BC75-4AED-B511-9892EAD1AE48}}_is1
Operation:writeName:Inno Setup: Language
Value:
english
Executable files
0
Suspicious files
0
Text files
0
Unknown types
173

Dropped files

PID
Process
Filename
Type
7376MSDisplay_MultiDev_v1.0.1.60.exeC:\Users\admin\AppData\Local\Temp\is-41K1E.tmp\MSDisplay_MultiDev_v1.0.1.60.tmpbinary
MD5:7EC9CFAB450831249D70152183B3E844
SHA256:664938FC6169E37700C45C0242006EDE97219AA0B873CC26C8DAF19647DBAA77
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\unins000.exebinary
MD5:DEF2E0EFA04057381F04119980D6D4E4
SHA256:3E9EE9509BB992CFE08EF8605B2F10F0B633D8B26BF6D2DCC2C5D2C94F37A3D4
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-OJ7JQ.tmpbinary
MD5:AB5BD4D46AA4F19ED52961F81635AD76
SHA256:A1C6CEDAB9EC5850C98D5FED2CB0A2253FBBCCA7B8C5974F57F34FBDE4DC3C3F
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\libusb0.dllbinary
MD5:6C12D8B1AA5E44AF62EFAC5A5B25C6DA
SHA256:FA16629B7C112C2A22FAD27C2D5E5867866FD49E534F4A5161F97467C09698C3
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\msvcr120.dllbinary
MD5:034CCADC1C073E4216E9466B720F9849
SHA256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-HJNLC.tmpbinary
MD5:034CCADC1C073E4216E9466B720F9849
SHA256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\logo.icobinary
MD5:2098EF97358FBBDFAE0206BBCB4E2234
SHA256:DE96747834EF6ED07618AA7EB89F643444F3BA01140EED263468C08A0B7BF8FE
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-NN6RU.tmpbinary
MD5:7F4207EA1304993E8533B7A58F3A51B0
SHA256:EE8078A7D68D5F9B702C1F5E322D67227A6512E75247D9E950D497E753C62565
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\is-5776T.tmpbinary
MD5:F9E5204741AC0FFEC1662139FD77C62F
SHA256:33A17C00E1AD43CA60D0146F3ED783108D64FCA426CD3F97D97A60FB2B1E57DF
6336MSDisplay_MultiDev_v1.0.1.60.tmpC:\Program Files\MS USB Display\Feedback Note.txtbinary
MD5:7F4207EA1304993E8533B7A58F3A51B0
SHA256:EE8078A7D68D5F9B702C1F5E322D67227A6512E75247D9E950D497E753C62565
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
26
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
7212
svchost.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
6080
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
6080
SIHClient.exe
GET
200
20.165.94.54:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
6080
SIHClient.exe
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
6080
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
unknown
whitelisted
356
svchost.exe
POST
200
40.126.31.71:443
https://login.live.com/RST2.srf
unknown
binary
11.1 Kb
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
unknown
whitelisted
356
svchost.exe
POST
200
40.126.31.71:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
7212
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5180
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.204.138:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
356
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.251.141.142
whitelisted
www.bing.com
  • 2.16.204.138
  • 2.16.204.160
  • 2.16.204.137
  • 2.16.204.141
  • 2.16.204.136
  • 2.16.204.134
  • 2.16.204.135
  • 2.16.204.150
  • 2.16.204.148
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.31.71
  • 40.126.31.73
  • 20.190.159.131
  • 40.126.31.129
  • 40.126.31.2
  • 20.190.159.129
  • 20.190.159.130
  • 20.190.159.23
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted
go.microsoft.com
  • 88.221.169.205
whitelisted

Threats

PID
Process
Class
Message
7212
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MSDisplay_MultiDev_v1.0.1.60.exe