Overview

overview

8

Static

static

3

f80bc12ffe...51.exe

windows7-x64

8

f80bc12ffe...51.exe

windows10-2004-x64

8

kcinst.exe

windows7-x64

1

kcinst.exe

windows10-2004-x64

1

kcinst32.dll

windows7-x64

1

kcinst32.dll

windows10-2004-x64

1

letsvpn-latest.exe

windows7-x64

8

letsvpn-latest.exe

windows10-2004-x64

8

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

driver/tap0901.sys

windows10-2004-x64

1

driver/tapinstall.exe

windows7-x64

1

driver/tapinstall.exe

windows10-2004-x64

1

libCLI.dll

windows7-x64

1

libCLI.dll

windows10-2004-x64

1

msvcp140.dll

windows7-x64

1

msvcp140.dll

windows10-2004-x64

1

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

1

vcruntime140_1.dll

windows7-x64

1

vcruntime140_1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    letsvpn-latest.exe

  • Size

    14.7MB

  • MD5

    e039e221b48fc7c02517d127e158b89f

  • SHA1

    79eed88061472ae590616556f31576ca13bfc7fb

  • SHA256

    dc30e5dab15392627d30a506f6304030c581fc00716703fc31add10ff263d70b

  • SHA512

    87231c025bb94771e89a639c9cb1528763f096059f8806227b8ab45a8f1ea5cd3d94fdc91cb20dd140b91a14904653517f7b6673a142a864a58a2726d14ae4b8

  • SSDEEP

    393216:3Ie8M7oB2JNBXx9PMkglRy3mtFFu9zDVKZpw:3Rh8B2vB2c+kZD

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalation

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Modifies Windows Firewall 2 TTPs 5 IoCs
    evasion
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Network Service Discovery 1 TTPs 2 IoCs

    Attempt to gather information on host's network.

    discovery
  • Drops file in System32 directory 21 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 13 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 21 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 63 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\letsvpn-latest.exe
    "C:\Users\Admin\AppData\Local\Temp\letsvpn-latest.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1660
    • C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
      "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
      2⤵
      • Executes dropped EXE
      PID:536
    • C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
      "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies system certificate store
      • Suspicious use of AdjustPrivilegeToken
      PID:2340
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c netsh advfirewall firewall Delete rule name=lets
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1312
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall Delete rule name=lets
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2580
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c netsh advfirewall firewall Delete rule name=lets.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:444
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall Delete rule name=lets.exe
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:1752
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall Delete rule name=LetsPRO.exe
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:896
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1360
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall Delete rule name=LetsPRO
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:1808
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c netsh advfirewall firewall Delete rule name=LetsVPN
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall Delete rule name=LetsVPN
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:1620
    • C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
      "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
      2⤵
      • Executes dropped EXE
      PID:2436
    • C:\Program Files (x86)\letsvpn\LetsPRO.exe
      "C:\Program Files (x86)\letsvpn\LetsPRO.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3036
      • C:\Program Files (x86)\letsvpn\app-3.11.2\LetsPRO.exe
        "C:\Program Files (x86)\letsvpn\app-3.11.2\LetsPRO.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2396
        • C:\Windows\SysWOW64\cmd.exe
          "cmd.exe" /C ipconfig /all
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2072
          • C:\Windows\SysWOW64\ipconfig.exe
            ipconfig /all
            5⤵
            • System Location Discovery: System Language Discovery
            • Gathers network information
            PID:2268
        • C:\Windows\SysWOW64\netsh.exe
          C:\Windows\System32\netsh interface ipv4 set dnsservers \"LetsTAP\" source=dhcp validate=no
          4⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:2816
        • C:\Windows\SysWOW64\cmd.exe
          "cmd.exe" /C netsh interface ipv4 set interface LetsTAP metric=1
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1080
          • C:\Windows\SysWOW64\netsh.exe
            netsh interface ipv4 set interface LetsTAP metric=1
            5⤵
            • Event Triggered Execution: Netsh Helper DLL
            • System Location Discovery: System Language Discovery
            PID:2392
        • C:\Windows\SysWOW64\cmd.exe
          "cmd.exe" /C route print
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2148
          • C:\Windows\SysWOW64\ROUTE.EXE
            route print
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1864
        • C:\Windows\SysWOW64\cmd.exe
          "cmd.exe" /C arp -a
          4⤵
          • Network Service Discovery
          • System Location Discovery: System Language Discovery
          PID:1940
          • C:\Windows\SysWOW64\ARP.EXE
            arp -a
            5⤵
            • Network Service Discovery
            • System Location Discovery: System Language Discovery
            PID:2216
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{635a9352-376b-1169-84f0-5c419150086f}\oemvista.inf" "9" "6d14a44ff" "00000000000002F8" "WinSta0\Default" "000000000000058C" "208" "c:\program files (x86)\letsvpn\driver"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{1a3410b2-6351-0add-525c-e30d77b2001e} Global\{31318b47-f695-6fdb-3062-927fbd0b1e00} C:\Windows\System32\DriverStore\Temp\{6a6daa9c-0e0f-7e6e-9680-b046d3ce6c12}\oemvista.inf C:\Windows\System32\DriverStore\Temp\{6a6daa9c-0e0f-7e6e-9680-b046d3ce6c12}\tap0901.cat
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:628
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2540
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005E0" "00000000000005DC"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2884
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "oemvista.inf:tap0901.NTamd64:tap0901.ndi:9.24.6.601:tap0901" "6d14a44ff" "00000000000002F8" "0000000000000580" "00000000000005DC"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:804
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2680

