Malware analysis Jetclean.exe Malicious activity | ANY.RUN

Add for printing

File name:	Jetclean.exe
Full analysis:	https://app.any.run/tasks/6203a062-8ed6-4142-96ab-2101d7b2bc81
Verdict:	Malicious activity
Analysis date:	December 19, 2023, 01:31:17
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	B787B916CB498375501D8CA9657FDD3C
SHA1:	625E8236EAD1466805257803E69CEA7EDDF41F8E
SHA256:	4F704F0F1DA17915CD151B303268ADDF870A9B7BDFC2803F3AED64B6F66D7147
SSDEEP:	98304:3A0byZlK4Klfib3Qw6ydQgCuaKdSdxTrQubOvfq1y7QO9++DEasCDnmw0D+0U6gu:UazkTgecnN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - Jetclean.exe (PID: 268)
  - JetCleanInit.exe (PID: 2344)
  - Jetclean.exe (PID: 124)
  - Jetclean.tmp (PID: 668)
- Steals credentials from Web Browsers
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Connects to the CnC server
  - Jetclean.tmp (PID: 668)
- Registers / Runs the DLL via REGSVR32.EXE
  - JetCleanInit.exe (PID: 2344)
- Actions looks like stealing of personal data
  - JetClean.exe (PID: 2588)
  - Jetclean.tmp (PID: 668)
- Scans artifacts that could help determine the target
  - JetClean.exe (PID: 2588)
SUSPICIOUS
- Process drops legitimate windows executable
  - Jetclean.tmp (PID: 668)
- Reads the Windows owner or organization settings
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Reads Microsoft Outlook installation path
  - ToolbarAcceptRate.exe (PID: 1864)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads the Internet Settings
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - JetCleanInit.exe (PID: 2344)
  - Install.exe (PID: 2248)
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Reads Internet Explorer settings
  - ToolbarAcceptRate.exe (PID: 1864)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Checks Windows Trust Settings
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads security settings of Internet Explorer
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads settings of System Certificates
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads browser cookies
  - JetClean.exe (PID: 2588)
- The process verifies whether the antivirus software is installed
  - JetClean.exe (PID: 2588)
- Checks for Java to be installed
  - JetClean.exe (PID: 2588)
- Checks for the .NET to be installed
  - JetClean.exe (PID: 2588)
- Reads Mozilla Firefox installation path
  - JetClean.exe (PID: 2588)
- Searches for installed software
  - JetClean.exe (PID: 2588)
- Reads the history of recent RDP connections
  - JetClean.exe (PID: 2588)
- Accesses Microsoft Outlook profiles
  - JetClean.exe (PID: 2588)
INFO
- Checks supported languages
  - Jetclean.tmp (PID: 668)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - ToolbarAcceptRate.exe (PID: 1864)
  - JetCleanInit.exe (PID: 2344)
  - Install.exe (PID: 2248)
  - Jetclean.tmp (PID: 1432)
  - Jetclean.exe (PID: 268)
  - Jetclean.exe (PID: 124)
  - JetClean.exe (PID: 2588)
  - Upgrade.exe (PID: 1040)
  - AutoUpdate.exe (PID: 2292)
- Checks proxy server information
  - Jetclean.tmp (PID: 668)
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Reads the computer name
  - Jetclean.tmp (PID: 668)
  - Upgrade.exe (PID: 1040)
  - Jetclean.tmp (PID: 1432)
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - JetCleanInit.exe (PID: 2344)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
  - AutoUpdate.exe (PID: 2292)
- Reads the machine GUID from the registry
  - ToolbarAcceptRate.exe (PID: 1864)
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
- Create files in a temporary directory
  - bluesprigToolbar-stub-1.exe (PID: 712)
  - Jetclean.exe (PID: 124)
  - Jetclean.exe (PID: 268)
  - Jetclean.tmp (PID: 668)
- Creates files or folders in the user directory
  - ToolbarAcceptRate.exe (PID: 1864)
  - Install.exe (PID: 2248)
  - Jetclean.tmp (PID: 668)
  - JetClean.exe (PID: 2588)
- Creates files in the program directory
  - Jetclean.tmp (PID: 668)
  - Install.exe (PID: 2248)
  - JetClean.exe (PID: 2588)
  - AutoUpdate.exe (PID: 2292)
- Reads mouse settings
  - JetClean.exe (PID: 2588)
- Process checks Internet Explorer phishing filters
  - JetClean.exe (PID: 2588)
- Reads CPU info
  - JetClean.exe (PID: 2588)
- Process checks computer location settings
  - JetClean.exe (PID: 2588)
- Reads Environment values
  - JetClean.exe (PID: 2588)
- Process checks are UAC notifies on
  - JetClean.exe (PID: 2588)
- Process checks the number of cached credentials
  - JetClean.exe (PID: 2588)
- Checks transactions between databases Windows and Oracle
  - JetClean.exe (PID: 2588)
- Reads product name
  - JetClean.exe (PID: 2588)
- Reads Windows Product ID
  - JetClean.exe (PID: 2588)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (77.7)
.exe	\|	Win32 Executable Delphi generic (10)
.dll	\|	Win32 Dynamic Link Library (generic) (4.6)
.exe	\|	Win32 Executable (generic) (3.1)
.exe	\|	Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2012:07:09 15:41:29+02:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	86016
InitializedDataSize:	66560
UninitializedDataSize:	-
EntryPoint:	0x16478
OSVersion:	5
ImageVersion:	6
SubsystemVersion:	5
Subsystem:	Windows GUI
FileVersionNumber:	1.5.0.0
ProductVersionNumber:	1.5.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:	BlueSprig
FileDescription:	JetClean Setup
FileVersion:	1.5.0.0
LegalCopyright:	Copyright © 2011-2013
ProductName:	JetClean
ProductVersion:	1.5.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

