| File name: | Neos Email Spoofer.exe |
| Full analysis: | https://app.any.run/tasks/071ab667-f4bf-4bf1-a62c-17e503c69266 |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | August 20, 2024, 08:24:59 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5: | 05CFAC0B4CC758DFC4C7992215F9C390 |
| SHA1: | 513E6654E517D7CF73B4CB267FF7F2E9BEDA9EF6 |
| SHA256: | 69AB2837892A6066DCD40C99607E78A2A6F51A3F3E3B7FDFE759C0A5E98E1198 |
| SSDEEP: | 49152:vV7S/Ja52CmTwWvOFfkvS7bWqzp6XRLklgg:d7+hFeMSNIRK |
MALICIOUS
Uses Task Scheduler to run other applications
- zwg.exe (PID: 6604)
- zwg.exe (PID: 6732)
- zwg.exe (PID: 6888)
- zwg.exe (PID: 7076)
- zwg.exe (PID: 6572)
- relog.exe (PID: 6860)
- zwg.exe (PID: 1488)
- zwg.exe (PID: 6432)
- zwg.exe (PID: 4404)
- zwg.exe (PID: 6480)
- zwg.exe (PID: 6592)
- zwg.exe (PID: 6456)
- zwg.exe (PID: 6604)
- zwg.exe (PID: 7144)
- zwg.exe (PID: 6192)
- zwg.exe (PID: 1488)
- zwg.exe (PID: 240)
- zwg.exe (PID: 6976)
- zwg.exe (PID: 7008)
- zwg.exe (PID: 7076)
- zwg.exe (PID: 6776)
- zwg.exe (PID: 6236)
- zwg.exe (PID: 3176)
- zwg.exe (PID: 7024)
- zwg.exe (PID: 6404)
- zwg.exe (PID: 6456)
- zwg.exe (PID: 6680)
- zwg.exe (PID: 1656)
- zwg.exe (PID: 6564)
- zwg.exe (PID: 6188)
- zwg.exe (PID: 2636)
- zwg.exe (PID: 6396)
- zwg.exe (PID: 6308)
- zwg.exe (PID: 6148)
- zwg.exe (PID: 6924)
- zwg.exe (PID: 6564)
- zwg.exe (PID: 6244)
- zwg.exe (PID: 2400)
- zwg.exe (PID: 6344)
- zwg.exe (PID: 6608)
- zwg.exe (PID: 6968)
- zwg.exe (PID: 6940)
- zwg.exe (PID: 6484)
- zwg.exe (PID: 6700)
- zwg.exe (PID: 6488)
- zwg.exe (PID: 6392)
- zwg.exe (PID: 6224)
- zwg.exe (PID: 4084)
- zwg.exe (PID: 7104)
- zwg.exe (PID: 7152)
- zwg.exe (PID: 6300)
- zwg.exe (PID: 6248)
- zwg.exe (PID: 6668)
- zwg.exe (PID: 6592)
- zwg.exe (PID: 6616)
- zwg.exe (PID: 6944)
- zwg.exe (PID: 6692)
- zwg.exe (PID: 6908)
- zwg.exe (PID: 6564)
- zwg.exe (PID: 6896)
- zwg.exe (PID: 6700)
- zwg.exe (PID: 6836)
- zwg.exe (PID: 6280)
- zwg.exe (PID: 6456)
- zwg.exe (PID: 6924)
- zwg.exe (PID: 7096)
- zwg.exe (PID: 1076)
- zwg.exe (PID: 2088)
- zwg.exe (PID: 6192)
- zwg.exe (PID: 6840)
- zwg.exe (PID: 6960)
- zwg.exe (PID: 6636)
- zwg.exe (PID: 6952)
- zwg.exe (PID: 1656)
- zwg.exe (PID: 6816)
- zwg.exe (PID: 6820)
- zwg.exe (PID: 6220)
- zwg.exe (PID: 6428)
- zwg.exe (PID: 6460)
- zwg.exe (PID: 6308)
- zwg.exe (PID: 6788)
- zwg.exe (PID: 6424)
- zwg.exe (PID: 2068)
- zwg.exe (PID: 6792)
- zwg.exe (PID: 6848)
- zwg.exe (PID: 1184)
- zwg.exe (PID: 6404)
- zwg.exe (PID: 6180)
- zwg.exe (PID: 6804)
- zwg.exe (PID: 6656)
- zwg.exe (PID: 6836)
- zwg.exe (PID: 6188)
- zwg.exe (PID: 5244)
- zwg.exe (PID: 7156)
- zwg.exe (PID: 6720)
- zwg.exe (PID: 7076)
- zwg.exe (PID: 240)
- zwg.exe (PID: 6612)
- zwg.exe (PID: 7124)
- zwg.exe (PID: 6892)
- zwg.exe (PID: 1224)
- zwg.exe (PID: 6900)
- zwg.exe (PID: 7044)
- zwg.exe (PID: 7016)
- zwg.exe (PID: 7160)
- zwg.exe (PID: 6140)
- zwg.exe (PID: 7088)
- zwg.exe (PID: 6364)
- zwg.exe (PID: 6444)
- zwg.exe (PID: 6848)
- zwg.exe (PID: 6380)
- zwg.exe (PID: 6268)
- zwg.exe (PID: 7044)
- zwg.exe (PID: 6796)
- zwg.exe (PID: 7028)
- zwg.exe (PID: 2088)
- zwg.exe (PID: 6624)
- zwg.exe (PID: 6648)
- zwg.exe (PID: 2904)
- zwg.exe (PID: 6640)
- zwg.exe (PID: 6464)
- zwg.exe (PID: 6236)
- zwg.exe (PID: 6140)
- zwg.exe (PID: 5152)
- zwg.exe (PID: 7036)
- zwg.exe (PID: 6488)
- zwg.exe (PID: 6700)
- zwg.exe (PID: 6588)
- zwg.exe (PID: 7108)
- zwg.exe (PID: 6400)
- zwg.exe (PID: 240)
- zwg.exe (PID: 6728)
- zwg.exe (PID: 6944)
- zwg.exe (PID: 6308)
- zwg.exe (PID: 6668)
- zwg.exe (PID: 6788)
- zwg.exe (PID: 5156)
- zwg.exe (PID: 6452)
- zwg.exe (PID: 6312)
- zwg.exe (PID: 2796)
- zwg.exe (PID: 6680)
- zwg.exe (PID: 6764)
- zwg.exe (PID: 7088)
- zwg.exe (PID: 6900)
- zwg.exe (PID: 7036)
- zwg.exe (PID: 7108)
- zwg.exe (PID: 6408)
- zwg.exe (PID: 6680)
- zwg.exe (PID: 6996)
- zwg.exe (PID: 6744)
- zwg.exe (PID: 6328)
- zwg.exe (PID: 6232)
- zwg.exe (PID: 6996)
- zwg.exe (PID: 1928)
- zwg.exe (PID: 6556)
- zwg.exe (PID: 6848)
- zwg.exe (PID: 6900)
- zwg.exe (PID: 6180)
- zwg.exe (PID: 6408)
- zwg.exe (PID: 6300)
- zwg.exe (PID: 6440)
- zwg.exe (PID: 2360)
- zwg.exe (PID: 1812)
- zwg.exe (PID: 6728)
- zwg.exe (PID: 6040)
- zwg.exe (PID: 6884)
- zwg.exe (PID: 6184)
- zwg.exe (PID: 6728)
- zwg.exe (PID: 1292)
- zwg.exe (PID: 6424)
- zwg.exe (PID: 6984)
- zwg.exe (PID: 6828)
- zwg.exe (PID: 6556)
- zwg.exe (PID: 6460)
- zwg.exe (PID: 6648)
- zwg.exe (PID: 6768)
- zwg.exe (PID: 6216)
- zwg.exe (PID: 6576)
- zwg.exe (PID: 6252)
- zwg.exe (PID: 6960)
- zwg.exe (PID: 6744)
- zwg.exe (PID: 2400)
- zwg.exe (PID: 6208)
- zwg.exe (PID: 1656)
- zwg.exe (PID: 6236)
- zwg.exe (PID: 2876)
- zwg.exe (PID: 6676)
- zwg.exe (PID: 6796)
- zwg.exe (PID: 6444)
- zwg.exe (PID: 6184)
- zwg.exe (PID: 6556)
- zwg.exe (PID: 6556)
- zwg.exe (PID: 6428)
- zwg.exe (PID: 7092)
- zwg.exe (PID: 6640)
- zwg.exe (PID: 7152)
- zwg.exe (PID: 6460)
- zwg.exe (PID: 3832)
- zwg.exe (PID: 4084)
- zwg.exe (PID: 2400)
- zwg.exe (PID: 6648)
- zwg.exe (PID: 6516)
- zwg.exe (PID: 5040)
- zwg.exe (PID: 6324)
- zwg.exe (PID: 6700)
- zwg.exe (PID: 888)
- zwg.exe (PID: 5328)
- zwg.exe (PID: 7088)
- zwg.exe (PID: 7092)
- zwg.exe (PID: 236)
- zwg.exe (PID: 6984)
- zwg.exe (PID: 6872)
- zwg.exe (PID: 6328)
- zwg.exe (PID: 368)
- zwg.exe (PID: 2024)
- zwg.exe (PID: 6704)
- zwg.exe (PID: 6308)
- zwg.exe (PID: 6176)
- zwg.exe (PID: 7080)
- zwg.exe (PID: 7020)
- zwg.exe (PID: 6452)
- zwg.exe (PID: 6628)
- zwg.exe (PID: 6680)
- zwg.exe (PID: 1684)
- zwg.exe (PID: 6328)
- zwg.exe (PID: 6588)
- zwg.exe (PID: 4084)
- zwg.exe (PID: 740)
- zwg.exe (PID: 6276)
- zwg.exe (PID: 6340)
- zwg.exe (PID: 6892)
- zwg.exe (PID: 2032)
- zwg.exe (PID: 936)
- zwg.exe (PID: 6460)
- zwg.exe (PID: 6752)
- zwg.exe (PID: 6944)
- zwg.exe (PID: 6220)
- zwg.exe (PID: 236)
- zwg.exe (PID: 6452)
- zwg.exe (PID: 6364)
- zwg.exe (PID: 6108)
- zwg.exe (PID: 3916)
- zwg.exe (PID: 7048)
- zwg.exe (PID: 6112)
- zwg.exe (PID: 4920)
- zwg.exe (PID: 6808)
- zwg.exe (PID: 7096)
- zwg.exe (PID: 5112)
- zwg.exe (PID: 2340)
- zwg.exe (PID: 4060)
- zwg.exe (PID: 7004)
- zwg.exe (PID: 7108)
- zwg.exe (PID: 1104)
- zwg.exe (PID: 4076)
- zwg.exe (PID: 5768)
- zwg.exe (PID: 6776)
- zwg.exe (PID: 1684)
- zwg.exe (PID: 7120)
- zwg.exe (PID: 1636)
