Malware Analysis Report

2025-08-10 21:27

Sample ID 240525-ayejxagg26
Target 2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy
SHA256 3ff7f458246b1581a908a35cb44bcb65ab407cd77d86dc8892f5086e8140fb0c
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3ff7f458246b1581a908a35cb44bcb65ab407cd77d86dc8892f5086e8140fb0c

Threat Level: Shows suspicious behavior

The file 2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy was found to be: Shows suspicious behavior.

Malicious Activity Summary


Checks computer location settings

Executes dropped EXE

Unsigned PE

Enumerates physical storage devices

Program crash

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 00:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 00:36

Reported

2024-05-25 00:39

Platform

win10v2004-20240508-en

Max time kernel

132s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\open C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\open C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\runas C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\runas\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SysWOW_32\\SearchIndexerDB.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\open\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\runas\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\runas C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\ = "Application" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\open\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SysWOW_32\\SearchIndexerDB.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.exe\ = "cmos" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cmos\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\SearchIndexerDB.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\SearchIndexerDB.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\SearchIndexerDB.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\SearchIndexerDB.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\SearchIndexerDB.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\SearchIndexerDB.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3980,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 nwoccs.zapto.org udp

Files

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\SearchIndexerDB.exe

MD5 74efd4ef879969a3451d1b75520b70f4
SHA1 71eca9d0fe6c723714cc57f11d1b711940f70a5d
SHA256 32691aff0d52b6dc4ffc721d08bba138c0e67444995d99d3ab87ba70b89edcb6
SHA512 ce0f9ced95aa624f4a9ea60fe7abf13dc00136e35e3b55cc39493c78449295df750ebcab7145092200215d252139d7d1d381bb4e191c273c0dcd602c47ac650e

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 00:36

Reported

2024-05-25 00:39

Platform

win7-20240419-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\runas C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SView\\SearchIndexerDB.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\runas C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\open\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\ = "cmos" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\open C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\runas\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\open C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\runas\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\ = "Application" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\cmos\shell\open\command C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SView\\SearchIndexerDB.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-25_5cca93d10c29f3ee1bc0bf38e57d5033_mafia_nionspy.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 448

Network

N/A

Files

N/A