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Command and Scripting Interpreter

    2
    T1059

    PowerShell

    1
    T1059.001

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Create or Modify System Process

    1
    T1543

    Windows Service

    1
    T1543.003

    Event Triggered Execution

    1
    T1546

    Netsh Helper DLL

    1
    T1546.007

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Create or Modify System Process

    1
    T1543

    Windows Service

    1
    T1543.003

    Event Triggered Execution

    1
    T1546

    Netsh Helper DLL

    1
    T1546.007

    Defense Evasion

    Impair Defenses

    1
    T1562

    Disable or Modify System Firewall

    1
    T1562.004

    Modify Registry

    2
    T1112

    Subvert Trust Controls

    1
    T1553

    Install Root Certificate

    1
    T1553.004

    Credential Access

    Discovery

    Network Service Discovery

    1
    T1046

    Query Registry

    1
    T1012

    System Information Discovery

    2
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\letsvpn\app-3.11.2\CommunityToolkit.Mvvm.dll
      Filesize

      109KB

      MD5

      143351606a574d84328219a7c18c7219

      SHA1

      8e47c7b530f40553f4a88daff11d78255cc77730

      SHA256

      cbe3b5714c52ad9ff8885d9893c9ed77ad54485a7c5bae3a75151c06d3ae7c4f

      SHA512

      b4698855a37639cac6dd4c400d11028bba1433f43e811e23881a72f7875048c77cf0dbd8bab8c0374ae7182fe41f37f69f5942d770fbbead86b12805b6647291

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\LetsPRO.exe
      Filesize

      1.5MB

      MD5

      ca72f8ead2ae568acc481f685385fb60

      SHA1

      887a1d53c8b61c81a80592ff62cf9cdf56b29d18

      SHA256

      d287af28a137d9c015531eae28815d2b0d0a53879318f104ef34e5d86e2c4618

      SHA512

      8da648e1363d490d6a4ee5ec9e38aec86384f345ae5fd58150b2affce8c3c208e1a55598cfe820d00e9448910598ffde29d2824275ebaafaa7d33279898a2e4c

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\LetsPRO.exe.config
      Filesize

      26KB

      MD5

      6126a1ab971d6bd4761f45791af90b1e

      SHA1

      36013821807f6fe08fe3b60a22ec519fd3e5579c

      SHA256

      9b7b7ec30f305b3cd9da40662f95ed57ae89ed8afd2b11d26503e387ff3c262d

      SHA512

      9f74f9f4ad593980337099717ba1e6b584530ee0e192b137297961d1550a70ae3a30fc1bf3e6e670fb817682354648d610f2a542b753a61f397ccaca20908510

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\Newtonsoft.Json.dll
      Filesize

      693KB

      MD5

      33a3c1df70cfab1888a4b20565515f81

      SHA1

      c1bfab7454dda45074a6e2b9ae4e9a2712830af6

      SHA256

      0c3c293507c487b76021baaded76defb0fecaf01c1327a448a9b756987595a9e

      SHA512

      76d3e0c34c5e793283910f93af3693355abdd374cf50234496cf3bbebf82a381113fbb4d53ad469f2f5a001b2cb96c761310a3825f8973ae61a4e8b59061cb28

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\System.Memory.dll
      Filesize