124

"C:\Users\admin\AppData\Local\Temp\Jetclean.exe"

C:\Users\admin\AppData\Local\Temp\Jetclean.exe

—

explorer.exe

User:

admin

Company:

BlueSprig

Integrity Level:

MEDIUM

Description:

JetClean Setup

Exit code:

Version:

1.5.0.0

Modules

Images
c:\users\admin\appdata\local\temp\jetclean.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

268

"C:\Users\admin\AppData\Local\Temp\Jetclean.exe" /SPAWNWND=$401B2 /NOTIFYWND=$301AA

C:\Users\admin\AppData\Local\Temp\Jetclean.exe

Jetclean.tmp

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Description:

JetClean Setup

Exit code:

Version:

1.5.0.0

Modules

Images
c:\users\admin\appdata\local\temp\jetclean.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

668

"C:\Users\admin\AppData\Local\Temp\is-NFN6F.tmp\Jetclean.tmp" /SL5="$501AC,3913143,153600,C:\Users\admin\AppData\Local\Temp\Jetclean.exe" /SPAWNWND=$401B2 /NOTIFYWND=$301AA

C:\Users\admin\AppData\Local\Temp\is-NFN6F.tmp\Jetclean.tmp

Jetclean.exe

User:

admin

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-nfn6f.tmp\jetclean.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

712

"C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\bluesprigToolbar-stub-1.exe" /S /V"/qn CHANNEL_ID=925777 D_WSD=1 SSC=1 GCDEA=1 GCSA=1 GCSE=1 HP=1" /UM"http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi"

C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\bluesprigToolbar-stub-1.exe

Jetclean.tmp

User:

admin

Company:

Spigot, Inc.

Integrity Level:

HIGH

Description:

Setup Launcher Unicode

Exit code:

Version:

7.2

Modules

Images
c:\users\admin\appdata\local\temp\is-dhpkb.tmp\bluesprigtoolbar-stub-1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1040

"C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\Upgrade.exe" /Upgrade

C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\Upgrade.exe

—

Jetclean.tmp

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Description:

JetClean Upgrade Programe

Exit code:

Version:

1.0.6.6

Modules

Images
c:\users\admin\appdata\local\temp\is-dhpkb.tmp\upgrade.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1432

"C:\Users\admin\AppData\Local\Temp\is-3CFSM.tmp\Jetclean.tmp" /SL5="$301AA,3913143,153600,C:\Users\admin\AppData\Local\Temp\Jetclean.exe"

C:\Users\admin\AppData\Local\Temp\is-3CFSM.tmp\Jetclean.tmp

—

Jetclean.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-3cfsm.tmp\jetclean.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1864

"C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\ToolbarAcceptRate.exe" 1 925777

C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\ToolbarAcceptRate.exe

Jetclean.tmp

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\is-dhpkb.tmp\toolbaracceptrate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

2248

"C:\Program Files\BlueSprig\JetClean\Install.exe"

C:\Program Files\BlueSprig\JetClean\Install.exe

Jetclean.tmp

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Exit code:

Version:

1.0.0.10

Modules

Images
c:\program files\bluesprig\jetclean\install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bluesprig\jetclean\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2292

"C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe" /Check

C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe

JetClean.exe

User:

admin

Company:

