File name:

lernstuf_introduction_2025.jpg

Full analysis: https://app.any.run/tasks/60be0be4-748b-4b7f-8b62-d815f8f9dfd9
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: January 18, 2025, 14:27:54
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
reflection
loader
Indicators:
MIME: image/jpeg
File info: JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 800x640, components 3
MD5:

4A6276605966FAAB94364BEB3302CA11

SHA1:

E0BC55C5D3A0B4E0B965ADE8276979EAC7599964

SHA256:

9D9846BFFBBE848BFA46018A2F8375F84EDF54EB7E2E0884489B42CE456F88C0

SSDEEP:

1536:lClAtNhnFD6mqO1SA2UVDwFH5x/v0WxRC/wRBIsnPv/auKFBikqO:lNrhFD6cS2DwF7UWhhnPv/aTrikt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Runs injected code in another process

      • lernstuf_introduction_2025.exe (PID: 4640)

    • Application was injected by another process

      • csrss.exe (PID: 616)

  • SUSPICIOUS

    • Executes application which crashes

      • lernstuf_introduction_2025.exe (PID: 4640)
      • lernstuf_introduction_2025.exe (PID: 6264)
      • lernstuf_introduction_2025.exe (PID: 2132)
      • lernstuf_introduction_2025.exe (PID: 2072)
      • lernstuf_introduction_2025.exe (PID: 6864)
      • lernstuf_introduction_2025.exe (PID: 3836)

    • Executable content was dropped or overwritten

      • csc.exe (PID: 6484)
      • csc.exe (PID: 7000)
      • csc.exe (PID: 4308)

    • Probably uses Microsoft diagnostics tool to execute malicious payload

      • pcwrun.exe (PID: 7140)

    • Uses RUNDLL32.EXE to load library

      • msdt.exe (PID: 6928)

    • Gets file extension (POWERSHELL)

      • sdiagnhost.exe (PID: 6936)

    • Converts a string into array of characters (POWERSHELL)

      • sdiagnhost.exe (PID: 6936)

    • Detects reflection assembly loader (YARA)

      • sdiagnhost.exe (PID: 6936)

  • INFO

    • Reads the computer name

      • lernstuf_introduction_2025.exe (PID: 4640)
      • lernstuf_introduction_2025.exe (PID: 6264)
      • lernstuf_introduction_2025.exe (PID: 2132)
      • lernstuf_introduction_2025.exe (PID: 2072)
      • lernstuf_introduction_2025.exe (PID: 6864)
      • lernstuf_introduction_2025.exe (PID: 3836)

    • Manual execution by a user

      • lernstuf_introduction_2025.exe (PID: 4640)
      • lernstuf_introduction_2025.exe (PID: 6264)
      • pcwrun.exe (PID: 7140)
      • cmd.exe (PID: 6272)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 2144)
      • WerFault.exe (PID: 628)
      • WerFault.exe (PID: 6004)
      • WerFault.exe (PID: 6468)
      • WerFault.exe (PID: 1740)
      • msdt.exe (PID: 6928)
      • WerFault.exe (PID: 2972)

    • Reads the software policy settings

      • WerFault.exe (PID: 2144)
      • WerFault.exe (PID: 628)
      • msdt.exe (PID: 6928)
      • sdiagnhost.exe (PID: 6936)
      • WerFault.exe (PID: 6468)
      • WerFault.exe (PID: 6004)
      • WerFault.exe (PID: 1740)
      • WerFault.exe (PID: 2972)

    • Checks proxy server information

      • WerFault.exe (PID: 2144)
      • WerFault.exe (PID: 628)
      • sdiagnhost.exe (PID: 6936)
      • WerFault.exe (PID: 6468)
      • WerFault.exe (PID: 6004)
      • WerFault.exe (PID: 1740)
      • WerFault.exe (PID: 2972)

    • Checks supported languages

      • lernstuf_introduction_2025.exe (PID: 4640)
      • lernstuf_introduction_2025.exe (PID: 6264)
      • cvtres.exe (PID: 5112)
      • csc.exe (PID: 6484)
      • csc.exe (PID: 4308)
      • cvtres.exe (PID: 6340)
      • csc.exe (PID: 7000)
      • cvtres.exe (PID: 7124)
      • lernstuf_introduction_2025.exe (PID: 2132)
      • lernstuf_introduction_2025.exe (PID: 2072)
      • lernstuf_introduction_2025.exe (PID: 6864)
      • lernstuf_introduction_2025.exe (PID: 3836)

    • Create files in a temporary directory

      • pcwrun.exe (PID: 7140)
      • sdiagnhost.exe (PID: 6936)
      • csc.exe (PID: 6484)
      • cvtres.exe (PID: 5112)
      • csc.exe (PID: 4308)
      • cvtres.exe (PID: 6340)
      • msdt.exe (PID: 6928)
      • cvtres.exe (PID: 7124)
      • csc.exe (PID: 7000)

