File name:

WifiAutoInstallSetup.exe

Full analysis: https://app.any.run/tasks/3d44564f-8df3-4f32-a611-a7a794cc7d38
Verdict: Malicious activity
Analysis date: May 19, 2025, 08:40:06
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

28321E89711961A9CCD73F02EE70217F

SHA1:

86949CE6D414AF45E0D533CB16BC314C4533515E

SHA256:

FDCFB4D92BD94B527CBA5F89F4F31DFEF1761B3F2FF041E42181029123616629

SSDEEP:

98304:3H9f1rWJzgdYZlk9tYnppYTEMF9HTI3KORdb5jv8dFmDp+bm1ow45XnQBMsToWXF:CFCpc2ER/p4ZUNj8LS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WifiAutoInstallSetup.exe (PID: 496)
      • WifiAutoInstallSetup.exe (PID: 1088)
      • WifiAutoInstallSetup.tmp (PID: 680)
      • WifiAutoInstallDriver.exe (PID: 5640)
      • drvinst.exe (PID: 6404)

    • Reads security settings of Internet Explorer

      • WifiAutoInstallSetup.tmp (PID: 5244)

    • Reads the Windows owner or organization settings

      • WifiAutoInstallSetup.tmp (PID: 680)

    • Drops a system driver (possible attempt to evade defenses)

      • WifiAutoInstallSetup.tmp (PID: 680)
      • WifiAutoInstallDriver.exe (PID: 5640)
      • drvinst.exe (PID: 6404)

    • Process drops legitimate windows executable

      • WifiAutoInstallSetup.tmp (PID: 680)

    • Executes as Windows Service

      • WifiAutoInstallSrv.exe (PID: 5720)

    • Creates files in the driver directory

      • drvinst.exe (PID: 6404)

  • INFO

    • Checks supported languages

      • WifiAutoInstallSetup.exe (PID: 496)
      • WifiAutoInstallSetup.exe (PID: 1088)
      • WifiAutoInstallSetup.tmp (PID: 5244)
      • WifiAutoInstallSetup.tmp (PID: 680)
      • WifiAutoInstallSrv.exe (PID: 5720)
      • WifiAutoInstallDriver.exe (PID: 5640)
      • WifiAutoInstallSrv.exe (PID: 6048)
      • drvinst.exe (PID: 6404)

    • Reads the computer name

      • WifiAutoInstallSetup.tmp (PID: 5244)
      • WifiAutoInstallSetup.tmp (PID: 680)
      • WifiAutoInstallSrv.exe (PID: 5720)
      • WifiAutoInstallDriver.exe (PID: 5640)
      • WifiAutoInstallSrv.exe (PID: 6048)
      • drvinst.exe (PID: 6404)

    • Create files in a temporary directory

      • WifiAutoInstallSetup.exe (PID: 496)
      • WifiAutoInstallSetup.exe (PID: 1088)
      • WifiAutoInstallSetup.tmp (PID: 680)
      • WifiAutoInstallDriver.exe (PID: 5640)

    • Process checks computer location settings

      • WifiAutoInstallSetup.tmp (PID: 5244)

    • Detects InnoSetup installer (YARA)

      • WifiAutoInstallSetup.exe (PID: 496)
      • WifiAutoInstallSetup.tmp (PID: 5244)
      • WifiAutoInstallSetup.exe (PID: 1088)
      • WifiAutoInstallSetup.tmp (PID: 680)

    • Compiled with Borland Delphi (YARA)

      • WifiAutoInstallSetup.tmp (PID: 5244)
      • WifiAutoInstallSetup.tmp (PID: 680)

    • Creates files in the program directory

      • WifiAutoInstallSetup.tmp (PID: 680)
      • WifiAutoInstallSrv.exe (PID: 6048)

    • The sample compiled with chinese language support

      • WifiAutoInstallSetup.tmp (PID: 680)

    • Creates a software uninstall entry

      • WifiAutoInstallSetup.tmp (PID: 680)

    • The sample compiled with english language support

      • WifiAutoInstallDriver.exe (PID: 5640)
      • WifiAutoInstallSetup.tmp (PID: 680)
      • drvinst.exe (PID: 6404)

