File name:

WiFidriver.exe

Full analysis: https://app.any.run/tasks/8c6b22eb-d66a-4cac-9aca-bd38ba24b1f0
Verdict: Malicious activity
Analysis date: April 26, 2025, 18:19:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

0F092A9CFF8B15C0E71A10358E3C422F

SHA1:

0A19920FB783EE113351EE6F30E3B1A3247A4555

SHA256:

58E8A0655E795CEA7DACABC67AFE25CF63717F06B8BB5ACC6ABFD0176CEE2BDF

SSDEEP:

98304:3+cD4dn8CB+q55Xpn4VyVGiWQUorQ3fkIieh+oCxiDcgC05e/Ck18u3pXMryiyWL:mVD0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • DPInst64.exe (PID: 7732)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WiFidriver.exe (PID: 7544)
      • WiFidriver.exe (PID: 7668)
      • WiFidriver.tmp (PID: 7692)
      • DPInst64.exe (PID: 7732)
      • drvinst.exe (PID: 7892)
      • drvinst.exe (PID: 7848)

    • Reads security settings of Internet Explorer

      • WiFidriver.tmp (PID: 7564)

    • Process drops legitimate windows executable

      • WiFidriver.tmp (PID: 7692)

    • Drops a system driver (possible attempt to evade defenses)

      • WiFidriver.tmp (PID: 7692)
      • DPInst64.exe (PID: 7732)
      • drvinst.exe (PID: 7848)
      • drvinst.exe (PID: 7892)

    • Creates files in the driver directory

      • drvinst.exe (PID: 7848)
      • drvinst.exe (PID: 7892)

    • Creates a new Windows service

      • sc.exe (PID: 7928)

    • Restarts service on failure

      • sc.exe (PID: 8104)

    • Creates file in the systems drive root

      • AicWifiService.exe (PID: 8048)

    • Windows service management via SC.EXE

      • sc.exe (PID: 7992)

    • Executes as Windows Service

      • AicWifiService.exe (PID: 8048)

  • INFO

    • Checks supported languages

      • WiFidriver.exe (PID: 7544)
      • WiFidriver.tmp (PID: 7564)
      • WiFidriver.exe (PID: 7668)
      • DPInst64.exe (PID: 7732)
      • drvinst.exe (PID: 7892)
      • drvinst.exe (PID: 7848)
      • AicWifiService.exe (PID: 8048)

    • Process checks computer location settings

      • WiFidriver.tmp (PID: 7564)

    • Create files in a temporary directory

      • WiFidriver.exe (PID: 7544)
      • WiFidriver.exe (PID: 7668)
      • DPInst64.exe (PID: 7732)

    • Reads the computer name

      • WiFidriver.tmp (PID: 7564)
      • DPInst64.exe (PID: 7732)
      • drvinst.exe (PID: 7848)
      • drvinst.exe (PID: 7892)
      • AicWifiService.exe (PID: 8048)

    • Creates files in the program directory

      • WiFidriver.tmp (PID: 7692)

    • The sample compiled with english language support

      • WiFidriver.tmp (PID: 7692)

    • Creates a software uninstall entry

      • WiFidriver.tmp (PID: 7692)

    • Reads the software policy settings

      • drvinst.exe (PID: 7848)
      • drvinst.exe (PID: 7892)
      • slui.exe (PID: 920)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 7848)
      • drvinst.exe (PID: 7892)

    • Checks proxy server information

      • slui.exe (PID: 920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 40960
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: AIC
FileDescription: WiFi driver Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: WiFi driver
ProductVersion: 1.2.4.1
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
15
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start wifidriver.exe wifidriver.tmp no specs wifidriver.exe wifidriver.tmp dpinst64.exe drvinst.exe drvinst.exe sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs aicwifiservice.exe no specs sc.exe no specs conhost.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
920C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7544"C:\Users\admin\Desktop\WiFidriver.exe" C:\Users\admin\Desktop\WiFidriver.exe
explorer.exe
User:
admin
Company:
AIC
Integrity Level:
MEDIUM
Description:
WiFi driver Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\wifidriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7564"C:\Users\admin\AppData\Local\Temp\is-JH3ER.tmp\WiFidriver.tmp" /SL5="$70352,2321365,783872,C:\Users\admin\Desktop\WiFidriver.exe" C:\Users\admin\AppData\Local\Temp\is-JH3ER.tmp\WiFidriver.tmpWiFidriver.exe
User:
admin
Company:
AIC
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-jh3er.tmp\wifidriver.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
7668"C:\Users\admin\Desktop\WiFidriver.exe" /SPAWNWND=$4028A /NOTIFYWND=$70352 C:\Users\admin\Desktop\WiFidriver.exe
WiFidriver.tmp
User:
admin
Company:
AIC
Integrity Level:
HIGH
Description:
WiFi driver Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\wifidriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7692"C:\Users\admin\AppData\Local\Temp\is-F9L40.tmp\WiFidriver.tmp" /SL5="$A02C6,2321365,783872,C:\Users\admin\Desktop\WiFidriver.exe" /SPAWNWND=$4028A /NOTIFYWND=$70352 C:\Users\admin\AppData\Local\Temp\is-F9L40.tmp\WiFidriver.tmp
WiFidriver.exe
User:
admin
Company:
AIC
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\explorerframe.dll
c:\windows\syswow64\sfc.dll
c:\windows\syswow64\sfc_os.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\linkinfo.dll
c:\windows\syswow64\ntshrui.dll
7732"C:\Program Files (x86)\WiFi driver\win10_x64\DPInst64.exe" /A /SW /SAC:\Program Files (x86)\WiFi driver\win10_x64\DPInst64.exe
WiFidriver.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Driver Package Installer
Exit code:
512
Version:
2.1
Modules
Images
c:\program files (x86)\wifi driver\win10_x64\dpinst64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
7848DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{79fa78b7-5623-ed4c-8a52-1b89da242caa}\aicloadfw.inf" "9" "4af49629f" "00000000000001D8" "WinSta0\Default" "00000000000001E8" "208" "c:\program files (x86)\wifi driver\win10_x64"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
7892DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{183469b2-cb4b-d24a-b563-4238d0ed6218}\aicusbwifi.inf" "9" "45011de17" "00000000000001E8" "WinSta0\Default" "00000000000000EC" "208" "c:\program files (x86)\wifi driver\win10_x64"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
7928"C:\WINDOWS\system32\sc.exe" create AicWifiService start= auto binPath= "C:\Program Files (x86)\WiFi driver\AicWifiService.exe"C:\Windows\SysWOW64\sc.exeWiFidriver.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
7936\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
10 067
Read events
10 039
Write events
28
Delete events
0

