File name:

UrbanVPN.exe

Full analysis: https://app.any.run/tasks/00cd3eaa-5bf3-4816-b7b6-2dd5c090d801
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: September 02, 2024, 00:55:13
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
takemyfile
advancedinstaller
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

39089B4B80B37EF22A1759321FA6E750

SHA1:

B9CECC18CFEA029E24F738714E130EA60AC8E667

SHA256:

56C0AE02C993971BC1A2FA42ABEC9B65E9AD0BAC1E7D275CAF2BC544088C5A10

SSDEEP:

393216:h1aXfeiyvl3HjZBhuur44tX884cbw0jSq:h164XXhuu84J6cbw0jSq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 6752)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • UrbanVPN.exe (PID: 6596)
      • msiexec.exe (PID: 7140)
      • UrbanVPN.exe (PID: 4064)
      • msiexec.exe (PID: 6752)
      • MSI5A8C.tmp (PID: 2248)
      • tapinstall.exe (PID: 4004)
      • drvinst.exe (PID: 6344)
      • drvinst.exe (PID: 1448)

    • Reads security settings of Internet Explorer

      • UrbanVPN.exe (PID: 6596)
      • UrbanVPN.exe (PID: 4064)
      • tapinstall.exe (PID: 4004)
      • MSI631C.tmp (PID: 5288)
      • UrbanVPNUpdater.exe (PID: 8024)

    • Executable content was dropped or overwritten

      • UrbanVPN.exe (PID: 6596)
      • UrbanVPN.exe (PID: 4064)
      • MSI5A8C.tmp (PID: 2248)
      • tapinstall.exe (PID: 4004)
      • drvinst.exe (PID: 6344)
      • drvinst.exe (PID: 1448)

    • Checks Windows Trust Settings

      • UrbanVPN.exe (PID: 6596)
      • UrbanVPN.exe (PID: 4064)
      • msiexec.exe (PID: 6752)
      • tapinstall.exe (PID: 4004)
      • drvinst.exe (PID: 6344)
      • UrbanVPNUpdater.exe (PID: 8024)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 7140)
      • UrbanVPN.exe (PID: 4064)
      • UrbanVPN.exe (PID: 6596)

    • Checks for Java to be installed

      • msiexec.exe (PID: 7140)

    • Reads Microsoft Outlook installation path

      • UrbanVPN.exe (PID: 6596)

    • Reads Internet Explorer settings

      • UrbanVPN.exe (PID: 6596)

    • Reads the date of Windows installation

      • UrbanVPN.exe (PID: 6596)
      • MSI631C.tmp (PID: 5288)
      • UrbanVPNUpdater.exe (PID: 8024)

    • Application launched itself

      • UrbanVPN.exe (PID: 6596)

    • Reads the Windows owner or organization settings

      • UrbanVPN.exe (PID: 4064)
      • msiexec.exe (PID: 6752)
      • UrbanVPN.exe (PID: 6596)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5656)
      • urbanvpnserv.exe (PID: 7320)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • MSI5A8C.tmp (PID: 2248)

    • The process creates files with name similar to system file names

      • MSI5A8C.tmp (PID: 2248)

    • Drops a system driver (possible attempt to evade defenses)

      • MSI5A8C.tmp (PID: 2248)
      • tapinstall.exe (PID: 4004)
      • drvinst.exe (PID: 6344)
      • drvinst.exe (PID: 1448)

    • Creates files in the driver directory

      • drvinst.exe (PID: 6344)
      • drvinst.exe (PID: 1448)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 1448)

    • Creates a software uninstall entry

      • MSI5A8C.tmp (PID: 2248)

    • Connects to unusual port

      • urbanvpnserv.exe (PID: 7320)
      • msiexec.exe (PID: 2796)

  • INFO

    • Creates files or folders in the user directory

      • UrbanVPN.exe (PID: 6596)

    • Checks supported languages

      • UrbanVPN.exe (PID: 6596)
      • msiexec.exe (PID: 7140)
      • UrbanVPN.exe (PID: 4064)
      • msiexec.exe (PID: 6752)
      • msiexec.exe (PID: 4540)
      • msiexec.exe (PID: 2796)
      • MSI5A8C.tmp (PID: 2248)
      • tapinstall.exe (PID: 4004)
      • drvinst.exe (PID: 6344)
      • tapinstall.exe (PID: 4824)
      • drvinst.exe (PID: 1448)
      • MSI631C.tmp (PID: 5288)
      • msiexec.exe (PID: 6664)
      • UrbanVPNUpdater.exe (PID: 5544)
      • urbanvpnserv.exe (PID: 7320)
      • urbanvpn-gui.exe (PID: 8068)
      • urbanvpn.exe (PID: 8104)
      • UrbanVPNUpdater.exe (PID: 8024)
      • identity_helper.exe (PID: 7200)

