Malware analysis Jetclean.exe Malicious activity | ANY.RUN

Add for printing

File name:	Jetclean.exe
Full analysis:	https://app.any.run/tasks/6203a062-8ed6-4142-96ab-2101d7b2bc81
Verdict:	Malicious activity
Analysis date:	December 19, 2023, 01:31:17
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	B787B916CB498375501D8CA9657FDD3C
SHA1:	625E8236EAD1466805257803E69CEA7EDDF41F8E
SHA256:	4F704F0F1DA17915CD151B303268ADDF870A9B7BDFC2803F3AED64B6F66D7147
SSDEEP:	98304:3A0byZlK4Klfib3Qw6ydQgCuaKdSdxTrQubOvfq1y7QO9++DEasCDnmw0D+0U6gu:UazkTgecnN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Actions looks like stealing of personal data
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Steals credentials from Web Browsers
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Drops the executable file immediately after the start
  - Jetclean.exe (PID: 124)
  - Jetclean.exe (PID: 268)
  - Jetclean.tmp (PID: 668)
  - JetCleanInit.exe (PID: 2344)
- Connects to the CnC server
  - Jetclean.tmp (PID: 668)
- Registers / Runs the DLL via REGSVR32.EXE
  - JetCleanInit.exe (PID: 2344)
- Scans artifacts that could help determine the target
  - JetClean.exe (PID: 2588)
SUSPICIOUS
- Reads the Windows owner or organization settings
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Process drops legitimate windows executable
  - Jetclean.tmp (PID: 668)
- Reads the Internet Settings
  - Jetclean.tmp (PID: 668)
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - JetCleanInit.exe (PID: 2344)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads Microsoft Outlook installation path
  - ToolbarAcceptRate.exe (PID: 1864)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads Internet Explorer settings
  - ToolbarAcceptRate.exe (PID: 1864)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Checks Windows Trust Settings
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads security settings of Internet Explorer
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads browser cookies
  - JetClean.exe (PID: 2588)
- Reads settings of System Certificates
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- The process verifies whether the antivirus software is installed
  - JetClean.exe (PID: 2588)
- Reads Mozilla Firefox installation path
  - JetClean.exe (PID: 2588)
- Checks for the .NET to be installed
  - JetClean.exe (PID: 2588)
- Searches for installed software
  - JetClean.exe (PID: 2588)
- Checks for Java to be installed
  - JetClean.exe (PID: 2588)
- Accesses Microsoft Outlook profiles
  - JetClean.exe (PID: 2588)
- Reads the history of recent RDP connections
  - JetClean.exe (PID: 2588)
INFO
- Create files in a temporary directory
  - Jetclean.exe (PID: 124)
  - Jetclean.exe (PID: 268)
  - Jetclean.tmp (PID: 668)
  - bluesprigToolbar-stub-1.exe (PID: 712)
- Checks supported languages
  - Jetclean.exe (PID: 124)
  - Upgrade.exe (PID: 1040)
  - Jetclean.tmp (PID: 1432)
  - Jetclean.exe (PID: 268)
  - Jetclean.tmp (PID: 668)
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - JetCleanInit.exe (PID: 2344)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
  - AutoUpdate.exe (PID: 2292)
- Reads the computer name
  - Jetclean.tmp (PID: 668)
  - Upgrade.exe (PID: 1040)
  - Jetclean.tmp (PID: 1432)
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - JetCleanInit.exe (PID: 2344)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
  - AutoUpdate.exe (PID: 2292)
- Checks proxy server information
  - Jetclean.tmp (PID: 668)
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads the machine GUID from the registry
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Creates files or folders in the user directory
  - ToolbarAcceptRate.exe (PID: 1864)
  - Install.exe (PID: 2248)
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Creates files in the program directory
  - Jetclean.tmp (PID: 668)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
  - AutoUpdate.exe (PID: 2292)
- Reads CPU info
  - JetClean.exe (PID: 2588)
- Process checks computer location settings
  - JetClean.exe (PID: 2588)
- Reads mouse settings
  - JetClean.exe (PID: 2588)
- Process checks Internet Explorer phishing filters
  - JetClean.exe (PID: 2588)
- Checks transactions between databases Windows and Oracle
  - JetClean.exe (PID: 2588)
- Reads product name
  - JetClean.exe (PID: 2588)
- Reads Environment values
  - JetClean.exe (PID: 2588)
- Reads Windows Product ID
  - JetClean.exe (PID: 2588)
- Process checks the number of cached credentials
  - JetClean.exe (PID: 2588)
- Process checks are UAC notifies on
  - JetClean.exe (PID: 2588)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (77.7)
.exe	\|	Win32 Executable Delphi generic (10)
.dll	\|	Win32 Dynamic Link Library (generic) (4.6)
.exe	\|	Win32 Executable (generic) (3.1)
.exe	\|	Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2012:07:09 15:41:29+02:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	86016
InitializedDataSize:	66560
UninitializedDataSize:	-
EntryPoint:	0x16478
OSVersion:	5
ImageVersion:	6
SubsystemVersion:	5
Subsystem:	Windows GUI
FileVersionNumber:	1.5.0.0
ProductVersionNumber:	1.5.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:	BlueSprig
FileDescription:	JetClean Setup
FileVersion:	1.5.0.0
LegalCopyright:	Copyright © 2011-2013
ProductName:	JetClean
ProductVersion:	1.5.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