- zwg.exe (PID: 3832)
- zwg.exe (PID: 7024)
- zwg.exe (PID: 4084)
- zwg.exe (PID: 1728)
- zwg.exe (PID: 5112)
- zwg.exe (PID: 6900)
- zwg.exe (PID: 6252)
- zwg.exe (PID: 7128)
- zwg.exe (PID: 6300)
- zwg.exe (PID: 4160)
- zwg.exe (PID: 1344)
- zwg.exe (PID: 6008)
- zwg.exe (PID: 6984)
- zwg.exe (PID: 6892)
- zwg.exe (PID: 1132)
- zwg.exe (PID: 1728)
- zwg.exe (PID: 6516)
- zwg.exe (PID: 4980)
- zwg.exe (PID: 6964)
- zwg.exe (PID: 6108)
- zwg.exe (PID: 7052)
- zwg.exe (PID: 6824)
- zwg.exe (PID: 6176)
- zwg.exe (PID: 6160)
- zwg.exe (PID: 5908)
- zwg.exe (PID: 3832)
- zwg.exe (PID: 6936)
- zwg.exe (PID: 6712)
- zwg.exe (PID: 6252)
- zwg.exe (PID: 1744)
- zwg.exe (PID: 3308)
- zwg.exe (PID: 2360)
- zwg.exe (PID: 4068)
- zwg.exe (PID: 6644)
- zwg.exe (PID: 7052)
- zwg.exe (PID: 6448)
- zwg.exe (PID: 5544)
- zwg.exe (PID: 6236)
- zwg.exe (PID: 6900)
- zwg.exe (PID: 1568)
- zwg.exe (PID: 5096)
- zwg.exe (PID: 6408)
- zwg.exe (PID: 7120)
- zwg.exe (PID: 6180)
- zwg.exe (PID: 6680)
- zwg.exe (PID: 1812)
- zwg.exe (PID: 6468)
- zwg.exe (PID: 4436)
- zwg.exe (PID: 7100)
- zwg.exe (PID: 6160)
- zwg.exe (PID: 1156)
- zwg.exe (PID: 1684)
- zwg.exe (PID: 6168)
- zwg.exe (PID: 6852)
- zwg.exe (PID: 5612)
- zwg.exe (PID: 1020)
- zwg.exe (PID: 7080)
- zwg.exe (PID: 1744)
- zwg.exe (PID: 3144)
- zwg.exe (PID: 2264)
- zwg.exe (PID: 2816)
- zwg.exe (PID: 7024)
- zwg.exe (PID: 4668)
- zwg.exe (PID: 3256)
- zwg.exe (PID: 4056)
- zwg.exe (PID: 7160)
- zwg.exe (PID: 6140)
- zwg.exe (PID: 4408)
- zwg.exe (PID: 5544)
- zwg.exe (PID: 4732)
- zwg.exe (PID: 4048)
- zwg.exe (PID: 6488)
- zwg.exe (PID: 6296)
- zwg.exe (PID: 6924)
Changes the autorun value in the registry
- zwg.exe (PID: 6604)
- relog.exe (PID: 6860)
Actions looks like stealing of personal data
- relog.exe (PID: 6860)
SUSPICIOUS
Reads the date of Windows installation
- Neos Email Spoofer.exe (PID: 6560)
- Neos Email Spoofer.exe (PID: 6624)
- Neos Email Spoofer.exe (PID: 6748)
- Neos Email Spoofer.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 1640)
- Neos Email Spoofer.exe (PID: 6384)
- Neos Email Spoofer.exe (PID: 6952)
- Neos Email Spoofer.exe (PID: 7108)
- Neos Email Spoofer.exe (PID: 3176)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6768)
- Neos Email Spoofer.exe (PID: 6304)
- Neos Email Spoofer.exe (PID: 6276)
- Neos Email Spoofer.exe (PID: 6612)
- Neos Email Spoofer.exe (PID: 6936)
- Neos Email Spoofer.exe (PID: 7136)
- Neos Email Spoofer.exe (PID: 7152)
- Neos Email Spoofer.exe (PID: 6636)
- Neos Email Spoofer.exe (PID: 6488)
- Neos Email Spoofer.exe (PID: 6156)
- Neos Email Spoofer.exe (PID: 6832)
- Neos Email Spoofer.exe (PID: 1488)
- Neos Email Spoofer.exe (PID: 7044)
- Neos Email Spoofer.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 2480)
- Neos Email Spoofer.exe (PID: 6492)
- Neos Email Spoofer.exe (PID: 6364)
- Neos Email Spoofer.exe (PID: 6424)
- Neos Email Spoofer.exe (PID: 7056)
- Neos Email Spoofer.exe (PID: 6340)
- Neos Email Spoofer.exe (PID: 7144)
- Neos Email Spoofer.exe (PID: 6704)
- Neos Email Spoofer.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 2796)
- Neos Email Spoofer.exe (PID: 6416)
- Neos Email Spoofer.exe (PID: 7156)
- Neos Email Spoofer.exe (PID: 2636)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6684)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 6824)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6948)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6316)
- Neos Email Spoofer.exe (PID: 4704)
- Neos Email Spoofer.exe (PID: 6208)
- Neos Email Spoofer.exe (PID: 4088)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 6696)
- Neos Email Spoofer.exe (PID: 6928)
- Neos Email Spoofer.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 6816)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 6672)
- Neos Email Spoofer.exe (PID: 6680)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6332)
- Neos Email Spoofer.exe (PID: 6176)
- Neos Email Spoofer.exe (PID: 6420)
- Neos Email Spoofer.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 6288)
- Neos Email Spoofer.exe (PID: 7064)
- Neos Email Spoofer.exe (PID: 6588)
- Neos Email Spoofer.exe (PID: 1184)
- Neos Email Spoofer.exe (PID: 6996)
- Neos Email Spoofer.exe (PID: 6180)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6172)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6272)
- Neos Email Spoofer.exe (PID: 7020)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 7128)
- Neos Email Spoofer.exe (PID: 7004)
- Neos Email Spoofer.exe (PID: 6724)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 2088)
- Neos Email Spoofer.exe (PID: 6284)
- Neos Email Spoofer.exe (PID: 6228)
- Neos Email Spoofer.exe (PID: 6232)
Reads security settings of Internet Explorer
- Neos Email Spoofer.exe (PID: 6560)
- Neos Email Spoofer.exe (PID: 6624)
- Neos Email Spoofer.exe (PID: 6748)
- Neos Email Spoofer.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 1640)
- Neos Email Spoofer.exe (PID: 6384)
- Neos Email Spoofer.exe (PID: 6952)
- Neos Email Spoofer.exe (PID: 7108)
- Neos Email Spoofer.exe (PID: 3176)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6768)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6304)
- Neos Email Spoofer.exe (PID: 6276)
- Neos Email Spoofer.exe (PID: 6720)
- Neos Email Spoofer.exe (PID: 6612)
- Neos Email Spoofer.exe (PID: 6936)
- Neos Email Spoofer.exe (PID: 7136)
- Neos Email Spoofer.exe (PID: 7152)
- Neos Email Spoofer.exe (PID: 6636)
- Neos Email Spoofer.exe (PID: 6488)
- Neos Email Spoofer.exe (PID: 6156)
- Neos Email Spoofer.exe (PID: 6832)
- Neos Email Spoofer.exe (PID: 7044)
- Neos Email Spoofer.exe (PID: 1488)
- Neos Email Spoofer.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 2480)
- Neos Email Spoofer.exe (PID: 6492)
- Neos Email Spoofer.exe (PID: 6364)
- Neos Email Spoofer.exe (PID: 6424)
- Neos Email Spoofer.exe (PID: 7056)
- Neos Email Spoofer.exe (PID: 6340)
- Neos Email Spoofer.exe (PID: 6704)
- Neos Email Spoofer.exe (PID: 7156)
- Neos Email Spoofer.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 7144)
- Neos Email Spoofer.exe (PID: 2796)
- Neos Email Spoofer.exe (PID: 6416)
