Analysis Overview
SHA256
137e40b90ba37a5b8490f99f85d4ddc331d7becd7b6e9e1fa2dc522f9feb7caf
Threat Level: Shows suspicious behavior
The file 6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Registers COM server for autorun
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:34
Reported
2024-06-13 06:37
Platform
win7-20240221-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" | C:\Windows\system32\regsvr32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\ = "GraphPad Prism 5 Project" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ = "GraphPad Prism Search Filter" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\ = "GraphPad Prism Search Filter" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\ = "GraphPad Prism Search Filter" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\ = "GraphPad Prism Search Plug-in 1.0 Type Library" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command\ = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\" PrismAlert" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID\ = "Prism5Search.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer\ = "Prism5Search" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID\ = "Prism5Search" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS\ = "0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\",1" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF} | C:\Windows\system32\regsvr32.exe | N/A |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:34
Reported
2024-06-13 06:37
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command\ = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\" PrismAlert" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer\ = "Prism5Search" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll\",1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS\ = "0" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\InprocServer32\ThreadingModel = "both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CurVer | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\VersionIndependentProgID\ = "Prism5Search.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzf | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\shell\open\command | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler\ = "{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ProgID\ = "Prism5Search" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\DefaultIcon | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1\ = "GraphPad Prism Search Filter" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search.1 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04E3B5F1-8565-4E1E-A0D1-2EC6CD1C17CF}\ = "GraphPad Prism Search Filter" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\HELPDIR | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzt\PersistentHandler | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzfx\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5.Document\ = "GraphPad Prism 5 Project" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\0\win32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pzm\ = "Prism5.Document" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Prism5Search\ = "GraphPad Prism Search Filter" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D8EEEE74-FB11-44A1-8F19-BA3DAD05802C}\1.0\ = "GraphPad Prism Search Plug-in 1.0 Type Library" | C:\Windows\system32\regsvr32.exe | N/A |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6604fb03b92dc660939296266efdc3d0_NeikiAnalytics.dll