      138KB

      MD5

      2b370cc14974e2c9955a2a3bdb5cb78a

      SHA1

      98878fb3998e492cf964a2e2af2ca187372ce5b5

      SHA256

      334ed3950898aa1f1a62a15bc411972246ab59498ecc9418f75695a2c1a5ba71

      SHA512

      f5c06d3f184baa1d7a6c9ebff9c5f5bbe87f61318710b0b19a81ce2fa26d3fabfd2af504d558c8b35a81e4c0846325260a2a425f2f68fde2b075addecadacb3d

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\System.Runtime.InteropServices.RuntimeInformation.dll
      Filesize

      21KB

      MD5

      2a27f887342305cecd5ba36c8dbd4267

      SHA1

      2ca43487e37a67824b071d2870765f26c33ef7f2

      SHA256

      26a04bc90979886d477bb9777545e75a65c5f67443fdb5185c2fea249afc882b

      SHA512

      8d25ed902e2ca4191118b75cae0ea6338d0ce6aac3d10c08288e802704a115b15988a764899f3368aca0e7798933c5d4925721d82d7a7228372f435a36e1eafe

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\Utils.dll
      Filesize

      126KB

      MD5

      8af72dc9783c52125e229f8b79afba94

      SHA1

      71178bc7cfced6bc5dcb45ed666cdbe2c55182dd

      SHA256

      68ae722154cebfb3a3ca59b135e182a68fa0d6966a089008028f97022849bbc5

      SHA512

      dcada700522b78fe0006e84c6599a9857269512eb65a68c0475635f76d5805c43decad74232eb39dae83f987b3dabafe07129d44cce950c8dc9efd11901599e2

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\log4net.config
      Filesize

      1KB

      MD5

      7a7521bc7f838610905ce0286324ce39

      SHA1

      8ab90dd0c4b6edb79a6af2233340d0f59e9ac195

      SHA256

      2a322178557c88cc3c608101e8fc84bfd2f8fa9b81483a443bb3d09779de218d

      SHA512

      b25dfdce0977eaf7159df5eabe4b147a6c0adac39c84d1c7a9fe748446a10c8d2e20d04cf36221057aa210633df65f2a460821c8c79a2db16c912ec53a714d83

      Download Submit

    • C:\Program Files (x86)\letsvpn\app-3.11.2\log4net.dll
      Filesize

      273KB

      MD5

      5b9a663d7584d8e605b0c39031ec485a

      SHA1

      b7d86ebe4e18cb6d2a48a1c97ac6f7e39c8a9b91

      SHA256

      e45afce6eff080d568e3e059498f5768585143336c600011273366905f4fc635

      SHA512

      b02bd950384cf3d656c4b8f590013392e3028c6183aa9321bd91b6fc1f5d41b03771313ca5e3305398a60642fa14fc5a98daf3e6decba586c80861bafcbf0c64

      Download Submit

    • C:\Program Files (x86)\letsvpn\driver\OemVista.inf
      Filesize

      7KB

      MD5

      26009f092ba352c1a64322268b47e0e3

      SHA1

      e1b2220cd8dcaef6f7411a527705bd90a5922099

      SHA256

      150ef8eb07532146f833dc020c02238161043260b8a565c3cfcb2365bad980d9

      SHA512

      c18111982ca233a7fc5d1e893f9bd8a3ed739756a47651e0638debb0704066af6b25942c7961cdeedf953a206eb159fe50e0e10055c40b68eb0d22f6064bb363

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      807eed6e883120aef50abac5e1655d99

      SHA1

      a748f92757f3b001e744243eb451de14f987697d

      SHA256

      8c5a0e1d7cd979a7d2cc1ab32b57714f681c23476d757d47eba791d04aa0d730

      SHA512

      d8e5cd6e0a57d15e1179d90ab7a6f7106097dd266bbcb5c8492acc9efcf64a9a7ab89be5a952d2393f67ee355be12b90ecadf65403d16f84c1060957cd58b483

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6f19d3f6273a950cef6cb7a976e7616e

      SHA1

      ae269d70fae78d8decc7154f99c1afef8469c3e4

      SHA256

      7c144537e2d197064a110ed68772e41e8b67740213daf59bb656eb2015fc02fb

      SHA512

      c28cab854bfc8201ac8361f3a008ff89c535297fcbb0585167fc0d7d9f5168070802c93f17cea66de6c759ede4308162f7783ad9e179d168ba00918963a2afc6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fd8fd51ec573f62942cab45f8ea19a8b

