Copper Contributor

I observed traffic towards https://cache.datamart.windows.com from a Windows 10 Machine.

The used user agent captured was “Microsoft!WiFiTask_File_Downloader” and have no information on the official website of the Microsoft.


On further analysis i found wifitask.exe generating this traffic which is a background service.


Also after analyzing wifitask.exe in "https://www.hybrid-analysis.com" i found the “Microsoft!WiFiTask_File_Downloader” in the strings.


Ref Link : https://www.hybrid-analysis.com/sample/3f61513138fc7db66fb977304212636422a018ff5792fad255909209cb2bd...


Can any one please help me understand,


1. Why wifitask.exe is generating traffic towards https://cache.datamart.windows.com?

2. Why “Microsoft!WiFiTask_File_Downloader” is captured as User Agent in logs? 

0 Replies