File name:

letsvpn-latest.exe

Full analysis: https://app.any.run/tasks/54043afe-df4c-4ef1-a26d-d8bcd356cf1c
Verdict: Malicious activity
Analysis date: July 13, 2025, 13:04:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

73E488B8090341EC8ED56A422462CD12

SHA1:

AD6DD720AF8A08A7B76BB11044B442A1FA69F3F2

SHA256:

3EF70AD5805B82BAAE9AA2ED92C1D2D463B0142166C7B0AC6578D2B8BCAD2D40

SSDEEP:

98304:cqYWgxgzS6EdT92JQpUSvqMk3Cd5ErqHYfxQr1giOax7qPAk3d3IiCYU2mAG//fI:/lNk+pBnVk7p5zPPsaPNzcIkzaw5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 5456)

    • Changes powershell execution policy (Bypass)

      • letsvpn-latest.exe (PID: 3756)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • letsvpn-latest.exe (PID: 3756)

    • The process creates files with name similar to system file names

      • letsvpn-latest.exe (PID: 3756)

    • Executable content was dropped or overwritten

      • letsvpn-latest.exe (PID: 3756)
      • tapinstall.exe (PID: 2044)
      • drvinst.exe (PID: 3860)
      • drvinst.exe (PID: 4804)

    • Drops a system driver (possible attempt to evade defenses)

      • letsvpn-latest.exe (PID: 3756)
      • tapinstall.exe (PID: 2044)
      • drvinst.exe (PID: 4804)
      • drvinst.exe (PID: 3860)

    • Process drops legitimate windows executable

      • letsvpn-latest.exe (PID: 3756)

    • There is functionality for taking screenshot (YARA)

      • letsvpn-latest.exe (PID: 3756)

    • Reads security settings of Internet Explorer

      • tapinstall.exe (PID: 2044)

    • Starts POWERSHELL.EXE for commands execution

      • letsvpn-latest.exe (PID: 3756)

    • The process executes Powershell scripts

      • letsvpn-latest.exe (PID: 3756)

    • Creates files in the driver directory

      • drvinst.exe (PID: 4804)
      • drvinst.exe (PID: 3860)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 4804)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 1828)
      • cmd.exe (PID: 4084)
      • cmd.exe (PID: 4216)
      • cmd.exe (PID: 2668)
      • cmd.exe (PID: 6016)

    • Creates a software uninstall entry

      • letsvpn-latest.exe (PID: 3756)

    • Starts CMD.EXE for commands execution

      • letsvpn-latest.exe (PID: 3756)

  • INFO

    • Checks supported languages

      • letsvpn-latest.exe (PID: 3756)
      • tapinstall.exe (PID: 2044)
      • tapinstall.exe (PID: 1728)
      • tapinstall.exe (PID: 4132)
      • drvinst.exe (PID: 4804)
      • drvinst.exe (PID: 3860)
      • LetsPRO.exe (PID: 3740)
      • LetsPRO.exe (PID: 2072)

    • The sample compiled with english language support

      • letsvpn-latest.exe (PID: 3756)
      • tapinstall.exe (PID: 2044)
      • drvinst.exe (PID: 3860)
      • drvinst.exe (PID: 4804)

    • Reads the computer name

      • letsvpn-latest.exe (PID: 3756)
      • tapinstall.exe (PID: 2044)
      • drvinst.exe (PID: 3860)
      • drvinst.exe (PID: 4804)
      • LetsPRO.exe (PID: 2072)

    • Creates files in the program directory

      • letsvpn-latest.exe (PID: 3756)
      • LetsPRO.exe (PID: 2072)

    • Create files in a temporary directory

      • letsvpn-latest.exe (PID: 3756)
      • tapinstall.exe (PID: 2044)

    • Creates files or folders in the user directory

      • letsvpn-latest.exe (PID: 3756)

    • Reads the software policy settings

      • tapinstall.exe (PID: 2044)
      • drvinst.exe (PID: 3860)
      • slui.exe (PID: 592)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 5456)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 5456)

    • Reads the machine GUID from the registry

      • tapinstall.exe (PID: 2044)
      • drvinst.exe (PID: 3860)
      • LetsPRO.exe (PID: 2072)

    • Checks proxy server information

      • slui.exe (PID: 592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:15+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x351c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.14.2.0
ProductVersionNumber: 3.14.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Letsgo Network Incorporated
FileDescription: LetsVPN Setup EXE
FileVersion: 3.14.2.0
LegalCopyright: Copyright (c) 2024
ProductName: LetsVPN
ProductVersion: 3.14.2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
30
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start letsvpn-latest.exe powershell.exe no specs conhost.exe no specs tapinstall.exe no specs conhost.exe no specs tapinstall.exe conhost.exe no specs drvinst.exe drvinst.exe tapinstall.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs letspro.exe no specs letspro.exe no specs slui.exe letsvpn-latest.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
432\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
592C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
620\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1336netsh advfirewall firewall Delete rule name=LetsPROC:\Windows\SysWOW64\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1728"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901C:\Program Files (x86)\letsvpn\driver\tapinstall.exeletsvpn-latest.exe
User:
admin
Company:
Windows (R) Win 7 DDK provider
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
6.1.7600.16385 built by: WinDDK
Modules
Images
c:\program files (x86)\letsvpn\driver\tapinstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1828cmd /c netsh advfirewall firewall Delete rule name=LetsPROC:\Windows\SysWOW64\cmd.exeletsvpn-latest.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2044"C:\Users\admin\Desktop\letsvpn-latest.exe" C:\Users\admin\Desktop\letsvpn-latest.exeexplorer.exe
User:
admin
Company:
Letsgo Network Incorporated
Integrity Level:
MEDIUM
Description:
LetsVPN Setup EXE
Exit code:
3221226540
Version:
3.14.2.0
Modules
Images
c:\users\admin\desktop\letsvpn-latest.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2044"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
letsvpn-latest.exe
User:
admin
Company:
Windows (R) Win 7 DDK provider
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
6.1.7600.16385 built by: WinDDK
Modules
Images
c:\program files (x86)\letsvpn\driver\tapinstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2072"C:\Program Files (x86)\letsvpn\app-3.14.2\LetsPRO.exe" checkNetFrameworkC:\Program Files (x86)\letsvpn\app-3.14.2\LetsPRO.exeLetsPRO.exe
User:
admin
Integrity Level:
HIGH
Description:
LetsVPN
Exit code:
0
Version:
3.14.2
Modules
Images
c:\program files (x86)\letsvpn\app-3.14.2\letspro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
2668cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exeC:\Windows\SysWOW64\cmd.exeletsvpn-latest.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
17 273
Read events
17 209
Write events
57
Delete events
7

