URL:

http://www.litesmed.com/R+-l++/O7xu/g--F+++/setup.exe

Full analysis: https://app.any.run/tasks/0a8d5e00-ec0d-42bb-8ae3-81bcaf5b06a2
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 21, 2020, 21:21:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

88913DD77E70674247132DB871186480

SHA1:

FAC12D9374EB0A9B4B07733457C5E0996D85BFE8

SHA256:

DF99AD182385E1DA18366499C048327BC5D3623D03340EFDCAA04500A8718507

SSDEEP:

3:N1KJS4Sz2TK31SSKLRcW7L4A:Cc462TKISKn7L4A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • setup_0824817211.exe (PID: 2192)
      • setup_0824817211.exe (PID: 2448)
      • avastfreeantivirussetuponline.m.exe (PID: 1944)
      • setup.exe (PID: 3016)
      • avast_free_antivirus_setup_online.exe (PID: 4004)
      • instup.exe (PID: 2900)

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3276)
      • setup_0824817211.exe (PID: 2448)
      • avastfreeantivirussetuponline.m.exe (PID: 1944)

    • Loads dropped or rewritten executable

      • setup_0824817211.exe (PID: 2448)
      • instup.exe (PID: 2900)
      • setup.exe (PID: 3016)

    • Changes settings of System certificates

      • instup.exe (PID: 2900)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3276)
      • iexplore.exe (PID: 2856)
      • setup_0824817211.exe (PID: 2448)
      • avast_free_antivirus_setup_online.exe (PID: 4004)
      • avastfreeantivirussetuponline.m.exe (PID: 1944)
      • setup.exe (PID: 3016)

    • Cleans NTFS data-stream (Zone Identifier)

      • setup_0824817211.exe (PID: 2192)

    • Application launched itself

      • setup_0824817211.exe (PID: 2192)

    • Reads Environment values

      • setup_0824817211.exe (PID: 2448)

    • Reads internet explorer settings

      • setup_0824817211.exe (PID: 2448)

    • Creates files in the user directory

      • setup_0824817211.exe (PID: 2448)

    • Low-level read access rights to disk partition

      • avastfreeantivirussetuponline.m.exe (PID: 1944)
      • avast_free_antivirus_setup_online.exe (PID: 4004)
      • instup.exe (PID: 2900)

    • Starts Internet Explorer

      • setup_0824817211.exe (PID: 2448)

    • Creates files in the program directory

      • avast_free_antivirus_setup_online.exe (PID: 4004)

    • Creates files in the Windows directory

      • avastfreeantivirussetuponline.m.exe (PID: 1944)
      • avast_free_antivirus_setup_online.exe (PID: 4004)

    • Creates or modifies windows services

      • instup.exe (PID: 2900)

    • Adds / modifies Windows certificates

      • instup.exe (PID: 2900)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2856)
      • IEXPLORE.EXE (PID: 2852)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3276)
      • iexplore.exe (PID: 2856)
      • IEXPLORE.EXE (PID: 2852)
      • IEXPLORE.EXE (PID: 2660)

    • Changes internet zones settings

      • iexplore.exe (PID: 2856)
      • IEXPLORE.EXE (PID: 2852)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2856)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2856)
      • instup.exe (PID: 2900)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2856)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
10
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe setup_0824817211.exe no specs setup_0824817211.exe avastfreeantivirussetuponline.m.exe avast_free_antivirus_setup_online.exe setup.exe instup.exe iexplore.exe no specs iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1944"C:\Users\admin\AppData\Local\Temp\in1A1AEB34\41861BD4_stp\avastfreeantivirussetuponline.m.exe" /silent /psh:b1dKdi8MG38qDhoKKgpvDSkIGnw8TUo/JwweeSoOHHkrDB95KA0ZeSIOCCR8WEs5J394CklqCChoXR15Jw8beigNGHIiCh/+RwAAABo+Lks= /wsC:\Users\admin\AppData\Local\Temp\in1A1AEB34\41861BD4_stp\avastfreeantivirussetuponline.m.exe
setup_0824817211.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Exit code:
0
Version:
2.1.1252.0
Modules
Images
c:\users\admin\appdata\local\temp\in1a1aeb34\41861bd4_stp\avastfreeantivirussetuponline.m.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2192"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\setup_0824817211.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\setup_0824817211.exeiexplore.exe
User:
admin
Company:
Komona
Integrity Level:
MEDIUM
Description:
Daforu Setup
Exit code:
0
Version:
5.0.2.7
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\setup_0824817211.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2448"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\setup_0824817211.exe" RSF /ppn:YWV4dQ0KChAjb3J1FQUI /ads:1 /mnlC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\setup_0824817211.exe
setup_0824817211.exe
User:
admin
Company:
Komona
Integrity Level:
HIGH
Description:
Daforu Setup
Exit code:
0
Version:
5.0.2.7
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\setup_0824817211.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2660"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2C:\Program Files\Internet Explorer\IEXPLORE.EXEIEXPLORE.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2852"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ic-dc.bestapplicationgift.com/pr/c118a262-a58e-11e6-96e8-02d572c616f1/typ_1.html?exld=101&exlg=884C:\Program Files\Internet Explorer\IEXPLORE.EXEsetup_0824817211.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2856"C:\Program Files\Internet Explorer\iexplore.exe" http://www.litesmed.com/R+-l++/O7xu/g--F+++/setup.exeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2900"C:\Windows\Temp\asw.dfb0b662f72864a8\instup.exe" /cookie:mmm_irs_ppi_002_451_m /edition:1 /ga_clientid:f7cb6f37-37ae-4ef3-b9f5-3514b83c8e4a /guid:bd336164-2bed-423e-b679-9a4aa83c037f /prod:ais /sfx:lite /sfxstorage:C:\Windows\Temp\asw.dfb0b662f72864a8 /silent /psh:b1dKdi8MG38qDhoKKgpvDSkIGnw8TUo/JwweeSoOHHkrDB95KA0ZeSIOCCR8WEs5J394CklqCChoXR15Jw8beigNGHIiCh/+RwAAABo+Lks= /ws /ga_clientid:f7cb6f37-37ae-4ef3-b9f5-3514b83c8e4a /edat_dir:C:\Windows\Temp\asw.e59ee47f9a2c3ecbC:\Windows\Temp\asw.dfb0b662f72864a8\instup.exe
avast_free_antivirus_setup_online.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Exit code:
0
Version:
19.8.4793.0
Modules
Images
c:\windows\temp\asw.dfb0b662f72864a8\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
3016"C:\Users\admin\Downloads\setup.exe" C:\Users\admin\Downloads\setup.exe
setup_0824817211.exe
User:
admin
Company:
AIMP DevTeam
Integrity Level:
HIGH
Description:
AIMP Classic
Exit code:
0
Version:
1.77.9
Modules
Images
c:\users\admin\downloads\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3276"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2856 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4004"C:\Windows\Temp\asw.e59ee47f9a2c3ecb\avast_free_antivirus_setup_online.exe" /silent /psh:b1dKdi8MG38qDhoKKgpvDSkIGnw8TUo/JwweeSoOHHkrDB95KA0ZeSIOCCR8WEs5J394CklqCChoXR15Jw8beigNGHIiCh/+RwAAABo+Lks= /ws /ga_clientid:f7cb6f37-37ae-4ef3-b9f5-3514b83c8e4a /edat_dir:C:\Windows\Temp\asw.e59ee47f9a2c3ecbC:\Windows\Temp\asw.e59ee47f9a2c3ecb\avast_free_antivirus_setup_online.exe
avastfreeantivirussetuponline.m.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Exit code:
0
Version:
19.8.4793.0
Modules
Images
c:\windows\temp\asw.e59ee47f9a2c3ecb\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
Total events
5 670
Read events
1 869
Write events
2 613
Delete events
1 188

Modification events

(PID) Process:(3276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2856) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
230514916
(PID) Process:(2856) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30796029
(PID) Process:(2856) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2856) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2856) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2856) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2856) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
13
Suspicious files
25
Text files
82
Unknown types
1