    • Reads the computer name

      • UrbanVPN.exe (PID: 6596)
      • msiexec.exe (PID: 7140)
      • UrbanVPN.exe (PID: 4064)
      • msiexec.exe (PID: 6752)
      • msiexec.exe (PID: 4540)
      • msiexec.exe (PID: 2796)
      • tapinstall.exe (PID: 4004)
      • MSI5A8C.tmp (PID: 2248)
      • drvinst.exe (PID: 6344)
      • drvinst.exe (PID: 1448)
      • MSI631C.tmp (PID: 5288)
      • UrbanVPNUpdater.exe (PID: 5544)
      • msiexec.exe (PID: 6664)
      • urbanvpn-gui.exe (PID: 8068)
      • urbanvpnserv.exe (PID: 7320)
      • UrbanVPNUpdater.exe (PID: 8024)
      • identity_helper.exe (PID: 7200)

    • Reads the machine GUID from the registry

      • UrbanVPN.exe (PID: 6596)
      • UrbanVPN.exe (PID: 4064)
      • msiexec.exe (PID: 6752)
      • msiexec.exe (PID: 2796)
      • tapinstall.exe (PID: 4004)
      • drvinst.exe (PID: 6344)
      • msiexec.exe (PID: 6664)
      • urbanvpn-gui.exe (PID: 8068)
      • UrbanVPNUpdater.exe (PID: 8024)
      • urbanvpnserv.exe (PID: 7320)

    • Checks proxy server information

      • UrbanVPN.exe (PID: 6596)
      • MSI631C.tmp (PID: 5288)
      • UrbanVPNUpdater.exe (PID: 8024)
      • urbanvpn-gui.exe (PID: 8068)

    • Reads the software policy settings

      • UrbanVPN.exe (PID: 6596)
      • UrbanVPN.exe (PID: 4064)
      • msiexec.exe (PID: 6752)
      • tapinstall.exe (PID: 4004)
      • drvinst.exe (PID: 6344)
      • urbanvpn-gui.exe (PID: 8068)
      • UrbanVPNUpdater.exe (PID: 8024)

    • Reads Environment values

      • msiexec.exe (PID: 7140)
      • UrbanVPN.exe (PID: 4064)
      • UrbanVPN.exe (PID: 6596)
      • msiexec.exe (PID: 4540)
      • urbanvpnserv.exe (PID: 7320)
      • UrbanVPNUpdater.exe (PID: 8024)
      • identity_helper.exe (PID: 7200)

    • Create files in a temporary directory

      • msiexec.exe (PID: 7140)
      • UrbanVPN.exe (PID: 4064)
      • UrbanVPN.exe (PID: 6596)
      • msiexec.exe (PID: 4540)
      • MSI5A8C.tmp (PID: 2248)
      • tapinstall.exe (PID: 4004)
      • MSI631C.tmp (PID: 5288)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 7140)
      • MSI631C.tmp (PID: 5288)
      • msedge.exe (PID: 7128)
      • msedge.exe (PID: 6976)

    • Process checks computer location settings

      • UrbanVPN.exe (PID: 6596)
      • MSI631C.tmp (PID: 5288)
      • UrbanVPNUpdater.exe (PID: 8024)

    • The process uses the downloaded file

      • UrbanVPN.exe (PID: 6596)
      • MSI631C.tmp (PID: 5288)
      • UrbanVPNUpdater.exe (PID: 8024)

    • Process checks Internet Explorer phishing filters

      • UrbanVPN.exe (PID: 6596)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7140)
      • msiexec.exe (PID: 6752)

    • Process checks whether UAC notifications are on

      • msiexec.exe (PID: 2796)

    • Application launched itself

      • msiexec.exe (PID: 6752)
      • msedge.exe (PID: 7128)
      • msedge.exe (PID: 6976)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 6752)

    • Creates files in the program directory

      • MSI5A8C.tmp (PID: 2248)
      • UrbanVPNUpdater.exe (PID: 8024)
      • urbanvpn-gui.exe (PID: 8068)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6752)