Modification events

(PID) Process:(3756) letsvpn-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\lets
Operation:writeName:InstallTimeStamp
Value:
20250713130440.858
(PID) Process:(3756) letsvpn-latest.exeKey:HKEY_CURRENT_USER\SOFTWARE\lets
Operation:writeName:InstallNewVersion
Value:
3.14.2
(PID) Process:(2044) tapinstall.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
(PID) Process:(4804) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tap0901
Operation:writeName:Owners
Value:
oem1.inf
(PID) Process:(4804) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/tap0901.sys
Operation:writeName:Owners
Value:
oem1.inf
(PID) Process:(4804) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Descriptors\tap0901
Operation:writeName:Configuration
Value:
tap0901.ndi
(PID) Process:(4804) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Descriptors\tap0901
Operation:writeName:Manufacturer
Value:
%provider%
(PID) Process:(4804) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Descriptors\tap0901
Operation:writeName:Description
Value:
%devicedescription%
(PID) Process:(4804) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Configurations\tap0901.ndi
Operation:writeName:Service
Value:
tap0901
(PID) Process:(4804) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Configurations\tap0901.ndi
Operation:writeName:ConfigScope
Value:
5
Executable files
226
Suspicious files
15
Text files
12
Unknown types
0

Dropped files

PID
Process
Filename
Type
3756letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nse6591.tmp\modern-header.bmpimage
MD5:5ACF495828FEAE7F85E006B7774AF497
SHA256:6CFEBB59F0BA1B9F1E8D7AA6387F223A468EB2FF74A9ED3C3F4BB688C2B6455E
3756letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nse6591.tmp\modern-wizard.bmpimage
MD5:7F8E1969B0874C8FB9AB44FC36575380
SHA256:076221B4527FF13C3E1557ABBBD48B0CB8E5F7D724C6B9171C6AADADB80561DD
3756letsvpn-latest.exeC:\Program Files (x86)\letsvpn\app-3.14.2\CommunityToolkit.Mvvm.dllexecutable
MD5:D70E0A63CAD532FD95E4EFAD739FE396
SHA256:8E818C4EDAC3C2C92418703C1A9111D684064897E3859611B7DEA2A075E292C4
3756letsvpn-latest.exeC:\Program Files (x86)\letsvpn\driver\OemVista.infbinary
MD5:26009F092BA352C1A64322268B47E0E3
SHA256:150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
3756letsvpn-latest.exeC:\Program Files (x86)\letsvpn\Update.exeexecutable
MD5:E7E428EF71B5E97204FF023FEBF32BAB
SHA256:86B1F0846027C08A45954D5E43C10F7453E21BF4F4B4F2257A8B3F1AB70FBB57
3756letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nse6591.tmp\nsDialogs.dllexecutable
MD5:B7D61F3F56ABF7B7FF0D4E7DA3AD783D
SHA256:89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
3756letsvpn-latest.exeC:\Program Files (x86)\letsvpn\driver\tapinstall.exeexecutable
MD5:1E3CF83B17891AEE98C3E30012F0B034
SHA256:9F45A39015774EEAA2A6218793EDC8E6273EB9F764F3AEDEE5CF9E9CCACDB53F
3756letsvpn-latest.exeC:\Program Files (x86)\letsvpn\driver\tap0901.sysexecutable
MD5:C10CCDEC5D7AF458E726A51BB3CDC732
SHA256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
3756letsvpn-latest.exeC:\Program Files (x86)\letsvpn\driver\tap0901.catbinary
MD5:F73AC62E8DF97FAF3FC8D83E7F71BF3F
SHA256:CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
3756letsvpn-latest.exeC:\Program Files (x86)\letsvpn\app-3.14.2\LetsGoogleAnalytics.exeexecutable
MD5:04EFCC3D5C18C252D637E43E54982F3E
SHA256:7662D4E4A4339132475127A25DCAE76EC9413F73B323E14F922CDB9F0C92E081
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
56
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7152
RUXIMICS.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7152
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
304
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
2212
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
GET
200
40.69.42.241:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
2212
SIHClient.exe
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5944
MoUsoCoreWorker.exe
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7152
RUXIMICS.exe
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
7152
RUXIMICS.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5944
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.106.86.13
  • 20.73.194.208
whitelisted
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.14
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 40.126.32.138
  • 20.190.160.65
  • 40.126.32.74
  • 20.190.160.132
  • 20.190.160.17
  • 20.190.160.20
  • 20.190.160.14
  • 20.190.160.131
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
  • 20.83.72.98
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
letsvpn-latest.exe