File name:

jetbrains-activator.exe

Full analysis: https://app.any.run/tasks/a59da2ce-931f-48a9-8569-6e4e60d384f9
Verdict: Malicious activity
Analysis date: November 08, 2024, 09:07:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

9DFF2CDB371334619B15372AA3F6085C

SHA1:

EA651AF34BFE2052668E37BCD3F60696EBAFFA1C

SHA256:

3E52C0B97F67287C212E5BC779B0E7DD843FB0DF2EF11B74E1891898D492782C

SSDEEP:

98304:ScTE9EF5E3hzztBDbkGp2RIUR9gdK615JLeHmi+l4m08qqo0VBjLt3fFV4Ar2IIi:C+693MbDJIxny/h9CM/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • jetbrains-activator.exe (PID: 6660)

    • Application launched itself

      • jetbrains-activator.exe (PID: 6660)

    • Executes as Windows Service

      • AGSService.exe (PID: 3732)
      • AGSService.exe (PID: 7164)
      • AGSService.exe (PID: 5660)
      • AGSService.exe (PID: 2000)

    • Executable content was dropped or overwritten

      • jetbrains-activator.exe (PID: 1764)

  • INFO

    • Checks supported languages

      • jetbrains-activator.exe (PID: 6660)

    • Reads the computer name

      • jetbrains-activator.exe (PID: 6660)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:02:01 22:17:42+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 9542656
InitializedDataSize: 9126400
UninitializedDataSize: -
EntryPoint: 0x8d77e8
OSVersion: 6
ImageVersion: 11
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 11.0.0.49893
ProductVersionNumber: 11.0.0.49893
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: -
FileDescription: -
FileVersion: 11.0.0.49893
LegalCopyright: -
OriginalFileName: jetbrains-activator.exe
ProductName: jetbrains-activator
ProductVersion: 11.0.0.49893
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
119
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start jetbrains-activator.exe no specs jetbrains-activator.exe agsservice.exe no specs agsservice.exe no specs agsservice.exe no specs agsservice.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1764"C:\Users\admin\Desktop\jetbrains-activator.exe" "C:\Users\admin\Desktop\jetbrains-activator.exe"C:\Users\admin\Desktop\jetbrains-activator.exe
jetbrains-activator.exe
User:
admin
Integrity Level:
HIGH
Version:
11.0.0.49893
Modules
Images
c:\users\admin\desktop\jetbrains-activator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2000"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exeservices.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
4294967295
Modules
Images
c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3732"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exeservices.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
4294967295
Modules
Images
c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5660"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exeservices.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
4294967295
Modules
Images
c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6660"C:\Users\admin\Desktop\jetbrains-activator.exe" C:\Users\admin\Desktop\jetbrains-activator.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
11.0.0.49893
Modules
Images
c:\users\admin\desktop\jetbrains-activator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
7164"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exeservices.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
4294967295
Modules
Images
c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
7 099
Read events
7 021
Write events
76
Delete events
2

Modification events

(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0400000000000000030000000E000000100000000F0000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:writeName:MRUListEx
Value:
010000000000000004000000050000000200000003000000FFFFFFFF
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell
Operation:writeName:SniffedFolderType
Value:
Generic
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
96
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\lnk
Operation:writeName:1
Value:
14001F50E04FD020EA3A6910A2D808002B30309D14002E803ACCBFB42CDB4C42B0297FE99A87C641700032000D0800004658D968200041444F4245417E312E4C4E4B0000540009000400EFBE4658D9686859FB482E0000000168000000000F0000000000000000000000000000001C452400410064006F006200650020004100630072006F006200610074002E006C006E006B0000001C000000
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\lnk
Operation:writeName:MRUListEx
Value:
0100000000000000FFFFFFFF
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
Operation:writeName:7
Value:
14001F50E04FD020EA3A6910A2D808002B30309D14002E803ACCBFB42CDB4C42B0297FE99A87C641700032000D0800004658D968200041444F4245417E312E4C4E4B0000540009000400EFBE4658D9686859FB482E0000000168000000000F0000000000000000000000000000001C452400410064006F006200650020004100630072006F006200610074002E006C006E006B0000001C000000
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
Operation:writeName:MRUListEx
Value:
0700000006000000050000000400000003000000020000000100000000000000FFFFFFFF
(PID) Process:(6660) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:Mode
Value:
4
Executable files
7
Suspicious files
2
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
1764jetbrains-activator.exeC:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.vmoptionstext
MD5:178940502D8B29091B03E6D10A762FF9
SHA256:3F892713005DCFF187EA3E5EDBF7EDBAA259B225AA4A0E37B6D597BF5E94C909
1764jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\native.jarjava
MD5:D53081E7676F669061695827209B0FBD
SHA256:88E419764B31134E74E4A968015F6F80DA497EEFCD4AEFF77D7C2CE57CB5EFCD
1764jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\dns.jarjava
MD5:4F3C516C1704A5569725246D57DD1AE7
SHA256:D1150B1831B112B93D74A34A10CE6C11606E0D2255D532C29F91F1D92B40A552
1764jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\power.jarjava
MD5:D8711B73BC0507DBDC841B098AF99787
SHA256:7819E5B968CE5EA2E638E53D84089D35E89E9EA3088F18F8DBF6DD38D14AB25A
1764jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\hideme.jarjava
MD5:CDAB6A30B0949A741F13935F5483C303
SHA256:FA14C735AB9FED3F3A5DF0DC78A5D38AE0A146099DDC858197E9F528BD996C40
6660jetbrains-activator.exeC:\Users\admin\Desktop\Adobe Acrobat.lnkbinary
MD5:2EE9DED37A2985C8F8D2FFB99F8C16AA
SHA256:B1F06C0DC671BC0E6F75B7A14A7A639E3346E4999652E5C5F4F3FAE7FC34F3F1
1764jetbrains-activator.exeC:\ja-netfilter-files\config-jetbrains\power.conftext
MD5:25E529ACCB85415C8C2B40FCE1AB65F5
SHA256:05C70700CB0A3E8E7C596205CEBE7284B2F7FBDF5F6BEEB4424730A753239701
1764jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\url.jarjava
MD5:6B181E5B8255DB4CD9BEB1C6AF5F420E
SHA256:CE5A83AEE31153CCA30274AC94467B316EDEA8CB28ACF72F52F5A72D455B1B43
1764jetbrains-activator.exeC:\ja-netfilter-files\ja-netfilter.jarjava
MD5:2FA1B1364515DCE93EB67C423B570DEB
SHA256:3ACC4E9D91793F6909458A4761B75B6DA45C8868E75DCA33C9FEC63659202995
1764jetbrains-activator.exeC:\ja-netfilter-files\config-jetbrains\url.conftext
MD5:FEA2BFBEDDA20D5AD9429F537E15F4CE
SHA256:88E1DCA8019AD412CF2C6FBD947A83786CFFC7B32F1EE35594D25D1F38FAE5F8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
23
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
304
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
204
104.126.37.162:443
https://www.bing.com/threshold/xls.aspx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.206
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
www.bing.com
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.181
  • 2.23.209.175
  • 2.23.209.185
  • 2.23.209.161
  • 2.23.209.177
  • 2.23.209.176
  • 2.23.209.183
whitelisted
self.events.data.microsoft.com
  • 20.189.173.4
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
jetbrains-activator.exe