File name:

letsvpn-latest.exe

Full analysis: https://app.any.run/tasks/246a9066-0f74-4d18-94ed-c42bc2cd2898
Verdict: Malicious activity
Analysis date: November 20, 2024, 12:13:48
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
websocket
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

E680B7E43F6FB7DAB7FCD9A07F0B9367

SHA1:

E29C59617F8AAFCDE20E06542510C087EF1892A9

SHA256:

185B11B4952AA5A8BD4AB83B8FEADE5224AD5823F002FF2381F74E184B9F0A25

SSDEEP:

196608:+VR8YtUe4JmHP7zI58mb3YxRog8AtpH3H+2:+VftUVJm/Ik3og8MHXl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 3856)
      • powershell.exe (PID: 4140)

    • Changes powershell execution policy (Bypass)

      • letsvpn-latest.exe (PID: 1156)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • letsvpn-latest.exe (PID: 1156)

    • Manipulates environment variables

      • powershell.exe (PID: 3856)

    • The process creates files with name similar to system file names

      • letsvpn-latest.exe (PID: 1156)

    • The process executes Powershell scripts

      • letsvpn-latest.exe (PID: 1156)

    • Drops a system driver (possible attempt to evade defenses)

      • tapinstall.exe (PID: 6440)
      • letsvpn-latest.exe (PID: 1156)
      • drvinst.exe (PID: 6704)
      • drvinst.exe (PID: 6596)

    • Process drops legitimate windows executable

      • letsvpn-latest.exe (PID: 1156)

    • Executable content was dropped or overwritten

      • tapinstall.exe (PID: 6440)
      • drvinst.exe (PID: 6596)
      • drvinst.exe (PID: 6704)
      • letsvpn-latest.exe (PID: 1156)

    • Checks processor architecture

      • powershell.exe (PID: 3856)

    • Starts POWERSHELL.EXE for commands execution

      • letsvpn-latest.exe (PID: 1156)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 6784)
      • cmd.exe (PID: 6900)
      • cmd.exe (PID: 7116)
      • cmd.exe (PID: 7008)

    • Starts CMD.EXE for commands execution

      • letsvpn-latest.exe (PID: 1156)
      • LetsPRO.exe (PID: 2416)

    • Uses ROUTE.EXE to obtain the routing table information

      • cmd.exe (PID: 4580)

    • Process uses IPCONFIG to discover network configuration

      • cmd.exe (PID: 6928)

    • Executes as Windows Service

      • WmiApSrv.exe (PID: 7052)

    • Process uses ARP to discover network configuration

      • cmd.exe (PID: 6184)

    • Suspicious use of NETSH.EXE

      • LetsPRO.exe (PID: 2416)

  • INFO

    • Create files in a temporary directory

      • letsvpn-latest.exe (PID: 1156)

    • Creates files or folders in the user directory

      • letsvpn-latest.exe (PID: 1156)

    • Reads the computer name

      • letsvpn-latest.exe (PID: 1156)

    • Creates files in the program directory

      • letsvpn-latest.exe (PID: 1156)

    • Prints a route via ROUTE.EXE

      • ROUTE.EXE (PID: 7160)

    • Checks supported languages

      • letsvpn-latest.exe (PID: 1156)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:01:30 03:57:48+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 186368
UninitializedDataSize: 2048
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
40
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start letsvpn-latest.exe powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs tapinstall.exe no specs conhost.exe no specs tapinstall.exe conhost.exe no specs drvinst.exe drvinst.exe cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs tapinstall.exe no specs conhost.exe no specs letspro.exe no specs letspro.exe no specs cmd.exe no specs conhost.exe no specs ipconfig.exe no specs wmiapsrv.exe no specs cmd.exe no specs conhost.exe no specs route.exe no specs cmd.exe no specs conhost.exe no specs arp.exe no specs netsh.exe no specs conhost.exe no specs letsvpn-latest.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1156"C:\Users\admin\AppData\Local\Temp\letsvpn-latest.exe" C:\Users\admin\AppData\Local\Temp\letsvpn-latest.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\letsvpn-latest.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2416"C:\Program Files (x86)\letsvpn\app-3.5.2\LetsPRO.exe" C:\Program Files (x86)\letsvpn\app-3.5.2\LetsPRO.exeLetsPRO.exe
User:
admin
Integrity Level:
HIGH
Description:
LetsVPN
Version:
3.5.2
Modules
Images
c:\program files (x86)\letsvpn\app-3.5.2\letspro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
3856powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeletsvpn-latest.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3864\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4128C:\WINDOWS\System32\netsh interface ipv4 set dnsservers \"LetsTAP\" source=dhcp validate=noC:\Windows\SysWOW64\netsh.exeLetsPRO.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
4140powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeletsvpn-latest.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4580"cmd.exe" /C route printC:\Windows\SysWOW64\cmd.exeLetsPRO.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
4732netsh advfirewall firewall Delete rule name=LetsPROC:\Windows\SysWOW64\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5096"C:\Users\admin\AppData\Local\Temp\letsvpn-latest.exe" C:\Users\admin\AppData\Local\Temp\letsvpn-latest.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\letsvpn-latest.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5572\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Total events
19 910
Read events
19 835
Write events
60
Delete events
15