    • Reads the software policy settings

      • drvinst.exe (PID: 6404)
      • slui.exe (PID: 2108)
      • slui.exe (PID: 6972)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 6404)

    • Checks proxy server information

      • slui.exe (PID: 6972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41984
InitializedDataSize: 27648
UninitializedDataSize: -
EntryPoint: 0xaad0
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.1.4
ProductVersionNumber: 2.0.1.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Realtek, Inc.
FileDescription: WifiAutoInstall Setup
FileVersion: 2.0.1.4
LegalCopyright:
ProductName: WifiAutoInstall
ProductVersion: 2.0.1.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
160
Monitored processes
17
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wifiautoinstallsetup.exe wifiautoinstallsetup.tmp no specs wifiautoinstallsetup.exe wifiautoinstallsetup.tmp sppextcomobj.exe no specs slui.exe wifiautoinstallsrv.exe no specs conhost.exe no specs wifiautoinstallsrv.exe wifiautoinstalldriver.exe conhost.exe no specs drvinst.exe slui.exe ucpdmgr.exe no specs conhost.exe no specs ucpdmgr.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
496"C:\Users\admin\Downloads\WifiAutoInstallSetup.exe" C:\Users\admin\Downloads\WifiAutoInstallSetup.exe
explorer.exe
User:
admin
Company:
Realtek, Inc.
Integrity Level:
MEDIUM
Description:
WifiAutoInstall Setup
Exit code:
0
Version:
2.0.1.4
Modules
Images
c:\users\admin\downloads\wifiautoinstallsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
536\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeUCPDMgr.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680"C:\Users\admin\AppData\Local\Temp\is-8BU1P.tmp\WifiAutoInstallSetup.tmp" /SL5="$902AE,7412733,70656,C:\Users\admin\Downloads\WifiAutoInstallSetup.exe" /SPAWNWND=$702A2 /NOTIFYWND=$60310 C:\Users\admin\AppData\Local\Temp\is-8BU1P.tmp\WifiAutoInstallSetup.tmp
WifiAutoInstallSetup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8bu1p.tmp\wifiautoinstallsetup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
920"C:\WINDOWS\system32\UCPDMgr.exe"C:\Windows\System32\UCPDMgr.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
User Choice Protection Manager
Exit code:
0
Version:
1.0.0.414301
Modules
Images
c:\windows\system32\ucpdmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1088"C:\Users\admin\Downloads\WifiAutoInstallSetup.exe" /SPAWNWND=$702A2 /NOTIFYWND=$60310 C:\Users\admin\Downloads\WifiAutoInstallSetup.exe
WifiAutoInstallSetup.tmp
User:
admin
Company:
Realtek, Inc.
Integrity Level:
HIGH
Description:
WifiAutoInstall Setup
Exit code:
0
Version:
2.0.1.4
Modules
Images
c:\users\admin\downloads\wifiautoinstallsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1452C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
2108"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2416\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeUCPDMgr.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3240\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWifiAutoInstallSrv.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5244"C:\Users\admin\AppData\Local\Temp\is-Q00U1.tmp\WifiAutoInstallSetup.tmp" /SL5="$60310,7412733,70656,C:\Users\admin\Downloads\WifiAutoInstallSetup.exe" C:\Users\admin\AppData\Local\Temp\is-Q00U1.tmp\WifiAutoInstallSetup.tmpWifiAutoInstallSetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-q00u1.tmp\wifiautoinstallsetup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
4 489
Read events
4 466
Write events
23
Delete events
0