Modification events

(PID) Process:(7732) DPInst64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.1
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\WiFi driver
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\WiFi driver\
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
WiFi driver
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: Setup Type
Value:
custom
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: Selected Components
Value:
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: Deselected Components
Value:
(PID) Process:(7692) WiFidriver.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F87BE16C-8EBE-4768-8E40-45535C9D8B66}_is1
Operation:writeName:Inno Setup: Language
Value:
chinesesimp
Executable files
46
Suspicious files
45
Text files
4
Unknown types
8

Dropped files

PID
Process
Filename
Type
7692WiFidriver.tmpC:\Program Files (x86)\WiFi driver\unins000.exeexecutable
MD5:1FAA28B1A614A5BE18F98593C65ED3A9
SHA256:4819BEB882ACBA2E82C0CC8752B67D8D78114EC88D9902C548A8B4C16F8E0ABF
7692WiFidriver.tmpC:\Program Files (x86)\WiFi driver\is-5DS9N.tmpimage
MD5:82A1D566DBC182A47702464E86B30BF1
SHA256:5877A8FF776A5E346C2A66F802AC8AF36D2CF973086BE4733D5D9677ABD1AFC9
7544WiFidriver.exeC:\Users\admin\AppData\Local\Temp\is-JH3ER.tmp\WiFidriver.tmpexecutable
MD5:0A3510513309161D5C81D0AA2366B402
SHA256:0EE2177BE407AE1E5C39700982F7DADB7DF55FE48B69BE0AC634CEE3A8D97709
7692WiFidriver.tmpC:\Program Files (x86)\WiFi driver\is-9AMNJ.tmpexecutable
MD5:1FAA28B1A614A5BE18F98593C65ED3A9
SHA256:4819BEB882ACBA2E82C0CC8752B67D8D78114EC88D9902C548A8B4C16F8E0ABF
7692WiFidriver.tmpC:\Program Files (x86)\WiFi driver\tool\DevManView.cfgtext
MD5:846D00789872022C832D110E33A81729
SHA256:CC13C1F046E54B4D834BAF3642C487E929D5A63F7BA895A2F62E7CB147D4DD38
7692WiFidriver.tmpC:\Program Files (x86)\WiFi driver\logo.icoimage
MD5:82A1D566DBC182A47702464E86B30BF1
SHA256:5877A8FF776A5E346C2A66F802AC8AF36D2CF973086BE4733D5D9677ABD1AFC9
7692WiFidriver.tmpC:\Program Files (x86)\WiFi driver\tool\DevManView.exeexecutable
MD5:D22CEB6B43F721FE4E892FEA6C8990E6
SHA256:9ABDC7CDC19548ADA451AEE6CAABE296957C050062991892E7D9787FF6E0BDEF
7692WiFidriver.tmpC:\Program Files (x86)\WiFi driver\win7_x64\aicloadfw.catbinary
MD5:045640113B4CC146A1E61A4226A87A6C
SHA256:65CEF3B6007D872CDEF5116D500707EC6A97AC5C8E0F29C8CB55E890A8F90D3F
7668WiFidriver.exeC:\Users\admin\AppData\Local\Temp\is-F9L40.tmp\WiFidriver.tmpexecutable
MD5:0A3510513309161D5C81D0AA2366B402
SHA256:0EE2177BE407AE1E5C39700982F7DADB7DF55FE48B69BE0AC634CEE3A8D97709
7692WiFidriver.tmpC:\Users\admin\AppData\Local\Temp\is-BE66R.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
43
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
4.245.163.56:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
unknown
3900
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
QA
binary
813 b
whitelisted
3900
SIHClient.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
RU
binary
824 b
whitelisted
3900
SIHClient.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
RU
binary
555 b
whitelisted
3900
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
QA
binary
419 b
whitelisted
3900
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
QA
binary
401 b
whitelisted
3900
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
QA
binary
813 b
whitelisted
3900
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
QA
binary
402 b
whitelisted
GET
200
4.245.163.56:443
https://slscr.update.microsoft.com/sls/ping
US
unknown
GET
304
4.245.163.56:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
3900
SIHClient.exe
4.175.87.197:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3900
SIHClient.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
3900
SIHClient.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
3900
SIHClient.exe
20.3.187.198:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7412
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.184.206
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.11
whitelisted
login.live.com
  • 20.190.159.73
  • 40.126.31.1
  • 40.126.31.3
  • 20.190.159.130
  • 40.126.31.2
  • 40.126.31.130
  • 40.126.31.128
  • 20.190.159.75
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WiFidriver.exe