BlueSprig

Integrity Level:

HIGH

Description:

JetClean Updater

Exit code:

Version:

1.0.9.141

Modules

Images
c:\program files\bluesprig\jetclean\autoupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bluesprig\jetclean\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2300

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\BlueSprig\JetClean\JetCleanExtMenu.dll"

C:\Windows\System32\regsvr32.exe

—

JetCleanInit.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

60 342

Read events

60 238

Write events

104

Delete events

Modification events


(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(668) Jetclean.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1864) ToolbarAcceptRate.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
124	Jetclean.exe	C:\Users\admin\AppData\Local\Temp\is-3CFSM.tmp\Jetclean.tmp		executable
		MD5:4BA02A2F64504261FCA1AD62CDCFA651	SHA256:6B1506A2BCD8AF3AA3E2D97C35D86D520C98577E9F6475B71AFBD76578308C62
712	bluesprigToolbar-stub-1.exe	C:\Users\admin\AppData\Local\Temp\{2E596077-3F8A-4FF4-BF20-DEBD1AF14E16}\_ISMSIDEL.INI		text
		MD5:152C3824020701601F83B0839CD676C1	SHA256:9C87B3990AE6CA400ECA536A034717DDE33D864AEB8EFADA3EC31F1A11D70FF7
268	Jetclean.exe	C:\Users\admin\AppData\Local\Temp\is-NFN6F.tmp\Jetclean.tmp		executable
		MD5:4BA02A2F64504261FCA1AD62CDCFA651	SHA256:6B1506A2BCD8AF3AA3E2D97C35D86D520C98577E9F6475B71AFBD76578308C62
712	bluesprigToolbar-stub-1.exe	C:\Users\admin\AppData\Local\Temp\{2E596077-3F8A-4FF4-BF20-DEBD1AF14E16}\Setup.INI		text
		MD5:CF2836EC0962ECCA8E8085A53BB73629	SHA256:294BEDBCCF9A7B68CAAEC45089D9587A4715675634A206F72AC69C9BAD0E16A3
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\itdownload.dll		executable
		MD5:DEE52C28FB4198CC702F3C379C5E982B	SHA256:E005BC8003CA90903F021DF51C9AF6D35B750E67799ECBABED0AF71BA54A4231
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\Inno_English.lng		text
		MD5:CFEE95E1A6D35075A89D0FFD688B0683	SHA256:32CC2AB7CFB32C188FCC09651B54481693299511197729956212ED44044E8F4F
668	Jetclean.tmp	C:\Users\admin\AppData\Local\Temp\is-DHPKB.tmp\bluesprigToolbar-stub-1.exe		executable
		MD5:5AB8FD011AA0BA8C335936CAAD03B08B	SHA256:BCB98161A6EFFDBFCA627547FC6307B86BA40F43E142C13E3C43E4A9B9F5068E
712	bluesprigToolbar-stub-1.exe	C:\Users\admin\AppData\Local\Temp\{2E596077-3F8A-4FF4-BF20-DEBD1AF14E16}\0x0407.ini		text
		MD5:9A62DA6C523506355C1BF1B30DB73EDD	SHA256:8B5D7BC395D0D6980299702D0573C6019FEFEA92EB98701D1894A5623B2691A0
712	bluesprigToolbar-stub-1.exe	C:\Users\admin\AppData\Local\Temp\{2E596077-3F8A-4FF4-BF20-DEBD1AF14E16}\0x040c.ini		text
		MD5:35989450C8121207917F04D1EBE4CA2A	SHA256:B14D9D7AFC505868407C425CB5A78C891BAA8A6AC8EB35CFB3D71C71F5BEE1FA
712	bluesprigToolbar-stub-1.exe	C:\Users\admin\AppData\Local\Temp\~19CE.tmp		text
		MD5:CF2836EC0962ECCA8E8085A53BB73629	SHA256:294BEDBCCF9A7B68CAAEC45089D9587A4715675634A206F72AC69C9BAD0E16A3

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
668	Jetclean.tmp	GET	200	18.219.121.101:80	http://api.mybrowserbar.com/cgi/getcountry.cgi	unknown	text	2 b	unknown
712	bluesprigToolbar-stub-1.exe	GET	404	18.219.121.101:80	http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi	unknown	html	196 b	unknown
712	bluesprigToolbar-stub-1.exe	GET	404	18.219.121.101:80	http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi	unknown	html	196 b	unknown
712	bluesprigToolbar-stub-1.exe	GET	404	18.219.121.101:80	http://download.mybrowserbar.com/vkits/dlv1/925777/bluesprigToolbar.msi	unknown	html	196 b	unknown
2248	Install.exe	GET	404	199.46.34.145:80	http://www.bluesprig.com/jcinstall.php	unknown	html	41.9 Kb	unknown
2248	Install.exe	GET	200	184.24.77.194:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a75bb86b5190f439	unknown	compressed	4.66 Kb	unknown
2248	Install.exe	GET	200	199.46.34.145:80	http://www.bluesprig.com/cms/includes/xfe68wggbgd.2309131409404.js	unknown	text	203 Kb	unknown
2248	Install.exe	GET	200	199.46.34.145:80	http://www.bluesprig.com/cms/includes/zcs5q4lyo71.2309131409404.css	unknown	text	37.5 Kb	unknown
2248	Install.exe	GET	200	184.24.77.194:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5507f402ec456380	unknown	compressed	4.66 Kb	unknown
2248	Install.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D	unknown	binary	471 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
668	Jetclean.tmp	18.219.121.101:80	api.mybrowserbar.com	AMAZON-02	US	unknown
1864	ToolbarAcceptRate.exe	18.219.121.101:80	api.mybrowserbar.com	AMAZON-02	US	unknown
712	bluesprigToolbar-stub-1.exe	18.219.121.101:80	api.mybrowserbar.com	AMAZON-02	US	unknown
2248	Install.exe	199.46.34.145:80	www.bluesprig.com	Akamai International B.V.	US	unknown
2248	Install.exe	142.250.185.168:443	www.googletagmanager.com	GOOGLE	US	unknown
2248	Install.exe	157.240.253.1:80	connect.facebook.net	FACEBOOK	DE	unknown
2248	Install.exe	157.240.253.1:443	connect.facebook.net	FACEBOOK	DE	unknown

DNS requests

Domain	IP	Reputation
api.mybrowserbar.com	18.219.121.101 3.131.219.123	unknown
www.mybrowserbar.com	18.219.121.101 3.131.219.123	malicious
download.mybrowserbar.com	18.219.121.101 3.131.219.123	unknown
www.bluesprig.com	199.46.34.145	unknown
www.googletagmanager.com	142.250.185.168	whitelisted
connect.facebook.net	157.240.253.1	whitelisted
ctldl.windowsupdate.com	184.24.77.194 184.24.77.202	whitelisted
ocsp.pki.goog	142.250.186.131	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
download.bluesprig.com	—	unknown

Threats

Found threats are available for the paid subscriptions

3 ETPRO signatures available at the full report

Add for printing

Process	Message
JetCleanInit.exe	/s "C:\Program Files\BlueSprig\JetClean\JetCleanExtMenu.dll"
JetCleanInit.exe	Not OS 64
JetCleanInit.exe	42
JetClean.exe	WaitForExplorer
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97
JetClean.exe	Count: 97

General Info

Jetclean.exe

B787B916CB498375501D8CA9657FDD3C

625E8236EAD1466805257803E69CEA7EDDF41F8E

4F704F0F1DA17915CD151B303268ADDF870A9B7BDFC2803F3AED64B6F66D7147

98304:3A0byZlK4Klfib3Qw6ydQgCuaKdSdxTrQubOvfq1y7QO9++DEasCDnmw0D+0U6gu:UazkTgecnN

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Steals credentials from Web Browsers

Connects to the CnC server

Registers / Runs the DLL via REGSVR32.EXE

Actions looks like stealing of personal data

Scans artifacts that could help determine the target

SUSPICIOUS

Process drops legitimate windows executable

Reads the Windows owner or organization settings

Reads Microsoft Outlook installation path

Reads the Internet Settings

Reads Internet Explorer settings

Checks Windows Trust Settings

Reads security settings of Internet Explorer

Reads settings of System Certificates

Reads browser cookies

The process verifies whether the antivirus software is installed

Checks for Java to be installed

Checks for the .NET to be installed

Reads Mozilla Firefox installation path

Searches for installed software

Reads the history of recent RDP connections

Accesses Microsoft Outlook profiles

INFO

Checks supported languages

Checks proxy server information

Reads the computer name

Reads the machine GUID from the registry

Create files in a temporary directory

Creates files or folders in the user directory

Creates files in the program directory

Reads mouse settings

Process checks Internet Explorer phishing filters

Reads CPU info

Process checks computer location settings

Reads Environment values

Process checks are UAC notifies on

Process checks the number of cached credentials

Checks transactions between databases Windows and Oracle

Reads product name

Reads Windows Product ID

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules