File name:

DU.Meter.7.30.Build.4769 (1).rar

Full analysis: https://app.any.run/tasks/c23c6d5b-d1e9-4839-9432-23e3565d4347
Verdict: Malicious activity
Analysis date: July 01, 2024, 06:07:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
upx
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32, flags: RecoveryRecordPresent
MD5:

F19939A261FE1943368DA8F6E5BB7B6F

SHA1:

E155777DDA038211F2DB20DD60D6FC4E49DC1DAE

SHA256:

AC30E0C3C69B0BA2D75957280E856F5504B685B2887D2491DE1F33289E3BA937

SSDEEP:

98304:xNOCPjB9Px8f70c3S3Fzxt909VYeRWkoIk/LQfJoMcN2wzYp7dcoswbezNWISSzV:6dTvt2bqVDW47p6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2408)
      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2036)
      • du.meter.7.x-patch.exe (PID: 3808)

    • Registers / Runs the DLL via REGSVR32.EXE

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)

    • Changes the autorun value in the registry

      • DUMeter.exe (PID: 1144)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 3388)
      • net.exe (PID: 3560)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2036)
      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2408)
      • du.meter.7.x-patch.exe (PID: 3808)

    • Process drops legitimate windows executable

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • du.meter.7.x-patch.exe (PID: 3808)

    • Reads the Windows owner or organization settings

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)

    • Drops a system driver (possible attempt to evade defenses)

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)

    • Process drops SQLite DLL files

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 2500)

    • Executes as Windows Service

      • DUMeterSvc.exe (PID: 4012)
      • DUMeterSvc.exe (PID: 2988)

    • Reads the Internet Settings

      • DUMeter.exe (PID: 3648)
      • du.meter.7.x-patch.exe (PID: 3808)

    • Reads Internet Explorer settings

      • DUMeter.exe (PID: 3648)

    • Reads security settings of Internet Explorer

      • DUMeter.exe (PID: 3648)
      • du.meter.7.x-patch.exe (PID: 3808)

    • Reads Microsoft Outlook installation path

      • DUMeter.exe (PID: 3648)

    • Reads settings of System Certificates

      • DUMeter.exe (PID: 3648)

    • Starts a Microsoft application from unusual location

      • taskkill.exe (PID: 832)
      • taskkill.exe (PID: 2444)

    • Checks Windows Trust Settings

      • DUMeter.exe (PID: 3648)

    • Executing commands from a ".bat" file

      • du.meter.7.x-patch.exe (PID: 3808)

    • Uses REG/REGEDIT.EXE to modify registry

      • du.meter.7.x-patch.exe (PID: 3808)

    • Starts CMD.EXE for commands execution

      • du.meter.7.x-patch.exe (PID: 3808)

  • INFO

    • Manual execution by a user

      • WinRAR.exe (PID: 540)
      • WinRAR.exe (PID: 3224)
      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2408)
      • WinRAR.exe (PID: 1808)
      • du.meter.7.x-patch.exe (PID: 2304)
      • du.meter.7.x-patch.exe (PID: 3808)
      • DUMeter.exe (PID: 2200)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 540)
      • WinRAR.exe (PID: 1808)

    • Checks supported languages

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 2416)
      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2408)
      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2036)
      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • DUMeterSvc.exe (PID: 1428)
      • DUMeterSvc.exe (PID: 4012)
      • DUMeter.exe (PID: 1144)
      • DUMeter.exe (PID: 3648)
      • du.meter.7.x-patch.exe (PID: 3808)
      • taskkill.exe (PID: 832)
      • taskkill.exe (PID: 2444)
      • DUMeterSvc.exe (PID: 2988)
      • DUMeter.exe (PID: 2200)
      • DUMeter.exe (PID: 3240)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 540)
      • WinRAR.exe (PID: 1808)

    • Create files in a temporary directory

      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2408)
      • DU.Meter.7.30.Build.4769_Soft98.iR.exe (PID: 2036)
      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • DUMeterSvc.exe (PID: 1428)
      • DUMeter.exe (PID: 1144)
      • DUMeter.exe (PID: 3648)
      • du.meter.7.x-patch.exe (PID: 3808)
      • DUMeter.exe (PID: 2200)
      • DUMeter.exe (PID: 3240)

    • Reads the computer name

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 2416)
      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • DUMeterSvc.exe (PID: 1428)
      • DUMeterSvc.exe (PID: 4012)
      • DUMeter.exe (PID: 3648)
      • DUMeter.exe (PID: 1144)
      • taskkill.exe (PID: 832)
      • taskkill.exe (PID: 2444)
      • du.meter.7.x-patch.exe (PID: 3808)
      • DUMeterSvc.exe (PID: 2988)
      • DUMeter.exe (PID: 2200)
      • DUMeter.exe (PID: 3240)

    • Creates files in the program directory

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • DUMeterSvc.exe (PID: 1428)
      • DUMeterSvc.exe (PID: 4012)
      • du.meter.7.x-patch.exe (PID: 3808)
      • DUMeterSvc.exe (PID: 2988)