Modification events

(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (a)
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Realtek\WifiAutoInstall
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Realtek\WifiAutoInstall\
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:DisplayName
Value:
WifiAutoInstall version 2.0.1.4
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files\Realtek\WifiAutoInstall\unins000.exe"
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\Realtek\WifiAutoInstall\unins000.exe" /SILENT
(PID) Process:(680) WifiAutoInstallSetup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72E6A041-2A57-40D4-ABB5-F90B3C0FD855}_is1
Operation:writeName:DisplayVersion
Value:
2.0.1.4
Executable files
84
Suspicious files
38
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
496WifiAutoInstallSetup.exeC:\Users\admin\AppData\Local\Temp\is-Q00U1.tmp\WifiAutoInstallSetup.tmpexecutable
MD5:CBF1738F5B749C8DBF3CB47770C9AD64
SHA256:A856E40858BA8E56AF2B076606BD70BE78239537E83784615436560EBD94BEF7
1088WifiAutoInstallSetup.exeC:\Users\admin\AppData\Local\Temp\is-8BU1P.tmp\WifiAutoInstallSetup.tmpexecutable
MD5:CBF1738F5B749C8DBF3CB47770C9AD64
SHA256:A856E40858BA8E56AF2B076606BD70BE78239537E83784615436560EBD94BEF7
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\Driver\Win10X64\netrtwlanu_WAPI.infbinary
MD5:85FFCA651E4BFD7A8DBD0255A02CB8E5
SHA256:BA9C0684B62B49E899E184731A33498A220BDD6344BE5676035DA4C96D81CB14
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\unins000.exeexecutable
MD5:BFB8AD31B6E42009A8DBE3B631898390
SHA256:680E5FD891392E723DF6C53A56CF82E52BB63A4FA1F9918201A12A3AB6C78630
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\is-8HOUE.tmpexecutable
MD5:0B05F3A2D3541C38D7C6EFA89A0EB573
SHA256:86DEFB293AF4F0E3934819B1C64C2F9F07DACF8E0C50AEF7F7BA21A8D9FB016E
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\Driver\Win10X64\is-QSG0C.tmpbinary
MD5:9B017CD51BFFB48136CC221EAE6B82A4
SHA256:B63CCAE86C91F3ED53E4EC6CF6864A70925834AE0CD9B7DEA87AF0CFB38BE82E
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exeexecutable
MD5:0B05F3A2D3541C38D7C6EFA89A0EB573
SHA256:86DEFB293AF4F0E3934819B1C64C2F9F07DACF8E0C50AEF7F7BA21A8D9FB016E
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\Driver\Win10X64\is-3NDHB.tmptext
MD5:261C6494A1775F6FD62F1366DCD56EF8
SHA256:F7AB5A436F99EC7A522C744C4AAE08F565C2DA781AA00F868169B746FC8780F2
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstall.initext
MD5:E163063DD634E44614790DA1F9331C6D
SHA256:B3640E9B546355C4E44E43092D339E2ED052099893EBF08E70CE63F6172C0EDA
680WifiAutoInstallSetup.tmpC:\Program Files\Realtek\WifiAutoInstall\is-EU9N6.tmptext
MD5:E163063DD634E44614790DA1F9331C6D
SHA256:B3640E9B546355C4E44E43092D339E2ED052099893EBF08E70CE63F6172C0EDA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
31
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1096
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1096
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
1096
SIHClient.exe
20.109.210.53:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1096
SIHClient.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1096
SIHClient.exe
40.69.42.241:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2108
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
20.190.159.129:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.11
whitelisted
login.live.com
  • 20.190.159.129
  • 20.190.159.130
  • 20.190.159.64
  • 20.190.159.75
  • 20.190.159.73
  • 40.126.31.71
  • 20.190.159.71
  • 40.126.31.1
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
self.events.data.microsoft.com
  • 20.189.173.24
whitelisted

Threats

No threats detected
Process
Message
WifiAutoInstallSrv.exe
WifiAutoInstallSrv SvcMain()
WifiAutoInstallSrv.exe
_tmain() Option =
WifiAutoInstallSrv.exe
SvcInit stop CDROM
WifiAutoInstallSrv.exe
MediaEnumandDetection: Enter
WifiAutoInstallSrv.exe
SetupDiEnumDeviceInterfaces error: 259
WifiAutoInstallSrv.exe
MediaEnumandDetection: Enter
WifiAutoInstallSrv.exe
SetupDiEnumDeviceInterfaces error: 259
WifiAutoInstallSrv.exe
device path: \\?\ide#diskwdc_wd20ears____________________________2.5+____#5&2770a7af&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
WifiAutoInstallSetup.exe