- Neos Email Spoofer.exe (PID: 2636)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6684)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 6824)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6948)
- Neos Email Spoofer.exe (PID: 4704)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6316)
- Neos Email Spoofer.exe (PID: 6208)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 4088)
- Neos Email Spoofer.exe (PID: 6696)
- Neos Email Spoofer.exe (PID: 6928)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 6816)
- Neos Email Spoofer.exe (PID: 6680)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 6672)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6332)
- Neos Email Spoofer.exe (PID: 6176)
- Neos Email Spoofer.exe (PID: 6420)
- Neos Email Spoofer.exe (PID: 6288)
- Neos Email Spoofer.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 7064)
- Neos Email Spoofer.exe (PID: 6588)
- Neos Email Spoofer.exe (PID: 1184)
- Neos Email Spoofer.exe (PID: 6996)
- Neos Email Spoofer.exe (PID: 6180)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6172)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6272)
- Neos Email Spoofer.exe (PID: 7020)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 7128)
- Neos Email Spoofer.exe (PID: 7004)
- Neos Email Spoofer.exe (PID: 6724)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 2088)
- Neos Email Spoofer.exe (PID: 6228)
- Neos Email Spoofer.exe (PID: 6284)
- Neos Email Spoofer.exe (PID: 6232)
Executable content was dropped or overwritten
- Neos Email Spoofer.exe (PID: 6560)
- zwg.exe (PID: 6604)
- relog.exe (PID: 6860)
Drops the executable file immediately after the start
- zwg.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 6560)
Application launched itself
- Neos Email Spoofer.exe (PID: 6560)
- Neos Email Spoofer.exe (PID: 6748)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6624)
- Neos Email Spoofer.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 6384)
- Neos Email Spoofer.exe (PID: 1640)
- Neos Email Spoofer.exe (PID: 6952)
- Neos Email Spoofer.exe (PID: 7108)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 3176)
- Neos Email Spoofer.exe (PID: 6768)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6720)
- Neos Email Spoofer.exe (PID: 6304)
- Neos Email Spoofer.exe (PID: 6276)
- Neos Email Spoofer.exe (PID: 6612)
- Neos Email Spoofer.exe (PID: 6936)
- Neos Email Spoofer.exe (PID: 7136)
- Neos Email Spoofer.exe (PID: 6636)
- Neos Email Spoofer.exe (PID: 6488)
- Neos Email Spoofer.exe (PID: 7152)
- Neos Email Spoofer.exe (PID: 6156)
- Neos Email Spoofer.exe (PID: 1488)
- Neos Email Spoofer.exe (PID: 7044)
- Neos Email Spoofer.exe (PID: 6832)
- Neos Email Spoofer.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 2480)
- Neos Email Spoofer.exe (PID: 6492)
- Neos Email Spoofer.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 6424)
- Neos Email Spoofer.exe (PID: 6364)
- Neos Email Spoofer.exe (PID: 7056)
- Neos Email Spoofer.exe (PID: 6704)
- Neos Email Spoofer.exe (PID: 6340)
- Neos Email Spoofer.exe (PID: 7156)
- Neos Email Spoofer.exe (PID: 7144)
- Neos Email Spoofer.exe (PID: 2796)
- Neos Email Spoofer.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 6416)
- Neos Email Spoofer.exe (PID: 2636)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6684)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 6824)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6948)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 4704)
- Neos Email Spoofer.exe (PID: 6316)
- Neos Email Spoofer.exe (PID: 6208)
- Neos Email Spoofer.exe (PID: 4088)
- Neos Email Spoofer.exe (PID: 6928)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 6696)
- Neos Email Spoofer.exe (PID: 6816)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 6680)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 6672)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6332)
- Neos Email Spoofer.exe (PID: 6176)
- Neos Email Spoofer.exe (PID: 6288)
- Neos Email Spoofer.exe (PID: 6420)
- Neos Email Spoofer.exe (PID: 7064)
- Neos Email Spoofer.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 1184)
- Neos Email Spoofer.exe (PID: 6588)
- Neos Email Spoofer.exe (PID: 6180)
- Neos Email Spoofer.exe (PID: 6996)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6172)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6272)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 7128)
- Neos Email Spoofer.exe (PID: 7020)
- Neos Email Spoofer.exe (PID: 7004)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6724)
- Neos Email Spoofer.exe (PID: 2088)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6228)
- Neos Email Spoofer.exe (PID: 6284)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 6484)
- Neos Email Spoofer.exe (PID: 6516)
- Neos Email Spoofer.exe (PID: 6400)
- Neos Email Spoofer.exe (PID: 6668)
- Neos Email Spoofer.exe (PID: 6192)
- Neos Email Spoofer.exe (PID: 7060)
- Neos Email Spoofer.exe (PID: 7136)
- Neos Email Spoofer.exe (PID: 1132)
- Neos Email Spoofer.exe (PID: 6724)
- Neos Email Spoofer.exe (PID: 6400)
- Neos Email Spoofer.exe (PID: 6668)
- Neos Email Spoofer.exe (PID: 6704)
- Neos Email Spoofer.exe (PID: 6168)
- Neos Email Spoofer.exe (PID: 7076)
- Neos Email Spoofer.exe (PID: 6596)
- Neos Email Spoofer.exe (PID: 1656)
- Neos Email Spoofer.exe (PID: 7016)
- Neos Email Spoofer.exe (PID: 6484)
- Neos Email Spoofer.exe (PID: 7164)
- Neos Email Spoofer.exe (PID: 6632)
- Neos Email Spoofer.exe (PID: 6164)
- Neos Email Spoofer.exe (PID: 7112)
- Neos Email Spoofer.exe (PID: 6996)
- Neos Email Spoofer.exe (PID: 6576)
- Neos Email Spoofer.exe (PID: 6584)
- Neos Email Spoofer.exe (PID: 1344)
- Neos Email Spoofer.exe (PID: 6348)
- Neos Email Spoofer.exe (PID: 6464)
- Neos Email Spoofer.exe (PID: 6724)
- Neos Email Spoofer.exe (PID: 6316)
- Neos Email Spoofer.exe (PID: 6644)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 7160)
- Neos Email Spoofer.exe (PID: 6176)
- Neos Email Spoofer.exe (PID: 6412)
- Neos Email Spoofer.exe (PID: 6632)
- Neos Email Spoofer.exe (PID: 7124)
- Neos Email Spoofer.exe (PID: 6928)
- Neos Email Spoofer.exe (PID: 6348)
- Neos Email Spoofer.exe (PID: 6580)
- Neos Email Spoofer.exe (PID: 6568)
- Neos Email Spoofer.exe (PID: 6228)
- Neos Email Spoofer.exe (PID: 6172)
- Neos Email Spoofer.exe (PID: 7144)