    • The sample compiled with english language support

      • msdt.exe (PID: 6928)

    • The process uses the downloaded file

      • sdiagnhost.exe (PID: 6936)
      • msdt.exe (PID: 6928)
      • rundll32.exe (PID: 5968)
      • cmd.exe (PID: 6272)
      • rundll32.exe (PID: 3260)

    • Reads security settings of Internet Explorer

      • msdt.exe (PID: 6928)
      • sdiagnhost.exe (PID: 6936)
      • rundll32.exe (PID: 5968)
      • rundll32.exe (PID: 3260)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 6484)
      • csc.exe (PID: 4308)
      • csc.exe (PID: 7000)

    • Uses string replace method (POWERSHELL)

      • sdiagnhost.exe (PID: 6936)

    • Uses string split method (POWERSHELL)

      • sdiagnhost.exe (PID: 6936)

    • Sends debugging messages

      • lernstuf_introduction_2025.exe (PID: 2132)
      • lernstuf_introduction_2025.exe (PID: 2072)
      • lernstuf_introduction_2025.exe (PID: 6864)
      • lernstuf_introduction_2025.exe (PID: 3836)

    • Gets data length (POWERSHELL)

      • sdiagnhost.exe (PID: 6936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jpg | JFIF JPEG bitmap (38.1)
.jpg | JPEG bitmap (28.5)
.mp3 | MP3 audio (ID3 v1.x tag) (23.8)
.mp3 | MP3 audio (9.5)

EXIF

JFIF

JFIFVersion: 1.01
ResolutionUnit: inches
XResolution: 120
YResolution: 120

Composite

ImageSize: 800x640
Megapixels: 0.512
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
173
Monitored processes
33
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
start rundll32.exe no specs lernstuf_introduction_2025.exe werfault.exe lernstuf_introduction_2025.exe werfault.exe pcwrun.exe no specs msdt.exe no specs sdiagnhost.exe conhost.exe no specs csc.exe cvtres.exe no specs csc.exe cvtres.exe no specs csc.exe cvtres.exe no specs rundll32.exe no specs lernstuf_introduction_2025.exe werfault.exe rundll32.exe no specs lernstuf_introduction_2025.exe no specs lernstuf_introduction_2025.exe werfault.exe cmd.exe no specs conhost.exe no specs lernstuf_introduction_2025.exe no specs lernstuf_introduction_2025.exe no specs lernstuf_introduction_2025.exe werfault.exe lernstuf_introduction_2025.exe no specs lernstuf_introduction_2025.exe no specs lernstuf_introduction_2025.exe werfault.exe csrss.exe

Process information

PID
CMD
Path
Indicators
Parent process
440C:\Users\admin\Desktop\lernstuf_introduction_2025.exe //helpC:\Users\admin\Desktop\lernstuf_introduction_2025.execmd.exe
User:
admin
Company:
lernstuf
Integrity Level:
MEDIUM
Description:
lernstuf introduction 2024
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\lernstuf_introduction_2025.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
616%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
628C:\WINDOWS\SysWOW64\WerFault.exe -u -p 6264 -s 952C:\Windows\SysWOW64\WerFault.exe
lernstuf_introduction_2025.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
628\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1740C:\WINDOWS\SysWOW64\WerFault.exe -u -p 6864 -s 1064C:\Windows\SysWOW64\WerFault.exe
lernstuf_introduction_2025.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
2072"C:\Users\admin\Desktop\lernstuf_introduction_2025.exe" C:\Users\admin\Desktop\lernstuf_introduction_2025.exe
rundll32.exe
User:
admin
Company:
lernstuf
Integrity Level:
HIGH
Description:
lernstuf introduction 2024
Exit code:
3221225477
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\lernstuf_introduction_2025.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2132"C:\Users\admin\Desktop\lernstuf_introduction_2025.exe" C:\Users\admin\Desktop\lernstuf_introduction_2025.exe
rundll32.exe
User:
admin
Company:
lernstuf
Integrity Level:
MEDIUM
Description:
lernstuf introduction 2024
Exit code:
3221225477
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\lernstuf_introduction_2025.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2144C:\WINDOWS\SysWOW64\WerFault.exe -u -p 4640 -s 1012C:\Windows\SysWOW64\WerFault.exe
lernstuf_introduction_2025.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
2972C:\WINDOWS\SysWOW64\WerFault.exe -u -p 3836 -s 1068C:\Windows\SysWOW64\WerFault.exe
lernstuf_introduction_2025.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
3260"C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\pcwutl.dll,LaunchApplication ""C:\Users\admin\Desktop\lernstuf_introduction_2025.exe""C:\Windows\System32\rundll32.exemsdt.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
Total events
28 897
Read events
28 830
Write events
53
Delete events
14