124

"C:\Users\admin\AppData\Local\Temp\Jetclean.exe"

C:\Users\admin\AppData\Local\Temp\Jetclean.exe

—

explorer.exe

User:

admin

Company:

BlueSprig

Integrity Level:

MEDIUM

Description:

JetClean Setup

Exit code:

Version:

1.5.0.0

Modules

Images
c:\users\admin\appdata\local\temp\jetclean.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

268

"C:\Users\admin\AppData\Local\Temp\Jetclean.exe" /SPAWNWND=$401B2 /NOTIFYWND=$301AA

C:\Users\admin\AppData\Local\Temp\Jetclean.exe

Jetclean.tmp

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Description:

JetClean Setup

Exit code:

Version:

1.5.0.0

Modules

Images
c:\users\admin\appdata\local\temp\jetclean.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

668

"C:\Users\admin\AppData\Local\Temp\is-NFN6F.tmp\Jetclean.tmp" /SL5="$501AC,3913143,153600,C:\Users\admin\AppData\Local\Temp\Jetclean.exe" /SPAWNWND=$401B2 /NOTIFYWND=$301AA

C:\Users\admin\AppData\Local\Temp\is-NFN6F.tmp\Jetclean.tmp

Jetclean.exe

User:

admin

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-nfn6f.tmp\jetclean.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

712

"C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\bluesprigToolbar-stub-1.exe" /S /V"/qn CHANNEL_ID=925777 D_WSD=1 SSC=1 GCDEA=1 GCSA=1 GCSE=1 HP=1" /UM"http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi"

C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\bluesprigToolbar-stub-1.exe

Jetclean.tmp

User:

admin

Company:

Spigot, Inc.

Integrity Level:

HIGH

Description:

Setup Launcher Unicode

Exit code:

Version:

7.2

Modules

Images
c:\users\admin\appdata\local\temp\is-dhpkb.tmp\bluesprigtoolbar-stub-1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1040

"C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\Upgrade.exe" /Upgrade

C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\Upgrade.exe

—

Jetclean.tmp

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Description:

JetClean Upgrade Programe

Exit code:

Version:

1.0.6.6

Modules

Images
c:\users\admin\appdata\local\temp\is-dhpkb.tmp\upgrade.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1432

"C:\Users\admin\AppData\Local\Temp\is-3CFSM.tmp\Jetclean.tmp" /SL5="$301AA,3913143,153600,C:\Users\admin\AppData\Local\Temp\Jetclean.exe"

C:\Users\admin\AppData\Local\Temp\is-3CFSM.tmp\Jetclean.tmp

—

Jetclean.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-3cfsm.tmp\jetclean.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1864

"C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\ToolbarAcceptRate.exe" 1 925777

C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\ToolbarAcceptRate.exe

Jetclean.tmp

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\is-dhpkb.tmp\toolbaracceptrate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

2248

"C:\Program Files\BlueSprig\JetClean\Install.exe"

C:\Program Files\BlueSprig\JetClean\Install.exe

Jetclean.tmp

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Exit code:

Version:

1.0.0.10

Modules

Images
c:\program files\bluesprig\jetclean\install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bluesprig\jetclean\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2292

"C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe" /Check

C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe

JetClean.exe

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Description:

JetClean Updater

Exit code:

Version:

1.0.9.141

Modules

Images
c:\program files\bluesprig\jetclean\autoupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bluesprig\jetclean\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2300

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\BlueSprig\JetClean\JetCleanExtMenu.dll"

C:\Windows\System32\regsvr32.exe

—

JetCleanInit.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

60 342

Read events

60 238

Write events

104

Delete events

Modification events


(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
124	Jetclean.exe	C:\Users\admin\AppData\Local\Temp\is-3CFSM.tmp\Jetclean.tmp		executable
		MD5:4BA02A2F64504261FCA1AD62CDCFA651	SHA256:6B1506A2BCD8AF3AA3E2D97C35D86D520C98577E9F6475B71AFBD76578308C62
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\_isetup\_shfoldr.dll		executable
		MD5:92DC6EF532FBB4A5C3201469A5B5EB63	SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\getCountry		text
		MD5:3A52F3C22ED6FCDE5BF696A6C02C9E73	SHA256:6814EF46F686990CF4E946F966167B0507E1D642C44E51F61BFFB0BBA2D4672B
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\itdownload.dll		executable
		MD5:DEE52C28FB4198CC702F3C379C5E982B	SHA256:E005BC8003CA90903F021DF51C9AF6D35B750E67799ECBABED0AF71BA54A4231
268	Jetclean.exe	C:\Users\admin\AppData\Local\Temp\is-NFN6F.tmp\Jetclean.tmp		executable
		MD5:4BA02A2F64504261FCA1AD62CDCFA651	SHA256:6B1506A2BCD8AF3AA3E2D97C35D86D520C98577E9F6475B71AFBD76578308C62
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\RdZone.dll		executable
		MD5:61AD4BFDB2885D3497596DFAD2889C9A	SHA256:4AE86843FBB76C8A9BC3C364F85EC8EC1727556970E7ED5C2D31868E631C3162
712	bluesprigToolbar-stub-1.exe	C:\Users\admin\AppData\Local\Temp\{2E596077-3F8A-4FF4-BF20-DEBD1AF14E16}\Setup.INI		text
		MD5:CF2836EC0962ECCA8E8085A53BB73629	SHA256:294BEDBCCF9A7B68CAAEC45089D9587A4715675634A206F72AC69C9BAD0E16A3
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\bluesprigToolbar-stub-1.exe		executable
		MD5:5AB8FD011AA0BA8C335936CAAD03B08B	SHA256:BCB98161A6EFFDBFCA627547FC6307B86BA40F43E142C13E3C43E4A9B9F5068E
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\ToolbarAcceptRate.exe		executable
		MD5:CA0C64A36FDF69E6B916A8906E9AE9A4	SHA256:8C051D485A974D7C9B2F834EF463A9C0489F76A6F5BE48067C45BBBC85051D27
712	bluesprigToolbar-stub-1.exe	C:\Users\admin\AppData\Local\Temp\{2E596077-3F8A-4FF4-BF20-DEBD1AF14E16}\0x0409.ini		text
		MD5:BE345D0260AE12C5F2F337B17E07C217	SHA256:E994689A13B9448C074F9B471EDEEC9B524890A0D82925E98AB90B658016D8F3