    • Manual execution by a user

      • UrbanVPNUpdater.exe (PID: 8024)
      • msedge.exe (PID: 6976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:03:21 13:48:47+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.31
CodeSize: 2193920
InitializedDataSize: 892416
UninitializedDataSize: -
EntryPoint: 0x197714
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.3.0.3
ProductVersionNumber: 2.3.0.3
FileFlagsMask: 0x003f
FileFlags: Debug
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Urban Security
FileDescription: UrbanVPN Installer
FileVersion: 2.3.0.3
InternalName: urbanvpn_setup_2.3.0.3
LegalCopyright: Copyright (C) 2024 Urban Security
OriginalFileName: urbanvpn_setup_2.3.0.3.exe
ProductName: UrbanVPN
ProductVersion: 2.3.0.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
69
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start urbanvpn.exe msiexec.exe msiexec.exe urbanvpn.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe msiexec.exe msi5a8c.tmp tapinstall.exe no specs conhost.exe no specs tapinstall.exe conhost.exe no specs drvinst.exe drvinst.exe msi631c.tmp no specs msiexec.exe msedge.exe no specs msedge.exe no specs urbanvpnupdater.exe msedge.exe no specs msedge.exe no specs msedge.exe HNetCfg.FwPolicy2 no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs urbanvpnserv.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs urbanvpnupdater.exe urbanvpn-gui.exe urbanvpn.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs urbanvpn.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1020"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3504 --field-trial-handle=2388,i,5905874350829707557,12590169213451730964,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1080"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x2fc,0x300,0x304,0x2f8,0x30c,0x7fffd2645fd8,0x7fffd2645fe4,0x7fffd2645ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1448DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\WINDOWS\INF\oem1.inf" "oem1.inf:3beb73aff103cc24:tap0901.ndi:9.24.2.601:tap0901," "4d14a44ff" "00000000000000EC"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1840"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6808 --field-trial-handle=2388,i,5905874350829707557,12590169213451730964,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2248"C:\WINDOWS\Installer\MSI5A8C.tmp" /S /SELECT_UTILITIES=1C:\Windows\Installer\MSI5A8C.tmp
msiexec.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\windows\installer\msi5a8c.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2628"C:\Users\admin\Desktop\UrbanVPN.exe" C:\Users\admin\Desktop\UrbanVPN.exeexplorer.exe
User:
admin
Company:
Urban Security
Integrity Level:
MEDIUM
Description:
UrbanVPN Installer
Exit code:
3221226540
Version:
2.3.0.3
Modules
Images
c:\users\admin\desktop\urbanvpn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2796C:\Windows\System32\MsiExec.exe -Embedding B7AE3A25FD19600D7509397FE4454A83C:\Windows\System32\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3832C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}C:\Windows\SysWOW64\dllhost.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
4004"C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901C:\Program Files\TAP-Windows\bin\tapinstall.exe
MSI5A8C.tmp
User:
admin
Company:
Windows (R) Win 7 DDK provider
Integrity Level:
HIGH
Description:
Windows Setup API
Exit code:
0
Version:
10.0.10011.16384
Modules
Images
c:\program files\tap-windows\bin\tapinstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4008"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3996 --field-trial-handle=2388,i,5905874350829707557,12590169213451730964,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
57 741
Read events
57 135
Write events
571
Delete events
35

Modification events

(PID) Process:(6596) UrbanVPN.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6596) UrbanVPN.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6596) UrbanVPN.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6596) UrbanVPN.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6596) UrbanVPN.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6596) UrbanVPN.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6596) UrbanVPN.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6752) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000D1EB15DAD2FCDA01601A0000381A0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6752) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000D1EB15DAD2FCDA01601A0000381A0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6752) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000A2E753DAD2FCDA01601A0000381A0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
107
Suspicious files
278
Text files
125
Unknown types
5

Dropped files

PID
Process
Filename
Type
6596UrbanVPN.exeC:\Users\admin\AppData\Roaming\Urban Security\UrbanVPN 2.3.0.3\install\holder0.aiph
MD5:
SHA256:
6596UrbanVPN.exeC:\Users\admin\AppData\Roaming\Urban Security\UrbanVPN 2.3.0.3\install\A28FC47\urbanvpninstaller.msi
MD5:
SHA256:
6596UrbanVPN.exeC:\Users\admin\AppData\Roaming\Urban Security\UrbanVPN 2.3.0.3\install\A28FC47\urbanvpninstaller.x64.msi
MD5:
SHA256:
6596UrbanVPN.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBbinary
MD5:3CFC1B33D8C0D8C39E4C1B71A9D9799C
SHA256:D7B31DBFDDF5C0C0067F5268477C1BB6318BB07460B2214570EBAF8BADE2C2D0
6596UrbanVPN.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141binary
MD5:AE12AED70CA4EC767E0125BF4C7DF16C
SHA256:F8B1430FF57A224C5E81363CF971C42F616DA87B18092D8815608E8858327064
6596UrbanVPN.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBbinary
MD5:2CE3D39222D618BF5596652E33E58BAF
SHA256:C5A5D9F55EEE596175BF6BAFF15C9D2D6A45248E18ECB2EF465A44BD7E753289
6596UrbanVPN.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141binary
MD5:7327332A7FF3290684FEBF9728F937CF
SHA256:BC1BF7D60E813F1741B7CDB35FE0B74F8495E3D5066649B0705FF06808D25432
6596UrbanVPN.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7FC12770964C92F4BAD25029FC641CBDbinary
MD5:3F68D78A7E9BDD15226A5A3A9450E1EC
SHA256:D93BE1A6DC9417B702E18E1DA3D34CCD80F319686900442FAE67DA9BB70FD918
6596UrbanVPN.exeC:\Users\admin\AppData\Local\AdvinstAnalytics\632040a71cb8de62c9f15f5a\2.3.0.3\tracking.initext
MD5:AF08EE6E6E326417DE8B3FDD2FD8B02A
SHA256:A10FACB373D1200E12E9401B156FE7BB981F55927DF83387E0713F99E9538488
6596UrbanVPN.exeC:\Users\admin\AppData\Roaming\Urban Security\UrbanVPN 2.3.0.3\install\decoder.dllexecutable
MD5:899944FB96CCC34CFBD2CCB9134367C5
SHA256:780D10EDA2B9A0A10BF844A7C8B6B350AA541C5BBD24022FF34F99201F9E9259
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
214
TCP/UDP connections
144
DNS requests
71
Threats
88

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6596
UrbanVPN.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6596
UrbanVPN.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAN8OBm6V%2FQ712OcDUKDCyI%3D
unknown
whitelisted
2796
msiexec.exe
POST
200
148.72.165.78:40004
http://analytics.urban-vpn.com:40004/tickets
unknown
unknown
6596
UrbanVPN.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
2796
msiexec.exe
POST
200
148.72.165.78:40000
http://analytics.urban-vpn.com:40000/tickets
unknown
unknown
2796
msiexec.exe
POST
200
148.72.165.78:40000
http://analytics.urban-vpn.com:40000/tickets
unknown
unknown
2796
msiexec.exe
POST
200
148.72.165.78:40000
http://analytics.urban-vpn.com:40000/tickets
unknown
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
7320
urbanvpnserv.exe
HEAD
200
37.19.194.81:80
http://ping.urban-vpn.com/
unknown
unknown
GET
200
3.160.150.2:443
https://www.urban-vpn.com/install-desk/
unknown
html
172 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
6596
UrbanVPN.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2796
msiexec.exe
148.72.165.78:40004
analytics.urban-vpn.com
AS-30083-GO-DADDY-COM-LLC
US
unknown
2796
msiexec.exe
148.72.165.78:40000
analytics.urban-vpn.com
AS-30083-GO-DADDY-COM-LLC
US
unknown
6976
msedge.exe
239.255.255.250:1900
whitelisted
4528
msedge.exe
3.160.150.69:443
www.urban-vpn.com
US
unknown
4528
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.206
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
analytics.urban-vpn.com
  • 148.72.165.78
  • 148.72.152.76
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.urban-vpn.com
  • 3.160.150.69
  • 3.160.150.118
  • 3.160.150.38
  • 3.160.150.2
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
api.edgeoffer.microsoft.com
  • 94.245.104.56
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

PID
Process
Class
Message
7320
urbanvpnserv.exe
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
7320
urbanvpnserv.exe
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
86 ETPRO signatures available at the full report
Process
Message
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
UrbanVPNUpdater.exe
Logger::SetLogFile( C:\ProgramData\UrbanVPN\updates\updater.log ) while OLD path is:
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
UrbanVPNUpdater.exe
Logger::SetLogFile( C:\ProgramData\UrbanVPN\updates\updater.log ) while OLD path is:
urbanvpn-gui.exe
First instance of UrbanVPN was started.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UrbanVPN.exe