- Neos Email Spoofer.exe (PID: 7088)
- Neos Email Spoofer.exe (PID: 6716)
- Neos Email Spoofer.exe (PID: 6756)
- Neos Email Spoofer.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 7036)
- Neos Email Spoofer.exe (PID: 5152)
- Neos Email Spoofer.exe (PID: 4100)
- Neos Email Spoofer.exe (PID: 6176)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 4088)
- Neos Email Spoofer.exe (PID: 6976)
- Neos Email Spoofer.exe (PID: 5888)
- Neos Email Spoofer.exe (PID: 6596)
- Neos Email Spoofer.exe (PID: 6400)
- Neos Email Spoofer.exe (PID: 1372)
- Neos Email Spoofer.exe (PID: 6828)
- Neos Email Spoofer.exe (PID: 6140)
- Neos Email Spoofer.exe (PID: 7072)
- Neos Email Spoofer.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 6756)
- Neos Email Spoofer.exe (PID: 6176)
- Neos Email Spoofer.exe (PID: 1164)
- Neos Email Spoofer.exe (PID: 6720)
- Neos Email Spoofer.exe (PID: 6348)
- Neos Email Spoofer.exe (PID: 6168)
- Neos Email Spoofer.exe (PID: 7024)
- Neos Email Spoofer.exe (PID: 6376)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 7004)
- Neos Email Spoofer.exe (PID: 1184)
- Neos Email Spoofer.exe (PID: 6488)
- Neos Email Spoofer.exe (PID: 6704)
- Neos Email Spoofer.exe (PID: 4084)
- Neos Email Spoofer.exe (PID: 6584)
- Neos Email Spoofer.exe (PID: 6724)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 5740)
- Neos Email Spoofer.exe (PID: 6704)
- Neos Email Spoofer.exe (PID: 6500)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 6644)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 6892)
- Neos Email Spoofer.exe (PID: 7088)
- Neos Email Spoofer.exe (PID: 6648)
- Neos Email Spoofer.exe (PID: 6052)
- Neos Email Spoofer.exe (PID: 6668)
- Neos Email Spoofer.exe (PID: 6696)
- Neos Email Spoofer.exe (PID: 6380)
- Neos Email Spoofer.exe (PID: 6272)
- Neos Email Spoofer.exe (PID: 7072)
- Neos Email Spoofer.exe (PID: 6364)
- Neos Email Spoofer.exe (PID: 608)
- Neos Email Spoofer.exe (PID: 7108)
- Neos Email Spoofer.exe (PID: 3916)
- Neos Email Spoofer.exe (PID: 6684)
- Neos Email Spoofer.exe (PID: 6668)
- Neos Email Spoofer.exe (PID: 7140)
- Neos Email Spoofer.exe (PID: 2016)
- Neos Email Spoofer.exe (PID: 6628)
- Neos Email Spoofer.exe (PID: 6576)
- Neos Email Spoofer.exe (PID: 1944)
- Neos Email Spoofer.exe (PID: 7028)
- Neos Email Spoofer.exe (PID: 6976)
- Neos Email Spoofer.exe (PID: 3916)
- Neos Email Spoofer.exe (PID: 7164)
- Neos Email Spoofer.exe (PID: 7048)
- Neos Email Spoofer.exe (PID: 5984)
- Neos Email Spoofer.exe (PID: 6008)
- Neos Email Spoofer.exe (PID: 7020)
- Neos Email Spoofer.exe (PID: 2360)
- Neos Email Spoofer.exe (PID: 6644)
- Neos Email Spoofer.exe (PID: 6452)
- Neos Email Spoofer.exe (PID: 3292)
- Neos Email Spoofer.exe (PID: 6316)
- Neos Email Spoofer.exe (PID: 7112)
- Neos Email Spoofer.exe (PID: 1436)
- Neos Email Spoofer.exe (PID: 6688)
- Neos Email Spoofer.exe (PID: 6756)
- Neos Email Spoofer.exe (PID: 6220)
- Neos Email Spoofer.exe (PID: 1132)
- Neos Email Spoofer.exe (PID: 6848)
- Neos Email Spoofer.exe (PID: 360)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 2904)
- Neos Email Spoofer.exe (PID: 6016)
- Neos Email Spoofer.exe (PID: 6396)
- Neos Email Spoofer.exe (PID: 3728)
- Neos Email Spoofer.exe (PID: 4668)
- Neos Email Spoofer.exe (PID: 892)
- Neos Email Spoofer.exe (PID: 5124)
- Neos Email Spoofer.exe (PID: 3304)
- Neos Email Spoofer.exe (PID: 7024)
- Neos Email Spoofer.exe (PID: 7088)
- Neos Email Spoofer.exe (PID: 5152)
- Neos Email Spoofer.exe (PID: 7080)
- Neos Email Spoofer.exe (PID: 4880)
- Neos Email Spoofer.exe (PID: 6324)
- Neos Email Spoofer.exe (PID: 6696)
- Neos Email Spoofer.exe (PID: 3256)
- Neos Email Spoofer.exe (PID: 5504)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 5612)
- Neos Email Spoofer.exe (PID: 7064)
- Neos Email Spoofer.exe (PID: 1480)
- Neos Email Spoofer.exe (PID: 3112)
- Neos Email Spoofer.exe (PID: 5264)
- Neos Email Spoofer.exe (PID: 936)
- Neos Email Spoofer.exe (PID: 5128)
- Neos Email Spoofer.exe (PID: 6672)
- Neos Email Spoofer.exe (PID: 7164)
- Neos Email Spoofer.exe (PID: 7076)
- Neos Email Spoofer.exe (PID: 6788)
- Neos Email Spoofer.exe (PID: 740)
- Neos Email Spoofer.exe (PID: 6608)
- Neos Email Spoofer.exe (PID: 3140)
- Neos Email Spoofer.exe (PID: 3568)
- Neos Email Spoofer.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 7080)
- Neos Email Spoofer.exe (PID: 300)
- Neos Email Spoofer.exe (PID: 2368)
- Neos Email Spoofer.exe (PID: 2680)
- Neos Email Spoofer.exe (PID: 5524)
- Neos Email Spoofer.exe (PID: 7020)
- Neos Email Spoofer.exe (PID: 2820)
- Neos Email Spoofer.exe (PID: 4296)
- Neos Email Spoofer.exe (PID: 6952)
- Neos Email Spoofer.exe (PID: 1480)
- Neos Email Spoofer.exe (PID: 5112)
- Neos Email Spoofer.exe (PID: 6764)
- Neos Email Spoofer.exe (PID: 6672)
- Neos Email Spoofer.exe (PID: 4284)
- Neos Email Spoofer.exe (PID: 6900)
- Neos Email Spoofer.exe (PID: 1556)
- Neos Email Spoofer.exe (PID: 6588)
- Neos Email Spoofer.exe (PID: 2144)
- Neos Email Spoofer.exe (PID: 5104)
- Neos Email Spoofer.exe (PID: 6852)
- Neos Email Spoofer.exe (PID: 6312)
- Neos Email Spoofer.exe (PID: 252)
- Neos Email Spoofer.exe (PID: 6312)
- Neos Email Spoofer.exe (PID: 1404)
- Neos Email Spoofer.exe (PID: 1556)
- Neos Email Spoofer.exe (PID: 2248)
- Neos Email Spoofer.exe (PID: 4004)
- Neos Email Spoofer.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 6220)
- Neos Email Spoofer.exe (PID: 6348)
- Neos Email Spoofer.exe (PID: 360)
- Neos Email Spoofer.exe (PID: 5888)
- Neos Email Spoofer.exe (PID: 488)
- Neos Email Spoofer.exe (PID: 3584)
- Neos Email Spoofer.exe (PID: 5328)
- Neos Email Spoofer.exe (PID: 1684)
- Neos Email Spoofer.exe (PID: 5124)
- Neos Email Spoofer.exe (PID: 3140)
- Neos Email Spoofer.exe (PID: 6276)
- Neos Email Spoofer.exe (PID: 1928)
- Neos Email Spoofer.exe (PID: 1728)
- Neos Email Spoofer.exe (PID: 6340)
- Neos Email Spoofer.exe (PID: 6292)
- Neos Email Spoofer.exe (PID: 1556)
- Neos Email Spoofer.exe (PID: 4048)
- Neos Email Spoofer.exe (PID: 6208)
- Neos Email Spoofer.exe (PID: 6216)
- Neos Email Spoofer.exe (PID: 4392)
- Neos Email Spoofer.exe (PID: 6288)
- Neos Email Spoofer.exe (PID: 4252)
- Neos Email Spoofer.exe (PID: 368)
- Neos Email Spoofer.exe (PID: 5248)
- Neos Email Spoofer.exe (PID: 6648)
- Neos Email Spoofer.exe (PID: 1728)
- Neos Email Spoofer.exe (PID: 4004)
- Neos Email Spoofer.exe (PID: 7140)
- Neos Email Spoofer.exe (PID: 7164)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 4080)
- Neos Email Spoofer.exe (PID: 6324)
- Neos Email Spoofer.exe (PID: 5096)
- Neos Email Spoofer.exe (PID: 6416)
- Neos Email Spoofer.exe (PID: 6468)
- Neos Email Spoofer.exe (PID: 3540)
- Neos Email Spoofer.exe (PID: 252)
- Neos Email Spoofer.exe (PID: 7036)
- Neos Email Spoofer.exe (PID: 736)
- Neos Email Spoofer.exe (PID: 6452)
- Neos Email Spoofer.exe (PID: 3728)
- Neos Email Spoofer.exe (PID: 6304)
- Neos Email Spoofer.exe (PID: 1104)
- Neos Email Spoofer.exe (PID: 3540)
- Neos Email Spoofer.exe (PID: 6696)
- Neos Email Spoofer.exe (PID: 888)
- Neos Email Spoofer.exe (PID: 7120)
- Neos Email Spoofer.exe (PID: 6048)
- Neos Email Spoofer.exe (PID: 6616)
Found regular expressions for crypto-addresses (YARA)
- relog.exe (PID: 6860)
Potential Corporate Privacy Violation
- relog.exe (PID: 6860)
INFO
Checks supported languages
- Neos Email Spoofer.exe (PID: 6560)
- Neos Email Spoofer.exe (PID: 6624)
- zwg.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 6748)
- zwg.exe (PID: 6888)
- Neos Email Spoofer.exe (PID: 6924)
- zwg.exe (PID: 6732)
- zwg.exe (PID: 7076)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6592)
- zwg.exe (PID: 6572)
- zwg.exe (PID: 1488)
- Neos Email Spoofer.exe (PID: 1640)
- zwg.exe (PID: 6432)
- Neos Email Spoofer.exe (PID: 6384)
- Neos Email Spoofer.exe (PID: 6952)
- zwg.exe (PID: 4404)
- zwg.exe (PID: 6480)
- Neos Email Spoofer.exe (PID: 7108)
- zwg.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 3176)
- zwg.exe (PID: 6456)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 5040)
- zwg.exe (PID: 7144)
- zwg.exe (PID: 6604)
- zwg.exe (PID: 6708)
- Neos Email Spoofer.exe (PID: 6640)
- zwg.exe (PID: 6192)
- Neos Email Spoofer.exe (PID: 6768)
- Neos Email Spoofer.exe (PID: 6304)
- zwg.exe (PID: 1488)
- Neos Email Spoofer.exe (PID: 6276)
- Neos Email Spoofer.exe (PID: 6720)
- zwg.exe (PID: 240)
- Neos Email Spoofer.exe (PID: 6612)
- zwg.exe (PID: 6976)
- Neos Email Spoofer.exe (PID: 6936)
- zwg.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 7136)
- zwg.exe (PID: 7076)
- Neos Email Spoofer.exe (PID: 7152)
- zwg.exe (PID: 6776)
- Neos Email Spoofer.exe (PID: 6636)
- Neos Email Spoofer.exe (PID: 6488)
- zwg.exe (PID: 6236)
- zwg.exe (PID: 3176)
- Neos Email Spoofer.exe (PID: 6156)
- zwg.exe (PID: 6404)
- Neos Email Spoofer.exe (PID: 6832)
- zwg.exe (PID: 7024)
- zwg.exe (PID: 6456)
- Neos Email Spoofer.exe (PID: 7044)
- zwg.exe (PID: 6564)
- Neos Email Spoofer.exe (PID: 1488)
- zwg.exe (PID: 6680)
- zwg.exe (PID: 1656)
- Neos Email Spoofer.exe (PID: 2480)
- Neos Email Spoofer.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 6460)
- zwg.exe (PID: 6188)
- Neos Email Spoofer.exe (PID: 6492)
- zwg.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6364)
- zwg.exe (PID: 2636)
- zwg.exe (PID: 6396)
- Neos Email Spoofer.exe (PID: 6424)
- zwg.exe (PID: 6148)
- zwg.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 7056)
- Neos Email Spoofer.exe (PID: 6340)
- zwg.exe (PID: 6564)
- Neos Email Spoofer.exe (PID: 7144)
- zwg.exe (PID: 6244)
- Neos Email Spoofer.exe (PID: 6704)
- zwg.exe (PID: 2400)
- Neos Email Spoofer.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 7156)
- Neos Email Spoofer.exe (PID: 2796)
- zwg.exe (PID: 6344)
- Neos Email Spoofer.exe (PID: 6416)
- zwg.exe (PID: 6608)
- Neos Email Spoofer.exe (PID: 2636)
- zwg.exe (PID: 6940)
- Neos Email Spoofer.exe (PID: 6428)
- zwg.exe (PID: 6968)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6684)
- zwg.exe (PID: 6700)
- zwg.exe (PID: 6484)
- zwg.exe (PID: 6488)
- Neos Email Spoofer.exe (PID: 6444)
- zwg.exe (PID: 6392)
- Neos Email Spoofer.exe (PID: 6824)
- Neos Email Spoofer.exe (PID: 6640)
- zwg.exe (PID: 4084)
- Neos Email Spoofer.exe (PID: 6308)
- zwg.exe (PID: 6224)
- Neos Email Spoofer.exe (PID: 6948)
- zwg.exe (PID: 7152)
- Neos Email Spoofer.exe (PID: 4704)
- zwg.exe (PID: 7104)
- zwg.exe (PID: 6248)
- Neos Email Spoofer.exe (PID: 6316)
- zwg.exe (PID: 6300)
- Neos Email Spoofer.exe (PID: 6728)
- zwg.exe (PID: 6668)
- zwg.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 4088)
- Neos Email Spoofer.exe (PID: 6928)
- zwg.exe (PID: 6616)
- Neos Email Spoofer.exe (PID: 6208)
- zwg.exe (PID: 6944)
- zwg.exe (PID: 6692)
- Neos Email Spoofer.exe (PID: 6696)
- zwg.exe (PID: 6908)
- zwg.exe (PID: 6564)
- Neos Email Spoofer.exe (PID: 6656)
- zwg.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 6816)
- zwg.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 6680)
- Neos Email Spoofer.exe (PID: 6408)
- zwg.exe (PID: 6280)
- Neos Email Spoofer.exe (PID: 6672)
- zwg.exe (PID: 6836)
- Neos Email Spoofer.exe (PID: 6308)
- zwg.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 6332)
- zwg.exe (PID: 6456)
- Neos Email Spoofer.exe (PID: 6176)
- zwg.exe (PID: 1076)
- Neos Email Spoofer.exe (PID: 6420)
- zwg.exe (PID: 2088)
- zwg.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6288)
- zwg.exe (PID: 6192)
- Neos Email Spoofer.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 7064)
- zwg.exe (PID: 6840)
- Neos Email Spoofer.exe (PID: 6588)
- zwg.exe (PID: 6960)
- Neos Email Spoofer.exe (PID: 1184)
- zwg.exe (PID: 6636)
- Neos Email Spoofer.exe (PID: 6996)
- zwg.exe (PID: 6220)
- zwg.exe (PID: 6952)
- Neos Email Spoofer.exe (PID: 6180)
- zwg.exe (PID: 1656)
- Neos Email Spoofer.exe (PID: 6656)
- zwg.exe (PID: 6816)
- zwg.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 6700)
- zwg.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 6172)
- zwg.exe (PID: 6308)
- zwg.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6184)
- zwg.exe (PID: 6788)
- Neos Email Spoofer.exe (PID: 6728)
- zwg.exe (PID: 2068)
- Neos Email Spoofer.exe (PID: 6272)
- zwg.exe (PID: 6424)
- Neos Email Spoofer.exe (PID: 7020)
- zwg.exe (PID: 6848)
- Neos Email Spoofer.exe (PID: 6700)
- zwg.exe (PID: 6792)
- Neos Email Spoofer.exe (PID: 7128)
- Neos Email Spoofer.exe (PID: 6724)
- zwg.exe (PID: 6804)
- Neos Email Spoofer.exe (PID: 7004)
- zwg.exe (PID: 1184)
- zwg.exe (PID: 6404)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 2088)
- zwg.exe (PID: 6836)
- Neos Email Spoofer.exe (PID: 6228)
- zwg.exe (PID: 6656)
- zwg.exe (PID: 6180)
- Neos Email Spoofer.exe (PID: 6284)
- zwg.exe (PID: 5244)
- zwg.exe (PID: 6188)
- Neos Email Spoofer.exe (PID: 6232)
Creates files or folders in the user directory
- zwg.exe (PID: 6604)
- relog.exe (PID: 6860)
Create files in a temporary directory
- Neos Email Spoofer.exe (PID: 6560)
- relog.exe (PID: 6860)
Process checks computer location settings
- Neos Email Spoofer.exe (PID: 6560)
- Neos Email Spoofer.exe (PID: 6624)
- Neos Email Spoofer.exe (PID: 6748)
- Neos Email Spoofer.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 1640)
- Neos Email Spoofer.exe (PID: 6952)
- Neos Email Spoofer.exe (PID: 6384)
- Neos Email Spoofer.exe (PID: 7108)
- Neos Email Spoofer.exe (PID: 3176)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 6768)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6304)
- Neos Email Spoofer.exe (PID: 6276)
- Neos Email Spoofer.exe (PID: 6720)
- Neos Email Spoofer.exe (PID: 6612)
- Neos Email Spoofer.exe (PID: 6936)
- Neos Email Spoofer.exe (PID: 7136)
- Neos Email Spoofer.exe (PID: 7152)
- Neos Email Spoofer.exe (PID: 6488)
- Neos Email Spoofer.exe (PID: 6636)
- Neos Email Spoofer.exe (PID: 6156)
- Neos Email Spoofer.exe (PID: 6832)
- Neos Email Spoofer.exe (PID: 1488)
- Neos Email Spoofer.exe (PID: 7044)
- Neos Email Spoofer.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 2480)
- Neos Email Spoofer.exe (PID: 6492)
- Neos Email Spoofer.exe (PID: 6364)
- Neos Email Spoofer.exe (PID: 6424)
- Neos Email Spoofer.exe (PID: 7056)
- Neos Email Spoofer.exe (PID: 6340)
- Neos Email Spoofer.exe (PID: 6704)
- Neos Email Spoofer.exe (PID: 7144)
- Neos Email Spoofer.exe (PID: 7156)
- Neos Email Spoofer.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 2796)
- Neos Email Spoofer.exe (PID: 2636)
- Neos Email Spoofer.exe (PID: 6416)
- Neos Email Spoofer.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 6684)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6824)
- Neos Email Spoofer.exe (PID: 6948)
- Neos Email Spoofer.exe (PID: 4704)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6208)
- Neos Email Spoofer.exe (PID: 6316)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 4088)
- Neos Email Spoofer.exe (PID: 6928)
- Neos Email Spoofer.exe (PID: 6696)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 6816)
- Neos Email Spoofer.exe (PID: 6680)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 6672)
- Neos Email Spoofer.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6332)
- Neos Email Spoofer.exe (PID: 6176)
- Neos Email Spoofer.exe (PID: 6420)
- Neos Email Spoofer.exe (PID: 6288)
- Neos Email Spoofer.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 7064)
- Neos Email Spoofer.exe (PID: 6588)
- Neos Email Spoofer.exe (PID: 1184)
- Neos Email Spoofer.exe (PID: 6996)
- Neos Email Spoofer.exe (PID: 6180)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6172)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 6272)
- Neos Email Spoofer.exe (PID: 7020)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 7128)
- Neos Email Spoofer.exe (PID: 7004)
- Neos Email Spoofer.exe (PID: 6724)
- Neos Email Spoofer.exe (PID: 6184)
- Neos Email Spoofer.exe (PID: 2088)
- Neos Email Spoofer.exe (PID: 6728)
- Neos Email Spoofer.exe (PID: 6284)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 6228)
Reads the computer name
- Neos Email Spoofer.exe (PID: 6560)
- zwg.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 6624)
- zwg.exe (PID: 6732)
- zwg.exe (PID: 6888)
- Neos Email Spoofer.exe (PID: 6924)
- zwg.exe (PID: 7076)
- Neos Email Spoofer.exe (PID: 7096)
- zwg.exe (PID: 6572)
- Neos Email Spoofer.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 6748)
- zwg.exe (PID: 1488)
- Neos Email Spoofer.exe (PID: 1640)
- Neos Email Spoofer.exe (PID: 6384)
- zwg.exe (PID: 4404)
- Neos Email Spoofer.exe (PID: 6952)
- zwg.exe (PID: 6480)
- zwg.exe (PID: 6432)
- Neos Email Spoofer.exe (PID: 7108)
- Neos Email Spoofer.exe (PID: 3176)
- zwg.exe (PID: 6592)
- zwg.exe (PID: 6456)
- Neos Email Spoofer.exe (PID: 5040)
- zwg.exe (PID: 7144)
- Neos Email Spoofer.exe (PID: 6428)
- zwg.exe (PID: 6604)
- zwg.exe (PID: 6708)
- Neos Email Spoofer.exe (PID: 6640)
- Neos Email Spoofer.exe (PID: 6768)
- Neos Email Spoofer.exe (PID: 6304)
- Neos Email Spoofer.exe (PID: 6276)
- zwg.exe (PID: 1488)
- zwg.exe (PID: 6192)
- zwg.exe (PID: 240)
- Neos Email Spoofer.exe (PID: 6612)
- zwg.exe (PID: 6976)
- zwg.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 6936)
- Neos Email Spoofer.exe (PID: 7136)
- zwg.exe (PID: 7076)
- Neos Email Spoofer.exe (PID: 7152)
- Neos Email Spoofer.exe (PID: 6636)
- zwg.exe (PID: 6236)
- Neos Email Spoofer.exe (PID: 6488)
- zwg.exe (PID: 3176)
- zwg.exe (PID: 6776)
- Neos Email Spoofer.exe (PID: 6156)
- Neos Email Spoofer.exe (PID: 6832)
- zwg.exe (PID: 7024)
- zwg.exe (PID: 6404)
- zwg.exe (PID: 6456)
- Neos Email Spoofer.exe (PID: 7044)
- zwg.exe (PID: 6564)
- Neos Email Spoofer.exe (PID: 1488)
- zwg.exe (PID: 6680)
- Neos Email Spoofer.exe (PID: 6460)
- zwg.exe (PID: 1656)
- Neos Email Spoofer.exe (PID: 6604)
- Neos Email Spoofer.exe (PID: 2480)
- zwg.exe (PID: 6188)
- Neos Email Spoofer.exe (PID: 6492)
- zwg.exe (PID: 6308)
- zwg.exe (PID: 2636)
- Neos Email Spoofer.exe (PID: 6364)
- zwg.exe (PID: 6396)
- Neos Email Spoofer.exe (PID: 6424)
- Neos Email Spoofer.exe (PID: 7056)
- Neos Email Spoofer.exe (PID: 6340)
- zwg.exe (PID: 6924)
- zwg.exe (PID: 6564)
- Neos Email Spoofer.exe (PID: 7144)
- zwg.exe (PID: 6244)
- Neos Email Spoofer.exe (PID: 6704)
- zwg.exe (PID: 6148)
- zwg.exe (PID: 2400)
- Neos Email Spoofer.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 7156)
- Neos Email Spoofer.exe (PID: 2796)
- zwg.exe (PID: 6344)
- Neos Email Spoofer.exe (PID: 6416)
- zwg.exe (PID: 6608)
- zwg.exe (PID: 6968)
- Neos Email Spoofer.exe (PID: 2636)
- zwg.exe (PID: 6940)
- zwg.exe (PID: 6484)
- Neos Email Spoofer.exe (PID: 7096)
- zwg.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 6684)
- zwg.exe (PID: 6488)
- zwg.exe (PID: 6392)
- Neos Email Spoofer.exe (PID: 6824)
- Neos Email Spoofer.exe (PID: 6444)
- Neos Email Spoofer.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 6640)
- zwg.exe (PID: 6224)
- zwg.exe (PID: 4084)
- Neos Email Spoofer.exe (PID: 6308)
- zwg.exe (PID: 7104)
- Neos Email Spoofer.exe (PID: 6948)
- zwg.exe (PID: 7152)
- Neos Email Spoofer.exe (PID: 4704)
- zwg.exe (PID: 6300)
- Neos Email Spoofer.exe (PID: 6728)
- zwg.exe (PID: 6248)
- Neos Email Spoofer.exe (PID: 6316)
- zwg.exe (PID: 6592)
- Neos Email Spoofer.exe (PID: 6408)
- zwg.exe (PID: 6668)
- zwg.exe (PID: 6616)
- Neos Email Spoofer.exe (PID: 4088)
- zwg.exe (PID: 6944)
- Neos Email Spoofer.exe (PID: 6208)
- Neos Email Spoofer.exe (PID: 6696)
- zwg.exe (PID: 6692)
- zwg.exe (PID: 6908)
- Neos Email Spoofer.exe (PID: 6928)
- zwg.exe (PID: 6564)
- Neos Email Spoofer.exe (PID: 6656)
- Neos Email Spoofer.exe (PID: 7008)
- Neos Email Spoofer.exe (PID: 6816)
- zwg.exe (PID: 6896)
- Neos Email Spoofer.exe (PID: 6680)
- zwg.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 6408)
- Neos Email Spoofer.exe (PID: 6672)
- zwg.exe (PID: 6836)
- zwg.exe (PID: 6280)
- Neos Email Spoofer.exe (PID: 6308)
- zwg.exe (PID: 6924)
- Neos Email Spoofer.exe (PID: 6332)
- zwg.exe (PID: 6456)
- Neos Email Spoofer.exe (PID: 6176)
- zwg.exe (PID: 1076)
- Neos Email Spoofer.exe (PID: 6420)
- zwg.exe (PID: 7096)
- Neos Email Spoofer.exe (PID: 6288)
- zwg.exe (PID: 6192)
- Neos Email Spoofer.exe (PID: 6820)
- zwg.exe (PID: 6960)
- zwg.exe (PID: 2088)
- Neos Email Spoofer.exe (PID: 7064)
- zwg.exe (PID: 6840)
- Neos Email Spoofer.exe (PID: 6588)
- Neos Email Spoofer.exe (PID: 1184)
- zwg.exe (PID: 6636)
- Neos Email Spoofer.exe (PID: 6996)
- zwg.exe (PID: 6220)
- zwg.exe (PID: 6952)
- Neos Email Spoofer.exe (PID: 6180)
- zwg.exe (PID: 1656)
- Neos Email Spoofer.exe (PID: 6656)
- zwg.exe (PID: 6816)
- zwg.exe (PID: 6820)
- Neos Email Spoofer.exe (PID: 6232)
- Neos Email Spoofer.exe (PID: 6700)
- zwg.exe (PID: 6460)
- Neos Email Spoofer.exe (PID: 6172)
- zwg.exe (PID: 6428)
- Neos Email Spoofer.exe (PID: 5040)
- Neos Email Spoofer.exe (PID: 6184)
- zwg.exe (PID: 6788)
- Neos Email Spoofer.exe (PID: 6728)
- zwg.exe (PID: 2068)
- zwg.exe (PID: 6308)
- Neos Email Spoofer.exe (PID: 6272)
- zwg.exe (PID: 6424)
- Neos Email Spoofer.exe (PID: 7020)
- zwg.exe (PID: 6848)
- Neos Email Spoofer.exe (PID: 7128)
- zwg.exe (PID: 6792)
- zwg.exe (PID: 6404)
- Neos Email Spoofer.exe (PID: 6700)
- Neos Email Spoofer.exe (PID: 7004)
- Neos Email Spoofer.exe (PID: 6724)
- zwg.exe (PID: 1184)
- Neos Email Spoofer.exe (PID: 6184)
- zwg.exe (PID: 6180)
- Neos Email Spoofer.exe (PID: 6728)
- zwg.exe (PID: 6804)
- Neos Email Spoofer.exe (PID: 2088)
- zwg.exe (PID: 6836)
- Neos Email Spoofer.exe (PID: 6228)
- zwg.exe (PID: 6656)
- zwg.exe (PID: 6188)
- Neos Email Spoofer.exe (PID: 6284)
- zwg.exe (PID: 5244)
- Neos Email Spoofer.exe (PID: 6232)
Checks proxy server information
- relog.exe (PID: 6860)
Reads security settings of Internet Explorer
- relog.exe (PID: 6860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win64 Executable (generic) (61.6) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (14.6) |
| .exe | | | Win32 Executable (generic) (10) |
| .exe | | | Win16/32 Executable Delphi generic (4.6) |
| .exe | | | Generic Win/DOS Executable (4.4) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 0000:00:00 00:00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 2048 |
| InitializedDataSize: | 1554944 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x1475 |
| OSVersion: | 4 |
| ImageVersion: | - |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x0000 |
| FileFlags: | (none) |
| FileOS: | Unknown (0) |
| ObjectFileType: | Unknown |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| CompanyName: | Neos07 |
| FileTitle: | Neos Email Spoofer.exe |
| FileDescription: | Neos Email Spoofer |
| FileVersion: | 1,0,0,0 |
| LegalCopyright: | Neos07 Copyright © 2015 |
| LegalTrademark: | - |
| ProductName: | Neos Email Spoofer |
| ProductVersion: | 1,0,0,0 |
Total processes
1 818
Monitored processes
1 693
Malicious processes
78
Suspicious processes
82
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 236 | schtasks /create /tn "SystemServicesTools" /tr "" /sc onstart /f | C:\Windows\System32\schtasks.exe | — | zwg.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Task Scheduler Configuration Tool Exit code: 2147500037 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 236 | C:\WINDOWS\system32\relog.exe | C:\Windows\System32\relog.exe | — | zwg.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Performance Relogging Utility Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 236 | C:\WINDOWS\system32\relog.exe | C:\Windows\System32\relog.exe | — | zwg.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Performance Relogging Utility Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) | |||||||||||||||
| 236 | "C:\Users\admin\AppData\Local\Temp\zwg.exe" | C:\Users\admin\AppData\Local\Temp\zwg.exe | — | Neos Email Spoofer.exe | |||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Services.exe Exit code: 0 Version: 1.2.0.1 | |||||||||||||||
| 236 | "C:\Users\admin\AppData\Local\Temp\zwg.exe" | C:\Users\admin\AppData\Local\Temp\zwg.exe | — | Neos Email Spoofer.exe | |||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Services.exe Exit code: 0 Version: 1.2.0.1 | |||||||||||||||
| 240 | "C:\Users\admin\AppData\Local\Temp\zwg.exe" | C:\Users\admin\AppData\Local\Temp\zwg.exe | — | Neos Email Spoofer.exe | |||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Services.exe Exit code: 0 Version: 1.2.0.1 Modules
| |||||||||||||||
| 240 | "C:\Users\admin\AppData\Local\Temp\zwg.exe" | C:\Users\admin\AppData\Local\Temp\zwg.exe | — | Neos Email Spoofer.exe | |||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Services.exe Exit code: 0 Version: 1.2.0.1 | |||||||||||||||
| 240 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | schtasks.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) | |||||||||||||||
| 240 | "C:\Users\admin\AppData\Local\Temp\zwg.exe" | C:\Users\admin\AppData\Local\Temp\zwg.exe | — | Neos Email Spoofer.exe | |||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Services.exe Exit code: 0 Version: 1.2.0.1 | |||||||||||||||
| 252 | "C:\Users\admin\Desktop\Neos Email Spoofer.exe" | C:\Users\admin\Desktop\Neos Email Spoofer.exe | — | Neos Email Spoofer.exe | |||||||||||
User: admin Company: Neos07 Integrity Level: MEDIUM Description: Neos Email Spoofer Exit code: 0 Version: 1,0,0,0 | |||||||||||||||
Total events
353 865
Read events
353 090
Write events
775
Delete events
0
Modification events
| (PID) Process: | (6560) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
| (PID) Process: | (6560) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | IntranetName |
Value: 1 | |||
| (PID) Process: | (6560) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
| (PID) Process: | (6560) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 0 | |||
| (PID) Process: | (6604) zwg.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| Operation: | write | Name: | Services |
Value: C:\Users\admin\AppData\Roaming\{2F33566DA0B91573532102}\{2F33566DA0B91573532102}.exe | |||
| (PID) Process: | (6624) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
| (PID) Process: | (6624) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | IntranetName |
Value: 1 | |||
| (PID) Process: | (6624) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
| (PID) Process: | (6624) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 0 | |||
| (PID) Process: | (6748) Neos Email Spoofer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
Executable files
17
Suspicious files
333
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6604 | zwg.exe | C:\Users\admin\AppData\Roaming\{2F33566DA0B91573532102}\{2F33566DA0B91573532102}.exe | executable | |
MD5:C1E4BBC07EDCD498C3237C435A2479B8 | SHA256:410BBD43E9FE61CFD4DC8A903F016CB0B50E5EFCD49CFBA0BCC2A93FC9C50155 | |||
| 6860 | relog.exe | C:\Users\admin\AppData\Local\Temp\SystemUpdate.exe | executable | |
MD5:0056EDCB3B1DA520131AE5FF4B093CEB | SHA256:459D228BB2E9E11064A79672EC8071417BE56FFFD906F5310F64E31B79E87B51 | |||
| 6732 | zwg.exe | C:\Users\admin\AppData\Local\Temp\THDBE6.tmp | binary | |
MD5:E33D3F3085D204B6FA006C145C4510AF | SHA256:2E9EDD0BD335BDD1AF7B098FCC8BD331F4E03F81CDF5B2BD06CE576FB5D38AFB | |||
| 6560 | Neos Email Spoofer.exe | C:\Users\admin\AppData\Local\Temp\zwg.exe | executable | |
MD5:C1E4BBC07EDCD498C3237C435A2479B8 | SHA256:410BBD43E9FE61CFD4DC8A903F016CB0B50E5EFCD49CFBA0BCC2A93FC9C50155 | |||
| 7076 | zwg.exe | C:\Users\admin\AppData\Local\Temp\THDCFF.tmp | binary | |
MD5:E33D3F3085D204B6FA006C145C4510AF | SHA256:2E9EDD0BD335BDD1AF7B098FCC8BD331F4E03F81CDF5B2BD06CE576FB5D38AFB | |||
| 6860 | relog.exe | C:\Users\admin\AppData\Roaming\Adobe\Service_Adobe.exe | executable | |
MD5:0056EDCB3B1DA520131AE5FF4B093CEB | SHA256:459D228BB2E9E11064A79672EC8071417BE56FFFD906F5310F64E31B79E87B51 | |||
| 6860 | relog.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.js | text | |
MD5:B544D6183C9920CEBDA15C7519985ACA | SHA256:F0302B15990AE0C403A6380DF6CB6C9D95CF0D50206DFB3191C100633954A658 | |||
| 6888 | zwg.exe | C:\Users\admin\AppData\Local\Temp\THDC72.tmp | binary | |
MD5:E33D3F3085D204B6FA006C145C4510AF | SHA256:2E9EDD0BD335BDD1AF7B098FCC8BD331F4E03F81CDF5B2BD06CE576FB5D38AFB | |||
| 6860 | relog.exe | C:\Users\admin\AppData\Roaming\FileZilla\Service_FileZilla.exe | executable | |
MD5:0056EDCB3B1DA520131AE5FF4B093CEB | SHA256:459D228BB2E9E11064A79672EC8071417BE56FFFD906F5310F64E31B79E87B51 | |||
| 6860 | relog.exe | C:\Users\admin\AppData\Roaming\com.adobe.dunamis\Service_com.adobe.dunamis.exe | executable | |
MD5:0056EDCB3B1DA520131AE5FF4B093CEB | SHA256:459D228BB2E9E11064A79672EC8071417BE56FFFD906F5310F64E31B79E87B51 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
26
DNS requests
14
Threats
9
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6860 | relog.exe | GET | 200 | 176.111.174.140:80 | http://176.111.174.140/api/update.pack | unknown | — | — | malicious |
6860 | relog.exe | GET | 200 | 176.111.174.140:80 | http://176.111.174.140/api/update2.pack | unknown | — | — | malicious |
— | — | POST | 200 | 176.111.174.140:80 | http://176.111.174.140/api.php?{2F33566DA0B91573532102} | unknown | — | — | malicious |
6860 | relog.exe | GET | 200 | 176.111.174.140:80 | http://176.111.174.140/event.php | unknown | — | — | malicious |
4552 | explorer.exe | POST | 200 | 176.111.174.140:80 | http://176.111.174.140/api.php?{2F33566DA0B91573532102} | unknown | — | — | unknown |
4552 | explorer.exe | POST | 200 | 176.111.174.140:80 | http://176.111.174.140/api.php?{2F33566DA0B91573532102} | unknown | — | — | unknown |
— | — | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
644 | svchost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
3244 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
3304 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2120 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6860 | relog.exe | 176.111.174.140:80 | — | Chang Way Technologies Co. Limited | RU | malicious |
— | — | 176.111.174.140:80 | — | Chang Way Technologies Co. Limited | RU | malicious |
4552 | explorer.exe | 176.111.174.140:80 | — | Chang Way Technologies Co. Limited | RU | malicious |
3260 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
644 | svchost.exe | 40.126.32.133:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | unknown |
644 | svchost.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
nexusrules.officeapps.live.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
6860 | relog.exe | Potentially Bad Traffic | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
6860 | relog.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
6860 | relog.exe | Misc Attack | ET DROP Spamhaus DROP Listed Traffic Inbound group 30 |
6860 | relog.exe | Misc activity | ET INFO EXE - Served Inline HTTP |
6860 | relog.exe | Potentially Bad Traffic | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
6860 | relog.exe | Misc activity | ET HUNTING Suspicious Windows Executable WriteProcessMemory |
6860 | relog.exe | Misc activity | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) |
6860 | relog.exe | Potentially Bad Traffic | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
1 ETPRO signatures available at the full report
Process | Message |
|---|---|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|
Neos Email Spoofer.exe | Invalid parameter passed to C runtime function.
|