    • Reads the machine GUID from the registry

      • DUMeterSvc.exe (PID: 1428)
      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)
      • DUMeter.exe (PID: 1144)
      • DUMeter.exe (PID: 3648)
      • DUMeterSvc.exe (PID: 4012)
      • taskkill.exe (PID: 832)
      • taskkill.exe (PID: 2444)
      • DUMeterSvc.exe (PID: 2988)
      • DUMeter.exe (PID: 3240)
      • DUMeter.exe (PID: 2200)

    • Creates a software uninstall entry

      • DU.Meter.7.30.Build.4769_Soft98.iR.tmp (PID: 936)

    • Checks proxy server information

      • DUMeter.exe (PID: 3648)

    • Process checks computer location settings

      • DUMeter.exe (PID: 1144)
      • DUMeter.exe (PID: 3648)
      • DUMeter.exe (PID: 2200)
      • DUMeter.exe (PID: 3240)

    • Creates files or folders in the user directory

      • DUMeter.exe (PID: 3648)

    • Reads the software policy settings

      • DUMeter.exe (PID: 3648)

    • UPX packer has been detected

      • du.meter.7.x-patch.exe (PID: 3808)

    • Reads CPU info

      • DUMeterSvc.exe (PID: 2988)

    • Reads the time zone

      • DUMeterSvc.exe (PID: 2988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 6434142
UncompressedSize: 6498288
OperatingSystem: Win32
ModifyDate: 2018:02:11 12:35:16
PackingMethod: Good Compression
ArchivedFileName: DU.Meter.7.30.Build.4769\DU.Meter.7.30.Build.4769_Soft98.iR.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
78
Monitored processes
24
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe no specs winrar.exe du.meter.7.30.build.4769_soft98.ir.exe du.meter.7.30.build.4769_soft98.ir.tmp no specs du.meter.7.30.build.4769_soft98.ir.exe du.meter.7.30.build.4769_soft98.ir.tmp regsvr32.exe no specs dumetersvc.exe no specs winrar.exe dumetersvc.exe no specs dumeter.exe dumeter.exe du.meter.7.x-patch.exe no specs THREAT du.meter.7.x-patch.exe taskkill.exe no specs taskkill.exe no specs regedit.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs dumetersvc.exe no specs dumeter.exe no specs dumeter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769 (1).rar" C:\Users\admin\Desktop\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
832"C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\taskkill.exe" /F /IM DUMeter.exeC:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\taskkill.exedu.meter.7.x-patch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Kill Process
Exit code:
128
Version:
5.1.2600.5512 (xpsp.080413-2105)
Modules
Images
c:\users\admin\desktop\du.meter.7.30.build.4769\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
936"C:\Users\admin\AppData\Local\Temp\is-N0OH6.tmp\DU.Meter.7.30.Build.4769_Soft98.iR.tmp" /SL5="$501C8,6035441,119296,C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\DU.Meter.7.30.Build.4769_Soft98.iR.exe" /SPAWNWND=$401C6 /NOTIFYWND=$20220 C:\Users\admin\AppData\Local\Temp\is-N0OH6.tmp\DU.Meter.7.30.Build.4769_Soft98.iR.tmp
DU.Meter.7.30.Build.4769_Soft98.iR.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-n0oh6.tmp\du.meter.7.30.build.4769_soft98.ir.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1144"C:\Program Files\DU Meter\DUMeter.exe" /regserverC:\Program Files\DU Meter\DUMeter.exe
DU.Meter.7.30.Build.4769_Soft98.iR.tmp
User:
admin
Company:
Hagel Technologies Ltd.
Integrity Level:
HIGH
Description:
DU Meter Monitor
Exit code:
0
Version:
7.30
Modules
Images
c:\program files\du meter\dumeter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1428"C:\Program Files\DU Meter\DUMeterSvc.exe" /reinstallC:\Program Files\DU Meter\DUMeterSvc.exeDU.Meter.7.30.Build.4769_Soft98.iR.tmp
User:
admin
Company:
Hagel Technologies Ltd.
Integrity Level:
HIGH
Description:
DU Meter Service
Exit code:
0
Version:
7.30
Modules
Images
c:\program files\du meter\dumetersvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1808"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\Patch 7.x.rar" C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2036"C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\DU.Meter.7.30.Build.4769_Soft98.iR.exe" /SPAWNWND=$401C6 /NOTIFYWND=$20220 C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\DU.Meter.7.30.Build.4769_Soft98.iR.exe
DU.Meter.7.30.Build.4769_Soft98.iR.tmp
User:
admin
Company:
Hagel Technologies Ltd.
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
7.30
Modules
Images
c:\users\admin\desktop\du.meter.7.30.build.4769\du.meter.7.30.build.4769_soft98.ir.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2060"C:\Windows\regedit.exe" /s "C:\Users\admin\AppData\Local\Temp\\regpatch.reg"C:\Windows\regedit.exedu.meter.7.x-patch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2200"C:\Program Files\DU Meter\DUMeter.exe" C:\Program Files\DU Meter\DUMeter.exeexplorer.exe
User:
admin
Company:
Hagel Technologies Ltd.
Integrity Level:
MEDIUM
Description:
DU Meter Monitor
Exit code:
0
Version:
7.30
Modules
Images
c:\program files\du meter\dumeter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2304"C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\du.meter.7.x-patch.exe" C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\du.meter.7.x-patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\du.meter.7.30.build.4769\du.meter.7.x-patch.exe
c:\windows\system32\ntdll.dll
Total events
16 328
Read events
15 979
Write events
332
Delete events
17