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2248	Install.exe	GET	200	184.24.77.194:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a75bb86b5190f439	unknown	compressed	4.66 Kb	unknown
2248	Install.exe	GET	200	184.24.77.194:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5507f402ec456380	unknown	compressed	4.66 Kb	unknown
2248	Install.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D	unknown	binary	471 b	unknown
2248	Install.exe	GET	200	142.250.186.131:80	http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCZXmpIP%2Bo%2BHhJmodADfw%2Fc	unknown	binary	472 b	unknown
2248	Install.exe	GET	200	199.46.34.145:80	http://www.bluesprig.com/cms/includes/zcs5q4lyo71.2309131409404.css	unknown	text	37.5 Kb	unknown
668	Jetclean.tmp	GET	200	18.219.121.101:80	http://api.mybrowserbar.com/cgi/getcountry.cgi	unknown	text	2 b	unknown
1864	ToolbarAcceptRate.exe	GET	200	18.219.121.101:80	http://www.mybrowserbar.com/images/pixel.gif?tb=1&cnid=925777	unknown	image	1.07 Kb	unknown
712	bluesprigToolbar-stub-1.exe	GET	404	18.219.121.101:80	http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi	unknown	html	196 b	unknown
712	bluesprigToolbar-stub-1.exe	GET	404	18.219.121.101:80	http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi	unknown	html	196 b	unknown
712	bluesprigToolbar-stub-1.exe	GET	404	18.219.121.101:80	http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi	unknown	html	196 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
668	Jetclean.tmp	18.219.121.101:80	api.mybrowserbar.com	AMAZON-02	US	unknown
1864	ToolbarAcceptRate.exe	18.219.121.101:80	api.mybrowserbar.com	AMAZON-02	US	unknown
712	bluesprigToolbar-stub-1.exe	18.219.121.101:80	api.mybrowserbar.com	AMAZON-02	US	unknown
2248	Install.exe	199.46.34.145:80	www.bluesprig.com	Akamai International B.V.	US	unknown
2248	Install.exe	142.250.185.168:443	www.googletagmanager.com	GOOGLE	US	unknown
2248	Install.exe	157.240.253.1:80	connect.facebook.net	FACEBOOK	DE	unknown
2248	Install.exe	157.240.253.1:443	connect.facebook.net	FACEBOOK	DE	unknown

DNS requests

Domain	IP	Reputation
api.mybrowserbar.com	18.219.121.101 3.131.219.123	unknown
www.mybrowserbar.com	18.219.121.101 3.131.219.123	malicious
download.mybrowserbar.com	18.219.121.101 3.131.219.123	unknown
www.bluesprig.com	199.46.34.145	unknown
www.googletagmanager.com	142.250.185.168	whitelisted
connect.facebook.net	157.240.253.1	whitelisted
ctldl.windowsupdate.com	184.24.77.194 184.24.77.202	whitelisted
ocsp.pki.goog	142.250.186.131	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
download.bluesprig.com	—	unknown

Threats

Found threats are available for the paid subscriptions

3 ETPRO signatures available at the full report

Add for printing

Process	Message
JetCleanInit.exe	/s "C:\Program Files\BlueSprig\JetClean\JetCleanExtMenu.dll"
JetCleanInit.exe	Not OS 64
JetCleanInit.exe	42
JetClean.exe	WaitForExplorer
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97

General Info

Jetclean.exe

B787B916CB498375501D8CA9657FDD3C

625E8236EAD1466805257803E69CEA7EDDF41F8E

4F704F0F1DA17915CD151B303268ADDF870A9B7BDFC2803F3AED64B6F66D7147

98304:3A0byZlK4Klfib3Qw6ydQgCuaKdSdxTrQubOvfq1y7QO9++DEasCDnmw0D+0U6gu:UazkTgecnN

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Actions looks like stealing of personal data

Steals credentials from Web Browsers

Drops the executable file immediately after the start

Connects to the CnC server

Registers / Runs the DLL via REGSVR32.EXE

Scans artifacts that could help determine the target

SUSPICIOUS

Reads the Windows owner or organization settings

Process drops legitimate windows executable

Reads the Internet Settings

Reads Microsoft Outlook installation path

Reads Internet Explorer settings

Checks Windows Trust Settings

Reads security settings of Internet Explorer

Reads browser cookies

Reads settings of System Certificates

The process verifies whether the antivirus software is installed

Reads Mozilla Firefox installation path

Checks for the .NET to be installed

Searches for installed software

Checks for Java to be installed

Accesses Microsoft Outlook profiles

Reads the history of recent RDP connections

INFO

Create files in a temporary directory

Checks supported languages

Reads the computer name

Checks proxy server information

Reads the machine GUID from the registry

Creates files or folders in the user directory

Creates files in the program directory

Reads CPU info

Process checks computer location settings

Reads mouse settings

Process checks Internet Explorer phishing filters

Checks transactions between databases Windows and Oracle

Reads product name

Reads Environment values

Reads Windows Product ID

Process checks the number of cached credentials

Process checks are UAC notifies on

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules