581eba8772a2cf1acabba4094c391034812bb98a5abd91725dfd917c44d8c44c

Analysis

max time kernel
60s
max time network
61s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
22-09-2022 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UrbanVPN2.exe
Size

30.7MB
MD5

7274b344c614f2fe405dbffadccfbab1
SHA1

d2bf8dc3285ce0a5f1a87234e9ac21bee9c72a3c
SHA256

581eba8772a2cf1acabba4094c391034812bb98a5abd91725dfd917c44d8c44c
SHA512

aacf19dfa044a710a774475f61853a408c552a8e5858e349bf3e1dac96bec639c8ca555b027b1dd6515f925959ff7b66e2d0141afbfdfdd3019b71ac93437854
SSDEEP

786432:dtiCbhe50g0+efDnNqc7r1fQFfCxkdc0yQJ:I50kefDnNqirFwCx0pZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 15 IoCs

Processes:

UrbanVPN2.exeMsiExec.exe

pid	process
2796	UrbanVPN2.exe
2796	UrbanVPN2.exe
2796	UrbanVPN2.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

UrbanVPN2.exemsiexec.exeUrbanVPN2.exe

description	ioc	process
File opened (read-only)	\??\R:	UrbanVPN2.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	UrbanVPN2.exe
File opened (read-only)	\??\A:	UrbanVPN2.exe
File opened (read-only)	\??\N:	UrbanVPN2.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	UrbanVPN2.exe
File opened (read-only)	\??\K:	UrbanVPN2.exe
File opened (read-only)	\??\N:	UrbanVPN2.exe
File opened (read-only)	\??\L:	UrbanVPN2.exe
File opened (read-only)	\??\X:	UrbanVPN2.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	UrbanVPN2.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	UrbanVPN2.exe
File opened (read-only)	\??\T:	UrbanVPN2.exe
File opened (read-only)	\??\G:	UrbanVPN2.exe
File opened (read-only)	\??\T:	UrbanVPN2.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	UrbanVPN2.exe
File opened (read-only)	\??\K:	UrbanVPN2.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	UrbanVPN2.exe
File opened (read-only)	\??\P:	UrbanVPN2.exe
File opened (read-only)	\??\U:	UrbanVPN2.exe
File opened (read-only)	\??\Y:	UrbanVPN2.exe
File opened (read-only)	\??\U:	UrbanVPN2.exe
File opened (read-only)	\??\V:	UrbanVPN2.exe
File opened (read-only)	\??\W:	UrbanVPN2.exe
File opened (read-only)	\??\Z:	UrbanVPN2.exe
File opened (read-only)	\??\L:	UrbanVPN2.exe
File opened (read-only)	\??\B:	UrbanVPN2.exe
File opened (read-only)	\??\A:	UrbanVPN2.exe
File opened (read-only)	\??\H:	UrbanVPN2.exe
File opened (read-only)	\??\I:	UrbanVPN2.exe
File opened (read-only)	\??\F:	UrbanVPN2.exe
File opened (read-only)	\??\O:	UrbanVPN2.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	UrbanVPN2.exe
File opened (read-only)	\??\M:	UrbanVPN2.exe
File opened (read-only)	\??\S:	UrbanVPN2.exe
File opened (read-only)	\??\V:	UrbanVPN2.exe
File opened (read-only)	\??\I:	UrbanVPN2.exe
File opened (read-only)	\??\M:	UrbanVPN2.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	UrbanVPN2.exe
File opened (read-only)	\??\R:	UrbanVPN2.exe
File opened (read-only)	\??\H:	UrbanVPN2.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\W:	UrbanVPN2.exe
File opened (read-only)	\??\Q:	UrbanVPN2.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	UrbanVPN2.exe
File opened (read-only)	\??\X:	UrbanVPN2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Urban Security\UrbanVPN 2.2.8\install\FEC3FEE\urbanvpninstaller.x64.msi	nsis_installer_2

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

UrbanVPN2.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	UrbanVPN2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	UrbanVPN2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	UrbanVPN2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	UrbanVPN2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	UrbanVPN2.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

MsiExec.exe

pid process

3156 MsiExec.exe
3156 MsiExec.exe
3156 MsiExec.exe
3156 MsiExec.exe

pid	process
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exeUrbanVPN2.exe

description	pid	process
Token: SeSecurityPrivilege	5024	msiexec.exe
Token: SeCreateTokenPrivilege	2796	UrbanVPN2.exe
Token: SeAssignPrimaryTokenPrivilege	2796	UrbanVPN2.exe
Token: SeLockMemoryPrivilege	2796	UrbanVPN2.exe
Token: SeIncreaseQuotaPrivilege	2796	UrbanVPN2.exe
Token: SeMachineAccountPrivilege	2796	UrbanVPN2.exe
Token: SeTcbPrivilege	2796	UrbanVPN2.exe
Token: SeSecurityPrivilege	2796	UrbanVPN2.exe
Token: SeTakeOwnershipPrivilege	2796	UrbanVPN2.exe
Token: SeLoadDriverPrivilege	2796	UrbanVPN2.exe
Token: SeSystemProfilePrivilege	2796	UrbanVPN2.exe
Token: SeSystemtimePrivilege	2796	UrbanVPN2.exe
Token: SeProfSingleProcessPrivilege	2796	UrbanVPN2.exe
Token: SeIncBasePriorityPrivilege	2796	UrbanVPN2.exe
Token: SeCreatePagefilePrivilege	2796	UrbanVPN2.exe
Token: SeCreatePermanentPrivilege	2796	UrbanVPN2.exe
Token: SeBackupPrivilege	2796	UrbanVPN2.exe
Token: SeRestorePrivilege	2796	UrbanVPN2.exe
Token: SeShutdownPrivilege	2796	UrbanVPN2.exe
Token: SeDebugPrivilege	2796	UrbanVPN2.exe
Token: SeAuditPrivilege	2796	UrbanVPN2.exe
Token: SeSystemEnvironmentPrivilege	2796	UrbanVPN2.exe
Token: SeChangeNotifyPrivilege	2796	UrbanVPN2.exe
Token: SeRemoteShutdownPrivilege	2796	UrbanVPN2.exe
Token: SeUndockPrivilege	2796	UrbanVPN2.exe
Token: SeSyncAgentPrivilege	2796	UrbanVPN2.exe
Token: SeEnableDelegationPrivilege	2796	UrbanVPN2.exe
Token: SeManageVolumePrivilege	2796	UrbanVPN2.exe
Token: SeImpersonatePrivilege	2796	UrbanVPN2.exe
Token: SeCreateGlobalPrivilege	2796	UrbanVPN2.exe
Token: SeCreateTokenPrivilege	2796	UrbanVPN2.exe
Token: SeAssignPrimaryTokenPrivilege	2796	UrbanVPN2.exe
Token: SeLockMemoryPrivilege	2796	UrbanVPN2.exe
Token: SeIncreaseQuotaPrivilege	2796	UrbanVPN2.exe
Token: SeMachineAccountPrivilege	2796	UrbanVPN2.exe
Token: SeTcbPrivilege	2796	UrbanVPN2.exe
Token: SeSecurityPrivilege	2796	UrbanVPN2.exe
Token: SeTakeOwnershipPrivilege	2796	UrbanVPN2.exe
Token: SeLoadDriverPrivilege	2796	UrbanVPN2.exe
Token: SeSystemProfilePrivilege	2796	UrbanVPN2.exe
Token: SeSystemtimePrivilege	2796	UrbanVPN2.exe
Token: SeProfSingleProcessPrivilege	2796	UrbanVPN2.exe
Token: SeIncBasePriorityPrivilege	2796	UrbanVPN2.exe
Token: SeCreatePagefilePrivilege	2796	UrbanVPN2.exe
Token: SeCreatePermanentPrivilege	2796	UrbanVPN2.exe
Token: SeBackupPrivilege	2796	UrbanVPN2.exe
Token: SeRestorePrivilege	2796	UrbanVPN2.exe
Token: SeShutdownPrivilege	2796	UrbanVPN2.exe
Token: SeDebugPrivilege	2796	UrbanVPN2.exe
Token: SeAuditPrivilege	2796	UrbanVPN2.exe
Token: SeSystemEnvironmentPrivilege	2796	UrbanVPN2.exe
Token: SeChangeNotifyPrivilege	2796	UrbanVPN2.exe
Token: SeRemoteShutdownPrivilege	2796	UrbanVPN2.exe
Token: SeUndockPrivilege	2796	UrbanVPN2.exe
Token: SeSyncAgentPrivilege	2796	UrbanVPN2.exe
Token: SeEnableDelegationPrivilege	2796	UrbanVPN2.exe
Token: SeManageVolumePrivilege	2796	UrbanVPN2.exe
Token: SeImpersonatePrivilege	2796	UrbanVPN2.exe
Token: SeCreateGlobalPrivilege	2796	UrbanVPN2.exe
Token: SeCreateTokenPrivilege	2796	UrbanVPN2.exe
Token: SeAssignPrimaryTokenPrivilege	2796	UrbanVPN2.exe
Token: SeLockMemoryPrivilege	2796	UrbanVPN2.exe
Token: SeIncreaseQuotaPrivilege	2796	UrbanVPN2.exe
Token: SeMachineAccountPrivilege	2796	UrbanVPN2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

UrbanVPN2.exe

pid process

2796 UrbanVPN2.exe
2796 UrbanVPN2.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

msiexec.exeUrbanVPN2.exe

description	pid	process	target process
PID 5024 wrote to memory of 3156	5024	msiexec.exe	MsiExec.exe
PID 5024 wrote to memory of 3156	5024	msiexec.exe	MsiExec.exe
PID 5024 wrote to memory of 3156	5024	msiexec.exe	MsiExec.exe
PID 2796 wrote to memory of 4372	2796	UrbanVPN2.exe	UrbanVPN2.exe
PID 2796 wrote to memory of 4372	2796	UrbanVPN2.exe	UrbanVPN2.exe
PID 2796 wrote to memory of 4372	2796	UrbanVPN2.exe	UrbanVPN2.exe

C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe
"C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe
"C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe" /i "C:\Users\Admin\AppData\Roaming\Urban Security\UrbanVPN 2.2.8\install\FEC3FEE\urbanvpninstaller.x64.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\UrbanVPN" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UrbanVPN" SECONDSEQUENCE="1" CLIENTPROCESSID="2796" AI_MORE_CMD_LINE=1
2⤵
- Enumerates connected drives
PID:4372

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5024

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 31537A9583405598D23B608A9E883EC3 C
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3156

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
da5a9f149955d936a31dc5e456666aac

SHA1
195238d41c1e13448f349f43bb295ef2d55cb47a

SHA256
79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

SHA512
60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_731B836F03B166238E2AC93FBDDF5EBE

Filesize
727B

MD5
e5d2eb00b8b636965424c980b2766255

SHA1
d9d8a1857b1549802656999182d72796f5bbc9c8

SHA256
c92aa8cde1ea295febab3bea32af5cefc86e55eee5e0976b6d981a3e9d996d4a

SHA512
b751730e585585a1988806970b5ac6dc185770fae0048ef404dd2a1abf3e38254747f67664ca6442a11e439caa5066dc98bfc8039f06e8b13f42ae634b13e927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
5f7df0fd54e51b9addccab175d0dc95f

SHA1
db7553d84004ca7081240deeed3ebd852512876c

SHA256
6bc0310811a7f8da5897ddc4c74839429765f5e38aa473faebd9391081212b5e

SHA512
ec12a2b17d90232e1e7f2cea9ca01486ef358c22ad2b3248d7da62a4cd686c7523cdfe59188d1f69de9de43ffb1719eba81eb676d273230b3bb7aae33bc01e1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
7a9ff2c7d0c730abfde8793bf11afef4

SHA1
196f01d69d97b3b32028e5f1b19b92fe09438312

SHA256
5b50cbd661eb0a0b48de79f671c28f1559a21b1e2a3079827f6e9f025eb1f384

SHA512
717b5208731318f3d38dcabcfdb809f6d8d6e8b4f70bb1f702fa31e71bafb2ba704ca4a0ca211a00d61e80324d15ed6e17cd3c13ab4e33602b6853aff2d428ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_731B836F03B166238E2AC93FBDDF5EBE

Filesize
408B

MD5
cc43d4cf57db8b577d202b6236af89ba

SHA1
cddc9e020c2494d05c51f17b21f3c3f381690d27

SHA256
7780c631c6c006ca1a911cb8344d3da8eca4fb14485153eab8aa8e867c086216

SHA512
a9364e4e7e2273c7e3c0d85fec08816563b7d78a53f25feab9e675b6af5edfc466fd73a189af527c69d752bd3e637095d3075a4a266fafeab107b850778bab39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
224378d1bd1f6e7cb63e2d4198cdf351

SHA1
8e56e44aeb64930454b5b1d7e466d65118f10bb6

SHA256
cdcbfff4b661e5c6edb3c4b4b17676e581ef1275db0b6d2cfcc7dca405aac1fd

SHA512
d2afbfb80aac947c6bfa3b57fdb8aaeff339238c60b1b4022c53a376d55acde1560a8bcb8114672be096f4d0fda667e24cfbeebc21f94b73e03720bc9998dece

Download Submit
C:\Users\Admin\AppData\Local\AdvinstAnalytics\632040a71cb8de62c9f15f5a\2.2.8\tracking.ini

Filesize
69B

MD5
1e7d2eabad3157b9fd115f0fb1bec192

SHA1
4ee41c3c3d1be86c71e787447c2764eb15356174

SHA256
b40f1407138c6e02c8e85cb9808f832a587b9f67d221c668b6ddc4992224d516

SHA512
a557c552e3c9a78d76db74fafe7b53e2a4f77cdf3da7a9b1a26ff0ab5879a78435cc9db14b0fdf64d2cfcbffc1134081ea20cd42fad07f0bea53472d4b1b5992

Download Submit
C:\Users\Admin\AppData\Local\AdvinstAnalytics\632040a71cb8de62c9f15f5a\2.2.8\{0D0DFDA4-F583-4023-BC31-4F8417300733}.session

Filesize
1KB

MD5
bfe126fbade177384ec8118202e68601

SHA1
aa72d1fc2f8ff062edeca040c482939467158c0c

SHA256
d50e8981ffccbce37928b8ad4e2d9f5c9f8ce139038c07776b45ccca98a50180

SHA512
b8b3e954145cf129573f0e3db9e5c1420cc0a2eb5507d2e9961a5c263ceb6f9aef497b84e3372201af3be1ef1dc00110b9eacecbbc42fd8c8becd90be8d09424

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICC4F.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICFEA.tmp

Filesize
912KB

MD5
b15dbf4b35cd1460ba283795e24878c8

SHA1
327812be4bfdce7a87cb00fab432ecc0d8c38c1e

SHA256
0ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147

SHA512
95edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID460.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID57A.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID685.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID751.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID956.tmp

Filesize
782KB

MD5
175d9b039177b405ee04c81f4c9aa4af

SHA1
6b523f7652761f4a24cf12ce08a32479ed03e8cf

SHA256
34a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3

SHA512
80f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDA8F.tmp

Filesize
602KB

MD5
78b793e3f44b2c7849ffe70083c500c0

SHA1
9dcbb160c9f606bcdbee9ad572aaab1ad1b24d61

SHA256
fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174

SHA512
36d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDB7A.tmp

Filesize
912KB

MD5
b15dbf4b35cd1460ba283795e24878c8

SHA1
327812be4bfdce7a87cb00fab432ecc0d8c38c1e

SHA256
0ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147

SHA512
95edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDDAE.tmp

Filesize
782KB

MD5
175d9b039177b405ee04c81f4c9aa4af

SHA1
6b523f7652761f4a24cf12ce08a32479ed03e8cf

SHA256
34a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3

SHA512
80f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDEC8.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDFC3.tmp

Filesize
196KB

MD5
efa1291d4eb0ff2050967dd63bfdbdc8

SHA1
54ba41d5a6fb192267b36127ff573cb112413fd8

SHA256
da78931d835e91c59cadaebc95fbae56020ce5031523a6a175fefa4582334ac4

SHA512
5fcce6422b0ee6827a57c5d0c476e36a5e75a880550b8041a0f3db42b630f483654508a797421ff4316fd84db549c8c78536a25d5da2de9eb60365720517d5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Urban_TOS.html

Filesize
24KB

MD5
993c38c176078ec82cf3d5e21e24cdc0

SHA1
153b97b354ee42cce9dce40b9559577bf37ec303

SHA256
34a4cfe3fbf3172596a779b960b6f92702137ec2d005d144a5d5fd41b7d64221

SHA512
6e52a2be3d012411cb51148a13e554e3b87d3fb278f898e0bc510ba4c23172623c79857da66c2f10b8957e542674c1fd7a24d99bcde8b1e37031055060910e59

Download Submit
C:\Users\Admin\AppData\Roaming\Urban Security\UrbanVPN 2.2.8\install\FEC3FEE\urbanvpninstaller.x64.msi

Filesize
8.2MB

MD5
ab35290adfaf8786c0235faad19c3f88

SHA1
d595ad8a78d3220f062ff5b90b0724c2346bc1ce

SHA256
ea0f099451ecb46149d4474e0752acf1f84a034d09fee87d56b5a54884260156

SHA512
1aaa1a987672a7fcf9c7c8c0c2322ea59a47c126b3765188e87e99cc622acaa26c75f99ed6e2c8cf43db5150495dd8c126431fb34d8587f0dbd7539d220f7d04

Download Submit
\Users\Admin\AppData\Local\Temp\INACB82.tmp

Filesize
782KB

MD5
175d9b039177b405ee04c81f4c9aa4af

SHA1
6b523f7652761f4a24cf12ce08a32479ed03e8cf

SHA256
34a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3

SHA512
80f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a

Download Submit
\Users\Admin\AppData\Local\Temp\MSICC4F.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
\Users\Admin\AppData\Local\Temp\MSICFEA.tmp

Filesize
912KB

MD5
b15dbf4b35cd1460ba283795e24878c8

SHA1
327812be4bfdce7a87cb00fab432ecc0d8c38c1e

SHA256
0ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147

SHA512
95edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4

Download Submit
\Users\Admin\AppData\Local\Temp\MSID460.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
\Users\Admin\AppData\Local\Temp\MSID57A.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
\Users\Admin\AppData\Local\Temp\MSID685.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
\Users\Admin\AppData\Local\Temp\MSID751.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
\Users\Admin\AppData\Local\Temp\MSID956.tmp

Filesize
782KB

MD5
175d9b039177b405ee04c81f4c9aa4af

SHA1
6b523f7652761f4a24cf12ce08a32479ed03e8cf

SHA256
34a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3

SHA512
80f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a

Download Submit
\Users\Admin\AppData\Local\Temp\MSIDA8F.tmp

Filesize
602KB

MD5
78b793e3f44b2c7849ffe70083c500c0

SHA1
9dcbb160c9f606bcdbee9ad572aaab1ad1b24d61

SHA256
fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174

SHA512
36d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8

Download Submit
\Users\Admin\AppData\Local\Temp\MSIDB7A.tmp

Filesize
912KB

MD5
b15dbf4b35cd1460ba283795e24878c8

SHA1
327812be4bfdce7a87cb00fab432ecc0d8c38c1e

SHA256
0ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147

SHA512
95edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4

Download Submit
\Users\Admin\AppData\Local\Temp\MSIDDAE.tmp

Filesize
782KB

MD5
175d9b039177b405ee04c81f4c9aa4af

SHA1
6b523f7652761f4a24cf12ce08a32479ed03e8cf

SHA256
34a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3

SHA512
80f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a

Download Submit
\Users\Admin\AppData\Local\Temp\MSIDEC8.tmp

Filesize
495KB

MD5
cfab78ac0d042a1d8ad7085a94328ef6

SHA1
b3070cc847ba2739450dc9bd05040df83e7d85d2

SHA256
17b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168

SHA512
647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438

Download Submit
\Users\Admin\AppData\Local\Temp\MSIDFC3.tmp

Filesize
196KB

MD5
efa1291d4eb0ff2050967dd63bfdbdc8

SHA1
54ba41d5a6fb192267b36127ff573cb112413fd8

SHA256
da78931d835e91c59cadaebc95fbae56020ce5031523a6a175fefa4582334ac4

SHA512
5fcce6422b0ee6827a57c5d0c476e36a5e75a880550b8041a0f3db42b630f483654508a797421ff4316fd84db549c8c78536a25d5da2de9eb60365720517d5e6

Download Submit
\Users\Admin\AppData\Roaming\Urban Security\UrbanVPN 2.2.8\install\decoder.dll

Filesize
206KB

MD5
899944fb96ccc34cfbd2ccb9134367c5

SHA1
7c46aa3f84ba5da95ceff39cd49185672f963538

SHA256
780d10eda2b9a0a10bf844a7c8b6b350aa541c5bbd24022ff34f99201f9e9259

SHA512
2c41181f9af540b4637f418fc148d41d7c38202fb691b56650085fe5a9bdba068275ff07e002e1044760754876c62d7b4fc856452af80a02c5f5a9a7dc75b5e0

Download Submit
\Users\Admin\AppData\Roaming\Urban Security\UrbanVPN 2.2.8\install\decoder.dll

Filesize
206KB

MD5
899944fb96ccc34cfbd2ccb9134367c5

SHA1
7c46aa3f84ba5da95ceff39cd49185672f963538

SHA256
780d10eda2b9a0a10bf844a7c8b6b350aa541c5bbd24022ff34f99201f9e9259

SHA512
2c41181f9af540b4637f418fc148d41d7c38202fb691b56650085fe5a9bdba068275ff07e002e1044760754876c62d7b4fc856452af80a02c5f5a9a7dc75b5e0

Download Submit
memory/2796-145-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-152-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-159-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-160-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-161-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-162-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-163-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-164-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-165-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-166-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-167-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-168-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-169-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-170-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-171-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-172-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-173-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-174-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-175-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-176-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-177-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-178-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-179-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-180-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-181-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-182-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-183-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-157-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-156-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-155-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-121-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-154-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-153-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-158-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-151-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-150-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-149-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-148-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-147-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-146-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-120-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-144-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-143-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-142-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-141-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-140-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-139-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-138-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-137-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-136-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-135-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-134-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-133-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-132-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-131-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-130-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-129-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-128-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-122-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-127-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-126-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-125-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-124-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/2796-123-0x0000000077570000-0x00000000776FE000-memory.dmp

Filesize
1.6MB

Download
memory/3156-225-0x0000000000000000-mapping.dmp

Download
memory/4372-499-0x0000000000000000-mapping.dmp

Download