      SHA1

      f13a01f973ce03f70e0ea48c2c0dddb1fbbc92f2

      SHA256

      30e48fc832ec95196ada77dc28be76495b475811694704b0e04bd5065e63c2e7

      SHA512

      4b4bcc5a87b00eededa3f6b073d00241f850c08461863b9bfdf5e63952ea15ad8da30f87a614fa1fda0601501325dbe4fd6f689d8369678e70fa1d291c46c3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f5dafe533a69c37dc4b25404d3e14d3

      SHA1

      ca86d12219e4b8e2d3b049f13a0eea0358640b31

      SHA256

      6f20fee7d36c6c84672172e31ea555263230ee178a934e8a9a44cd030eaf83c5

      SHA512

      6e6170006ffac7a1832c362e2712db7b49578f5912252fa5e23873fd92bb29c4bf7759b721835176dc3dbb88e6a28bfaaa088fc17de1c8b51048d89b977dced0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      39c49d4431f76b30b3c0c971a7a3f9df

      SHA1

      0d18646ffe03a2156c352fc3eb320f41ca57d525

      SHA256

      4d6458016043015a7978faa7a3743e3f28c0675fffbb1671a8ef6fcf402c3644

      SHA512

      48aec743ca6df6e7449e48d6524e29d7e4d315916c54f058f88be7c6c05f6ae9cbb9bc8d1dd71c25d70b7023f9862f039dcc8b274d487b2f6bca458607b03809

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      be6fa2019a19a334841b2b8bbb4620e3

      SHA1

      1cedc3ac4c9c71e53d5cf54041278c04872a2fbf

      SHA256

      ae2ecfa6459fc8d885944de84963600766dd88072a182b751d7670105222a651

      SHA512

      e6f6d272f14e19842357a6767e89340217a45b89ccd1363ce0c5f21943fb924c78b8ea43a08283f59ee7c3ead4740dfd48847ee96d0f110d537aa9805a6227fa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9d2a9dff1457a78f6479dc994070a00e

      SHA1

      55d12f62478bc0fb89f3c75c23f34bb0362a0cf9

      SHA256

      b8cf39b0667be812f3ff20379b53d184974e1828b6a66c42f08216e07902dfed

      SHA512

      8ac45f32b4de843e2fbaa491e4e7c568d9936f1d727c448b9ae35f5b0c12ed784c3b2914bea141a3e2910abbf49540537a2f9bacbd85d3c1f5d9282ec43ae047

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aaf4bf6381181c11ea50f882f163af56

      SHA1

      5c876d50193028a00c374db4787a9979b169caf0

      SHA256

      052d53a0d22680c5adc7206f0b2ea37a0af4a4a5a876219b4bb8d5499027f243

      SHA512

      9031b4a73022e7638aed14a2f636438b8ceb176616f1549c1f460e38c2686b7103c835aa48b1d7902633bc315c9ea4b2180f640063e4ddc3b154c8b1faf99067

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      eb2f1a788a074d0e86b1e0c74d475210

      SHA1

      24946d1c75eeaa480b74cdd4e92ff6be0744615b

      SHA256

      35f9cb6ff58e025551ea986635f614ab921b8495527127226384d33e40e18710

      SHA512

      d76b4d1f2154dbf79866ab000ef88d4647b8b2567a5a8dff8227c40b1b1be8be7688cd603732720f2db07a2e3dda7b19e7199a9b4725a5f0c7078e5b49bf7e73

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3870.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar38A2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsoE7C1.tmp\modern-wizard.bmp
      Filesize

      51KB

      MD5

      7f8e1969b0874c8fb9ab44fc36575380

      SHA1

      3057c9ce90a23d29f7d0854472f9f44e87b0f09a

      SHA256

      076221b4527ff13c3e1557abbbd48b0cb8e5f7d724c6b9171c6aadadb80561dd

      SHA512

      7aa65cfadc2738c0186ef459d0f5f7f770ba0f6da4ccd55a2ceca23627b7f13ba258136bab88f4eee5d9bb70ed0e8eb8ba8e1874b0280d2b08b69fc9bdd81555

      Download Submit

    • C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_neutral_662fd96dfdced4ae\oemvista.PNF
      Filesize