Modification events

(PID) Process:(6476) rundll32.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000033000000A00400007502000000000000
(PID) Process:(4640) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0627&PID_0001\Calibration\0
Operation:writeName:GUID
Value:
F09B497EA8D5EF118001444553540000
(PID) Process:(4640) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Version
Value:
00070000
(PID) Process:(4640) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Name
Value:
LERNSTUF_INTRODUCTION_2025.EXE
(PID) Process:(4640) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Id
Value:
LERNSTUF_INTRODUCTION_2025.EXE6774F2390008B400
(PID) Process:(4640) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:MostRecentStart
Value:
7DDAA140B569DB01
(PID) Process:(6264) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Version
Value:
00070000
(PID) Process:(6264) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Name
Value:
LERNSTUF_INTRODUCTION_2025.EXE
(PID) Process:(6264) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:Id
Value:
LERNSTUF_INTRODUCTION_2025.EXE6774F2390008B400
(PID) Process:(6264) lernstuf_introduction_2025.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:writeName:MostRecentStart
Value:
05B3AB45B569DB01
Executable files
5
Suspicious files
33
Text files
31
Unknown types
0

Dropped files

PID
Process
Filename
Type
2144WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_lernstuf_introdu_db534c89d1b9e4827ef39673ed2235d22abf_e3808c8a_29de262f-c35d-4428-92c4-c4e62cb62513\Report.wer
MD5:
SHA256:
628WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_lernstuf_introdu_db534c89d1b9e4827ef39673ed2235d22abf_e3808c8a_f85d3e4a-0819-47b8-bf51-c42973e1f9d9\Report.wer
MD5:
SHA256:
2144WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\lernstuf_introduction_2025.exe.4640.dmpbinary
MD5:B7B510491A2BC67AC2839DB0B156FAA5
SHA256:0EDB27611ADB3A86B4391C7305B8B4FEB04F51BB7A416E4C88E3AC0981FCE5C7
2144WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERDAB5.tmp.xmlxml
MD5:ABB86842E1542BC2738DE0AA12F14CC3
SHA256:BF2B1E1970C56543B0F1DDB6E54B92F4E29CEFAA3518D76F2DB1F1EC0E453962
2144WerFault.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FEbinary
MD5:C69F8DD69D96E1732CE0016DB0ACA295
SHA256:1E74D3FDFB80064F11201B18030622C1DAA63288484AF06D7D65E0B6876A8E59
2144WerFault.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FEbinary
MD5:FA84E4BCC92AA5DB735AB50711040CDE
SHA256:6D7205E794FDE4219A62D9692ECDDF612663A5CF20399E79BE87B851FCA4CA33
628WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERFA05.tmp.xmlxml
MD5:49F6B97A9A6E7BC880844F6A7146D674
SHA256:118775B27F8B7EDA0521D967F053EFA1787F8FA4D50BF03BD084D8377C963AE4
2144WerFault.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21253908F3CB05D51B1C2DA8B681A785binary
MD5:408199DF009587C07646198DC9F37C62
SHA256:6F8D4D71A7B060941A50540FFDBDEC41B038825C1F3A60AF5D5BAAA11D4C634E
6928msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_d97010fc-088e-4035-9b43-0ca697fb39a0\DiagPackage.diagpkghtml
MD5:191959B4C3F91BE170B30BF5D1BC2965
SHA256:8EC3A8F67BAF1E4658FC772F9F35230CA1B0318DDAF7A4C84789A329B6F7F047
628WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\lernstuf_introduction_2025.exe.6264.dmpbinary
MD5:7778E02F9254212959277674A5B02ACF
SHA256:7B012D74D5C81DF16AA36EFDD33FD81E1D42F0CAA51665416820840077F483BC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
45
DNS requests
26
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3224
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6584
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3224
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2144
WerFault.exe
GET
200
23.48.23.164:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2144
WerFault.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1076
svchost.exe
184.30.18.9:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
6584
backgroundTaskHost.exe
20.31.169.57:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6584
backgroundTaskHost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
6584
backgroundTaskHost.exe
20.223.35.26:443
fd.api.iris.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 184.30.18.9
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.73
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.0
  • 20.190.159.71
  • 40.126.31.69
  • 40.126.31.73
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
  • 4.231.128.59
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
watson.events.data.microsoft.com
  • 104.208.16.94
  • 52.168.117.173
  • 20.42.65.92
  • 20.189.173.22
  • 20.189.173.20
whitelisted

Threats

No threats detected
Process
Message
lernstuf_introduction_2025.exe
FTH: (2132): *** Fault tolerant heap shim applied to current process. This is usually due to previous crashes. ***
lernstuf_introduction_2025.exe
FTH: (2072): *** Fault tolerant heap shim applied to current process. This is usually due to previous crashes. ***
lernstuf_introduction_2025.exe
FTH: (6864): *** Fault tolerant heap shim applied to current process. This is usually due to previous crashes. ***
lernstuf_introduction_2025.exe
FTH: (3836): *** Fault tolerant heap shim applied to current process. This is usually due to previous crashes. ***
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
lernstuf_introduction_2025.jpg