Modification events

(PID) Process:(6440) tapinstall.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tap0901
Operation:writeName:Owners
Value:
oem1.inf
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/tap0901.sys
Operation:writeName:Owners
Value:
oem1.inf
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Descriptors\tap0901
Operation:writeName:Configuration
Value:
tap0901.ndi
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Descriptors\tap0901
Operation:writeName:Manufacturer
Value:
%provider%
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Descriptors\tap0901
Operation:writeName:Description
Value:
%devicedescription%
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Configurations\tap0901.ndi
Operation:writeName:Service
Value:
tap0901
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Configurations\tap0901.ndi
Operation:writeName:ConfigScope
Value:
5
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Configurations\tap0901.ndi\Driver\Ndi
Operation:writeName:Service
Value:
tap0901
(PID) Process:(6704) drvinst.exeKey:HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\oemvista.inf_amd64_662fd96dfdced4ae\Configurations\tap0901.ndi\Driver\Ndi\Interfaces
Operation:writeName:UpperRange
Value:
ndis5
Executable files
217
Suspicious files
31
Text files
20
Unknown types
1

Dropped files

PID
Process
Filename
Type
3856powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_x3febegn.voz.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
3856powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_lbcfjgh0.wdz.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1156letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nsy9C8B.tmp\nsExec.dllexecutable
MD5:3D366250FCF8B755FCE575C75F8C79E4
SHA256:8BDD996AE4778C6F829E2BCB651C55EFC9EC37EEEA17D259E013B39528DDDBB6
1156letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nsy9C8B.tmp\nsDialogs.dllexecutable
MD5:CA95C9DA8CEF7062813B989AB9486201
SHA256:FEB6364375D0AB081E9CDF11271C40CB966AF295C600903383B0730F0821C0BE
3856powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:0181E679B1D86554289512FCB694C2F5
SHA256:D9D6F8A3A23265502D06565A9A4FB04D3BB1FF589B66D123D9A6AA88AE9DEAA5
1156letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nsy9C8B.tmp\modern-header.bmpimage
MD5:5ACF495828FEAE7F85E006B7774AF497
SHA256:6CFEBB59F0BA1B9F1E8D7AA6387F223A468EB2FF74A9ED3C3F4BB688C2B6455E
1156letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nsy9C8B.tmp\modern-wizard.bmpimage
MD5:7F8E1969B0874C8FB9AB44FC36575380
SHA256:076221B4527FF13C3E1557ABBBD48B0CB8E5F7D724C6B9171C6AADADB80561DD
1156letsvpn-latest.exeC:\Program Files (x86)\letsvpn\driver\tap0901.sysexecutable
MD5:C10CCDEC5D7AF458E726A51BB3CDC732
SHA256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
1156letsvpn-latest.exeC:\Program Files (x86)\letsvpn\driver\tapinstall.exeexecutable
MD5:1E3CF83B17891AEE98C3E30012F0B034
SHA256:9F45A39015774EEAA2A6218793EDC8E6273EB9F764F3AEDEE5CF9E9CCACDB53F
1156letsvpn-latest.exeC:\Users\admin\AppData\Local\Temp\nsy9C8B.tmp\System.dllexecutable
MD5:75ED96254FBF894E42058062B4B4F0D1
SHA256:A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
54
DNS requests
29
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
2.16.164.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6504
SIHClient.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6504
SIHClient.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1668
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEEj8k7RgVZSNNqfJionWlBY%3D
unknown
whitelisted
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKEBCcCA2kVwXheYCEGIdbQxSAZ47kHkVIIkhHAo%3D
unknown
whitelisted
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEQCmJZm3O44ZjXq6mRqhqb8%2B
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2.16.164.18:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4932
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5064
SearchApp.exe
2.23.209.161:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4932
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 2.16.164.18
  • 2.16.164.9
  • 2.16.164.106
  • 2.16.164.43
  • 2.16.164.51
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.218.209.163
whitelisted
www.bing.com
  • 2.23.209.161
  • 2.23.209.185
  • 2.23.209.176
  • 2.23.209.183
  • 2.23.209.182
  • 2.23.209.177
  • 2.23.209.181
  • 2.23.209.160
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.154
  • 2.23.209.158
  • 2.23.209.156
  • 2.23.209.150
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.74
  • 40.126.32.72
  • 40.126.32.68
  • 40.126.32.133
  • 40.126.32.136
  • 40.126.32.138
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Websocket Upgrade Request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
letsvpn-latest.exe