Modification events

(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3568) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\DU.Meter.7.30.Build.4769 (1).rar
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3568) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
28
Suspicious files
91
Text files
91
Unknown types
43

Dropped files

PID
Process
Filename
Type
3224WinRAR.exeC:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\DU.Meter.7.30.Build.4769_Soft98.iR.exe
MD5:
SHA256:
540WinRAR.exeC:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\Soft98.iR.urltext
MD5:3DDF222B0633A83ECD9F4DD34F1D3FD3
SHA256:CD49C8C8A991A045E07E301C17735760A6C0C4EF533882C48A7F1D9AF6FC8582
2036DU.Meter.7.30.Build.4769_Soft98.iR.exeC:\Users\admin\AppData\Local\Temp\is-N0OH6.tmp\DU.Meter.7.30.Build.4769_Soft98.iR.tmpexecutable
MD5:B3B2BFF0E1928612F6B97D90898570A8
SHA256:2056F24FC37E52987885EA78DABCAE4575C0CE52A54CCC036CCACAE5768DFD89
540WinRAR.exeC:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\انجمن حل مشکلات نرم افزاری.urltext
MD5:936279F5ED2C3518760FB0F7296A3E85
SHA256:51D90AE4451D3B1FAF7A26F79C09EA9A2397797C4402BA02635E69B50845863F
936DU.Meter.7.30.Build.4769_Soft98.iR.tmpC:\Users\admin\AppData\Local\Temp\is-VDR4S.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
540WinRAR.exeC:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\DU.Meter.7.30.Build.4769_Soft98.iR.exeexecutable
MD5:C43C019BA3B6C183B7997A389D709F95
SHA256:2C707CE4625FCA8CC8CCA81EEDB7ABBEF1EDF13D0230F1EE5CBD81D3C6746F1B
540WinRAR.exeC:\Users\admin\Desktop\DU.Meter.7.30.Build.4769\Patch 7.x.rarcompressed
MD5:6F9681A642EB7ADA897AB905DB736B2A
SHA256:576A5456BC455B2F4426F4FC081CF19CFA06376FE073AC276160569C455C1E09
936DU.Meter.7.30.Build.4769_Soft98.iR.tmpC:\Program Files\DU Meter\is-DJMP2.tmpexecutable
MD5:AE93DE206C77D92C8C712C4DDA9999CD
SHA256:7FA117D1DAAB4EE559BC82503CD41AD6566D3DB5A1A5566056F609577775B89F
936DU.Meter.7.30.Build.4769_Soft98.iR.tmpC:\Program Files\DU Meter\DUMeterSvc.exeexecutable
MD5:AE93DE206C77D92C8C712C4DDA9999CD
SHA256:7FA117D1DAAB4EE559BC82503CD41AD6566D3DB5A1A5566056F609577775B89F
936DU.Meter.7.30.Build.4769_Soft98.iR.tmpC:\Program Files\DU Meter\Locale\de\LC_MESSAGES\is-N28IN.tmpgmo
MD5:072649605ABDDA08E15CE87DCC930B64
SHA256:D05AD9CF95F3F5ED799AFE087EF5A3D8C90B49060C231A37FE0BA617F84B079A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
15
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1060
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a9f83325acc8ca75
unknown
unknown
3648
DUMeter.exe
POST
200
192.18.158.175:80
http://www.hageltech.com/service/software_version_check?protocol_version=1&product=du&ver=7.304769&lang=en&iid=51108968399443b893a2b2aeb004d735&edl=30
unknown
unknown
3648
DUMeter.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d55a953f429eeaed
unknown
unknown
3648
DUMeter.exe
GET
200
2.23.197.184:80
http://x1.c.lencr.org/
unknown
unknown
3648
DUMeter.exe
GET
200
95.101.54.195:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSu%2FQIst%2FNFToesbiQzLynaPw%3D%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1372
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
svchost.exe
2.16.164.72:80
crl.microsoft.com
Akamai International B.V.
NL
unknown
1372
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
unknown
1060
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3648
DUMeter.exe
192.18.158.175:80
www.hageltech.com
ORACLE-BMC-31898
CA
unknown
3648
DUMeter.exe
192.18.158.175:443
www.hageltech.com
ORACLE-BMC-31898
CA
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
crl.microsoft.com
  • 2.16.164.72
  • 2.16.164.120
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
www.hageltech.com
  • 192.18.158.175
unknown
x1.c.lencr.org
  • 2.23.197.184
whitelisted
r3.o.lencr.org
  • 95.101.54.195
  • 95.101.54.107
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DU.Meter.7.30.Build.4769 (1).rar