      8KB

      MD5

      67023792e331e20fc525a3d71eb70077

      SHA1

      9e1b1516880688ae06902cf806019a9568943dc2

      SHA256

      9e3fcba7f5b295ea5565505585c7c502733fc3078a2b9ff6b801907fd0371eef

      SHA512

      3fae720c760f7e8d6c2b87c65c90b3e6bf95f7011bc7112c8e05eb458ae15d26e04737c0ac1eae8cf13c9d1e55fbe670c20dceea763cbb79e3612b86a47ddb11

      Download Submit

    • C:\Windows\System32\DriverStore\INFCACHE.1
      Filesize

      1.4MB

      MD5

      49a68e43469f0ed4c6bb3dd1f0f17f43

      SHA1

      83b8692aab790b65d2d392719779d0da496b80bb

      SHA256

      6848c0ed3e96eb47ad811f5a30226da09e2737db05bcd948f146cd322e78c9cd

      SHA512

      eba9a1c135db9ca90f0cf182a17161db036b6cc2c007a7dab69228d16e08c36d3262e5904a72c15e57194b9f7a1ef595350e21e4795cefc532934eb80231801e

      Download Submit

    • C:\Windows\Temp\Cab39F6.tmp
      Filesize

      29KB

      MD5

      d59a6b36c5a94916241a3ead50222b6f

      SHA1

      e274e9486d318c383bc4b9812844ba56f0cff3c6

      SHA256

      a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

      SHA512

      17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

      Download Submit

    • C:\Windows\Temp\Tar3A09.tmp
      Filesize

      81KB

      MD5

      b13f51572f55a2d31ed9f266d581e9ea

      SHA1

      7eef3111b878e159e520f34410ad87adecf0ca92

      SHA256

      725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

      SHA512

      f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

      Download Submit

    • C:\Windows\inf\oem2.PNF
      Filesize

      8KB

      MD5

      86d3f5482f300c663af73274167b30c5

      SHA1

      e4c305c6ca508c2e13b2e176fc8a9e2eb2b95b35

      SHA256

      99563b7ee71c13e741b4e441c3cef85303f3b0f9008427f6bc755d91ee3d165f

      SHA512

      47704644aea3b9ca98a526d44f392ab436d21d068a67f090765a45222cf6905ac03ba19a05f2139193cb329965850131e4273bced4cfde9c709b7f4ba2d4bc44

      Download Submit

    • \??\c:\PROGRA~2\letsvpn\driver\tap0901.sys
      Filesize

      30KB

      MD5

      b1c405ed0434695d6fc893c0ae94770c

      SHA1

      79ecacd11a5f2b7e2d3f0461eef97b7b91181c46

      SHA256

      4c474ea37a98899e2997591a5e963f10f7d89d620c74c8ee099d3490f5213246

      SHA512

      635421879cd4c7c069489033afaf7db1641615bfd84e237264acfe3f2d67668ecfe8a9b9edd0e9d35b44dec7d6ba0197ed7048dfb8ec3dba87ccdc88be9acfb7

      Download Submit

    • \??\c:\program files (x86)\letsvpn\driver\tap0901.cat
      Filesize

      9KB

      MD5

      4fee2548578cd9f1719f84d2cb456dbf

      SHA1

      3070ed53d0e9c965bf1ffea82c259567a51f5d5f

      SHA256

      baecd78253fb6fbcfb521131e3570bf655aa9a05bb5610ce8bb4bddccf599b24

      SHA512

      6bc0c8c3757d1e226218a9485a4f9cdbae7ca40b56c35b9ff28c373be9bd6fbd7b1846ddf5680edb2e910d31912791afe2f9f2207b3880b56adb55426fc3fd49

      Download Submit

    • \Program Files (x86)\letsvpn\LetsPRO.exe
      Filesize

      240KB

      MD5

      bd8643e5db648810348aa0755e455b70

      SHA1

      119cb1fb3057d9759d0abb3dfdafc460456c1cc4

      SHA256

      bec6a116ea2224dd1532c6eaf20e4d61199240e55ccd0270199fbd22f2806477

      SHA512

      b8033d8989c66431e1771ffc6d2549a4d1e32b8612b7331e7a2931ddad3e31c8a7e1af8ef129883034b1fcf466b8ad0e1cab431cbf5c20c724f4eef53468f714

      Download Submit

    • \Program Files (x86)\letsvpn\app-3.11.2\LetsVPNDomainModel.dll
      Filesize

      20KB

      MD5

      85bee1626071af1b07e79fc7963731e4

      SHA1

      d804e63940798891928f3ba29be85cf06fbb9769

      SHA256

      222f84cd3111f90b7ce045119e63678ee180ab0a7c4f48cae25f097ee425debe

      SHA512

      6649931736a607dceea5ec8180e07c14c331761a7dd0fa5ab4187d3302c0a51262ccce40024d6540f3453d8bdd43785c5f8d45e9c5252e097b69b30fced78832

      Download Submit

    • \Program Files (x86)\letsvpn\driver\tapinstall.exe
      Filesize

      99KB

      MD5

      1e3cf83b17891aee98c3e30012f0b034

      SHA1

      824f299e8efd95beca7dd531a1067bfd5f03b646

      SHA256

      9f45a39015774eeaa2a6218793edc8e6273eb9f764f3aedee5cf9e9ccacdb53f

      SHA512

      fa5cf687eefd7a85b60c32542f5cb3186e1e835c01063681204b195542105e8718da2f42f3e1f84df6b0d49d7eebad6cb9855666301e9a1c5573455e25138a8b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsoE7C1.tmp\System.dll
      Filesize

      12KB

      MD5

      192639861e3dc2dc5c08bb8f8c7260d5

      SHA1

      58d30e460609e22fa0098bc27d928b689ef9af78

      SHA256

      23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

      SHA512

      6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsoE7C1.tmp\nsDialogs.dll
      Filesize

      9KB

      MD5

      b7d61f3f56abf7b7ff0d4e7da3ad783d

      SHA1

      15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

      SHA256

      89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

      SHA512

      6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsoE7C1.tmp\nsExec.dll
      Filesize

      7KB

      MD5

      11092c1d3fbb449a60695c44f9f3d183

      SHA1

      b89d614755f2e943df4d510d87a7fc1a3bcf5a33

      SHA256

      2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

      SHA512

      c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

      Download Submit

    • memory/804-717-0x0000000000FC0000-0x0000000000FE6000-memory.dmp

      Filesize

      152KB

      Download

    • memory/1660-17-0x00000000737A0000-0x0000000073D4B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1660-15-0x00000000737A0000-0x0000000073D4B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1660-16-0x00000000737A0000-0x0000000073D4B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1660-14-0x00000000737A0000-0x0000000073D4B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1660-13-0x00000000737A0000-0x0000000073D4B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1660-12-0x00000000737A1000-0x00000000737A2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2396-799-0x00000000049D0000-0x00000000049DA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-804-0x0000000004A00000-0x0000000004A0A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-805-0x0000000005790000-0x000000000579A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-807-0x0000000005920000-0x0000000005930000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2396-806-0x00000000058A0000-0x00000000058C6000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2396-808-0x0000000005990000-0x000000000599A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-921-0x000000000EA00000-0x000000000EA12000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2396-943-0x000000002EC20000-0x000000002EC28000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2396-946-0x000000002EC30000-0x000000002EC38000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2396-945-0x000000002EF40000-0x000000002EF54000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2396-944-0x000000002EF20000-0x000000002EF32000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2396-947-0x000000002F1E0000-0x000000002F1FE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2396-950-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-952-0x0000000005990000-0x000000000599A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-951-0x0000000005990000-0x000000000599A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-953-0x0000000030560000-0x00000000305BC000-memory.dmp

      Filesize

      368KB

      Download

    • memory/2396-954-0x000000002F560000-0x000000002F570000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2396-955-0x000000002F7B0000-0x000000002F7C6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2396-956-0x000000002F9A0000-0x000000002F9B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2396-969-0x0000000005690000-0x00000000056C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2396-803-0x00000000049F0000-0x00000000049FA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-802-0x00000000048E0000-0x00000000048E8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2396-1078-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-801-0x0000000004C60000-0x0000000004C86000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2396-795-0x0000000004990000-0x00000000049AA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2396-794-0x0000000004970000-0x000000000498E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2396-1187-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-1188-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-1192-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-788-0x0000000005540000-0x00000000055F2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2396-783-0x0000000000690000-0x000000000069A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2396-777-0x0000000000550000-0x0000000000596000-memory.dmp

      Filesize

      280KB

      Download

    • memory/2396-773-0x0000000000500000-0x0000000000524000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2396-769-0x0000000000A80000-0x0000000000C04000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2396-1325-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-1327-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-1328-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-1329-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download

    • memory/2396-1330-0x000000006BA00000-0x000000006C468000-memory.dmp

      Filesize

      10.4MB

      Download