Dropped files

PID
Process
Filename
Type
3276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\setup_0824817211.exe.7fkn8kj.partial
MD5:
SHA256:
2856iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF28823633ED911A67.TMP
MD5:
SHA256:
2856iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\setup_0824817211.exe.7fkn8kj.partial:Zone.Identifier
MD5:
SHA256:
2448setup_0824817211.exeC:\Users\admin\AppData\Local\Temp\00A6C82A.log
MD5:
SHA256:
3276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\setup_0824817211[1].exeexecutable
MD5:
SHA256:
2856iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\setup_0824817211.exeexecutable
MD5:
SHA256:
2856iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{396BAD89-54F0-11EA-972D-5254004A04AF}.datbinary
MD5:
SHA256:
2448setup_0824817211.exeC:\Users\admin\AppData\Local\Temp\inH1093021855948\css\ie6_main.scsstext
MD5:E8C1FFDEC8BFEF529B990390C3754950
SHA256:CA7A913A79CAB828FC37F4732C0E0E7880EE4B3E9CFCE232043BC9B1E5CFD362
2448setup_0824817211.exeC:\Users\admin\AppData\Local\Temp\inH1093021855948\css\helpers\_clearfix.scsstext
MD5:ADD166BC071472DC105F4734D2DCF0E2
SHA256:75EBE8B4A4CBBAC0EB4DE35B60972452B4526C56EEFB5186DD40A92C70773377
2448setup_0824817211.exeC:\Users\admin\AppData\Local\Temp\inH1093021855948\css\helpers\_border.scsstext
MD5:681FB7EB197E8E7EBD89F828D1181FD6
SHA256:51E8AFA69ED6D92EB82F71939B0B8FD34EF23FAECEE457698238E5A4F28DF984
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
35
DNS requests
21
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2448
setup_0824817211.exe
HEAD
200
104.27.179.186:80
http://erewe.host/aimp_210218.exe
US
suspicious
2448
setup_0824817211.exe
HEAD
302
104.27.187.156:80
http://feyd.host/comp/27136/16/Roa4IzvivLaW1aOx7mdPhvlKpDZe0hO_Fsd7PRoje8J5THPnn6U-O-oqTcZJa54_fGWC7PEJLYxVg0gT1KRIAfQulhHFt5nacRjdmMDe9RtFg9j6emXNe6pj9SiTAs7r3CxoLr4BCQ9Lb0uLgON8YLfD7jTraXKNj6OooLr583ue_TLsSp-H1EmmBdC-8Br3gcYWIhgnX9wUmuoxJRoHgveDMSHqIZN208zgRkmBdTCeOv3UVj88EeiGgDkUiLmlts2EknhyZiFMvX4ewZjZRzT4Ii_0Qop6Z5fHf_k7RMM.exe?plataforma=c1&uo=daBVResRoe83FQlhezb0XR-2r71TJuD_jwuiTugTB5-Tr884zfx9Fuw_fT7UaV9IIGqu1AWwVbn0WiMd5dfQFQ&ud=daBVResRoe83FQlhezb0XR-2r71TJuD_jwuiTugTB5-Tr884zfx9Fuw_fT7UaV9IIGqu1AWwVbn0WiMd5dfQFQ
US
suspicious
3276
iexplore.exe
GET
200
13.224.96.107:80
http://www.litesmed.com/R+-l++/O7xu/g--F+++/setup.exe
US
executable
2.93 Mb
malicious
2448
setup_0824817211.exe
POST
200
52.215.31.191:80
http://gw.tixarerifhase.com/
IE
malicious
2448
setup_0824817211.exe
GET
200
192.96.201.162:80
http://portal.tixarerifhase.com/img/Tavasat/15Feb17/v2/EN.png
US
image
43.9 Kb
malicious
2856
iexplore.exe
GET
200
72.21.91.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2448
setup_0824817211.exe
POST
200
52.215.31.191:80
http://gw.tixarerifhase.com/
IE
malicious
2448
setup_0824817211.exe
POST
200
52.16.29.135:80
http://dev.tixarerifhase.com/
IE
text
2.56 Kb
malicious
2448
setup_0824817211.exe
POST
200
52.212.215.62:80
http://www4.tixarerifhase.com/
IE
binary
462 Kb
malicious
2448
setup_0824817211.exe
GET
200
104.27.179.186:80
http://erewe.host/aimp_210218.exe
US
executable
2.48 Mb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2448
setup_0824817211.exe
52.16.29.135:80
dev.tixarerifhase.com
Amazon.com, Inc.
IE
malicious
2448
setup_0824817211.exe
104.27.186.156:80
feyd.host
Cloudflare Inc
US
shared
2856
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2856
iexplore.exe
72.21.91.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2448
setup_0824817211.exe
52.212.215.62:80
www4.tixarerifhase.com
Amazon.com, Inc.
IE
malicious
2448
setup_0824817211.exe
192.96.201.162:80
portal.tixarerifhase.com
Leaseweb USA, Inc.
US
malicious
2448
setup_0824817211.exe
104.27.179.186:80
erewe.host
Cloudflare Inc
US
suspicious
2448
setup_0824817211.exe
104.27.187.156:80
feyd.host
Cloudflare Inc
US
suspicious
2856
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1944
avastfreeantivirussetuponline.m.exe
172.217.22.46:80
www.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.litesmed.com
  • 13.224.96.107
  • 13.224.96.37
  • 13.224.96.60
  • 13.224.96.79
malicious
gw.tixarerifhase.com
  • 52.215.31.191
  • 34.246.131.106
malicious
dev.tixarerifhase.com
  • 52.16.29.135
  • 52.19.168.111
  • 54.246.196.116
malicious
feyd.host
  • 104.27.186.156
  • 104.27.187.156
suspicious
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 72.21.91.29
  • 93.184.220.29
whitelisted
www4.tixarerifhase.com
  • 52.212.215.62
  • 52.50.98.206
  • 52.51.129.59
malicious
portal.tixarerifhase.com
  • 192.96.201.162
malicious
erewe.host
  • 104.27.179.186
  • 104.27.178.186
suspicious

Threats

PID
Process
Class
Message
3276
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3276
iexplore.exe
Misc activity
ET INFO EXE - Served Attached HTTP
2448
setup_0824817211.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
2448
setup_0824817211.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
2448
setup_0824817211.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
2448
setup_0824817211.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1944
avastfreeantivirussetuponline.m.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.litesmed.com/R+-l++/O7xu/g--F+++/setup.exe