Malware Analysis Report

2025-01-18 01:11

Sample ID 240613-hb4jhsxerf
Target 6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.exe
SHA256 137e40b90ba37a5b8490f99f85d4ddc331d7becd7b6e9e1fa2dc522f9feb7caf
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

137e40b90ba37a5b8490f99f85d4ddc331d7becd7b6e9e1fa2dc522f9feb7caf

Threat Level: Shows suspicious behavior

The file 6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Registers COM server for autorun

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win7-20240221-en

Max time kernel

122s

Max time network

124s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll

Signatures

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" C:\Windows\system32\regsvr32.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\ = "GraphPad Prism 5 Project" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ = "GraphPad Prism Search Filter" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\ = "GraphPad Prism Search Filter" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\ = "GraphPad Prism Search Filter" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\ = "GraphPad Prism Search Plug-in 1.0 Type Library" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command\ = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\" PrismAlert" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID\ = "Prism5Search.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer\ = "Prism5Search" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID\ = "Prism5Search" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\",1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF} C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

149s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll

Signatures

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" C:\Windows\system32\regsvr32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command\ = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\" PrismAlert" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer\ = "Prism5Search" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\",1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID\ = "Prism5Search.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID\ = "Prism5Search" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\ = "GraphPad Prism Search Filter" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ = "GraphPad Prism Search Filter" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\ = "GraphPad Prism 5 Project" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\ = "Prism5.Document" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\ = "GraphPad Prism Search Filter" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\ = "GraphPad Prism Search Plug-in 1.0 Type Library" C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll

Network

Files

N/A